SlideShare a Scribd company logo
1 of 22
Systèmes
d'exploitation
Pilots Tock
Ron Rivest
• Américain
• Stanford
• MIT
• Inventeur RSA
2
Contenu
• L'architecture
• Appels système
• API du pilote Syscall
3
Bibliographie pour aujourd'hui
• A. Radovici, I. Culic, Getting Started with
Secure Embedded Systems
– Chapitre 3, 7, 8
4
TOCK
5
Pile du système d'exploitation
Application (Process)
• Exécutable autonome
– compilé sans noyau Tock
• Protection de la mémoire
– Régions MPU
• Peut (seg)fault
• Code relocalisable
– où le compilateur le
permet
• IPC
– découverte de services
APPELS SYSTÈME
8
Appels système de Tock 2.0
• Yield (0)
• Subscribe (1)
• Command (2)
• ReadWriteAllow (3)
• ReadOnlyAllow (4)
• Memop (5)
• Exit (6)
9
Command - 2
• Demande au pilot
d'effectuer une action
spécifique.
• Paramètres
– driver_number: u32
– command_number: u32
– data0: u32
– data1: u32
• L'action effectuée n'est
généralement pas
synchrone.
command (capsule_number,command_number, arg1, arg2)
not found
found
Get capsule with
id capsule_number
(SyscallDriverLookup trait)
CommandResult::failure
(ErrorCode::NODEVICE)
command (command_number, arg1, arg2, process_id)
CommandResult::failure... (ErrorCode::...)
no
is 0
yes
Is command_number a
valid action?
Application
CommandResult::failure
(ErrorCode::NOSUPPORT)
Execute or
schedule action
yes
no
Success?
CommandResult::success... (...)
User Space
Kernel
Syscall Capsule
Ok(())
Err(error)
Is the system call
allowed?
(SyscallFilter trait)
CommandResult::failure(errror)
10
Subscribe - 1
• Associe une fonction à
un rappel (événement)
d'un conducteur.
• Paramètres:
– driver_number: u32
– subscribe_number: u32
– callback: usize
– user_data: usize
subscribe (capsule_number,subscribe_number, upcall_ptr, user_data)
not found
found
Get capsule with
id capsule_number
(SyscallDriverLookup trait)
SyscallReturn::SubscribeFailure
(ErrorCode::NODEVICE, upcall_ptr, user_data)
no
yes
Is subscribe_number
less then
NUM_UPCALLS ?
Application
SyscallReturn::SubscribeFailure
(ErrorCode::NOSUPPORT, upcall_ptr,
user_data)
Register upcall
Ok (previous_upcall_ptr, previous_user_data)
User Space
Kernel
Ok(())
Err(error)
Is the system call
allowed?
(SyscallFilter trait)
SyscallReturn::SubscribeFailure
(errror, upcall_ptr, user_data)
allocate_grant (process_id)
Err(error)
Yes
Grant allocated?
SyscallReturn::SubscribeFailure
(error, upcall_ptr, user_data)
11
Grant
Allocated Grant Pointer
Allocated Grant
Unallocated Grant Pointer
Scheduled Task
Process Memory Space
Process Control Block
Grant 2
Grant 1
0x0040000
0x003FFC8
0x003FFC0
Task Queue
Kernel Memory Break
Driver Number 0x... Grant Pointer 1 (0x003FFC0)
Driver Number 0x... Grant Pointer 2 (0x003FFC8)
Driver Number 0x... Grant Pointer 3 (0x00000000)
Driver Number 0x... Grant Pointer n (0x00000000)
Driver Data Structure (T)
Padding
Upcall (0x003F050) User Data (32bits)
n
Upcall (0x00000000) User Data (32bits)
n-1
