This change adds the kata-ml-core crate. vc_top is generated
programatically, with the script going to be reviewed next if the format here
looks good. The library replaces the VectorCoreDriver c-code.
Change-Id: Id3f083e2498ea29481db49af5e87d47fe8414a71
GitOrigin-RevId: 40d43b0288e995d215997fc8973e18a41a4d5844
Make the structs generated for shared types expose access to the internal
seL4_Words. This is important for capdl parsing that had no way to
convert CDL_CapData_Guard to an seL4_Word (for passing to the kernel).
While here do some minor cleanups of generated code (there are many
opportunities).
Change-Id: I179df84f3e863da4a82675a989c4faeb38f3f669
GitOrigin-RevId: d5ab16a05ab9e85ee45227278c7a776f77821369
- do not pack struct's, the C code does not
- replace the explicit padding in seL4_UntypedDesc (which was wrong) with the rust alignment idiom
- correct initThreadCNodeSizeBits type
- add extended header defs
Change-Id: I4a3fcbe470dd0a18b3c9b1ccf8af9634076e89fb
GitOrigin-RevId: f99eeed563d2d430381f0ad1a5fbe096a13c68f0
Cannot assigned field numbers to the enum members; must let the
compiler do this based on the kernel configuration. Fixes numbering of
architecture-specific labels (e.g. RISCVUnmap).
Change-Id: Ie38fad38fe66c8cc8ddb460ff7c851140b6b9d25
GitOrigin-RevId: 5f7fc5be679aa9bfed39293cd08dfaead0d3d07a
Didn't find an explanation for why all versions of bare-io were yanked
but core2 has the Cursor support and is by the same author.
Change-Id: Id27adaa568a8e1b7b5825c8f81aa489a96675969
GitOrigin-RevId: 7fb8950938c9536a9c795b246d240fca756b3499
Move getting the return code and fault registers into Rust and out from
the C driver. This means extending the DTCM to cover memory previously
covered by `mem`.
Change-Id: I9d1ad8e9823445ad7dd476ef05f128a29567999b
GitOrigin-RevId: 21bc1ee544d39d6b4a2ff963aaae7c145fdd7fa9
Rather than using the Renode ELF loader, this CL moves that capability
into the ML Coordinator. The ELF is memory mapped in eflash instead. We
create MMIO buffers for the MLCoordinator to access. The ELF information
is gathered from the header. The ITCM and DTCM data is copied over to
the vector core.
Next steps are to integrate the load with the execute and to re-map the
return codes and fault registers into Rust code.
Change-Id: I3fc266feb262966318bb451888df146703a03579
GitOrigin-RevId: 8db55b58f86918b8c37d436f1d9f359afdd2a3ea
- delete the symlink called "seL4"
- remove the manually specified SEL4_DIR environment variable from
Cargo.toml and move to .cargo/config.toml
bug: 202428321
Change-Id: I4f54b730e627a8445560e0e5e7bc056ab7e19062
GitOrigin-RevId: 17743c7034a37ac2dc0d036f405096213888f584
If rx_buf filled during the handling of an rx_watermark with the FIFO
nonempty, the rx_watermark would be acknowledged, and there would be no
subsequent interrupt to post to the semaphore blocking the next receive.
(Non-rate-limited ZMODEM uploads easily caused this condition.)
This change ensures each handling of an rx_watermark interrupt
completely empties the FIFO. It is likely stopgap until the simulated
UART can provide an rx_timeout interrupt.
Change-Id: If828bac470ee0e667e0e011b11a7a9aee1d47210
GitOrigin-RevId: 7123bcb0fcca9e39c35f4b67088b581cdf2fb50d
sel4-sys has been producing __pycache__ files in the source tree, as the
Python interpreter normally locates them next to the corresponding
sources.
This change ignores them, following the precedent set for Rust target/
directories.
