- add SecurityCoordinator component (needs mailbox support, just
a fake which should be enabled with a feature flag)
- connect to ProcessManager & MlCoordinator - temproarily connect
to DebugConsole to enable scecho test command
- expand Bundle to hold application information (may need more elf)
- connect ProcessManager::{install, uninstall} to SecurityCoordinator
(no application binary yet, needs global page allocator)
Notes:
- SecurityCoordinator depends on camkes for thread synchronization
- private heap is 8KB (and could possible be less; need to tune)
- camkes interface connection uses seL4RPCOverMultiSharedData so ipc
buffers are 4KB; the request & reply serde buffers are 2KB but could
be near 4KB since they are used sequentially and the other params
are a few bytes (but beware of camkes stack allocation)
- the camkes SecurityCoordinator::request rpc is defined so that the
request param has reasonable handling but the reply param requires
a full copy (even if only partly used); haven't found a way to
express the desired handling
Change-Id: I686dc2d501e39bc8c27fe22db40657165a55b472
GitOrigin-RevId: db1536c241e28ddda1dc8f8da341b8c667ed6646
This change does no more than run "cargo fmt" on the sources in the
zmodem directory so that the porting change can be based on formatted
files.
Change-Id: I72789f57bf4d195bdcbd24d04cc08e5d801b6b05
GitOrigin-RevId: 8a27fb27e976c82c10030b6afecfa0fb1980630b
This is commit acdc761522679de2c52e0a7fa2640d48f7bd0ab5 on GitHub.
The project is not actively maintained and requires substantial change
to port to no_std and kata_io traits, making copying more appealing than
tracking upstream.
This change adds the unmodified files as a local diffbase.
Change-Id: I8846f4842d75d01f07b2857998819115a9c449ba
GitOrigin-RevId: 5cb637810ddfa5a35d73d680c16c36855f1b70ef
Sometimes it is useful for kata-io to be API-compatible with std::io
(e.g. porting a ZMODEM library). std::io has a similarly defined alias
where E is its own error type.
Change-Id: Idaf88fb1d41bcb984608d82a0ea222290c78f5c4
GitOrigin-RevId: 5738e6ac705b6fe3b48dd64891808cf50b75afb7
Replace the hand-rolled code to marshal/unmarshal bundle_id's with serde
and postcard. Postcard was selectecd because it works with no_std and has
api's that do not require copying.
Change-Id: I5bec725e42e5f94b4a486669f86e4aeb1322de6c
GitOrigin-RevId: b56e1d39faae0f8705c5d11a62d33db540f2d35c
[NB: this is a step toward adding StorageManager]
- add app_id to Bundle to enable expanding the skeleton framework (for
now this is filled in with the address of the pkg_buffer arg)
- change install api to follow design doc (bundle id comes from manifest)
- mark start & stop api's as needing a mutable self - hide Bundle
internals (more): do not export representation, we will use serde to
pass it through camkes
- remove assumption hashmap of bundles corresponds to StorageManager
contents - use String instead of BundleId and Vec<String> instead
of BundleIdArray in public api's (SmallVec & SmallString are impl
artifacts now pushed down to ProcManager)
- adjust unit tests (ditch kata-proc-manager::tests as it adds nothing)
Change-Id: If3d77b031f43c0c867266dbfa66fa31e4ab67033
GitOrigin-RevId: bbadf0b0b09e7978613d57a816363079642e2a45
This CAmkES component demonstrates concurrent control threads when one
of them never calls seL4_Yield (preemption by timer interrupts). It can
be removed when we are sure this is working well. Until then, the log
messages will be visible after issuing "loglevel trace" at the prompt.
