Setup a connection to the SDKRuntime for each application. To do this
add an SDKManager interface to the SDKRuntime for the ProcessManager to
obtain a badged endpoint and install that in each application's CNode.
SDKRuntime now rejects requests received without a registered badge.
RPC's are handled entirely in Rust (no CAmkES). ProcessManager sets up
RPC resources and delivers them to an application through registers.
The application-side SDK runtime uses the resources to marshal RPC
parameters in a page that is attached to the IPC buffer sent to the
SDKRuntime. Reply parameters are written to the shared page and decoded
on return.
Overhaul the SDKRuntime api to be like SecurityCoordinator to consolidate
parameter marhsaling/unmarshaling and to simplify adding new methods.
Rust applications use the SDKRuntime interface directly. C application
will wrap a C interface around the Rust impl (TBD).
Specific changes:
- add SDKManagerInterface
- sel4bundle now plumbs a connection to the SDKRuntime, the CNode slot
with the capability is passed to the application to future-proof CNode
setup changes (an alternative is to use a global const since we control
the application-side runtime api's)
- add kata-sdk-manager crate with SDKManager client interface support;
the only api's are get_endpoint (to get a badged endpoint to SDKRuntime),
release_endpoint (to remove a badged endpoint), and capscan (to dump
the SDKRuntime's top-level CNode)
- add "capscan sdk" in the shell to inspect the SDKRuntime service
- make SDKRuntime require a registered badge on inbound IPCs
- fill-in ping & log SDK api's
- connect ProcessManager to SDKRuntime for SDKManager api use,
everything else happens outside CAmkES
- make SDKRuntime lock against concurrent requests--the SDKManager
runs concurrently and shares SDKRuntime state
- remove kata-shell test_sdk_* commands (replaced by test applications)
Change-Id: I7810949ad0051ff8eda244e0385f662882a556e4
GitOrigin-RevId: 5fef55428e076f670cff325965047c98d84cfbca
Use separate in+out variables instead of a single r/w variable.
This makes all simular code paths consistent.
Change-Id: I0b78e9cdac881db775b6d08ba1051ebc3f0b096d
GitOrigin-RevId: e12735b6c9c7aba49f60327328baaa6a7fcc7519
- assert kata_security_install is really sending a CNode
- have kata_security_request clear any unexpected capability associated
with the ipcbuffer; this mostly guards against a received badge being
treated as a cap if the ipcbuffer is turned around from recv to send
Change-Id: I8ac6634809aa11f0f249a7be296b43807d56dff8
GitOrigin-RevId: 21930c5f7a5e809460348da0d0b617004e77e065
- eliominate direct use of KATA_CSPACE_SLOTS
- simplify some code now that CSpaceSlot::release returns the released slot
Change-Id: I95300c476a514de7cbe9aa08ccba336878149c23
GitOrigin-RevId: 4c1441f44ff1565610c156fb6c1af60fba554904
- clear_request_cap to clear a request ipbuffer's cap
- debug_assert_recv_path_{empty,cnode,frame}
Change-Id: I25ad559c810fc063d95a4a9c0a15b9dbab9cbf3b
GitOrigin-RevId: ee0af0dc3ab93b555a4f42cdfb8a2b7a6dd92dca
kata-os-common is an "aggregate crate" used many places where only
a subset of the code is used (esp applicatiions written in Rust).
Reduce internal dependencies to reduce bloat and speed up builds:
- expand the scope of the "camkes_support" feature
- adjust sel4-sys deps that do not require serde support
- add a "capdl_support" feature (default disabled)
Change-Id: Ie1319f1168d37bd6c8f0de8d19708153c7b80dcd
GitOrigin-RevId: a02c4b1a5d6ca26920cba013d9339415b607a2c0
- copy_to now take rights
- add dup_to that does a copy with all-rights preserved
- add mint_to
- add mutate_to
- change release to return any assigned slot
- fixup callers
Change-Id: I747c01d426906042e76ba00c19513eae3fa3b03c
GitOrigin-RevId: 7270785dc92ee5ef6b56d330b0076d57dc9374f8
The seL4_Recv call (as well as related syscalls) have a different api
with MCS; correct that. As part of this try splitting riscv32 into MCS-
and non-MCS-files to reduce cfg usage.
Bug: 247129956
Change-Id: I5f0c0e192e6b366f68b23c14ae26836b4cd14158
GitOrigin-RevId: 4f844e700cb9c13c06c0026b2ea0bd752e6e9fab
Need to account for gaps between application segments when calculating
the index of the page frame object. This was being handled only for a
gap before the first page/segment.