Change-Id: Iac2e4c14788f13e1844c1241764918628226aedb
GitOrigin-RevId: 4d4a9f95698d4d5d0fd36996cc154300573adfc8
With logging on, the Rust logger trace messages do indeed cause the
sender to abort near the beginning of the upload.
Change-Id: I9ed150db1ad557034d1aefcc99385d771be3edd5
GitOrigin-RevId: 3815d6b21db1dc4978b19fc9b4307007d03e4b12
Using a buffered reader instead of the byte-at-a-time implementation
avoids doing a syscall for each byte.
Change-Id: Ia7bc42e4836593f358ff964962c910f8c94b6f8e
GitOrigin-RevId: e70697d398b07d6de6f03d1d0a4b5204139bc59a
Over-optimized the marhaling logic--we Need to convert &str's to CString's
to get the trailing \0 (same lesson learned doing StorageManager).
Change-Id: I97e8d35947dcb32989dc68f11dd422433c00aa02
GitOrigin-RevId: c775bfc3c568ee3dcae32928a422c5178495e77f
* changes:
Replace SeL4Debug with direct syscalls.
sel4-sys: fix conditional syscall numbering
sel4-sys: use target_arch &co to select target architecture
kata-os-common: add sel4-sys support for riscv32
kata-os-common: cleanup sel4-sys before bringing in local changes
kata-os-common: pristine import of sel4-sys-0.0.28 (-seL4 submodule)
GitOrigin-RevId: 36ee1d4f9e521b60fdc6b91f2581413b55882fca
Reading one byte at a time in a loop causes excessive syscalls. For
example, ZMODEM needs to do this when finding the end of each frame.
This change copies parts of std::io needed to wrap a Read in a BufReader
so that the read will be done eagerly.
It enables buffered UART reads for the whole DebugConsole at the point
where its single Read object is initialized.
Change-Id: I19935ca02333bc74d9b581d384a1854968ac5329
GitOrigin-RevId: 1aa80e036561a6a18e79dbf28bcab240efe80cd1
Create a new VectorCoreReturnInterface for the connection from the
VectorCoreDriver to MlCoordinator. Retrieve the return code and fault
from the finish IRQ handler back to MlCoordinator. It can be served as
the hook for the continuous run.
Change-Id: I6346cca0bc372e5b3a80d70b333d42ba768e822f
GitOrigin-RevId: bae4ab68418ce7ac9d4ac5ebb86bb6e55993b7cd
- convert &str's directly to C strings (w/o passing through
CString::new); this eliminates the need for cstr_core::CString
but potentially permits strings with embedded \0's
- add a From trait to streamline return handling
Change-Id: Ia854aaa297708e47abf310697954c4c18cafc14e
GitOrigin-RevId: b4fd9f6a67f9e460ed46274e18cf506bade818b4
- add From traits for mapping return status
- no more need for StorageError::Success w/ switch to Result's
- narrow unsafe blocks where possible
Change-Id: I92e0666e2651eb3647ac4e351d14bf55bc76bbb0
GitOrigin-RevId: 24416448d1c326632f556e224fcca7ac38397dc6
This change adds an "rz" command to the shell that calls a function
rz(). It switches the IO from the shell to a ZMODEM receiver that
produces a Rust upload object that collects the uploaded bytes and
computes a CRC32 checksum on the fly.
In a later change, we will retain the most recent payload in a
shell-owned object until it is consumed by an "install" command.
Limitations:
* Sender hangup will cause the receiver to block forever and the
prompt not to come back, since kata-uart-client does reads that
block forever.
* Logging must be set to a level higher than debug or messages from
the zmodem crate itself corrupt the transfer.
* The sender must rate limit to ~150 bytes/sec to avoid running
too far ahead of the Renode UART, which drops bytes when the RX
FIFO is full.