Upcall (0x003F200) User Data (32bits)
1
Upcall (0x003F000) User Data (32bits)
0
Upcall (0x00000000) User Data (32bits)
2
12
Yield - 0
• Fait passer le processus
en cours de l'état
Running à l'état Yielded.
– yield()
– yield_no_wait()
Process Control Block
Grant 2
Grant 1
0x0040000
0x003FFC8
0x003FFC0
Task Queue
Kernel Memory Break
Allocated Grant Pointer
Allocated Grant
Unallocated Grant Pointer
Scheduled Callback
Process Memory Space
Driver Number 0x... Grant Pointer 1 (0x003FFC0)
Driver Number 0x... Grant Pointer 2 (0x003FFC8)
Driver Number 0x... Grant Pointer 3 (0x00000000)
Driver Number 0x... Grant Pointer n (0x00000000)
13
AllowRead(Write/Only) – 3 et 4
• Partage des buffers
entre le noyau et
l'application.
• Paramètres:
– driver_number: u32
– allow_number: u32
– pointer: usize
– size: u32
allow_... (capsule_number, allow_number, buffer_ptr, len)
not found
found
Get capsule with
id capsule_number
(SyscallDriverLookup trait)
SyscallReturn::Allow...Failure
(ErrorCode::NODEVICE, buffer_ptr)
Application
Ok (previous_buffer)
User Space
Kernel
Syscall Capsule
Ok(())
Err(error)
Is the system call
allowed?
(SyscallFilter trait)
SyscallReturn::Allow...Failure
(errror, buffer_ptr)
yes
no
Is the provided buffer in the
application's memory?
SyscallReturn::Allow...Failure
(ErrorCode::INVAL, buffer_ptr)
no
yes
Is subscribe_number
less then
NUM_ALLOWS ?
Register buffer
Err(error)
Yes
Grant allocated?
SyscallReturn::Allow...Failure
(buffer, ErrorCode::INVAL)
SyscallReturn::Allow...Failure
(buffer, ErrorCode::NOSUPPORT)
allocate_grant (process_id)
14
Utilisation des appels de systèm
Allow RW or RO
(optional)
Subscribe
Command
Yield
Buffer
yes
Callback Ran?
no
Upcall
Run Upcall
Is Yielded?
Yes
Postpone
No
UnAllow RW or RO
(optional)
Buffer
not usable by
the application
15
États du processus
Get Next Process
Yes
Is Running? Is Yielded?
Has Scheduled
Upcalls?
Schedule
Is Faulted?
Restart Process Fault!
Systick
or
Kernel Task Done
No
No
Yes
Yes
No
Application
Kernel
Run Upcall
Set Running
16
API DU PILOTE SYSCALL
17
Trait SyscallDriver
pub trait SyscallDriver {
fn command(
&self,
command_num: usize,
r2: usize,
r3: usize,
process_id: ProcessId,
) -> CommandReturn {
CommandReturn::failure(ErrorCode::NOSUPPORT)
}
// suggested implementation
// self.apps.enter(processid, |_, _| {})
fn allocate_grant(
&self,
process_id: ProcessId
) -> Result<(), Error>;
}
18
Fonction de callback
typedef void (subscribe_upcall)(int, int, int, void*);
static void button_callback(
int btn_num,
int val,
int arg2,
void *ud
) {
// do work
}
19
Registration du pilot
• Chaque pilot a un numéro unique
• Pilot standard:
– 0x00000 ... 0x9ffff
• Pilot custom
– > 0xa0000
• En main.rs - trait SyscallDriverLookup
– fn with_driver (&self, driver_num: usize, f: F) -> R
20
Mot clés
• appel du systeme
• pilot
• capsule
• Running
• Yielded
• grant
• command
• subscribe
• upcall
• Callback
• yield
• allow
21
Questions
22

