diff --git a/libraries/persistent_store/src/bitfield.rs b/libraries/persistent_store/src/bitfield.rs new file mode 100644 index 0000000..a2760c2 --- /dev/null +++ b/libraries/persistent_store/src/bitfield.rs @@ -0,0 +1,376 @@ +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//! Helps manipulate bit fields in 32-bits words. +// TODO(ia0): Remove when the module is used. +#![cfg_attr(not(test), allow(dead_code, unused_macros))] + +use crate::{StoreError, StoreResult}; + +/// Represents a bit field. +/// +/// A bit field is a contiguous sequence of bits in a 32-bits word. +/// +/// # Invariant +/// +/// - The bit field must fit in a 32-bits word: `pos + len < 32`. +pub struct Field { + /// The position of the bit field. + pub pos: usize, + + /// The length of the bit field. + pub len: usize, +} + +impl Field { + /// Reads the value of a bit field. + pub fn get(&self, word: u32) -> usize { + ((word >> self.pos) & self.mask()) as usize + } + + /// Sets the value of a bit field. + /// + /// # Preconditions + /// + /// - The value must fit in the bit field: `num_bits(value) < self.len`. + /// - The value must only change bits from 1 to 0: `self.get(*word) & value == value`. + pub fn set(&self, word: &mut u32, value: usize) { + let value = value as u32; + debug_assert_eq!(value & self.mask(), value); + let mask = !(self.mask() << self.pos); + *word &= mask | (value << self.pos); + debug_assert_eq!(self.get(*word), value as usize); + } + + /// Returns a bit mask the length of the bit field. + /// + /// The mask is meant to be applied on a value. It should be shifted to be applied to the bit + /// field. + fn mask(&self) -> u32 { + (1 << self.len) - 1 + } +} + +/// Represents a constant bit field. +/// +/// # Invariant +/// +/// - The value must fit in the bit field: `num_bits(value) <= field.len`. +pub struct ConstField { + /// The bit field. + pub field: Field, + + /// The constant value. + pub value: usize, +} + +impl ConstField { + /// Checks that the bit field has its value. + pub fn check(&self, word: u32) -> bool { + self.field.get(word) == self.value + } + + /// Sets the bit field to its value. + pub fn set(&self, word: &mut u32) { + self.field.set(word, self.value); + } +} + +/// Represents a single bit. +/// +/// # Invariant +/// +/// - The bit must fit in a 32-bits word: `pos < 32`. +pub struct Bit { + /// The position of the bit. + pub pos: usize, +} + +impl Bit { + /// Returns whether the value of the bit is zero. + pub fn get(&self, word: u32) -> bool { + word & (1 << self.pos) == 0 + } + + /// Sets the value of the bit to zero. + pub fn set(&self, word: &mut u32) { + *word &= !(1 << self.pos); + } +} + +/// Represents a checksum. +/// +/// A checksum is a bit field counting how many bits are set to zero in the word (except in the +/// checksum itself) plus some external increment. It essentially behaves like a bit field storing +/// the external increment. +pub struct Checksum { + /// The bit field + pub field: Field, +} + +impl Checksum { + /// Reads the external increment from the checksum. + /// + /// # Errors + /// + /// Returns `InvalidStorage` if the external increment would be negative. + pub fn get(&self, word: u32) -> StoreResult { + let checksum = self.field.get(word); + let zeros = word.count_zeros() as usize - (self.field.len - checksum.count_ones() as usize); + checksum + .checked_sub(zeros) + .ok_or(StoreError::InvalidStorage) + } + + /// Sets the checksum to the external increment value. + /// + /// # Preconditions + /// + /// - The bits of the checksum bit field should be set to one: `self.field.get(*word) == + /// self.field.mask()`. + /// - The checksum value should fit in the checksum bit field: `num_bits(word.count_zeros() + + /// value) < self.field.len`. + pub fn set(&self, word: &mut u32, value: usize) { + debug_assert_eq!