Change-Id: Ice1a3ac2e11dc50f5d9d5f790e2de80b58fe269e
GitOrigin-RevId: d20266a6add4f3d4d673a492a3b0ab70663e0308
- change early logging (pre kata-shell prompt) to trace level so by
default nothing shows up unless kata-debug-console::pre_init sets
log::set_max_level to Trace (default is Debug)
- log allocator init's in caller so log msgs identify per-component heap
setups (all the same for now but at some point may diverge)
- shorten kata-shell prompt to "KATA> " - remove unused camkes control's
and consolidate other early work in pre_init and <component>__init hooks
- cargo fmt components
Change-Id: I010eb5cc5af2e379691cb2e62d82dbab32a06bc3
GitOrigin-RevId: badddf46f5ba50fa60e9cbead9f6d99d5ff3808b
With the LogFibonacci component, it became apparent that having
fill_tx_fifo only fill the TX FIFO once would cause only 32 bytes (the
size of the TX FIFO) to be sent out at a time. This was because the
Renode UART is so fast that tx_empty was becoming true again even before
it was cleared from INTR_STATE.
Not clearing INTR_STATE unless rx_buf is empty is enough to fix this by
itself, but to avoid lots of interrupts, we also have fill_tx_fifo loop
until the FIFO is really full.
Change-Id: I4bf2f05770e1a1447b5d79930a446667a268e5dd
GitOrigin-RevId: c61eecb16f6d28c8d9b71605199a62ae01919a41
sparrow_all.repl says this address is for "UART1 for SMC Core," but until
this change we have been using "UART3 (Reserved)."
Change-Id: I149b592f6df484e7bdac4d1bd2a3fc0ab3f813ba
GitOrigin-RevId: 40913f9e26724b6841f4380aa28de1806dcf28e5
This reverts commit 342e260470ba0c194c7f7a0d1006b2f3a2432236.
Reason for revert: adding to same topic as a sim.mk change that runs the same Renode.exe built by "m renode"
Change-Id: I4ad8715e09ec3c0bf56939706a19db9085f806bb
GitOrigin-RevId: 31b22501c04e525394bc43406affb1c4d4829c1f
This reverts commit 010f0d7045d40ea6b0900fc74d79fe92df0fae69.
Reason for revert: kata console fails to come up.
Change-Id: Icab24e9043f967ea76907ce938eef72b2fbf47ac
GitOrigin-RevId: 342e260470ba0c194c7f7a0d1006b2f3a2432236
With Renode at HEAD, this causes an infinite loop. It seems like the
Renode OpenTitan UART does not have "edge triggered" behavior.
Change-Id: Ic553ce34cabaf8287c7969904d6336d1acf339a0
GitOrigin-RevId: 010f0d7045d40ea6b0900fc74d79fe92df0fae69
Propagate the ProcessManagerError enum through the
PackageManagementInterface and ProcessControlInterface so the client
has more information about why a request failed.
Change-Id: Ic2d8fcf1401edd6faff85fe821443f720d0b00c4
GitOrigin-RevId: 91d668fc56a352776803392d89aacc034cee1f1e
Now that logger level is passed with the message it can be added on the
server side if desired. For now just remove it entirely so we have more
space for the actual message.
Change-Id: I7b8dbdb0460cf2bf7b009ddc5d9d70a438f9d803
GitOrigin-RevId: 701ca7a5d32f1ad5c5f583db78b6c5e7625857f4
Components can reduce the number of rpc's if they set_max_level but by
default pass everything and let the DebugConsole decide what is logged.
With this the shell loglevel command now controls logging from all
components.
Change-Id: I72b77bbf02882ffdba0aaf0b9b88126bfd2e62a1
GitOrigin-RevId: d451e72cf67e41d6ee25ea2995098b5009cf8852
This ends the behavior where log messages would block on the prompt.
This change does not fix the potential race on dataports if
kata-uart-client read or write has multiple concurrent callers. A later
change will protect those using CAmkES mutexes, although the
alternative of having DebugConsole *own* the UART should also be
considered.
