Missing capability fault generated for receive on bound notifications #1424

talsewell · 2025-03-12T03:47:21Z

Spotted while poking around in the l4v repository.

If a thread attempts to receive on a notification object, and the notification object is bound to a different thread, this fails. That's not unreasonable. The failure is processed as a fault, probably for simplicity, as the receive paths do not generate errors.

The fault created is a "missing capability" fault, which I think is misleading.

seL4/src/api/syscall.c

Lines 456 to 460 in d047ce8

    
           boundTCB = (tcb_t *)notification_ptr_get_ntfnBoundTCB(ntfnPtr); 
        
           if (unlikely(!cap_notification_cap_get_capNtfnCanReceive(lu_ret.cap) 
        
                        || (boundTCB && boundTCB != NODE_STATE(ksCurThread)))) { 
        
               current_lookup_fault = lookup_fault_missing_capability_new(0); 
        
               current_fault = seL4_Fault_CapFault_new(epCPtr, true);

In the fullness of time, this should probably be turned into its own kind of fault, to avoid misreporting to a fault handler.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Missing capability fault generated for receive on bound notifications #1424

Missing capability fault generated for receive on bound notifications #1424

Missing capability fault generated for receive on bound notifications #1424

Missing capability fault generated for receive on bound notifications #1424

Comments