(self.field.get(*word), self.field.mask() as usize); + self.field.set(word, word.count_zeros() as usize + value); + } +} + +/// Tracks the number of bits used so far. +/// +/// # Features +/// +/// Only available for tests. +#[cfg(any(doc, test))] +pub struct Length { + /// The position of the next available bit. + pub pos: usize, +} + +/// Helps defining contiguous bit fields. +/// +/// It takes a sequence of bit field descriptors as argument. A bit field descriptor is one of the +/// following: +/// - `$name: Bit,` to define a bit +/// - `$name: Field <= $max,` to define a bit field of minimum length to store `$max` +/// - `$name: Checksum <= $max,` to define a checksum of minimum length to store `$max` +/// - `$name: Length,` to define a length tracker +/// - `$name: ConstField = [$bits],` to define a constant bit field with value `$bits` (a sequence +/// of space-separated bits) +#[cfg_attr(doc, macro_export)] // For `cargo doc` to produce documentation. +macro_rules! bitfield { + ($($input: tt)*) => { + bitfield_impl! { []{ pos: 0 }[$($input)*] } + }; +} + +macro_rules! bitfield_impl { + // Main rules: + // - Input are bit field descriptors + // - Position is the number of bits used by prior bit fields + // - Output are the bit field definitions + ([$($output: tt)*]{ pos: $pos: expr }[$name: ident: Bit, $($input: tt)*]) => { + bitfield_impl! { + [$($output)* const $name: Bit = Bit { pos: $pos };] + { pos: $pos + 1 } + [$($input)*] + } + }; + ([$($output: tt)*]{ pos: $pos: expr }[$name: ident: Field <= $max: expr, $($input: tt)*]) => { + bitfield_impl! { + [$($output)* const $name: Field = Field { pos: $pos, len: num_bits($max) };] + { pos: $pos + $name.len } + [$($input)*] + } + }; + ([$($output: tt)*]{ pos: $pos: expr } + [$name: ident: Checksum <= $max: expr, $($input: tt)*]) => { + bitfield_impl! { + [$($output)* const $name: Checksum = Checksum { + field: Field { pos: $pos, len: num_bits($max) } + };] + { pos: $pos + $name.field.len } + [$($input)*] + } + }; + ([$($output: tt)*]{ pos: $pos: expr } + [$(#[$meta: meta])* $name: ident: Length, $($input: tt)*]) => { + bitfield_impl! { + [$($output)* $(#[$meta])* const $name: Length = Length { pos: $pos };] + { pos: $pos } + [$($input)*] + } + }; + ([$($output: tt)*]{ pos: $pos: expr } + [$name: ident: ConstField = $bits: tt, $($input: tt)*]) => { + bitfield_impl! { + Reverse $name []$bits + [$($output)*]{ pos: $pos }[$($input)*] + } + }; + ([$($output: tt)*]{ pos: $pos: expr }[]) => { $($output)* }; + + // Auxiliary rules for constant bit fields: + // - Input is a sequence of bits + // - Output is the reversed sequence of bits + (Reverse $name: ident [$($output_bits: tt)*] [$bit: tt $($input_bits: tt)*] + [$($output: tt)*]{ pos: $pos: expr }[$($input: tt)*]) => { + bitfield_impl! { + Reverse $name [$bit $($output_bits)*][$($input_bits)*] + [$($output)*]{ pos: $pos }[$($input)*] + } + }; + (Reverse $name: ident $bits: tt [] + [$($output: tt)*]{ pos: $pos: expr }[$($input: tt)*]) => { + bitfield_impl! { + ConstField $name { len: 0, val: 0 }$bits + [$($output)*]{ pos: $pos }[$($input)*] + } + }; + + // Auxiliary rules for constant bit fields: + // - Input is a sequence of bits in reversed order + // - Output is the constant bit field definition with the sequence of bits as value + (ConstField $name: ident { len: $len: expr, val: $val: expr }[] + [$($output: tt)*]{ pos: $pos: expr }[$($input: tt)*]) => { + bitfield_impl! { + [$($output)* const $name: ConstField = ConstField { + field: Field { pos: $pos, len: $len }, + value: $val, + };] + { pos: $pos + $name.field.len } + [$($input)*] + } + }; + (ConstField $name: ident { len: $len: expr, val: $val: expr }[$bit: tt $($bits: tt)*] + [$($output: tt)*]{ pos: $pos: expr }[$($input: tt)*]) => { + bitfield_impl! { + ConstField $name { len: $len + 1, val: $val * 2 + $bit }[$($bits)*] + [$($output)*]{ pos: $pos }[$($input)*] + } + }; +} + +/// Counts the number of bits equal to zero in a byte slice. +pub fn count_zeros(slice: &[u8]) -> usize { + slice.iter().map(|&x| x.count_zeros() as usize).sum() +} + +/// Returns the number of bits necessary to represent a number. +pub const fn num_bits(x: usize) -> usize { + 8 * core::mem::size_of::() - x.leading_zeros() as usize +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn field_ok() { + let field = Field { pos: 3, len: 5 }; + assert_eq!