Changes in kernel/generic/src/security/cap.c [da1bafb:b3f8fb7] in mainline

File:

• kernel/generic/src/security/cap.c (modified) (6 diffs)

kernel/generic/src/security/cap.c

@@ -27 +27 @@
  */
 
-/** @addtogroup generic
+/** @addtogroup generic 
  * @{
  */
 
 /**
- * @file cap.c
- * @brief Capabilities control.
+ * @file        cap.c
+ * @brief       Capabilities control.
  *
  * @see cap.h
  */
-
+ 
 #include <security/cap.h>
 #include <proc/task.h>
@@ -48 +48 @@
 /** Set capabilities.
  *
- * @param task Task whose capabilities are to be changed.
+ * @param t Task whose capabilities are to be changed.
  * @param caps New set of capabilities.
- *
  */
-void cap_set(task_t *task, cap_t caps)
+void cap_set(task_t *t, cap_t caps)
 {
-        irq_spinlock_lock(&task->lock, true);
-        task->capabilities = caps;
-        irq_spinlock_unlock(&task->lock, true);
+        ipl_t ipl;
+        
+        ipl = interrupts_disable();
+        spinlock_lock(&t->lock);
+        
+        t->capabilities = caps;
+        
+        spinlock_unlock(&t->lock);
+        interrupts_restore(ipl);
 }
 
 /** Get capabilities.
  *
- * @param task Task whose capabilities are to be returned.
- *
+ * @param t Task whose capabilities are to be returned.
  * @return Task's capabilities.
- *
  */
-cap_t cap_get(task_t *task)
+cap_t cap_get(task_t *t)
 {
-        irq_spinlock_lock(&task->lock, true);
-        cap_t caps = task->capabilities;
-        irq_spinlock_unlock(&task->lock, true);
+        ipl_t ipl;
+        cap_t caps;
+        
+        ipl = interrupts_disable();
+        spinlock_lock(&t->lock);
+        
+        caps = t->capabilities;
+        
+        spinlock_unlock(&t->lock);
+        interrupts_restore(ipl);
         
         return caps;
@@ -83 +93 @@
  *
  * @return Zero on success or an error code from @ref errno.h.
- *
  */
 unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
 {
+        sysarg64_t taskid_arg;
+        task_t *t;
+        ipl_t ipl;
+        int rc;
+        
         if (!(cap_get(TASK) & CAP_CAP))
                 return (unative_t) EPERM;
         
-        sysarg64_t taskid_arg;
-        int rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
+        rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
         if (rc != 0)
                 return (unative_t) rc;
-        
-        irq_spinlock_lock(&tasks_lock, true);
-        task_t *task = task_find_by_id((task_id_t) taskid_arg.value);
-        
-        if ((!task) || (!context_check(CONTEXT, task->context))) {
-                irq_spinlock_unlock(&tasks_lock, true);
+                
+        ipl = interrupts_disable();
+        spinlock_lock(&tasks_lock);
+        t = task_find_by_id((task_id_t) taskid_arg.value);
+        if ((!t) || (!context_check(CONTEXT, t->context))) {
+                spinlock_unlock(&tasks_lock);
+                interrupts_restore(ipl);
                 return (unative_t) ENOENT;
         }
         
-        irq_spinlock_lock(&task->lock, false);
-        task->capabilities |= caps;
-        irq_spinlock_unlock(&task->lock, false);
+        spinlock_lock(&t->lock);
+        cap_set(t, cap_get(t) | caps);
+        spinlock_unlock(&t->lock);
         
-        irq_spinlock_unlock(&tasks_lock, true);
+        spinlock_unlock(&tasks_lock);
+        interrupts_restore(ipl);        
         return 0;
 }
@@ -120 +135 @@
  *
  * @return Zero on success or an error code from @ref errno.h.
- *
  */
 unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
 {
         sysarg64_t taskid_arg;
-        int rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
+        task_t *t;
+        ipl_t ipl;
+        int rc;
+        
+        rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
         if (rc != 0)
                 return (unative_t) rc;
-        
-        irq_spinlock_lock(&tasks_lock, true);
-        
-        task_t *task = task_find_by_id((task_id_t) taskid_arg.value);
-        if ((!task) || (!context_check(CONTEXT, task->context))) {
-                irq_spinlock_unlock(&tasks_lock, true);
+
+        ipl = interrupts_disable();
+        spinlock_lock(&tasks_lock);     
+        t = task_find_by_id((task_id_t) taskid_arg.value);
+        if ((!t) || (!context_check(CONTEXT, t->context))) {
+                spinlock_unlock(&tasks_lock);
+                interrupts_restore(ipl);
                 return (unative_t) ENOENT;
         }
-        
+
         /*
          * Revoking capabilities is different from granting them in that
@@ -142 +161 @@
          * doesn't have CAP_CAP.
          */
-        irq_spinlock_unlock(&TASK->lock, false);
-        
-        if ((!(TASK->capabilities & CAP_CAP)) || (task != TASK)) {
-                irq_spinlock_unlock(&TASK->lock, false);
-                irq_spinlock_unlock(&tasks_lock, true);
+        if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
+                spinlock_unlock(&tasks_lock);
+                interrupts_restore(ipl);
                 return (unative_t) EPERM;
         }
         
-        task->capabilities &= ~caps;
-        irq_spinlock_unlock(&TASK->lock, false);
-        
-        irq_spinlock_unlock(&tasks_lock, true);
+        spinlock_lock(&t->lock);
+        cap_set(t, cap_get(t) & ~caps);
+        spinlock_unlock(&t->lock);
+
+        spinlock_unlock(&tasks_lock);
+
+        interrupts_restore(ipl);
         return 0;
 }
@@ -159 +179 @@
 /** @}
  */
+