More Related Content

Similar to SdE2 - Pilot Tock

Summer training embedded system and its scope
Summer training  embedded system and its scopeSummer training  embedded system and its scope
Summer training embedded system and its scopeArshit Rai
 
Bridging the gap between hardware and software tracing
Bridging the gap between hardware and software tracingBridging the gap between hardware and software tracing
Bridging the gap between hardware and software tracingChristian Babeux
 
Summer training embedded system and its scope
Summer training  embedded system and its scopeSummer training  embedded system and its scope
Summer training embedded system and its scopeArshit Rai
 
Microprocessor.ppt
Microprocessor.pptMicroprocessor.ppt
Microprocessor.pptsafia kalwar
 
Reverse eningeering
Reverse eningeeringReverse eningeering
Reverse eningeeringKent Huang
 
AAME ARM Techcon2013 002v02 Advanced Features
AAME ARM Techcon2013 002v02 Advanced FeaturesAAME ARM Techcon2013 002v02 Advanced Features
AAME ARM Techcon2013 002v02 Advanced FeaturesAnh Dung NGUYEN
 
Windows内核技术介绍
Windows内核技术介绍Windows内核技术介绍
Windows内核技术介绍jeffz
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
Potapenko, vyukov forewarned is forearmed. a san and tsan
Potapenko, vyukov   forewarned is forearmed. a san and tsanPotapenko, vyukov   forewarned is forearmed. a san and tsan
Potapenko, vyukov forewarned is forearmed. a san and tsanDefconRussia
 
Compromising Linux Virtual Machines with Debugging Mechanisms
Compromising Linux Virtual Machines with Debugging MechanismsCompromising Linux Virtual Machines with Debugging Mechanisms
Compromising Linux Virtual Machines with Debugging MechanismsRussell Sanford
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
My First 100 days with an Exadata (PPT)
My First 100 days with an Exadata (PPT)My First 100 days with an Exadata (PPT)
My First 100 days with an Exadata (PPT)Gustavo Rene Antunez
 
Percona Live UK 2014 Part III
Percona Live UK 2014  Part IIIPercona Live UK 2014  Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
GOD MODE Unlocked: Hardware backdoors in x86 CPUs
GOD MODE Unlocked: Hardware backdoors in x86 CPUsGOD MODE Unlocked: Hardware backdoors in x86 CPUs
GOD MODE Unlocked: Hardware backdoors in x86 CPUsPriyanka Aash
 

Similar to SdE2 - Pilot Tock (20)

Summer training embedded system and its scope
Summer training  embedded system and its scopeSummer training  embedded system and its scope
Summer training embedded system and its scope
 
Bridging the gap between hardware and software tracing
Bridging the gap between hardware and software tracingBridging the gap between hardware and software tracing
Bridging the gap between hardware and software tracing
 
The Spectre of Meltdowns
The Spectre of MeltdownsThe Spectre of Meltdowns
The Spectre of Meltdowns
 
PILOT Session for Embedded Systems
PILOT Session for Embedded Systems PILOT Session for Embedded Systems
PILOT Session for Embedded Systems
 
Summer training embedded system and its scope
Summer training  embedded system and its scopeSummer training  embedded system and its scope
Summer training embedded system and its scope
 
Microprocessor.ppt
Microprocessor.pptMicroprocessor.ppt
Microprocessor.ppt
 
Reverse eningeering
Reverse eningeeringReverse eningeering
Reverse eningeering
 
AAME ARM Techcon2013 002v02 Advanced Features
AAME ARM Techcon2013 002v02 Advanced FeaturesAAME ARM Techcon2013 002v02 Advanced Features
AAME ARM Techcon2013 002v02 Advanced Features
 
Windows内核技术介绍
Windows内核技术介绍Windows内核技术介绍
Windows内核技术介绍
 
Lect02
Lect02Lect02
Lect02
 
Introduction to ARM Architecture
Introduction to ARM ArchitectureIntroduction to ARM Architecture
Introduction to ARM Architecture
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architecture
 
Potapenko, vyukov forewarned is forearmed. a san and tsan
Potapenko, vyukov   forewarned is forearmed. a san and tsanPotapenko, vyukov   forewarned is forearmed. a san and tsan
Potapenko, vyukov forewarned is forearmed. a san and tsan
 
