Hi,
On 12/21/20 7:38 PM, J.R.T. Clarke wrote:
> Hi Luis,
>>
>> @@ -556,20 +539,79 @@ capability::set_offset (uint64_t offset)
>> ...
>> + - (2) - If the top 64 bits are non-zero and the representation is
>> + COMPACT, the capability has the following format:
>> +
>
> You're missing documentation for this format.
>
Indeed. I've added the generic format from the documentation.
>> ...
>> + /* Handle attributes. */
>> + if (get_tag () == false)
>> + attr_str = "invalid ";
>> + if (get_otype () == CAP_SEAL_TYPE_RB)
>> + attr_str = "sentry ";
>> + if (is_sealed ())
>> + attr_str = "sealed ";
>
> These are supposed to be comma-separated, with no trailing space.
>
For some reason I missed the comma-separate entry. Fixed now.
> Also sentries are not printed as sealed capabilities (but see below).
>
>> + cap_str += "{";
>
> There are no curly braces in the specification.
>
I've added this one due to how GDB prints things. When showing the list
of arguments for a function, it looks slightly confusing where things
begin and end.
>> + cap_str = val_str + " [" + perm_str + "," + range_str + "]";
>> +
>> + if (!attr_str.empty ())
>> + cap_str += " ( " + attr_str + ")";
>
> There should be no leading space.
>
Fixed.
> I also couldn't help but notice you have the following:
>
>> inline bool is_sealed (void)
>> {
>> return check_permissions (CAP_PERM_SEAL);
>> }
>
> (in capability.h)
>
> Whether a capability is sealed and whether a capability can be used to
> seal are not the same thing.
Good catch. I think I had the right idea (since I check otype in some
other place), but ended up handling the sealed property incorrectly.
Fixed now locally. I will push later.
Thanks!
[resending with the right From:...]
Hi Luis,
>
> @@ -556,20 +539,79 @@ capability::set_offset (uint64_t offset)
> ...
> + - (2) - If the top 64 bits are non-zero and the representation is
> + COMPACT, the capability has the following format:
> +
You're missing documentation for this format.
> ...
> + /* Handle attributes. */
> + if (get_tag () == false)
> + attr_str = "invalid ";
> + if (get_otype () == CAP_SEAL_TYPE_RB)
> + attr_str = "sentry ";
> + if (is_sealed ())
> + attr_str = "sealed ";
These are supposed to be comma-separated, with no trailing space.
Also sentries are not printed as sealed capabilities (but see below).
> + cap_str += "{";
There are no curly braces in the specification.
> + cap_str = val_str + " [" + perm_str + "," + range_str + "]";
> +
> + if (!attr_str.empty ())
> + cap_str += " ( " + attr_str + ")";
There should be no leading space.
I also couldn't help but notice you have the following:
> inline bool is_sealed (void)
> {
> return check_permissions (CAP_PERM_SEAL);
> }
(in capability.h)
Whether a capability is sealed and whether a capability can be used to
seal are not the same thing.
Jess