[okl4-developer] OKL4 v2.1: about thread identifiers

Frank Kaiser frank.kaiser at opensynergy.com
Wed Sep 17 02:05:42 EST 2008 

Hello, Josh

Thanks for the hint. When looking into the IPC description (section A-11.5 of the OKL4 User Manual), it occurred to me as well that there is mismatch compared to what is said about *L4_ReplyWait()*. However, what the manual says about reply caps, is not very exhaustive and leaves the subject largely unclear. It is mentioned that it can be used by the recipient when the sender waits on an IPC receive. From my experience I have to tell that it does not include waiting on L4_Notify, casting doubt that the reply cap feature works as expected. The fact that the type of the reply cap is still 'L4_Thread_id', is further misleading.
The wiki entry is more elaborate (what is described there should be found in the manual as well). What is tells me is that the feature is totally impractical for what I wanted to achieve:
The client using my SPI server should register to the server. When the client initiates a data exchange, then the server shall check that it is coming from the registered client. Furthermore the server shall return a notification after the data exchange is completed, so that the client need not to block on the data exchange call. For both purposes the server needs the true thread id of the caller. Since the IPC syscall does not provide it anymore, and the reply cap is a one-shot feature, I had to add an additional parameter carrying the thread id to my IDL4 interface specification. However, this approach has the shortcoming, that the client id is not maintained by the system, allowing any other client interfering with the connection by using a wrong thread id (the one, belonging the the true client). This not only creates an unwanted error possibility, but also a security hole, since the server cannot reliably recognize that it receives commands from the right client.
This way I cannot see that the reply cap feature in its current stage is an enhancement with respect to system security.

Regards
Frank
> -----Original Message-----
> From: developer-bounces at okl4.org [mailto:developer-bounces at okl4.org] On Behalf
> Of Joshua Root
> Sent: Friday, September 12, 2008 3:48 PM
> To: Frank Kaiser
> Cc: developer at okl4.org
> Subject: Re: [okl4-developer] OKL4 v2.1: about thread identifiers
> 
> Frank Kaiser wrote:
> > According to the implementation in /vspi_serverloop.c/ the first
> > parameter of this prototype is equal to the dereferenced second
> > parameter of function *L4_ReplyWait()*, which shall be, according to
> > section D-5.1.8/.9 of the OKL4 User Manual, a pointer to the sender’s
> > thread id.
> 
> It looks like that section of the manual is incorrect/outdated. What you
> actually get is not a thread id that can be used however you like, but a
> reply capability whose use is only valid under certain specific
> circumstances.
> 
> See A-4.4 and A-6 in the manual, and this wiki page:
> <http://wiki.ok-labs.com/ReplyCaps>
> 
> Cheers,
> Josh
> 
> _______________________________________________
> Developer mailing list
> Developer at okl4.org
> https://lists.okl4.org/mailman/listinfo/developer

More information about the Developer mailing list