github/sparrow-kata-full
1
0
Fork 0
mirror of https://github.com/AmbiML/sparrow-kata-full.git synced 2025-08-18 21:26:53 +00:00
Code Issues Projects Releases Wiki Activity

kata-os-camkes: wrap request ipc buffer capability handling

Browse Source 
Add Camkes::set_request_cap to attach an seL4 capability to an outbound
ipc message. The return value is an RAII wrapper that cleans up state
and must be held until after the CAmkES rpc call completes

Change-Id: I0672c59e0b5e43e39c9ea3fb16809270a33f51ef
GitOrigin-RevId: 56be13a2c05fcc1b4a1aa5c8e0eab47bcd0f2345
This commit is contained in:
Sam Leffler 2022-06-22 20:45:19 +00:00
parent 67442dc8f0
commit 0d27b4a3f0
4 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/system/components/MemoryManager/kata-memory-interface/src/lib.rs
View File

@ -7,6 +7,7 @@ extern crate alloc;
use alloc::vec; use alloc::vec;
use alloc::vec::Vec; use alloc::vec::Vec;
use core::fmt; use core::fmt;
use kata_os_common::camkes::Camkes;
use kata_os_common::slot_allocator; use kata_os_common::slot_allocator;
use kata_os_common::sel4_sys; use kata_os_common::sel4_sys;
use log::trace; use log::trace;
@ -19,7 +20,6 @@ use sel4_sys::seL4_ObjectType::*;
use sel4_sys::seL4_ObjectType; use sel4_sys::seL4_ObjectType;
use sel4_sys::seL4_PageBits; use sel4_sys::seL4_PageBits;
use sel4_sys::seL4_Result; use sel4_sys::seL4_Result;
use sel4_sys::seL4_SetCap;
use sel4_sys::seL4_WordBits; use sel4_sys::seL4_WordBits;
use slot_allocator::KATA_CSPACE_SLOTS; use slot_allocator::KATA_CSPACE_SLOTS;
@ -385,8 +385,9 @@ pub fn kata_object_alloc(
// Attach our CNode for returning objects; the CAmkES template // Attach our CNode for returning objects; the CAmkES template
// forces extraCaps=1 when constructing the MessageInfo struct // forces extraCaps=1 when constructing the MessageInfo struct
// used by the seL4_Call inside memory_alloc. // used by the seL4_Call inside memory_alloc.
// NB: scrubbing the IPC buffer is done on drop of |cleanup|
sel4_sys::debug_assert_slot_cnode!(request.cnode); sel4_sys::debug_assert_slot_cnode!(request.cnode);
seL4_SetCap(0, request.cnode); let _cleanup = Camkes::set_request_cap(request.cnode);
memory_alloc(raw_data.len() as u32, raw_data.as_ptr()).into() memory_alloc(raw_data.len() as u32, raw_data.as_ptr()).into()
} }
@ -418,7 +419,6 @@ pub fn kata_object_alloc_in_toplevel(
// in a new CNode allocated with sufficient capacity. // in a new CNode allocated with sufficient capacity.
// Note the objects' cptr's are assumed to be consecutive and start at zero. // Note the objects' cptr's are assumed to be consecutive and start at zero.
// Note the returned |ObjDescBundle| has the new CNode marked as the container. // Note the returned |ObjDescBundle| has the new CNode marked as the container.
// TODO(sleffler): not used any more, remove?
#[inline] #[inline]
pub fn kata_object_alloc_in_cnode( pub fn kata_object_alloc_in_cnode(
objs: Vec<ObjDesc>, objs: Vec<ObjDesc>,
@ -622,8 +622,9 @@ pub fn kata_object_free(
// Attach our CNode for returning objects; the CAmkES template // Attach our CNode for returning objects; the CAmkES template
// forces extraCaps=1 when constructing the MessageInfo struct // forces extraCaps=1 when constructing the MessageInfo struct
// used in the seL4_Call. // used in the seL4_Call.
// NB: scrubbing the IPC buffer is done on drop of |cleanup|
sel4_sys::debug_assert_slot_cnode!(request.cnode); sel4_sys::debug_assert_slot_cnode!(request.cnode);
seL4_SetCap(0, request.cnode); let _cleanup = Camkes::set_request_cap(request.cnode);
memory_free(raw_data.len() as u32, raw_data.as_ptr()).into() memory_free(raw_data.len() as u32, raw_data.as_ptr()).into()
} }
@ -654,6 +655,8 @@ pub fn kata_object_free_toplevel(objs: &ObjDescBundle)
-> Result<(), MemoryManagerError> -> Result<(), MemoryManagerError>
{ {
let mut objs_mut = objs.clone(); let mut objs_mut = objs.clone();
// Move ojbects to the pre-allocated container. Note this returns
// the toplevel slots to the slot allocator.
objs_mut.move_objects_from_toplevel( objs_mut.move_objects_from_toplevel(
unsafe { MEMORY_RECV_CNODE }, unsafe { MEMORY_RECV_CNODE },
unsafe { MEMORY_RECV_CNODE_DEPTH } unsafe { MEMORY_RECV_CNODE_DEPTH }