Compromising Linux Virtual Machines with Debugging Mechanisms
Compromising Linux Virtual Machines with Debugging MechanismsCompromising Linux Virtual Machines with Debugging Mechanisms
Compromising Linux Virtual Machines with Debugging Mechanisms
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
My First 100 days with an Exadata (PPT)
My First 100 days with an Exadata (PPT)My First 100 days with an Exadata (PPT)
My First 100 days with an Exadata (PPT)
 
Percona Live UK 2014 Part III
Percona Live UK 2014  Part IIIPercona Live UK 2014  Part III
Percona Live UK 2014 Part III
 
GOD MODE Unlocked: Hardware backdoors in x86 CPUs
GOD MODE Unlocked: Hardware backdoors in x86 CPUsGOD MODE Unlocked: Hardware backdoors in x86 CPUs
GOD MODE Unlocked: Hardware backdoors in x86 CPUs
 

More from Alexandru Radovici (20)

SdE2 - Systèmes embarquées
SdE2 - Systèmes embarquéesSdE2 - Systèmes embarquées
SdE2 - Systèmes embarquées
 
SdE2 - Planification, IPC
SdE2 - Planification, IPCSdE2 - Planification, IPC
SdE2 - Planification, IPC
 
ALF1 - Introduction
ALF1 - IntroductionALF1 - Introduction
ALF1 - Introduction
 
SdE2 - Introduction
SdE2 - IntroductionSdE2 - Introduction
SdE2 - Introduction
 
MDAD 6 - AIDL and Services
MDAD 6 - AIDL and ServicesMDAD 6 - AIDL and Services
MDAD 6 - AIDL and Services
 
MDAD 5 - Threads
MDAD 5 - ThreadsMDAD 5 - Threads
MDAD 5 - Threads
 
MDAD 4 - Lists, adapters and recycling
MDAD 4 - Lists, adapters and recyclingMDAD 4 - Lists, adapters and recycling
MDAD 4 - Lists, adapters and recycling
 
MDAD 3 - Basics of UI Applications
MDAD 3 - Basics of UI ApplicationsMDAD 3 - Basics of UI Applications
MDAD 3 - Basics of UI Applications
 
MDAD 2 - Introduction to the Android Framework
MDAD 2 - Introduction to the Android FrameworkMDAD 2 - Introduction to the Android Framework
MDAD 2 - Introduction to the Android Framework
 
MDAD 1 - Hardware
MDAD 1 - HardwareMDAD 1 - Hardware
MDAD 1 - Hardware
 
MDAD 0 - Introduction
MDAD 0 - IntroductionMDAD 0 - Introduction
MDAD 0 - Introduction
 
SdE 11 - Reseau
SdE 11 - ReseauSdE 11 - Reseau
SdE 11 - Reseau
 
SdE 10 - Threads
SdE 10 - ThreadsSdE 10 - Threads
SdE 10 - Threads
 
SdE 8 - Synchronisation de execution
SdE 8 - Synchronisation de executionSdE 8 - Synchronisation de execution
SdE 8 - Synchronisation de execution
 
SdE 8 - Memoire Virtuelle
SdE 8 - Memoire VirtuelleSdE 8 - Memoire Virtuelle
SdE 8 - Memoire Virtuelle
 
SdE 7 - Gestion de la Mémoire
SdE 7 - Gestion de la MémoireSdE 7 - Gestion de la Mémoire
SdE 7 - Gestion de la Mémoire
 
SdE 6 - Planification
SdE 6 - PlanificationSdE 6 - Planification
SdE 6 - Planification
 
SdE 5 - Planification
SdE 5 - PlanificationSdE 5 - Planification
SdE 5 - Planification
 
