[seL4] Capability unwrapping
norman.feske at genode-labs.com
Thu Feb 12 20:34:26 EST 2015
> The receiver can identify which of the sender's capabilities were
> unwrapped by inspecting the "msgCapsUnwrapped" field. That's its kernel
> name - libsel4 calls it the capsUnwrapped field of seL4_MessageInfo.
> It's a bitfield of length 3, with one bit per possible cap transfer
> attempt. It tells you which caps were unwrapped.
> For example, if the sender tried to send caps A, B, C to server X, and
> caps A and C are in fact caps to the server's endpoint anyway, then the
> server will receive a message with extraCaps=11 (three caps used in the
> message) and capsUnwrapped=101 (first and third cap were unwrapped) and
> it will find a delegate of cap B wherever it specified its receive pointer.
> If it A, B, C are sent and only A is a cap to the server's endpoint, the
> server will receive a delegate of B, C will be dropped, and
> capsUnwrapped=001 will indicate that A was unwrapped (note the first cap
> is in bottom position). I think that the server will receive
> extraCaps=10 - that is, it will not be told that the sender was
> attempting to send three caps. I suppose this should be part of the
> client protocol, and the kernel mechanisms should focus on telling the
> server what has actually been modified.
> I hope that's helpful,
thank you very much for this thorough and helpful explanation. I
misinterpreted capsUnwrapped as being a counter. But it makes perfect
sense that it is a bitfield (and it is actually stated so in the
manual). I could successfully reproduce your examples.
Dr.-Ing. Norman Feske
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the Devel