Simplify the rpc mechanism and make it more robust. Instead of serializing
the request token at the front of the slice assigned to request arguments,
write the token to the label field of the MessageInfo. Likewise instead
of incorporating the status in the response data return that in the
label field. This noticeably simplifies the code and properly handles
the case where the receiver fails to map the page frame associated with
rpc (previously it kinda punted, now the caller get a proper status
result). While here extend the request/reswponse enum's to give each
error a distinct value.
Note that requsst/response tokens are passed as raw numbers under the
assumption sender + receiver are on the same machine so are using the
same byte order.
NB: this adds the num_enum crate to handle enum<>primitive conversions.
Change-Id: I536a23c7bddc43c686cc4335f22524debeeedf4f
GitOrigin-RevId: 8a9fa009dc65605b8d160330edcde02dcfa2172b
- make kata-uart-client use dependent on a new "sparrow_uart_support"
feature; this is needed for headless operation and for platforms
without a working uart driver
- add a mechanism where an "autostart.repl" file is fetched from the
builtins (if present) and passed through the shell; output goes to
the uart if configured, otherwise the kernel or /dev/nnull
- add a new "source" shell command that interprets the contents of a
builtins file as console input
- rework the command interpreter to support autostart & source
- move the logging hookup to kata-debug-console so the system builds
when no uart support is conffigured (need to add fallback to debug
syscalls in case that works when no driver is present)
Change-Id: I5e6725c93488a48d212dfaca425ede37cbdb72e5
GitOrigin-RevId: 6f360cab71ea103af52e3c68ca240fc16e0f20bb
Adds a kata-io-compatible client that returns data from a slice and
sends writes to the kernel (if possible) or discards them. This will
be used for running cli scripts and for platforms that do not have a
uart device/driver.
Change-Id: I84facebf16eb9b6692e872e930db027998dd160f
GitOrigin-RevId: 11a3502fb2f8716f9d1a204519b5e93162274590
For now therre's just a single empty "autostart.repl" script that's run at boot.
Change-Id: I45e58131cde52fcbed855ebbe5d3ce12c93ba302
GitOrigin-RevId: 9740e9b0fdecf60f4b2c900309cdb467113c3059
The "ml_support" feature controls MlCoordinator commands are included.
The "TEST_ML_COORDINATOR" feature is now dependent on "ml_support".
Change-Id: I13e3e0b467f006a564bb2cf4839a11ab8a1b04c8
GitOrigin-RevId: 133e8842848c73644e593ebfd4c9115fde1afd3b
Make the mailbox_api dependency optional so builds without a security
core work as intended. This means users of the fake lose the test_mailbox
shell command but given it was only a test vehicle it should be ok to
require configuring the sel4 feature.
As part of this update the "real impl" skeleton to the current traits.
Change-Id: I2a8628d316cca576d9c5dc579f099e16003a8f19
GitOrigin-RevId: e6232073ed02aa6919ef2ed11a80dee1bcb11872
We added Debug formatting of the error status to the rcore-os/cpio crate.
Remove use so this code builds with the upstream crate unchanged (it
was mostly useful during development).
Change-Id: Ibc83fc2201c128ec7362c60afaebba584c7eaecd
GitOrigin-RevId: 4af28c4d281e7ff5e74d8c0a21d0f774b9a1eeb0
- correct seL4_Recv & co for MCS api difference
- split MCS- vs !MCS-syscall wrappers into separate files
- use split inout handling of src => badge
Change-Id: Iecf7fd50bf1f47f135d7123aad968ef482af671e
GitOrigin-RevId: 769bb4d75ae9efca0de52f273caf8268f3c35b8f
Rename the cate and functions to better identify things as
application-specific.
Change-Id: Ie4c888f6b0c0b66c2d4cfb6e0fb3b5b1e0b82c48
GitOrigin-RevId: 5ea9e1204023f717bbb63dcc0cf0579c1359e2da
Setup a connection to the SDKRuntime for each application. To do this
add an SDKManager interface to the SDKRuntime for the ProcessManager to
obtain a badged endpoint and install that in each application's CNode.
SDKRuntime now rejects requests received without a registered badge.
RPC's are handled entirely in Rust (no CAmkES). ProcessManager sets up
RPC resources and delivers them to an application through registers.
The application-side SDK runtime uses the resources to marshal RPC
parameters in a page that is attached to the IPC buffer sent to the
SDKRuntime. Reply parameters are written to the shared page and decoded
on return.
Overhaul the SDKRuntime api to be like SecurityCoordinator to consolidate
parameter marhsaling/unmarshaling and to simplify adding new methods.
Rust applications use the SDKRuntime interface directly. C application
will wrap a C interface around the Rust impl (TBD).
