- replace the opaque memory placeholder with MemoryManager integration
(e.g. ObjDescBundle's and BundleImage's)
- set CNode headroom so there is space to construct a 4MB application
- arrange to get capabilities for an ASIDPool, the global SchedController,
and the global DomainController for crafting new TCB's
- arrange for copregions (VSpace holes) for working with BundleImage's
and spilling arguments to the stack of a new TCB
- integrate with the slot allocator
- accept an ObjDescBundle for the pkg_contents of an install request
- add BundleImplInterface traits in suport of mocking/faking the bundle
implementation (unit tests not included)
- new error codes: ObjCapInvalid, SuspendFailed, ResumeFailed
- integrate with the kernel so TCB construction honors settings like MCS
- track kata_security_* wrapper additions
- add seL4BundleImpl (derived from kata-os-rootserver)
TODO: build+test only on RISCV32
TODO: verify seL4BundleImpl features all build at least
TODO: cleanup VSpace layout (is probably arch specific)
TODO: review+cleanup error handling (esp resources)
TODO: fault endpoints are not conencted
TODO: SDK runtime is not setup
TODO: scheduling is likely not the way we want
TODO: security eview
Change-Id: I025b008eeb8b47af2fe3894149da6576642bb8ed
GitOrigin-RevId: 539bf11739a9e756936168a9cbd3e2e2e4b0ba11
- break dependency loop with kata-security-interface
- use new kata_security_* wrappers
Change-Id: I65b98a406f18c82354e5425b37612789d4ab340d
GitOrigin-RevId: 5744715a439a5305ead57a99eacc1108b5d10750
This mostly cleans up my bad idea of how to process SecurityRequests.
- accept an ObjDescBundle attached in an InstallRequest
- return a BundleImage in LoadApplication & LoadNModel replies
- integrate with the slot allocator
- integrate with MemoryManager (for the fake)
Change-Id: I695efbecabfa3e71d7d2cfdd013c113a5a915b40
GitOrigin-RevId: 623ffdf19f5550918da530b57a299659061832aa
- hide marshalling details in kata_security_* wrappers
- replace the placeholder opaque memory representation in rpc's with
MemoryManager integration
- uses proper struct's for all Request/Response msgs (except for Echo):
this mostly eases the way for switching away from postcard + CAmkES
to comething like flatbuffers
- extend SecurityRequest structs with SecurityCapability traits to
support passing capabilities (specifically CNode's holding dynamically
allocated objects)
- new error codes: SreDeleteFirst, SreCapAllocFailed, SreCapMoveFailed,
and SreObjCapInvalid
- shuffle integration with StorageManager to resolve a dependency loop
- redo SecurityCoordinatorInterface to enable server-side changes (in
a separate cl)
- add headroom to the component CNode for the fake impl to hold package
contents
Change-Id: Ief6931d451023b511dbe1bdc3ffba4bf18070962
GitOrigin-RevId: 066f6cfa72f47fb8b4f8edc861dd9e3759ec6054
Add support for BundleImage, a file format for loading applications and
models from a bundle. BundleImage is simple, compact, and streamable,
BundleImage files are constructed with the prepare_bundle_image tool.
TODO: add compression
TODO: check crc32
Change-Id: I0770608a075cac9754a54e0bb244d75673ae1be6
GitOrigin-RevId: 368dabd3a5af19d47fe7f8084b8a0a0b57b8471d
- track CAmkES well-known name changes (e.g. RECV_CNODE -> MEMORT_RECV_CNODE)
- initialize the slot allocator for the component
- fix size_bytes to use the object count in its calculation
- add can_combine method to help optimize ObjDescBundle construction
- enhance ObjDescBundle:
- len, count, size_bytes, count_log2, maybe_combine_last
- move_objects_to_toplevel, move_objects_from_toplevel
- fmt (show SELF_CNODE & MEMORY_RECV_CNODE symbolically)
- add MmeCapAllocFailed
- add kata_object_alloc_in_toplevel & kata_object_free_toplevel
- add kata_object_alloc_in_cnode & kata_object_free_in_cnode
- add kata_frame_alloc_in_cnode
- avoid underflow in stats bookkeeping to not crash until we fix
the root cause
Change-Id: I826b55f1f0b07bef58a420e32efbc02cd1d6363f
GitOrigin-RevId: 43bd8ae5cf41fd510fae502c7cd8e234c04edb85
This fixes debug builds which otherwise have an undefined reference
to SELF_CNODE.
Change-Id: I55384cfff19b99cf49b147d396b274c74bdf5db5
GitOrigin-RevId: d055b070ee5a67f1648566d1c1c511446d02b3cc
The slot allocator has CAmkES-specific support that will not build for
a non-CAmkES target. Add a "camkes_support" feature flag that controls
whether the slot allocator is included. This is enabled by default but
allows users like kata-os-rootserver to workaround the problem.
Change-Id: I2decb9fc794c215455e223d17c24c6a19cc52d56
GitOrigin-RevId: d7a3811b4a9a000b0f34fbc2abdfc628250f64d4
- kata-allocator, kata-kata-logger, kata-panic, and kata-slot-allocator
are now submodules of kata-os-common
- be more consistent on use stmts (and remove unneeded deps)
- cleanup various deps on kata-panic that no longer seem to be needed
(likely due to using resolver=2)
Change-Id: I5d3f4b399e3be66c09c2f97c75d5e3053993ebdd
GitOrigin-RevId: 393e28fbb975959cba35388bab749b256cda0095
- add Makefile's to re-generate CAmkES interface defs
- move cbindgen.toml files into the interface crate(s)
Note: still need to integrate running make with the build
Change-Id: I16b3e3b831b66ad1c976402e38df6be4a126d923
GitOrigin-RevId: 78b8b9024e4acb89590410a439f121fcb1fdc996
Mark each component that depends on component.kataos.c features with a
"kataos" attribute.