6
apps/system/components/ProcessManager/kata-proc-interface/src/lib.rs
View File

@ -10,12 +10,10 @@ use core::str;
use cstr_core::CString; use cstr_core::CString;
use kata_memory_interface::ObjDescBundle; use kata_memory_interface::ObjDescBundle;
use kata_memory_interface::RAW_OBJ_DESC_DATA_SIZE; use kata_memory_interface::RAW_OBJ_DESC_DATA_SIZE;
use kata_os_common::sel4_sys; use kata_os_common::camkes::Camkes;
use kata_security_interface::SecurityRequestError; use kata_security_interface::SecurityRequestError;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sel4_sys::seL4_SetCap;
mod bundle_image; mod bundle_image;
pub use bundle_image::*; pub use bundle_image::*;
@ -192,7 +190,7 @@ pub fn kata_pkg_mgmt_install(pkg_contents: &ObjDescBundle) -> Result<String, Pro
let request = postcard::to_slice(&pkg_contents, raw_request)?; let request = postcard::to_slice(&pkg_contents, raw_request)?;
let raw_data = &mut [0u8; RAW_BUNDLE_ID_DATA_SIZE]; let raw_data = &mut [0u8; RAW_BUNDLE_ID_DATA_SIZE];
match unsafe { match unsafe {
seL4_SetCap(0, pkg_contents.cnode); let _cleanup = Camkes::set_request_cap(pkg_contents.cnode);
pkg_mgmt_install(request.len() as u32, request.as_ptr(), raw_data as *mut _) pkg_mgmt_install(request.len() as u32, request.as_ptr(), raw_data as *mut _)
} { } {
ProcessManagerError::Success => { ProcessManagerError::Success => {

13
apps/system/components/SecurityCoordinator/kata-security-interface/src/lib.rs
View File

@ -6,6 +6,7 @@ extern crate alloc;
use alloc::string::{String, ToString}; use alloc::string::{String, ToString};
use core::str; use core::str;
use kata_memory_interface::ObjDescBundle; use kata_memory_interface::ObjDescBundle;
use kata_os_common::camkes::Camkes;
use kata_os_common::cspace_slot::CSpaceSlot; use kata_os_common::cspace_slot::CSpaceSlot;
use kata_os_common::sel4_sys; use kata_os_common::sel4_sys;
use kata_storage_interface::KeyValueData; use kata_storage_interface::KeyValueData;
@ -14,7 +15,6 @@ use log::trace;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sel4_sys::seL4_CPtr; use sel4_sys::seL4_CPtr;
use sel4_sys::seL4_SetCap;
// NB: serde helper for arrays w/ >32 elements // NB: serde helper for arrays w/ >32 elements
// c.f. https://github.com/serde-rs/serde/pull/1860 // c.f. https://github.com/serde-rs/serde/pull/1860
@ -280,14 +280,21 @@ pub fn kata_security_request<T: Serialize + SecurityCapability>(
.map_err(|_| SecurityRequestError::SreSerializeFailed)?; .map_err(|_| SecurityRequestError::SreSerializeFailed)?;
match unsafe { match unsafe {
if let Some(cap) = request_args.get_container_cap() { if let Some(cap) = request_args.get_container_cap() {
seL4_SetCap(0, cap); let _cleanup = Camkes::set_request_cap(cap);
}
security_request( security_request(
request, request,
request_buffer.len() as u32, request_buffer.len() as u32,
request_buffer.as_ptr(), request_buffer.as_ptr(),
reply_buffer as *mut _, reply_buffer as *mut _,
) )
} else {
security_request(
request,
request_buffer.len() as u32,
request_buffer.as_ptr(),
reply_buffer as *mut _,
)
}
} { } {
SecurityRequestError::SreSuccess => Ok(()), SecurityRequestError::SreSuccess => Ok(()),
status => Err(status), status => Err(status),

17
apps/system/components/kata-os-common/src/camkes/src/lib.rs
View File

@ -12,6 +12,7 @@ use sel4_sys;
use sel4_sys::seL4_CNode_Delete; use sel4_sys::seL4_CNode_Delete;
use sel4_sys::seL4_CPtr; use sel4_sys::seL4_CPtr;
use sel4_sys::seL4_GetCapReceivePath; use sel4_sys::seL4_GetCapReceivePath;
use sel4_sys::seL4_SetCap;
use sel4_sys::seL4_SetCapReceivePath; use sel4_sys::seL4_SetCapReceivePath;
use sel4_sys::seL4_Word; use sel4_sys::seL4_Word;
use sel4_sys::seL4_WordBits; use sel4_sys::seL4_WordBits;
@ -28,6 +29,14 @@ extern "C" {
static SELF_CNODE_LAST_SLOT: seL4_CPtr; static SELF_CNODE_LAST_SLOT: seL4_CPtr;
} }
// RAII wrapper for handling request cap cleanup.
pub struct RequestCapCleanup {}
impl Drop for RequestCapCleanup {
fn drop(&mut self) {
unsafe { seL4_SetCap(0, 0); }
}
}
pub struct Camkes { pub struct Camkes {
name: &'static str, // Component name name: &'static str, // Component name
recv_path: seL4_CPath, // IPCBuffer receive path recv_path: seL4_CPath, // IPCBuffer receive path
@ -115,6 +124,14 @@ impl Camkes {
self.get_current_recv_path(), self.recv_path); self.get_current_recv_path(), self.recv_path);
} }
// Attaches a capability to a CAmkES RPC request msg. seL4 will copy
// the capabiltiy.
#[must_use]
pub fn set_request_cap(cptr: seL4_CPtr) -> RequestCapCleanup {
unsafe { seL4_SetCap(0, cptr); }
RequestCapCleanup{}
}
// Wrappers for sel4_sys::debug_assert macros. // Wrappers for sel4_sys::debug_assert macros.
pub fn debug_assert_slot_empty(tag: &str, path: &seL4_CPath) { pub fn debug_assert_slot_empty(tag: &str, path: &seL4_CPath) {
sel4_sys::debug_assert_slot_empty!(path.1, sel4_sys::debug_assert_slot_empty!(path.1,