Specific changes:
- add SDKManagerInterface
- sel4bundle now plumbs a connection to the SDKRuntime, the CNode slot
with the capability is passed to the application to future-proof CNode
setup changes (an alternative is to use a global const since we control
the application-side runtime api's)
- add kata-sdk-manager crate with SDKManager client interface support;
the only api's are get_endpoint (to get a badged endpoint to SDKRuntime),
release_endpoint (to remove a badged endpoint), and capscan (to dump
the SDKRuntime's top-level CNode)
- add "capscan sdk" in the shell to inspect the SDKRuntime service
- make SDKRuntime require a registered badge on inbound IPCs
- fill-in ping & log SDK api's
- connect ProcessManager to SDKRuntime for SDKManager api use,
everything else happens outside CAmkES
- make SDKRuntime lock against concurrent requests--the SDKManager
runs concurrently and shares SDKRuntime state
- remove kata-shell test_sdk_* commands (replaced by test applications)
Change-Id: I7810949ad0051ff8eda244e0385f662882a556e4
GitOrigin-RevId: 5fef55428e076f670cff325965047c98d84cfbca
Use separate in+out variables instead of a single r/w variable.
This makes all simular code paths consistent.
Change-Id: I0b78e9cdac881db775b6d08ba1051ebc3f0b096d
GitOrigin-RevId: e12735b6c9c7aba49f60327328baaa6a7fcc7519
- assert kata_security_install is really sending a CNode
- have kata_security_request clear any unexpected capability associated
with the ipcbuffer; this mostly guards against a received badge being
treated as a cap if the ipcbuffer is turned around from recv to send
Change-Id: I8ac6634809aa11f0f249a7be296b43807d56dff8
GitOrigin-RevId: 21930c5f7a5e809460348da0d0b617004e77e065
- eliominate direct use of KATA_CSPACE_SLOTS
- simplify some code now that CSpaceSlot::release returns the released slot
Change-Id: I95300c476a514de7cbe9aa08ccba336878149c23
GitOrigin-RevId: 4c1441f44ff1565610c156fb6c1af60fba554904
- clear_request_cap to clear a request ipbuffer's cap
- debug_assert_recv_path_{empty,cnode,frame}
Change-Id: I25ad559c810fc063d95a4a9c0a15b9dbab9cbf3b
GitOrigin-RevId: ee0af0dc3ab93b555a4f42cdfb8a2b7a6dd92dca
kata-os-common is an "aggregate crate" used many places where only
a subset of the code is used (esp applicatiions written in Rust).
Reduce internal dependencies to reduce bloat and speed up builds:
- expand the scope of the "camkes_support" feature
- adjust sel4-sys deps that do not require serde support
- add a "capdl_support" feature (default disabled)
Change-Id: Ie1319f1168d37bd6c8f0de8d19708153c7b80dcd
GitOrigin-RevId: a02c4b1a5d6ca26920cba013d9339415b607a2c0
- copy_to now take rights
- add dup_to that does a copy with all-rights preserved
- add mint_to
- add mutate_to
- change release to return any assigned slot
- fixup callers
Change-Id: I747c01d426906042e76ba00c19513eae3fa3b03c
GitOrigin-RevId: 7270785dc92ee5ef6b56d330b0076d57dc9374f8
The seL4_Recv call (as well as related syscalls) have a different api
with MCS; correct that. As part of this try splitting riscv32 into MCS-
and non-MCS-files to reduce cfg usage.
Bug: 247129956
Change-Id: I5f0c0e192e6b366f68b23c14ae26836b4cd14158
GitOrigin-RevId: 4f844e700cb9c13c06c0026b2ea0bd752e6e9fab
Need to account for gaps between application segments when calculating
the index of the page frame object. This was being handled only for a
gap before the first page/segment.
Bug: 243556006
Change-Id: I0e723a58dc5e2b9c49b29aebe030a546bbe024ac
GitOrigin-RevId: 83e6cad536ffa148c434341fbefdce2dd43667ee
StorageManager (the component) did nothing useful so remove it and plumb
the only user (DebugConsole) directly to the SecurityCoordinator. When
the SDKRuntime is ready it likewise will talk directly to
SecurityCoordinator. The only visible change in this is the "kvread" shell
command displays the raw key value instead of converting it to a string.
Change-Id: I5a285dc083e5f02ecbf0defc83deebb34a7b38d7
GitOrigin-RevId: 70d04d8155167f9bf3f88291363760d91c10a279
Need to disable camkes support in kata-os-common to avoid dragging in refs
to SELF_CNODE_* symbols.
Change-Id: I58fc07e79a7cf438342433ef8a8f99a49561392b
GitOrigin-RevId: 6bc8bdd0332197c5191617c7c67d4a425d4a9844
When a CAmkES component lacks an outbound connection to send log msgs
there will be no logger_log symbol. Use a weak ref here to handle that
without resorting to a feature or similar.
Mark logger connections as "maybe" so they are optional.
Change-Id: I6ecd939014d26a612d115741fd2ac673afa40857
GitOrigin-RevId: 0b1bf2611cbb628500cae37889c6547a996d50e9
This hello app uses the logger crate plumbed to the console. Way
bigger than the C version.
Change-Id: I7bf7e8b559fea8e045123d057412493bf7b71a24
GitOrigin-RevId: 97e12e93cc9ebfb4be021cff506417d7434b27f5
