This updates the kernel configs to setup two domains instead of one,
and also defines a bare-bones domain scheduler that simply round-
robins through the domains.
Bug: 238811077
Change-Id: Ibb49f10265c38dc26235fc246f6147b306055bcb
GitOrigin-RevId: 6b17211d8866bec9207f78dc61c4840c6da9537d
Add support to output the contents of the top-level CNode of a CAmkES
service or KataOS application to the serial console. This is dependent
on kernel support that is enabled with CONFIG_PRINTING. Applications
must be running; otherwise there is no CSpace to dump.
Specific changes:
- add a "capscan" shell command
- add capscan method to each CAmkES interface
- add capscan_bundle method to the ProcessControlInterface
- add Camkes::capscan() to dump the top-level CNode
- add ProcessManager support to dump the CNode for a bundle
TODO: fix syscall wrapper error return
Change-Id: If6ca222decdb4c40a1d3a63e69792eb3feb30f6a
GitOrigin-RevId: 504c0182ccccf287b5d58cd8e33981c11d7539d7
- Use seL4_Untyped_Describe to get an accurate view of each
UntypedMemory slab being managed; this makes mstats reflect
rootserver allocations.
- Track memory allocated before we run as "overhead" (was meant to
track fragmentation but was always zero).
- Add an "mdebug" command to describe each managed memory slab;
this is useful to see whether the kernel's view of memory use is
consistent with MemoryManager.
Change-Id: I53b2738c430ad3356ecd16a1cad29ca92dc74beb
GitOrigin-RevId: 2ad43f9b7760c722a6590ea049a3814c8dcccba7
Fallout from rootserver memory reclamation work:
- add CDL_Object::next_free_slot
- add CONFIG_NOISY_UNTYPEDS feature for spammy debug msgs
- add CONFIG_NOISY_CREATE_OBJECT msgs
- assert if bootinfo/untyped_cnode setup is wrong instead of
logging msgs and then failing later
- bury ugly BIT usage in is_obj_inside_untyped
- revise handoff_cap api for future use in memory reclamation
- remove some unneeded type coercions
- streamline printing seL4_CPath's
- simplify get_object & get_asid
Change-Id: Ib2c3d717dd41b307cb7afd4821dee4b6be173d57
GitOrigin-RevId: 99f4b79e1df257d373accf96190a77a65ba3305f
capdl-loader-app duplicated the TCB & CNode caps. The only possible
reason to do this is if a cap is Move'd (e.g. when constructing the
CSpace for each component) and then later referenced. But this does
not appear to happen so remove in prep for memory reclamation changes.
Change-Id: I8c9bd1f4f2fa1535da330f782ba978b460b0cf00
GitOrigin-RevId: 7d950dee814705b13b95831b39b7626d4210599b
Enabling CONFIG_NOISY_UNTYPEDS causes the UntypedMemory slabs received
at boot to be logged to the console.
Change-Id: Ieceedbe17b09c4bb72a2e40e44daa041990019af
GitOrigin-RevId: b5f598cac4302e24b501a8df0c6e0c194b27b991
The ML Coordinator will validate the cpio model and collect the fsize
and msizes for each section. It will then pass that information along
with a Boxed version of the bundle_image, which implements the
kata_io::Read trait.
This CL adds the lower level (vec-core) function that writes to the TCM and
calls these functions from the image_manager.
Complete integration of the image_manager is pending splitting the ELF
image into all 6 sections.
Change-Id: I7a5706c588867b4aee04109e2a9edeca071d2ca8
GitOrigin-RevId: 89df1c81bade3ec4508f643a8ba83cae6a3e1f60
For now we treat the image as one big block. A follow up CL will break
it into individual sections like text, model_output, etc.
Change-Id: I86006fc18c940f04f4d15ec032f9196c01255170
GitOrigin-RevId: 7f36043202bca8994f62ced3338b4ba4b1ef922a
kata-os-common prevents unit testing, so we need to split up
functionality so that other logic can be unit tested. To this end this
CL adds:
kata-ml-shared: structs used in other crates that don't require
kata-os-common
kata-ml-support: logic like image manager that is unit testable
Image Manager is responsible for managing the images loaded onto the
VC's TCM. It tracks pointers into the TCM, which image is loaded where,
and unloads images when space needs to be made.
Change-Id: Icdda9a284b4de7448e8661bb8647e9e6d39e652e
GitOrigin-RevId: cfb65a1dd29d1279aa8ab6c9bf41d5f20206ef68
Looks like stuff from when the mailbox test code was in the driver got
left behind; remove it.
