Download to read offline
SdE2 - Pilot Tock
- 1.
- 2. Ron Rivest • Américain •Stanford • MIT • Inventeur RSA 2
- 3. Contenu • L'architecture • Appelssystème • API du pilote Syscall 3
- 4. Bibliographie pour aujourd'hui •A. Radovici, I. Culic, Getting Started with Secure Embedded Systems – Chapitre 3, 7, 8 4
- 5.
- 6. Pile du systèmed'exploitation
- 7. Application (Process) • Exécutableautonome – compilé sans noyau Tock • Protection de la mémoire – Régions MPU • Peut (seg)fault • Code relocalisable – où le compilateur le permet • IPC – découverte de services
- 8.
- 9. Appels système deTock 2.0 • Yield (0) • Subscribe (1) • Command (2) • ReadWriteAllow (3) • ReadOnlyAllow (4) • Memop (5) • Exit (6) 9
- 10. Command - 2 •Demande au pilot d'effectuer une action spécifique. • Paramètres – driver_number: u32 – command_number: u32 – data0: u32 – data1: u32 • L'action effectuée n'est généralement pas synchrone. command (capsule_number,command_number, arg1, arg2) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) CommandResult::failure (ErrorCode::NODEVICE) command (command_number, arg1, arg2, process_id) CommandResult::failure... (ErrorCode::...) no is 0 yes Is command_number a valid action? Application CommandResult::failure (ErrorCode::NOSUPPORT) Execute or schedule action yes no Success? CommandResult::success... (...) User Space Kernel Syscall Capsule Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) CommandResult::failure(errror) 10
- 11. Subscribe - 1 •Associe une fonction à un rappel (événement) d'un conducteur. • Paramètres: – driver_number: u32 – subscribe_number: u32 – callback: usize – user_data: usize subscribe (capsule_number,subscribe_number, upcall_ptr, user_data) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) SyscallReturn::SubscribeFailure (ErrorCode::NODEVICE, upcall_ptr, user_data) no yes Is subscribe_number less then NUM_UPCALLS ? Application SyscallReturn::SubscribeFailure (ErrorCode::NOSUPPORT, upcall_ptr, user_data) Register upcall Ok (previous_upcall_ptr, previous_user_data) User Space Kernel Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) SyscallReturn::SubscribeFailure (errror, upcall_ptr, user_data) allocate_grant (process_id) Err(error) Yes Grant allocated? SyscallReturn::SubscribeFailure (error, upcall_ptr, user_data) 11
- 12. Grant Allocated Grant Pointer AllocatedGrant Unallocated Grant Pointer Scheduled Task Process Memory Space Process Control Block Grant 2 Grant 1 0x0040000 0x003FFC8 0x003FFC0 Task Queue Kernel Memory Break Driver Number 0x... Grant Pointer 1 (0x003FFC0) Driver Number 0x... Grant Pointer 2 (0x003FFC8) Driver Number 0x... Grant Pointer 3 (0x00000000) Driver Number 0x... Grant Pointer n (0x00000000) Driver Data Structure (T) Padding Upcall (0x003F050) User Data (32bits) n Upcall (0x00000000) User Data (32bits) n-1 Upcall (0x003F200) User Data (32bits) 1 Upcall (0x003F000) User Data (32bits) 0 Upcall (0x00000000) User Data (32bits) 2 12
- 13. Yield - 0 •Fait passer le processus en cours de l'état Running à l'état Yielded. – yield() – yield_no_wait() Process Control Block Grant 2 Grant 1 0x0040000 0x003FFC8 0x003FFC0 Task Queue Kernel Memory Break Allocated Grant Pointer Allocated Grant Unallocated Grant Pointer Scheduled Callback Process Memory Space Driver Number 0x... Grant Pointer 1 (0x003FFC0) Driver Number 0x... Grant Pointer 2 (0x003FFC8) Driver Number 0x... Grant Pointer 3 (0x00000000) Driver Number 0x... Grant Pointer n (0x00000000) 13
- 14. AllowRead(Write/Only) – 3et 4 • Partage des buffers entre le noyau et l'application. • Paramètres: – driver_number: u32 – allow_number: u32 – pointer: usize – size: u32 allow_... (capsule_number, allow_number, buffer_ptr, len) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) SyscallReturn::Allow...Failure (ErrorCode::NODEVICE, buffer_ptr) Application Ok (previous_buffer) User Space Kernel Syscall Capsule Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) SyscallReturn::Allow...Failure (errror, buffer_ptr) yes no Is the provided buffer in the application's memory? SyscallReturn::Allow...Failure (ErrorCode::INVAL, buffer_ptr) no yes Is subscribe_number less then NUM_ALLOWS ? Register buffer Err(error) Yes Grant allocated? SyscallReturn::Allow...Failure (buffer, ErrorCode::INVAL) SyscallReturn::Allow...Failure (buffer, ErrorCode::NOSUPPORT) allocate_grant (process_id) 14
- 15. Utilisation des appelsde systèm Allow RW or RO (optional) Subscribe Command Yield Buffer yes Callback Ran? no Upcall Run Upcall Is Yielded? Yes Postpone No UnAllow RW or RO (optional) Buffer not usable by the application 15
- 16. États du processus GetNext Process Yes Is Running? Is Yielded? Has Scheduled Upcalls? Schedule Is Faulted? Restart Process Fault! Systick or Kernel Task Done No No Yes Yes No Application Kernel Run Upcall Set Running 16
- 17. API DU PILOTESYSCALL 17
- 18. Trait SyscallDriver pub traitSyscallDriver { fn command( &self, command_num: usize, r2: usize, r3: usize, process_id: ProcessId, ) -> CommandReturn { CommandReturn::failure(ErrorCode::NOSUPPORT) } // suggested implementation // self.apps.enter(processid, |_, _| {}) fn allocate_grant( &self, process_id: ProcessId ) -> Result<(), Error>; } 18
- 19. Fonction de callback typedefvoid (subscribe_upcall)(int, int, int, void*); static void button_callback( int btn_num, int val, int arg2, void *ud ) { // do work } 19
- 20. Registration du pilot •Chaque pilot a un numéro unique • Pilot standard: – 0x00000 ... 0x9ffff • Pilot custom – > 0xa0000 • En main.rs - trait SyscallDriverLookup – fn with_driver (&self, driver_num: usize, f: F) -> R 20
- 21. Mot clés • appeldu systeme • pilot • capsule • Running • Yielded • grant • command • subscribe • upcall • Callback • yield • allow 21
- 22.