Setup a connection to the SDKRuntime for each application. To do this
add an SDKManager interface to the SDKRuntime for the ProcessManager to
obtain a badged endpoint and install that in each application's CNode.
SDKRuntime now rejects requests received without a registered badge.
RPC's are handled entirely in Rust (no CAmkES). ProcessManager sets up
RPC resources and delivers them to an application through registers.
The application-side SDK runtime uses the resources to marshal RPC
parameters in a page that is attached to the IPC buffer sent to the
SDKRuntime. Reply parameters are written to the shared page and decoded
on return.
Overhaul the SDKRuntime api to be like SecurityCoordinator to consolidate
parameter marhsaling/unmarshaling and to simplify adding new methods.
Rust applications use the SDKRuntime interface directly. C application
will wrap a C interface around the Rust impl (TBD).
Specific changes:
- add SDKManagerInterface
- sel4bundle now plumbs a connection to the SDKRuntime, the CNode slot
with the capability is passed to the application to future-proof CNode
setup changes (an alternative is to use a global const since we control
the application-side runtime api's)
- add kata-sdk-manager crate with SDKManager client interface support;
the only api's are get_endpoint (to get a badged endpoint to SDKRuntime),
release_endpoint (to remove a badged endpoint), and capscan (to dump
the SDKRuntime's top-level CNode)
- add "capscan sdk" in the shell to inspect the SDKRuntime service
- make SDKRuntime require a registered badge on inbound IPCs
- fill-in ping & log SDK api's
- connect ProcessManager to SDKRuntime for SDKManager api use,
everything else happens outside CAmkES
- make SDKRuntime lock against concurrent requests--the SDKManager
runs concurrently and shares SDKRuntime state
- remove kata-shell test_sdk_* commands (replaced by test applications)
Change-Id: I7810949ad0051ff8eda244e0385f662882a556e4
GitOrigin-RevId: 5fef55428e076f670cff325965047c98d84cfbca
StorageManager (the component) did nothing useful so remove it and plumb
the only user (DebugConsole) directly to the SecurityCoordinator. When
the SDKRuntime is ready it likewise will talk directly to
SecurityCoordinator. The only visible change in this is the "kvread" shell
command displays the raw key value instead of converting it to a string.
Change-Id: I5a285dc083e5f02ecbf0defc83deebb34a7b38d7
GitOrigin-RevId: 70d04d8155167f9bf3f88291363760d91c10a279
This CL handles the integration of the Image Manager, which comes
concurrent with the necessary WMMU changes needed by the Image Manager.
The ML Coordinator now calls into Image Manager to make space, commit
images, and set the WMMU.
The MlCoordinator now first verifies that an image is valid by first making a pass through the section headers. It stores the two sizes that we're interested in per image: how big it is packed on flash, and how big it is unpacked in memory.
Known issues:
b/241799340: Refactor BundleImage to support unit testing
The writes to DMEM via the kata-vec-core crate was meant to be in image_manager.rs, but this interfered with the ability to run unit tests. We can refactor BundleImage to make this work.
b/241799866: Improve heap management
Right now I clear all of the "temporary data section" (bss, stack,
heap), but I suspect only the heap needs to be cleared. This needs more effort to check that that's correct, and track those locations.
Minor changes:
ImageId is used instead of (String, String) in the component.
Change-Id: I1505c6474fc60205323ce3bb13610fdac3702b89
GitOrigin-RevId: 5df9938a6cbd7ca5510ce8fcb500ce471f42b2cb
Add support to output the contents of the top-level CNode of a CAmkES
service or KataOS application to the serial console. This is dependent
on kernel support that is enabled with CONFIG_PRINTING. Applications
must be running; otherwise there is no CSpace to dump.
Specific changes:
- add a "capscan" shell command
- add capscan method to each CAmkES interface
- add capscan_bundle method to the ProcessControlInterface
- add Camkes::capscan() to dump the top-level CNode
- add ProcessManager support to dump the CNode for a bundle
TODO: fix syscall wrapper error return
Change-Id: If6ca222decdb4c40a1d3a63e69792eb3feb30f6a
GitOrigin-RevId: 504c0182ccccf287b5d58cd8e33981c11d7539d7
- Use seL4_Untyped_Describe to get an accurate view of each
UntypedMemory slab being managed; this makes mstats reflect
rootserver allocations.
- Track memory allocated before we run as "overhead" (was meant to
track fragmentation but was always zero).