Change-Id: I379a58e1fd46895436ed49f780e643efbed81aea
GitOrigin-RevId: 1783642a34ed4f23e7d6703e5e6d041785c1ee4a
Set the per-component static heap size to 8KB. The heap is only used by
CAmkES RPC for marhsaling dynamic array & string parameters. We mostly
use the former and no more than 4KB at a time so 8KB should be fine until
we can redirect C use to the Rust heap allocator (or replace the C code).
BUG=224069025
Change-Id: I600854c5cb41ed268087f4b2294b70c3384973c2
GitOrigin-RevId: 177a353e6873f2c048cf4b446114534d9dcffc94
With the newer rustc we can switch to the stable version of bitvec;
this includes some api changes.
Change-Id: I9a7af5c2699f9bdebedc06ee68f5e3b7b71b9d75
GitOrigin-RevId: 44d44f930e8b35830d819949b6203c584fea2be3
Bug: 233102476
Writing >CIRCULAR_BUFFER_CAPACITY bytes to the uart will hang because
of a missing unlock of the tx_mutex.
While here add a shell test command that was used to debug the issue
(but don't enable it by default).
Change-Id: I3e35001a653fe2659fb1534e4100727b69f662a1
GitOrigin-RevId: 550b35c88328dcbd1f87dd8e0209b1faabf7f931
Add features to control the log level used before reaching the shell
prompt (where the "loglevel" command can be used to control log
filtering). The default log level is Info. LOG_DEBUG forces it to
Debug. LOG_TRACE forces it to Trace (max).
Change-Id: Ic55eaf3cd08fc101c53319b5a45a2c7de6f94a66
GitOrigin-RevId: 5500ac5d65186773d5304a75d03295e09b2e9a63
Now that there's MemoryManager integration for zmodem uploads we no longer
need an outsized heap; make it 16KB for now (likely can be smaller).
Change-Id: I3b991ef794c0e718934d055e41aef9abc48b1d6b
GitOrigin-RevId: 7145b14fca96f59ff76497be29da6b1f447c15b0
Using cap_identify only works on Debug builds; instead print the CDL
cap type.
Change-Id: Ie338877ca12e404f412a7c9b170e1897bfd5d0df
GitOrigin-RevId: fe8a143353b43f18a1b6606b88ef0ba1799adcb8
Change the fake to behave as the real impl will for LoadModel &
LoadApplication: return a deep copy of the saved package contents as
would happen if the data were pulled from flash. Match this behaviour in
the kata-shell SecurityCoordinator test commands and the MlCoordinator
by taking ownership of the received objects and free'ing them when no
longer needed.
With these changes one can install a bundle and repeatedly load_application
without leaking any memory, capabilities, or slots in the toplevel CNode
of the caller (DebugConsole in this case).
Likewise doing install of a model, test_mlexecute, and then uninstall
of the model's bundle returns all resources.
Specific changes:
- correctly release resources in kata-shell load_application & load_model
- correct release of bundle_frames in seL4BundleImpl::stop
- release resources in MlCoordinator::load_model
- connect the MemoryInterface to the MlCoordinator so it can return memory
- setup two copyregions in the SecurityCoordinator to do the deep copy
- add ObjdDescBundle::cptr_iter for iterating over the set of seL4_CPtr's
- hack kata_frame_alloc_in_cnode to split requests according to the
kernel's config on the max Retype count
- while here switch test_mailbox to use one of the copyregions
TODO:
- deep_copy allocates all frames at once which requires a band-aid;
either hide that in MemoryManager or maybe allocate a page at a time
Change-Id: Ia425976b31ea7a32b1d0e4affc3a0ef9ba966c87
GitOrigin-RevId: 31d5bc99b569a5eab9c33c7e1014793bfe57161e
Move the container slot release up as it logically belongs with the
seL4BundleImpl construction. This makes clear it's unrelated to the
actual start operation.
Change-Id: Idda2a4a829fe6fae2a4d1dbe99aff495ef10b3b8
GitOrigin-RevId: ba2cdc9f4bfb54cfbeca11888bd31cd5657d0182
Add Camkes::set_reply_cap and Camkes:set_reply_cap_release to attach
an seL4 capability to a reply message. The latter ensures the attached
capability is deleted after the seL4 rpc reply is done (this happens
inside the CAmkES C code).
Change-Id: I42fad2e70e6c02fcc0de5ab9a460c5a773041900
GitOrigin-RevId: 7f59e75b10697501a217f943672a40ff67f48229
Add Camkes::set_request_cap to attach an seL4 capability to an outbound
ipc message. The return value is an RAII wrapper that cleans up state
and must be held until after the CAmkES rpc call completes
Change-Id: I0672c59e0b5e43e39c9ea3fb16809270a33f51ef
GitOrigin-RevId: 56be13a2c05fcc1b4a1aa5c8e0eab47bcd0f2345
In particular this exports the CAP_RELEASE flag so there is a single
source for it's definition and KataOS-specific support in the CAmkES
templates is enabled only for KataOS components.
