From f78aaf2234cc6e6f963c9438c495c2e3b53fa65b Mon Sep 17 00:00:00 2001
From: Stefan Kalkowski <stefan.kalkowski@genode-labs.com>
Date: Mon, 8 Jun 2015 15:24:43 +0200
Subject: [PATCH] hw: seal capability leak (fix #1568)

Do not initially transfer UTCB dataspace and parent capability to a thread
that is no main thread.
---
 repos/base-hw/include/base/native_types.h | 2 +-
 repos/base-hw/src/core/kernel/thread.cc   | 4 ++--
 repos/base-hw/src/core/platform_thread.cc | 6 ++++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/repos/base-hw/include/base/native_types.h b/repos/base-hw/include/base/native_types.h
index 2a8a18888..6fd0445fc 100644
--- a/repos/base-hw/include/base/native_types.h
+++ b/repos/base-hw/include/base/native_types.h
@@ -100,7 +100,7 @@ class Genode::Native_utcb
 
 		enum { MAX_CAP_ARGS = Msgbuf_base::MAX_CAP_ARGS};
 
-		enum Offsets { PARENT, UTCB_DATASPACE, THREAD_MYSELF };
+		enum Offsets { THREAD_MYSELF, PARENT, UTCB_DATASPACE };
 
 	private:
 
diff --git a/repos/base-hw/src/core/kernel/thread.cc b/repos/base-hw/src/core/kernel/thread.cc
index b0b2fc3a8..dbca461f7 100644
--- a/repos/base-hw/src/core/kernel/thread.cc
+++ b/repos/base-hw/src/core/kernel/thread.cc
@@ -762,9 +762,9 @@ Core_thread::Core_thread()
 	Genode::map_local((addr_t)utcb, (addr_t)Genode::utcb_main_thread(),
 	                  sizeof(Native_utcb) / Genode::get_page_size());
 
-	utcb->cap_add(cap_id_invalid());
-	utcb->cap_add(cap_id_invalid());
 	utcb->cap_add(core_capid());
+	utcb->cap_add(cap_id_invalid());
+	utcb->cap_add(cap_id_invalid());
 
 	/* start thread with stack pointer at the top of stack */
 	sp = (addr_t)&stack + DEFAULT_STACK_SIZE;
diff --git a/repos/base-hw/src/core/platform_thread.cc b/repos/base-hw/src/core/platform_thread.cc
index 95fdc181c..5df773535 100644
--- a/repos/base-hw/src/core/platform_thread.cc
+++ b/repos/base-hw/src/core/platform_thread.cc
@@ -198,9 +198,11 @@ int Platform_thread::start(void * const ip, void * const sp)
 
 	/* reset capability counter */
 	utcb->cap_cnt(0);
-	utcb->cap_add(_pd->parent().dst());
-	utcb->cap_add(_utcb.dst());
 	utcb->cap_add(_cap.dst());
+	if (_main_thread) {
+		utcb->cap_add(_pd->parent().dst());
+		utcb->cap_add(_utcb.dst());
+	}
 	Kernel::start_thread(kernel_object(), cpu, _pd->kernel_pd(),
 	                     _utcb_core_addr);
 	return 0;