Change-Id: I7e2e3f9010a7aa717d4fe3dfc2f088cbd1a66488
GitOrigin-RevId: 2967036cf4e70edc3f96d2ead45ecfe9e42fd7fa
When calculating the landing spot for handing off the UntypedMemory
objects we need to take into account empty slots. Calculate the max
occupied slot # and add one. This works so long as empty slots have
not been allocated (by CAmkES) at the end of the CNode--which should
be safe since we control the MemoryManager CAmkES specification.
Change-Id: I5bfb75bd7134254c4475a91653d54e2aeb126721
GitOrigin-RevId: cf14850894ad21be97ea094f977c3420edf322ab
The MemoryManager service allocates & frees seL4 objects. Requests can be
batched. Capabilities to dynamically allocated objects are moved in CNode
containers attached to IPC requests.
Specific changes:
- Add new CAmkES MemoryManager component.
- Add api's for allocating & freeing singleton objects (e.g.
kata_cnode_alloc) and batches of objects (kata_object_alloc &
kata_object_free).
- Add support to kata-os-rootserver to hand-off UntypedMemory objects
just before terminating. The objects are placed directly in the
MemoryManager's top-level CNode and a BootInfo frame is constructed
that describes where the objects are.
- Switch the rootserver to kata-os-rootserver as the C version lacks
the UntypedMemory hand-off.
- Add test_bootinfo kata-shell command to dump the MemoryManager BootInfo
frame contents (broken for now because it directlry references the
shared page).
- Add test_obj_alloc kata-shell command that exercises the MemoryManager
singleton and batch api's
While here, did some cleanup of arg handling in kata-shell.
TODO: top-level object allocations use a simplistic capability allocator
TODO: move test_bootinfo to the MemoryManager and add an interface rpc
Change-Id: I778b2d5fe7f2f9b65ee642ff905cf56d4b2b02fd
GitOrigin-RevId: 7fc72d1927bba165234955e68f8b9ad1b556f6fb
This is a workaround for gdb complaints of the form:
Dwarf Error: Cannot find DIE at 0x5136b referenced from DIE at 0x57eed
Release builds continue to enable LTO.
BUG: 223253186
Change-Id: I137456045e842b2b93b32e0edd348ff916925c97
GitOrigin-RevId: 8ab2ab4fac615eb2a1a259a5a18aa410a4aae5fb
Cmake's list operator operates on the current scope so we were not
setting --release on the cargo cmd line.
Change-Id: I91aa8489869c3190d60c3f2dee374b3d9388ebda
GitOrigin-RevId: 36fa241862c1cb94b736be89d09e8127fefdfc4d
Without read_volatile the compiler may try to optimize reads, which
causes issues with renode simulation.
Change-Id: I8877798420cdecc2dece97d168db753adfe89163
GitOrigin-RevId: c7b3e2ee5500c993b48d9793f575758cb0c3a0ac
Use RX_FIFO_LEVEL additionally to RX_EMPTY. This improves
performance a bit, as RX_EMPTY register and circular buffer
status don't have to be read for every byte.
Change-Id: Ib56b4c6a0dc5689b63941b449f476f3555421abb
GitOrigin-RevId: f7a46154afaf5be28feab173687cebd8b584e8f4
* changes:
capdl: calculate space used by a specification
kata-os-model: fix MCS support
kata-os-model: mark RISC-V non-executable pages with the NX bit
kata-os-model: simplify & shrink page frame fills
kata-os-model: merge vspace root collection into object creation
kata-os-model: rust version of capdl-loader-app internals
GitOrigin-RevId: 44208d281ea021a671c90dc650389029baf9243e
In order to allocate a frame for the ELF, the seL4 object creation
routine scans through addresses, allocating frame by frame. This is very
slow if the ELF MMIO is sized 0x300000 as it requires a smaller seL4 object
(12 bits). Thus it allocates a 0x1000 frame over and over through the
space from 0x3c40_0000 to 0x4600_0000. Paradoxically if we instead
allocate 0x1000_0000 for the ELF, this scans the address range faster as
it needs a seL4 object of 22 bit size, so it scans the address space by
0x040_0000 increments instead.
Change-Id: Ic989e15eb0b2d65e26b141c7975d28cd611b5f79
GitOrigin-RevId: f1b27cc5b452247f8c15f4cb252a7a49fdcf12b9
Control block moved due to Secure Core PLIC moving.
Change-Id: If3dee2559503ad97e2f9917f416dd6abc9765732
GitOrigin-RevId: 16b0878c8b09c9610dfe0b50264b59d4aec5a2ae
Clears the ITCM in one go before loading an ELF file using the
hardware initialization CSRs.
DTCM is not cleared as it's temporarily larger than the CSRs can fit.
Tested manually.
Change-Id: Ie4620508404cebc8724771eb579c873fcc0cf0ee
GitOrigin-RevId: ef5de7003c22a1871ab0f74a23fce34593b73fe1