Specific changes:
- adds cbindgen-generated CamkesBindings.h
- adds include of CamkesBindings.h in component cbindgen files
- add a dep on cbindgen.toml in all Makefiles
- update generated interface files
Change-Id: Ib6239d3ac0036b7a04bb36afccf25a05737b0e56
GitOrigin-RevId: af10117fa253f0c7c67969a5852ced9d992c6274
CSpaceSlot: :delete deletes any seL4 capability in the slot.
Change-Id: Id59d0b27f231c83d146b2380939ea581363fb9b3
GitOrigin-RevId: 0469f75f5e14366444f2e9e4f6c3db9fc69e2f23
Add debug msgs gated by a new "TRACE_OPS" feature. Messages are prefixed
by the Camkes component name since each component may have an allocator.
Change-Id: Id278bd489a0bedd532f5508c3ebe0101fc749f2c
GitOrigin-RevId: f09b0093eac1fd21ac2523808ee3d67a444abeb3
Move the CopyRegion support to kata-os-common. CopyRegion wraps a
CAmkES copyregion virtual memory window to support virtual access to
physical page frames. There is RAII cleanup to clear any virtual mapping.
Embedding a CopyRegion in struct that may be cloned is not recommeded
(at least for now).
Change-Id: I7fd465fafa4a5d1de9a7e565ecb62c38a3b7e81a
GitOrigin-RevId: f58e973b1c47ec05e48bfedcb9cd5e75b71c212a
This is now an app that can be loaded at runtime so remove the component.
Change-Id: Ibb851a64902e69322465fc729cf6d1876ae7943b
GitOrigin-RevId: b534499935f32dd7d7529af86dd5ee0843d9579a
So we don't need to maintain the version at two places.
Change-Id: Ibbbb9b7744bdd4e209404bf744e2f57e0022db7a
GitOrigin-RevId: 7583eaba9d5364e6c47ede3e5fed4505c73ae790
indexmap is a dependency crate of serde_ymal, which only loosely
specifies the major release version of indexmap. indexmap > 1.9.0
requires a newer version of Cargo (> 1.56.0-nightly). We can pin
the indexmap version to avoid updating the Cargo toolchain.
Change-Id: I66abb47ca58d081bb1dfe423ccb06b46859fd03e
GitOrigin-RevId: 77428ed6927a9634ccea4d644a221b835c4e6592
Two sdk-less applications modeled after minisel:
- hello: prints arguments to the console and loops
- fibonacci: calculates fibonacci #'s, printing state to the console
every second
You can start multiple fibonacci apps to verify multi-tasking.
Change-Id: I3f1fd79e939d106dc259a9fa923c7f7db4f9fa58
GitOrigin-RevId: 1de1ff4cacd7f7e58c3c35fa2215b9c31d3a21f3
- fix size_buffer & get_manifest requests to marshal responses
- fix size_buffer marshaling (was always returning zero)
- format fakeimpl manifest string
- add shell test commands that exercise the api's (including the
key api's that were only reachable via the StorageManager)
Change-Id: Ia36906d975fb497e6de81e81fdaf2ff04c7a1e9a
GitOrigin-RevId: cad976c55c99724c2b7c5186b2864f7c44edef13
Fake bundle id's are now "fake.X" where X is the CPtr for the package
contents' CNode (which is known unique).
While here fix some whitespace bogons.
Change-Id: I84c586e11f56c416d9bad667cae8e4cecba5dca2
GitOrigin-RevId: 0cec9e3308d9f3fe019af666dea583f92b3735b4
RustAddLibrary was setting RUST_TARGET to a fixed string with a potential
override by the caller. The later is not used in our builds so move it
to east-settings.cmake so it can be changed from the cmd line.
Change-Id: I17f16cf8df16e6d7e997091165e8df097f7fcc32
GitOrigin-RevId: 98b687fd600e328cacbaf3c1127eef841d664a92
A smorgasbord of chnages to sel4-sys and kata-os-model mostly in support
of the aarch64 platform. This is derived from Marcin's aarch64 work.