Change-Id: I8d5d8336cd58b9f22cca81ae6aca13b4ed57e7e4
GitOrigin-RevId: e781fd8454d22e0f829d788fe602e431551e259a
pc_start is a full 16 bits, freeze is 1 bit. Mixed up the bit ands. Need
auto-generation :)
Change-Id: Ib4f701b43e131bfcb448c68b06d2518cf80e8098
GitOrigin-RevId: a7c3c64eb15ffce8e76b28b105832a253a6d580b
Add a VectorCoreDriver component that handles setting vector core CSRs.
Rewrite MLCoordinator to conform to other Kata components. The old code
wasn't useful.
Add `test_mlexecute` command for running ML. Add plumbing from shell to
coordinator.
Change-Id: I3d563f1a343361c95d3ad5b78231fbe9df32b851
GitOrigin-RevId: f3c38839f708743de596339d1b8173315283b772
- Split support into three levels:
o kata_proc_manager::process_manager is a single-threaded implementation
of ProcessManagerInterface and PackageManagerInterface that uses an
abstract manager interface to carry out low-level work (used mainly
to inject fakes for unit testing).
o kata_proc_manager is a thread-safe wrapper around process_manager that
has the manager interfaces bound to KataOS; this is the level at which
we integrate with external components.
o kata_proc_component is the top-level glue code for the ProcessManager
camkes component; it has a pre_init function to setup rust support
(logger, allocator, etc), a run function for the component's control
block, and wrapper functions for the camkes ProcessControl and
PackageManagement interfaces.
- Add install, uninstall, start, stop, and bundles shell commands for
exercising ProcessControlInterface & PackageManagementInterface.
Specifics:
- Bundle id's are now treated internally as SmallString's with &str
used for passing bundle id's through api's. The BundleId type is
temporarily used for get_running_bundles() to return information (but
see below about RawBundleIdData).
- ArrayVec's are replaced with a hashbrown::HashMap
- Bundle objects are Box'd instead of holding refs (now that we have an
allocator); this eliminates lifetime constraints.
- The manager interface is Box'd to eliminate lifetime constraints.
- Purge ProcessManager::empty(), it's infeasible with the hashmap and
is not needed with kata_proc_manager support for static decls.
- Add RawBundleIdData support for serialize+deserialize of BundleIdArray;
no more leaking internal data types to client code.
- Remove bounds check on #bundles recorded; set a nominal capacity
and fallback to dynamic allocation of the hashmap.
- Manually update ProcessManagerBindings.h (using cbindgen).
Change-Id: I08deaecc997ea96cb794808036540bedd58b3fa4
GitOrigin-RevId: 6e0826940b43b1295d39769b57812a9494b5a4cb
Mutex<Heap>::lock() gives inner mutability so ditch the RefCell that came
from the original Cortex-M code.
Change-Id: Ib0a29069fd63fd87bd94d68439bfeb433c26db8b
GitOrigin-RevId: bbb505f98c8f1614a81090f58f9445a956697690
The preboot code still sends kernel logging to the 16550. A later change
will also port this to OpenTitan or find another alternative.
Change-Id: Ifbf296e2ba9c6b354dd94d4a0640a2105e177fc9
GitOrigin-RevId: 4226974521b31f8ff8cfa21d8d1fcb19290c8265
- the RELEASE setting is a boolean, correct cmake check
- explicitly force log-level=0 & debug=true in cargo profile.dev entries
NB: to switch between RELEASE + non-RELEASE builds do "m clean",
change easy-settings.cmake, then "m kata"
Change-Id: If56cd855a9f30313e264a808c0c12df0532194a0
GitOrigin-RevId: b15be5feba41a19a71ff86f00fee0b7bd0942049
Sprinkle seL4_Yield's in the tx/rx polling loops so other work in the
DebugConsole component happens. This is a band-aid for the driver not
using interrupts.
Change-Id: I600fdc2b01d60b18bb70e80adbfde9b1c348a194
GitOrigin-RevId: f2e90519f53b78a3ee2b42ca4613b1ea34cd4133
Replace LockedHeap with a purpose-built equivalent. This works around
issues where rust_oom was undefined for certain build configs and
facilitates future sel4 integration (e.g. to use dynamically allocated
memory instead of bss).