ALF 6 - Parser
ALF 6 - ParserALF 6 - Parser
ALF 6 - Parser
 
ALF 5 - Parser
ALF 5 - ParserALF 5 - Parser
ALF 5 - Parser
 

Recently uploaded

8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital ManagementMBA Assignment Experts
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...Nguyen Thanh Tu Collection
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxCeline George
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...EduSkills OECD
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...EADTU
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxAdelaideRefugio
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesAmanpreetKaur157993
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint23600690
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxneillewis46
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppCeline George
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................MirzaAbrarBaig5
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17Celine George
 
Climbers and Creepers used in landscaping
Climbers and Creepers used in landscapingClimbers and Creepers used in landscaping
Climbers and Creepers used in landscapingDr. M. Kumaresan Hort.
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...Nguyen Thanh Tu Collection
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxMarlene Maheu
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...Nguyen Thanh Tu Collection
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFVivekanand Anglo Vedic Academy
 

Recently uploaded (20)

8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategies
 
Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17
 
Climbers and Creepers used in landscaping
Climbers and Creepers used in landscapingClimbers and Creepers used in landscaping
Climbers and Creepers used in landscaping
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 

SdE2 - Pilot Tock

  • 2. Ron Rivest • Américain • Stanford • MIT • Inventeur RSA 2
  • 3. Contenu • L'architecture • Appels système • API du pilote Syscall 3
  • 4. Bibliographie pour aujourd'hui • A. Radovici, I. Culic, Getting Started with Secure Embedded Systems – Chapitre 3, 7, 8 4
  • 6. Pile du système d'exploitation
  • 7. Application (Process) • Exécutable autonome – compilé sans noyau Tock • Protection de la mémoire – Régions MPU • Peut (seg)fault • Code relocalisable – où le compilateur le permet • IPC – découverte de services
  • 9. Appels système de Tock 2.0 • Yield (0) • Subscribe (1) • Command (2) • ReadWriteAllow (3) • ReadOnlyAllow (4) • Memop (5) • Exit (6) 9
  • 10. Command - 2 • Demande au pilot d'effectuer une action spécifique. • Paramètres – driver_number: u32 – command_number: u32 – data0: u32 – data1: u32 • L'action effectuée n'est généralement pas synchrone. command (capsule_number,command_number, arg1, arg2) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) CommandResult::failure (ErrorCode::NODEVICE) command (command_number, arg1, arg2, process_id) CommandResult::failure... (ErrorCode::...) no is 0 yes Is command_number a valid action? Application CommandResult::failure (ErrorCode::NOSUPPORT) Execute or schedule action yes no Success? CommandResult::success... (...) User Space Kernel Syscall Capsule Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) CommandResult::failure(errror) 10
  • 11. Subscribe - 1 • Associe une fonction à un rappel (événement) d'un conducteur. • Paramètres: – driver_number: u32 – subscribe_number: u32 – callback: usize – user_data: usize subscribe (capsule_number,subscribe_number, upcall_ptr, user_data) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) SyscallReturn::SubscribeFailure (ErrorCode::NODEVICE, upcall_ptr, user_data) no yes Is subscribe_number less then NUM_UPCALLS ? Application SyscallReturn::SubscribeFailure (ErrorCode::NOSUPPORT, upcall_ptr, user_data) Register upcall Ok (previous_upcall_ptr, previous_user_data) User Space Kernel Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) SyscallReturn::SubscribeFailure (errror, upcall_ptr, user_data) allocate_grant (process_id) Err(error) Yes Grant allocated? SyscallReturn::SubscribeFailure (error, upcall_ptr, user_data) 11