TODO(sleffler): seL4_Page_Map_Flush maybe belongs in sel4-sys
sel4-sys changes:
- hoist seL4_ObjectTypeCount out of arch
- make seL4_Page_Map for ARM honor the grant right to set the NX bit
- fill-in seL4_ObjectType & related impl's for ARM & X86
- import cfg-if crate to cleanup various tangled conditionals
kata-os-model changes:
- add seL4_Page_Map_Flush to encapsulate arch-specific work needed after
an seL4_Page_Map call; this is kept separate to avoid changing the
Page_Map api
- purge kobject_t and replace kobject_get_type with get_frame_type
- purge kobject_get_size (only use was to calculate the size of the
SchedContext object which is arch-independent)
- redo CDL_ObjectType to work for all arch's
- various fixes for target_arch aarch64
- construct platform_gen.rs at build-time from seL4's platform_gen.h for
seL4_Page_Map_Flush to do it's job
- get target_arch arm closer (esp needs vspace setup fixed)
- correct various "arm" & "x86" target_arch checks to cover both 32-
and 64-bit arch's
- misc style changes (e.g. sort imports)
capdl changes:
- add arch-specific CDL_CapType entries
NB: seL4_Page_Map_Flush for ARM is overly conservative in invalidating
the data cache; this could be improved by identifying whether the page
has a pre-assigned paddr
Change-Id: I005cbbbd36ea6711feed66412391e3790dda2966
GitOrigin-RevId: b5c6893fa1c7f3297d88aa7f522a2792ac3b75c7
A smorgasbord of chnages to sel4-sys and kata-os-model mostly in support
of the aarch64 platform. This is derived from Marcin's aarch64 work.
TODO(sleffler): seL4_Page_Map_Flush maybe belongs in sel4-sys
sel4-sys changes:
- hoist seL4_ObjectTypeCount out of arch
- make seL4_Page_Map for ARM honor the grant right to set the NX bit
- fill-in seL4_ObjectType & related impl's for ARM & X86
- import cfg-if crate to cleanup various tangled conditionals
kata-os-model changes:
- add seL4_Page_Map_Flush to encapsulate arch-specific work needed after
an seL4_Page_Map call; this is kept separate to avoid changing the
Page_Map api
- purge kobject_t and replace kobject_get_type with get_frame_type
- purge kobject_get_size (only use was to calculate the size of the
SchedContext object which is arch-independent)
- redo CDL_ObjectType to work for all arch's
- various fixes for target_arch aarch64
- construct platform_gen.rs at build-time from seL4's platform_gen.h for
seL4_Page_Map_Flush to do it's job
- get target_arch arm closer (esp needs vspace setup fixed)
- correct various "arm" & "x86" target_arch checks to cover both 32-
and 64-bit arch's
- misc style changes (e.g. sort imports)
capdl changes:
- add arch-specific CDL_CapType entries
NB: seL4_Page_Map_Flush for ARM is overly conservative in invalidating
the data cache; this could be improved by identifying whether the page
has a pre-assigned paddr
Change-Id: Ia690006436b2bd5fc892bff139668f8d518cb426
GitOrigin-RevId: c8081ff8d932e5c9b427a1e9bb0bc2db7c674738
Request the MemoryManager to free the package contents' CNode
on uninstall. We were reclaiming this locally without informing
MmemoryManager so it's bookkeeping was off.
Change-Id: I925178ad50cf84a85dd401aafd9fdbea71e050a3
GitOrigin-RevId: 3e369dd558542d6f85f70f0ea9894ea370fd51d6
Add a new "camkes" submodule that consolidates KataOS CAmkES component
integration boilerplate. Each component is expected to declare:
static mut CAMKES: Camkes = Camkes::new("ProcessManager");
and then (typically) use "pre_init" to setup the logger, heap, and the
slot allocator. More fine-grained control is provided by:
fn init_logger(self: &Cmakes, level: Log::LevelFilter);
fn init_allocator(self: &Camkes, heap: &'static mut [u8]);
fn init_slot_allocator(self: &Camkes, first_slot: seL4_CPtr, last_slot: seL4_CPtr);
When receiving capabilities use "init_recv_path" to setup the IPCBuffer
receive path and "assert_recv_path" & "check_recv_path" calls to verify
noting has clobbered the setting.
The debug_assert_slot_* macros are wrapped in Camkes:: functions and a
"top_level_path" function for constructing seL4_CPath objects. Altogether
this normally allows a component to be written without direct use of the
CAmkES global static identifiers SELF_CNODE*.
Change-Id: Ia1351e411a5355789cf74bc0fcfe0e41a418b7d4
GitOrigin-RevId: fb81a8e0687ed9321c9961410edd5dbd54093ce5
Adds an architecture-independent api for sel4-sys interfaces similar
to what libsel4 does. For example, instead of seL4_RISCV_Page_Map use
seL4_Page_Map. This is mostly aliases for common types & system calls but
also features like the Grant right implying NoExecute for seL4_Page_Map.
While here fix crate paths to sel4-sys; everything external to
kata-os-common is intended to use kata-os-common::sel4-sys.
Change-Id: I6faa07d41ffd2fbb4182bf2fa7c05a768e4368f3
GitOrigin-RevId: f51e5186b61eab541e9fb4d2d4175adcc3ca8cee
