// vi:set ft=cpp: -*- Mode: C++ -*- /** * \file * The C++ IPC gate interface. */ /* * (c) 2009-2010 Adam Lackorzynski , * Alexander Warg * economic rights: Technische Universität Dresden (Germany) * * This file is part of TUD:OS and distributed under the terms of the * GNU General Public License 2. * Please see the COPYING-GPL-2 file for details. * * As a special exception, you may use this file as part of a free software * library without restriction. Specifically, if other files instantiate * templates or use macros or inline functions from this file, or you compile * this file and link it with other files to produce an executable, this * file does not by itself cause the resulting executable to be covered by * the GNU General Public License. This exception does not however * invalidate any other reasons why the executable file might be covered by * the GNU General Public License. */ #pragma once #include #include #include #include namespace L4 { class Thread; /** * The C++ IPC gate interface. * * IPC gates are used to create secure communication channels between protection * domains. An IPC gate can be created using the L4::Factory interface. * * Depending on the permissions of the capability used, an IPC gate forwards IPC * to the L4::Thread that is *bound* to the IPC gate (cf. bind_thread()). If the * capability has the #L4_FPAGE_C_IPCGATE_SVR permission, only IPC using a * protocol different from the #L4_PROTO_KOBJECT protocol is forwarded. Without * the #L4_FPAGE_C_IPCGATE_SVR permission, all IPC is forwarded. The latter is * the usual case for a client in a client/server scenario. When no thread is * bound yet, the forwarded IPC blocks until a thread is bound or the IPC times * out. * * Forwarded IPC is always forwarded to the userland of the bound thread. That * means, the L4::Thread interface of the bound thread is not accessible via an * IPC gate. The L4::Ipc_gate interface of an IPC gate is only accessible if the * capability used has the #L4_FPAGE_C_IPCGATE_SVR permission (cf. previous * paragraph). Conversely that means, if the capability used lacks the * #L4_FPAGE_C_IPCGATE_SVR permission, L4::Ipc_gate interface calls are * forwarded to the bound thread instead of being processed by the IPC gate * itself. In a client/server scenario, a client should only get IPC gate * capabilities without #L4_FPAGE_C_IPCGATE_SVR permission so the client cannot * tamper with the IPC gate. * * When binding a thread to an IPC gate, a user-defined, kernel protected, * machine-word sized payload called the IPC gate’s *label* is assigned to the * IPC gate (cf. bind_thread()). When a send-only IPC or call IPC is forwarded * via an IPC gate, the label provided by the sender is ignored and replaced by * the IPC gate’s label where the two least significant bits are the result of * bitwise disjunction of the corresponding label bits with the #L4_CAP_FPAGE_S * and #L4_CAP_FPAGE_W permissions of the capability used. Hence, the label * provided via bind_thread() should usually have its two least significant bits * set to zero. The replaced label is only visible to the bound thread upon * receive. However, the configured label of an IPC gate can also be queried via * get_infos() if the capability used has the #L4_FPAGE_C_IPCGATE_SVR * permission. * * \includefile{l4/sys/ipc_gate} * * For the C interface refer to the C \ref l4_kernel_object_gate_api. * * \see \ref l4_ipc_api */ class L4_EXPORT Ipc_gate : public Kobject_t > { public: /** * Get information about the IPC-gate. * * \param[out] label The label of the IPC gate is returned here. * * \return System call return tag. */ L4_INLINE_RPC_OP(L4_IPC_GATE_GET_INFO_OP, l4_msgtag_t, get_infos, (l4_umword_t *label)); typedef L4::Typeid::Rpcs_sys Rpcs; }; }