- Add an "mdebug" command to describe each managed memory slab;
this is useful to see whether the kernel's view of memory use is
consistent with MemoryManager.
Change-Id: I53b2738c430ad3356ecd16a1cad29ca92dc74beb
GitOrigin-RevId: 2ad43f9b7760c722a6590ea049a3814c8dcccba7
In particular this exports the CAP_RELEASE flag so there is a single
source for it's definition and KataOS-specific support in the CAmkES
templates is enabled only for KataOS components.
Specific changes:
- adds cbindgen-generated CamkesBindings.h
- adds include of CamkesBindings.h in component cbindgen files
- add a dep on cbindgen.toml in all Makefiles
- update generated interface files
Change-Id: Ib6239d3ac0036b7a04bb36afccf25a05737b0e56
GitOrigin-RevId: af10117fa253f0c7c67969a5852ced9d992c6274
This CL enables multiple outstanding periodic executions. To do so the
MlCoordinator now includes an array of started models and a queue of
models that are ready to be executed immediately. Additionally, each
periodic model has an associated timer. When that timer fires the model
is added to the execution queue. When a model finishes executing, the
next model is popped off the queue and executed. If a model becomes
ready when there's already an execution for it queued, that execution
is dropped and a warning printed. A cancel command is added to remove
periodic or outstanding executions.
A state debug command was also added.
Currently we can only load a single model due to limitations with the
StorageManager, but we can do so multiple times.
Tests:
Single shot: https://paste.googleplex.com/6704629669691392
Two periodic execs: https://paste.googleplex.com/5288292800004096
Overloaded warning: https://paste.googleplex.com/4549962219126784
Debug State:
KATA> state_mlcoord
kata_ml_coordinator::Running model: fubar:mobilenet_v1_emitc_static.model
kata_ml_coordinator::Loaded model: fubar:mobilenet_v1_emitc_static.model
kata_ml_coordinator::Loadable Models:
kata_ml_coordinator:: LoadableModel { bundle_id: "fubar", model_id: "mobilenet_v1_emitc_static.model", rate_in_ms: Some(2000) }
kata_ml_coordinator:: LoadableModel { bundle_id: "fubar", model_id: "mobilenet_v1_emitc_static.model", rate_in_ms: Some(6000) }
kata_ml_coordinator::Execution Queue:
kata_ml_coordinator:: fubar:mobilenet_v1_emitc_static.model
kata_ml_coordinator::Statistics: Statistics { load_failures: 0, already_queued: 0 }
Change-Id: I7637c9c390eb6ffd9ae22088f37b98c056a441c2
GitOrigin-RevId: 18c0d3fe740a37381f7f1eddee8f2224f679fd61
The MemoryManager service allocates & frees seL4 objects. Requests can be
batched. Capabilities to dynamically allocated objects are moved in CNode
containers attached to IPC requests.
Specific changes:
- Add new CAmkES MemoryManager component.
- Add api's for allocating & freeing singleton objects (e.g.
kata_cnode_alloc) and batches of objects (kata_object_alloc &
kata_object_free).
- Add support to kata-os-rootserver to hand-off UntypedMemory objects
just before terminating. The objects are placed directly in the
MemoryManager's top-level CNode and a BootInfo frame is constructed
that describes where the objects are.
- Switch the rootserver to kata-os-rootserver as the C version lacks
the UntypedMemory hand-off.
- Add test_bootinfo kata-shell command to dump the MemoryManager BootInfo
frame contents (broken for now because it directlry references the
shared page).
- Add test_obj_alloc kata-shell command that exercises the MemoryManager
singleton and batch api's
While here, did some cleanup of arg handling in kata-shell.
TODO: top-level object allocations use a simplistic capability allocator
TODO: move test_bootinfo to the MemoryManager and add an interface rpc
Change-Id: I778b2d5fe7f2f9b65ee642ff905cf56d4b2b02fd
GitOrigin-RevId: 7fc72d1927bba165234955e68f8b9ad1b556f6fb
This change adds the kata-ml-core crate. vc_top is generated
programatically, with the script going to be reviewed next if the format here
looks good. The library replaces the VectorCoreDriver c-code.
Change-Id: Id3f083e2498ea29481db49af5e87d47fe8414a71
GitOrigin-RevId: 40d43b0288e995d215997fc8973e18a41a4d5844
Move getting the return code and fault registers into Rust and out from
the C driver. This means extending the DTCM to cover memory previously
covered by `mem`.