Change-Id: I54f779ef794104ad1ae95590812d1cd49b4a3734
GitOrigin-RevId: 83474c02e6b6957946fbca4a9aa090bf3c4dbfdc
- add a linked_list_allocator::LockedHeap instance to each component that
might want to allocate memory and init the allocator with a fixed-size
memory block in the component post_init hook
- add an alloc_test shell command that exercises the allocator
This does not dynamically add memory or support sharing memory between
components; this is an intermediate step to simplify bringing in crates
that want to allocate memory (e.g. hashbrown)..
Change-Id: Idaf11fb5d4999218c75bf932133df24de35e3053
GitOrigin-RevId: 7c9b14bf9463239ce030c374b58a140f0835759e
To write s3L4 for OpenTitan matcha, we want to depend on generated C
header files for definitions of MMIO sizes, offsets, masks, bit
meanings, etc.
To make these header files available to the seL4 build, this change adds
a make prerequisite for the kata build to run regtool.py with output
going to out/kata/opentitan-gen.
In CAmkES CMake files, the INCLUDE attribute can be used to add to the
include path, and this change also does that for the UartDriver
component. (The implementation will be left for a later change, since an
initial straighforwrd attempt saw writes still going to the 16550.)
Change-Id: If7e7e206ddcf625b8f5a45dc6486693cab7c51e2
GitOrigin-RevId: 018b9ddf9cde2389fb9f39553095d955705cb7a0
This only serves to confuse the cmake build tools into using the wrong
definitions, instead of the ones used in apps/system/rust.cmake.
Change-Id: Iaed204a8f8a9ae5fc2233dc4f9147ba6cf6a9a25
GitOrigin-RevId: 290682ee7b8eb7ad00a52f72c0f6e3be08e88673
This turns on "fat" LTO for builds even in dev mode so that we can keep our
binaries size down. It's not a total solution, but eliminates the "kitchen sink"
effect that building Rust static libs has, allowing us to keep our dependencies
down a bit.
Change-Id: I5fb071d7cdb7b9964b2af25d8137944593bd065c
GitOrigin-RevId: fe7f105307e042c211be5d031870d6161d71e27c
- new ProcessManager component (aka kata-process-manager)
NB: interfaces/ProcessManagerBindings.h is manually generated by cbindgen
for the moment; e.g.
cargo install cbindgen;
cd components/ProcessManager; cbindgen -c cbindgen.toml \
-o ../../interfaces/ProcessManagerBindings.h kata-proc-common
Change-Id: I153c6b193c6ba8e376b87a2563dc8543753f0b42
GitOrigin-RevId: 18c354f14cbec6ce01c020136fe9aefd88248ee9
- add a SeL4Debug component that wraps seL4DebugPutString and seL4DumpScheduler
system calls that are marked static inline (so not callable from rust)
- connect seL4Debug to the DebugConsole and add a "ps" command to the shell
that uses sel4DumpScheduler to print the tcb's on the console; e.g.
KATA_PROMPT> ps
Dumping all tcbs!
Name State IP Prio Core
--------------------------------------------------------------------------------------
sel4debug:sel4debug running 0x1017e 254 0
sel4debug:fault_handler blocked on recv 0x1046e 255 0
sel4debug:control blocked on recv 0x1046e 254 0
drv:uart blocked on recv 0x11dc4 254 0
drv:fault_handler blocked on recv 0x105d4 255 0
drv:control blocked on recv 0x105d4 254 0
debug_console:fault_handler blocked on recv 0x10840 255 0
debug_console:control blocked on reply 0x12808 254 0
idle_thread idle 0 0 0
rootserver inactive 0x10558 255 0
Change-Id: I48496ec0002e3307aaeb5c779319d4beb87ae56b
GitOrigin-RevId: 8665f609bdb7efd3b814b4f40abf08c5dd1e863d