* Uploading too big a payload will cause a kata_panic! unless the
heap size is increased in kata-debug-console/src/run.rs
Demo:
KATA> loglevel error
ERROR
KATA> rz
**B0100000023be50
[Ctrl-C]
$ sz -O ~/random < /tmp/term | pv -L 150 > /tmp/term
Sending: random
Bytes Sent: 15360/ 16384 BPS:26805 ETA 00:00 150 B 0:00:01 [ 146 B/s] [ <=> Bytes Sent: 16384 BPS:144 ]
Transfer complete
16.6KiB 0:01:53 [ 149 B/s] [ <=> ]
$ stty sane -echo -icanon; socat - /tmp/term 2> /dev/null; stty sane;
size: 16384, crc32: 991b1d60
KATA>
[Ctrl-C]
$ crc32 ~/random
991b1d60
Change-Id: I53252b821a829a667a23a9fd072f71c6955fdc1a
GitOrigin-RevId: c818a35f186dcd8c083891bfaa84ad0a9f9fef7d
This change makes the ZMODEM API use separate references for the input
and output communications channels, which is better adapted to the
established pattern in kata-shell.
Consuming up to the "OO" (over-and-out) bytes from the sender is also
included as a small throw-in. Preliminary dev runs have revealed that
the sz utility from lrzsz always sends "OO", preceded by 2 bytes of
unclear purpose, even after getting the ZFIN from the receiver.
Change-Id: Ib25261ad4c9054a3403ed5910aeacd62fbd6b93c
GitOrigin-RevId: 452cdaa41f473c0c3781faaf3bd1958b9803bb3a
This fixes a build break that happened without any intervening commit in
our repo. How that could happen is not yet pinpointed, and there has
been no increment in the minor version number of postcard for 2 months.
It appears that postcard was somehow triggering serde to use std, which
is a default feature for serde.
Change-Id: I7ed989976aa1bf75cb440c4070565452571d7306
GitOrigin-RevId: f35b7677e995e5e8245c583ca2c355a04306aea2
- low serialize of request parameters into kata_security_request
- add InstallRequest that passes the package buffer as an opaque ptr
- add EchoRequest for SecurityRequestEcho
- purge (now) unused SecurityRequestData type alias and hide
SECURITY_REQUEST_DATA_SIZE (only used in crate)
- use &str instead of String in serialize requests (from mattharvey@)
- add SreSerializeFailed
Change-Id: Iac1930c0b2fead0f96b87da5d116280865031be2
GitOrigin-RevId: 37df6cd1969b3be2628e2e34f3de8fd129fdbc1b
There is a temporary desire to keep ZMODEM uploads as state in
DebugConsole. Since realistic package ZIP files might be larger than
16KB, this change increases the heap size to have a lot of excess.
Change-Id: Iabb5014cb77cf828f77d4553b7f304248c085114
GitOrigin-RevId: 2ae49570a887d5bd2d4672fb3e134c8a1394190e
- add SecurityCoordinator component (needs mailbox support, just
a fake which should be enabled with a feature flag)
- connect to ProcessManager & MlCoordinator - temproarily connect
to DebugConsole to enable scecho test command
- expand Bundle to hold application information (may need more elf)
- connect ProcessManager::{install, uninstall} to SecurityCoordinator
(no application binary yet, needs global page allocator)
Notes:
- SecurityCoordinator depends on camkes for thread synchronization
- private heap is 8KB (and could possible be less; need to tune)
- camkes interface connection uses seL4RPCOverMultiSharedData so ipc
buffers are 4KB; the request & reply serde buffers are 2KB but could
be near 4KB since they are used sequentially and the other params
are a few bytes (but beware of camkes stack allocation)
- the camkes SecurityCoordinator::request rpc is defined so that the
request param has reasonable handling but the reply param requires
a full copy (even if only partly used); haven't found a way to
express the desired handling
Change-Id: I686dc2d501e39bc8c27fe22db40657165a55b472
GitOrigin-RevId: db1536c241e28ddda1dc8f8da341b8c667ed6646