Change-Id: I9d1ad8e9823445ad7dd476ef05f128a29567999b
GitOrigin-RevId: 21bc1ee544d39d6b4a2ff963aaae7c145fdd7fa9
* changes:
Replace SeL4Debug with direct syscalls.
sel4-sys: fix conditional syscall numbering
sel4-sys: use target_arch &co to select target architecture
kata-os-common: add sel4-sys support for riscv32
kata-os-common: cleanup sel4-sys before bringing in local changes
kata-os-common: pristine import of sel4-sys-0.0.28 (-seL4 submodule)
GitOrigin-RevId: 36ee1d4f9e521b60fdc6b91f2581413b55882fca
Create a new VectorCoreReturnInterface for the connection from the
VectorCoreDriver to MlCoordinator. Retrieve the return code and fault
from the finish IRQ handler back to MlCoordinator. It can be served as
the hook for the continuous run.
Change-Id: I6346cca0bc372e5b3a80d70b333d42ba768e822f
GitOrigin-RevId: bae4ab68418ce7ac9d4ac5ebb86bb6e55993b7cd
- add SecurityCoordinator component (needs mailbox support, just
a fake which should be enabled with a feature flag)
- connect to ProcessManager & MlCoordinator - temproarily connect
to DebugConsole to enable scecho test command
- expand Bundle to hold application information (may need more elf)
- connect ProcessManager::{install, uninstall} to SecurityCoordinator
(no application binary yet, needs global page allocator)
Notes:
- SecurityCoordinator depends on camkes for thread synchronization
- private heap is 8KB (and could possible be less; need to tune)
- camkes interface connection uses seL4RPCOverMultiSharedData so ipc
buffers are 4KB; the request & reply serde buffers are 2KB but could
be near 4KB since they are used sequentially and the other params
are a few bytes (but beware of camkes stack allocation)
- the camkes SecurityCoordinator::request rpc is defined so that the
request param has reasonable handling but the reply param requires
a full copy (even if only partly used); haven't found a way to
express the desired handling
Change-Id: I686dc2d501e39bc8c27fe22db40657165a55b472
GitOrigin-RevId: db1536c241e28ddda1dc8f8da341b8c667ed6646
Replace the hand-rolled code to marshal/unmarshal bundle_id's with serde
and postcard. Postcard was selectecd because it works with no_std and has
api's that do not require copying.
Change-Id: I5bec725e42e5f94b4a486669f86e4aeb1322de6c
GitOrigin-RevId: b56e1d39faae0f8705c5d11a62d33db540f2d35c
[NB: this is a step toward adding StorageManager]
- add app_id to Bundle to enable expanding the skeleton framework (for
now this is filled in with the address of the pkg_buffer arg)
- change install api to follow design doc (bundle id comes from manifest)
- mark start & stop api's as needing a mutable self - hide Bundle
internals (more): do not export representation, we will use serde to
pass it through camkes
- remove assumption hashmap of bundles corresponds to StorageManager
contents - use String instead of BundleId and Vec<String> instead
of BundleIdArray in public api's (SmallVec & SmallString are impl
artifacts now pushed down to ProcManager)
- adjust unit tests (ditch kata-proc-manager::tests as it adds nothing)
Change-Id: If3d77b031f43c0c867266dbfa66fa31e4ab67033
GitOrigin-RevId: bbadf0b0b09e7978613d57a816363079642e2a45
Propagate the ProcessManagerError enum through the
PackageManagementInterface and ProcessControlInterface so the client
has more information about why a request failed.
Change-Id: Ic2d8fcf1401edd6faff85fe821443f720d0b00c4
GitOrigin-RevId: 91d668fc56a352776803392d89aacc034cee1f1e
Components can reduce the number of rpc's if they set_max_level but by
default pass everything and let the DebugConsole decide what is logged.
With this the shell loglevel command now controls logging from all
components.
Change-Id: I72b77bbf02882ffdba0aaf0b9b88126bfd2e62a1
GitOrigin-RevId: d451e72cf67e41d6ee25ea2995098b5009cf8852
This ends the behavior where log messages would block on the prompt.
This change does not fix the potential race on dataports if
kata-uart-client read or write has multiple concurrent callers. A later
change will protect those using CAmkES mutexes, although the
alternative of having DebugConsole *own* the UART should also be
considered.
