github/sparrow-kata-full
1
0
Fork 0
mirror of https://github.com/AmbiML/sparrow-kata-full.git synced 2025-08-23 07:18:22 +00:00
Code Issues Projects Releases Wiki Activity
main
sparrow-kata-full/apps/system/components/ProcessManager/ProcessManager.camkes
Sam Leffler d0d46c89e1 SDKRuntime: plumb application access 
Setup a connection to the SDKRuntime for each application. To do this
add an SDKManager interface to the SDKRuntime for the ProcessManager to
obtain a badged endpoint and install that in each application's CNode.
SDKRuntime now rejects requests received without a registered badge.

RPC's are handled entirely in Rust (no CAmkES). ProcessManager sets up
RPC resources and delivers them to an application through registers.
The application-side SDK runtime uses the resources to marshal RPC
parameters in a page that is attached to the IPC buffer sent to the
SDKRuntime. Reply parameters are written to the shared page and decoded
on return.

Overhaul the SDKRuntime api to be like SecurityCoordinator to consolidate
parameter marhsaling/unmarshaling and to simplify adding new methods.

Rust applications use the SDKRuntime interface directly. C application
will wrap a C interface around the Rust impl (TBD).

Specific changes:
- add SDKManagerInterface
- sel4bundle now plumbs a connection to the SDKRuntime, the CNode slot
  with the capability is passed to the application to future-proof CNode
  setup changes (an alternative is to use a global const since we control
  the application-side runtime api's)
- add kata-sdk-manager crate with SDKManager client interface support;
  the only api's are get_endpoint (to get a badged endpoint to SDKRuntime),
  release_endpoint (to remove a badged endpoint), and capscan (to dump
  the SDKRuntime's top-level CNode)
- add "capscan sdk" in the shell to inspect the SDKRuntime service
- make SDKRuntime require a registered badge on inbound IPCs
- fill-in ping & log SDK api's
- connect ProcessManager to SDKRuntime for SDKManager api use,
  everything else happens outside CAmkES
- make SDKRuntime lock against concurrent requests--the SDKManager
  runs concurrently and shares SDKRuntime state
- remove kata-shell test_sdk_* commands (replaced by test applications)

Change-Id: I7810949ad0051ff8eda244e0385f662882a556e4
GitOrigin-RevId: 5fef55428e076f670cff325965047c98d84cfbca
2022-10-06 19:04:02 +00:00

53 lines
1.9 KiB
Plaintext
Raw Permalink Blame History

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Kata OS ProcessManager services.
import <LoggerInterface.camkes>;
import <MemoryInterface.camkes>;
import <PackageManagementInterface.camkes>;
import <ProcessControlInterface.camkes>;
import <SecurityCoordinatorInterface.camkes>;
import <SDKManagerInterface.camkes>;
component ProcessManager {
provides PackageManagementInterface pkg_mgmt;
provides ProcessControlInterface proc_ctrl;
maybe uses LoggerInterface logger;
uses MemoryInterface memory;
uses SecurityCoordinatorInterface security;
uses SDKManagerInterface sdk_manager;
// Enable KataOS CAmkES support.
attribute int kataos = true;
// Process creation requires enough slots to hold dynamically
// allocated memory when constructing the application. This
// can be multiple megabytes so size for 4MB / 4KB pages.
attribute int cnode_headroom = 1024;
// Arrange for global objects to be instantiated in our CSpace
// (typically by moving them from the rootserver). Capabilities
// are exposed with global static symbols.
attribute int asid_pool = true; // ASID_POOL
attribute int sched_ctrl = true; // SCHED_CTRL
attribute int domain_ctrl = true; // DOMANI_CTRL
// Copyregions for loading bundle images and for loading an application.
// These need to be separate because they are used concurrently.
has copyregion BUNDLE_IMAGE;
has copyregion LOAD_APPLICATION;
}
Reference in New Issue View Git Blame Copy Permalink