  • 12. Grant Allocated Grant Pointer Allocated Grant Unallocated Grant Pointer Scheduled Task Process Memory Space Process Control Block Grant 2 Grant 1 0x0040000 0x003FFC8 0x003FFC0 Task Queue Kernel Memory Break Driver Number 0x... Grant Pointer 1 (0x003FFC0) Driver Number 0x... Grant Pointer 2 (0x003FFC8) Driver Number 0x... Grant Pointer 3 (0x00000000) Driver Number 0x... Grant Pointer n (0x00000000) Driver Data Structure (T) Padding Upcall (0x003F050) User Data (32bits) n Upcall (0x00000000) User Data (32bits) n-1 Upcall (0x003F200) User Data (32bits) 1 Upcall (0x003F000) User Data (32bits) 0 Upcall (0x00000000) User Data (32bits) 2 12
  • 13. Yield - 0 • Fait passer le processus en cours de l'état Running à l'état Yielded. – yield() – yield_no_wait() Process Control Block Grant 2 Grant 1 0x0040000 0x003FFC8 0x003FFC0 Task Queue Kernel Memory Break Allocated Grant Pointer Allocated Grant Unallocated Grant Pointer Scheduled Callback Process Memory Space Driver Number 0x... Grant Pointer 1 (0x003FFC0) Driver Number 0x... Grant Pointer 2 (0x003FFC8) Driver Number 0x... Grant Pointer 3 (0x00000000) Driver Number 0x... Grant Pointer n (0x00000000) 13
  • 14. AllowRead(Write/Only) – 3 et 4 • Partage des buffers entre le noyau et l'application. • Paramètres: – driver_number: u32 – allow_number: u32 – pointer: usize – size: u32 allow_... (capsule_number, allow_number, buffer_ptr, len) not found found Get capsule with id capsule_number (SyscallDriverLookup trait) SyscallReturn::Allow...Failure (ErrorCode::NODEVICE, buffer_ptr) Application Ok (previous_buffer) User Space Kernel Syscall Capsule Ok(()) Err(error) Is the system call allowed? (SyscallFilter trait) SyscallReturn::Allow...Failure (errror, buffer_ptr) yes no Is the provided buffer in the application's memory? SyscallReturn::Allow...Failure (ErrorCode::INVAL, buffer_ptr) no yes Is subscribe_number less then NUM_ALLOWS ? Register buffer Err(error) Yes Grant allocated? SyscallReturn::Allow...Failure (buffer, ErrorCode::INVAL) SyscallReturn::Allow...Failure (buffer, ErrorCode::NOSUPPORT) allocate_grant (process_id) 14
  • 15. Utilisation des appels de systèm Allow RW or RO (optional) Subscribe Command Yield Buffer yes Callback Ran? no Upcall Run Upcall Is Yielded? Yes Postpone No UnAllow RW or RO (optional) Buffer not usable by the application 15
  • 16. États du processus Get Next Process Yes Is Running? Is Yielded? Has Scheduled Upcalls? Schedule Is Faulted? Restart Process Fault! Systick or Kernel Task Done No No Yes Yes No Application Kernel Run Upcall Set Running 16
  • 17. API DU PILOTE SYSCALL 17
  • 18. Trait SyscallDriver pub trait SyscallDriver { fn command( &self, command_num: usize, r2: usize, r3: usize, process_id: ProcessId, ) -> CommandReturn { CommandReturn::failure(ErrorCode::NOSUPPORT) } // suggested implementation // self.apps.enter(processid, |_, _| {}) fn allocate_grant( &self, process_id: ProcessId ) -> Result<(), Error>; } 18
  • 19. Fonction de callback typedef void (subscribe_upcall)(int, int, int, void*); static void button_callback( int btn_num, int val, int arg2, void *ud ) { // do work } 19
  • 20. Registration du pilot • Chaque pilot a un numéro unique • Pilot standard: – 0x00000 ... 0x9ffff • Pilot custom – > 0xa0000 • En main.rs - trait SyscallDriverLookup – fn with_driver (&self, driver_num: usize, f: F) -> R 20
  • 21. Mot clés • appel du systeme • pilot • capsule • Running • Yielded • grant • command • subscribe • upcall • Callback • yield • allow 21