Change-Id: I8d5d8336cd58b9f22cca81ae6aca13b4ed57e7e4
GitOrigin-RevId: e781fd8454d22e0f829d788fe602e431551e259a
Add a VectorCoreDriver component that handles setting vector core CSRs.
Rewrite MLCoordinator to conform to other Kata components. The old code
wasn't useful.
Add `test_mlexecute` command for running ML. Add plumbing from shell to
coordinator.
Change-Id: I3d563f1a343361c95d3ad5b78231fbe9df32b851
GitOrigin-RevId: f3c38839f708743de596339d1b8173315283b772
- Split support into three levels:
o kata_proc_manager::process_manager is a single-threaded implementation
of ProcessManagerInterface and PackageManagerInterface that uses an
abstract manager interface to carry out low-level work (used mainly
to inject fakes for unit testing).
o kata_proc_manager is a thread-safe wrapper around process_manager that
has the manager interfaces bound to KataOS; this is the level at which
we integrate with external components.
o kata_proc_component is the top-level glue code for the ProcessManager
camkes component; it has a pre_init function to setup rust support
(logger, allocator, etc), a run function for the component's control
block, and wrapper functions for the camkes ProcessControl and
PackageManagement interfaces.
- Add install, uninstall, start, stop, and bundles shell commands for
exercising ProcessControlInterface & PackageManagementInterface.
Specifics:
- Bundle id's are now treated internally as SmallString's with &str
used for passing bundle id's through api's. The BundleId type is
temporarily used for get_running_bundles() to return information (but
see below about RawBundleIdData).
- ArrayVec's are replaced with a hashbrown::HashMap
- Bundle objects are Box'd instead of holding refs (now that we have an
allocator); this eliminates lifetime constraints.
- The manager interface is Box'd to eliminate lifetime constraints.
- Purge ProcessManager::empty(), it's infeasible with the hashmap and
is not needed with kata_proc_manager support for static decls.
- Add RawBundleIdData support for serialize+deserialize of BundleIdArray;
no more leaking internal data types to client code.
- Remove bounds check on #bundles recorded; set a nominal capacity
and fallback to dynamic allocation of the hashmap.
- Manually update ProcessManagerBindings.h (using cbindgen).
Change-Id: I08deaecc997ea96cb794808036540bedd58b3fa4
GitOrigin-RevId: 6e0826940b43b1295d39769b57812a9494b5a4cb
- new ProcessManager component (aka kata-process-manager)
NB: interfaces/ProcessManagerBindings.h is manually generated by cbindgen
for the moment; e.g.
cargo install cbindgen;
cd components/ProcessManager; cbindgen -c cbindgen.toml \
-o ../../interfaces/ProcessManagerBindings.h kata-proc-common
Change-Id: I153c6b193c6ba8e376b87a2563dc8543753f0b42
GitOrigin-RevId: 18c354f14cbec6ce01c020136fe9aefd88248ee9
- add a SeL4Debug component that wraps seL4DebugPutString and seL4DumpScheduler
system calls that are marked static inline (so not callable from rust)
- connect seL4Debug to the DebugConsole and add a "ps" command to the shell
that uses sel4DumpScheduler to print the tcb's on the console; e.g.
KATA_PROMPT> ps
Dumping all tcbs!
Name State IP Prio Core
--------------------------------------------------------------------------------------
sel4debug:sel4debug running 0x1017e 254 0
sel4debug:fault_handler blocked on recv 0x1046e 255 0
sel4debug:control blocked on recv 0x1046e 254 0
drv:uart blocked on recv 0x11dc4 254 0
drv:fault_handler blocked on recv 0x105d4 255 0
drv:control blocked on recv 0x105d4 254 0
debug_console:fault_handler blocked on recv 0x10840 255 0
debug_console:control blocked on reply 0x12808 254 0
idle_thread idle 0 0 0
rootserver inactive 0x10558 255 0
Change-Id: I48496ec0002e3307aaeb5c779319d4beb87ae56b
GitOrigin-RevId: 8665f609bdb7efd3b814b4f40abf08c5dd1e863d
This also adds a skeleton for the DebugConsole CLI taking IO from a UART
via some Rust wrapper functions, also defined in this change
(kata-uart-client).
Change-Id: I56856c14992010483da58c45f6550c0a4c9987b0
GitOrigin-RevId: e1b2d65ed3a7f627a9f7377caa407151fc943864