Bug: 243556006
Change-Id: I0e723a58dc5e2b9c49b29aebe030a546bbe024ac
GitOrigin-RevId: 83e6cad536ffa148c434341fbefdce2dd43667ee
StorageManager (the component) did nothing useful so remove it and plumb
the only user (DebugConsole) directly to the SecurityCoordinator. When
the SDKRuntime is ready it likewise will talk directly to
SecurityCoordinator. The only visible change in this is the "kvread" shell
command displays the raw key value instead of converting it to a string.
Change-Id: I5a285dc083e5f02ecbf0defc83deebb34a7b38d7
GitOrigin-RevId: 70d04d8155167f9bf3f88291363760d91c10a279
Need to disable camkes support in kata-os-common to avoid dragging in refs
to SELF_CNODE_* symbols.
Change-Id: I58fc07e79a7cf438342433ef8a8f99a49561392b
GitOrigin-RevId: 6bc8bdd0332197c5191617c7c67d4a425d4a9844
When a CAmkES component lacks an outbound connection to send log msgs
there will be no logger_log symbol. Use a weak ref here to handle that
without resorting to a feature or similar.
Mark logger connections as "maybe" so they are optional.
Change-Id: I6ecd939014d26a612d115741fd2ac673afa40857
GitOrigin-RevId: 0b1bf2611cbb628500cae37889c6547a996d50e9
This hello app uses the logger crate plumbed to the console. Way
bigger than the C version.
Change-Id: I7bf7e8b559fea8e045123d057412493bf7b71a24
GitOrigin-RevId: 97e12e93cc9ebfb4be021cff506417d7434b27f5
This includes adding it to TOML files and CAmkES assembly files.
Change-Id: I263e7a566df91fccc04f9b2186edab13331290c5
GitOrigin-RevId: 48a35b06ca868a0a4d379f881068cc4dad491669
Note this requires companion changes to the build glue.
Change-Id: I5876d3c8b50f373d21d42cf30dbb7031654fb709
GitOrigin-RevId: 963f05fb3c018ad2d509ef68ef37bf83d924337e
- copyrights in code
- more README (mostly copied from manifest/README)
Change-Id: If7c4293bbd52102a9e8039176be4460206aea12f
GitOrigin-RevId: 5d9c70fa5c357c38ae5f1ef601eb06a8039f6974
Previously we put the return code and fault PC (if any) at the very end
of the TCM. This was always intended to be temporary. The return
information has instead been placed at the beginning of the model_output
section.
Minor changes:
* Running_model tracks the image_id instead of an index.
* Re-ordered ImageSizes members to match layout in memory.
* Rename unpacked_size to in_memory_size to match rest of MlCoordinator
* Fix fake-vec-core to match kata-vec-core
Change-Id: I33ceb59cb36312b60992a6ada49605ffa3b2fa78
GitOrigin-RevId: 5cf399e2c609e0b4ca83101714881b02eb09b94e
This CL handles the integration of the Image Manager, which comes
concurrent with the necessary WMMU changes needed by the Image Manager.
The ML Coordinator now calls into Image Manager to make space, commit
images, and set the WMMU.
The MlCoordinator now first verifies that an image is valid by first making a pass through the section headers. It stores the two sizes that we're interested in per image: how big it is packed on flash, and how big it is unpacked in memory.
Known issues:
b/241799340: Refactor BundleImage to support unit testing
The writes to DMEM via the kata-vec-core crate was meant to be in image_manager.rs, but this interfered with the ability to run unit tests. We can refactor BundleImage to make this work.
b/241799866: Improve heap management
Right now I clear all of the "temporary data section" (bss, stack,
heap), but I suspect only the heap needs to be cleared. This needs more effort to check that that's correct, and track those locations.
Minor changes:
ImageId is used instead of (String, String) in the component.
Change-Id: I1505c6474fc60205323ce3bb13610fdac3702b89
GitOrigin-RevId: 5df9938a6cbd7ca5510ce8fcb500ce471f42b2cb
* changes:
kata: LSC: rustfmt with global rustfmt.toml
kata: update global rustfmt flags
kata: Promote rustfmt.toml to all kata crates
GitOrigin-RevId: 452e66fa7231f39cff81dc2fbe37ad1a1fc62fb9
At the moment, the scheduler is wasting 50% of its time in an idle thread for
the application sandbox domain. Until we can figure out how to use these domains
more effectively, we'll reduce to a single domain.
Bug: 238811077
Change-Id: If40d01d5c94e31cc8d522dd5f906f857e363cc42
GitOrigin-RevId: 911f6fe046c61b8ce7e9ba00f8de0ec872997ec3