(field.get(0x00000000), 0); + assert_eq!(field.get(0x00000007), 0); + assert_eq!(field.get(0x00000008), 1); + assert_eq!(field.get(0x000000f8), 0x1f); + assert_eq!(field.get(0x0000ff37), 6); + let mut word = 0xffffffff; + field.set(&mut word, 3); + assert_eq!(word, 0xffffff1f); + } + + #[test] + fn const_field_ok() { + let field = ConstField { + field: Field { pos: 3, len: 5 }, + value: 9, + }; + assert!(!field.check(0x00000000)); + assert!(!field.check(0x0000ffff)); + assert!(field.check(0x00000048)); + assert!(field.check(0x0000ff4f)); + let mut word = 0xffffffff; + field.set(&mut word); + assert_eq!(word, 0xffffff4f); + } + + #[test] + fn bit_ok() { + let bit = Bit { pos: 3 }; + assert!(bit.get(0x00000000)); + assert!(bit.get(0xfffffff7)); + assert!(!bit.get(0x00000008)); + assert!(!bit.get(0xffffffff)); + let mut word = 0xffffffff; + bit.set(&mut word); + assert_eq!(word, 0xfffffff7); + } + + #[test] + fn checksum_ok() { + let field = Checksum { + field: Field { pos: 3, len: 5 }, + }; + assert_eq!(field.get(0x00000000), Err(StoreError::InvalidStorage)); + assert_eq!(field.get(0xffffffff), Ok(31)); + assert_eq!(field.get(0xffffff07), Ok(0)); + assert_eq!(field.get(0xffffff0f), Ok(1)); + assert_eq!(field.get(0x00ffff67), Ok(4)); + assert_eq!(field.get(0x7fffff07), Err(StoreError::InvalidStorage)); + let mut word = 0x0fffffff; + field.set(&mut word, 4); + assert_eq!(word, 0x0fffff47); + } + + #[test] + fn bitfield_ok() { + bitfield! { + FIELD: Field <= 127, + CONST_FIELD: ConstField = [0 1 0 1], + BIT: Bit, + CHECKSUM: Checksum <= 58, + LENGTH: Length, + } + assert_eq!(FIELD.pos, 0); + assert_eq!(FIELD.len, 7); + assert_eq!(CONST_FIELD.field.pos, 7); + assert_eq!(CONST_FIELD.field.len, 4); + assert_eq!(CONST_FIELD.value, 10); + assert_eq!(BIT.pos, 11); + assert_eq!(CHECKSUM.field.pos, 12); + assert_eq!(CHECKSUM.field.len, 6); + assert_eq!(LENGTH.pos, 18); + } + + #[test] + fn count_zeros_ok() { + assert_eq!(count_zeros(&[0xff, 0xff]), 0); + assert_eq!(count_zeros(&[0xff, 0xfe]), 1); + assert_eq!(count_zeros(&[0x7f, 0xff]), 1); + assert_eq!(count_zeros(&[0x12, 0x48]), 12); + assert_eq!(count_zeros(&[0x00, 0x00]), 16); + } + + #[test] + fn num_bits_ok() { + assert_eq!(num_bits(0), 0); + assert_eq!(num_bits(1), 1); + assert_eq!(num_bits(2), 2); + assert_eq!(num_bits(3), 2); + assert_eq!(num_bits(4), 3); + assert_eq!(num_bits(5), 3); + assert_eq!(num_bits(8), 4); + assert_eq!(num_bits(9), 4); + assert_eq!(num_bits(16), 5); + } +} diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs index 846f956..954e66f 100644 --- a/libraries/persistent_store/src/lib.rs +++ b/libraries/persistent_store/src/lib.rs @@ -14,6 +14,10 @@ #![cfg_attr(not(feature = "std"), no_std)] +#[macro_use] +mod bitfield; mod storage; +mod store; pub use self::storage::{Storage, StorageError, StorageIndex, StorageResult}; +pub use self::store::{StoreError, StoreResult}; diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs new file mode 100644 index 0000000..0c94196 --- /dev/null +++ b/libraries/persistent_store/src/store.rs @@ -0,0 +1,63 @@ +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use crate::StorageError; + +#[derive(Debug, PartialEq, Eq)] +pub enum StoreError { + /// Invalid argument. + /// + /// The store is left unchanged. The operation will repeatedly fail until the argument is fixed. + InvalidArgument, + + /// Not enough capacity. + /// + /// The store is left unchanged. The operation will repeatedly fail until capacity is freed. + NoCapacity, + + /// Reached end of lifetime. + /// + /// The store is left unchanged. The operation will repeatedly fail until emergency lifetime is + /// added. + NoLifetime, + + /// A storage operation failed. + /// + /// The consequences depend on the storage failure. In particular, the operation may or may not + /// have succeeded, and the storage may have become invalid. Before doing any other operation, + /// the store should be [recovered]. The operation may then be retried if idempotent. + /// + /// [recovered]: struct.Store.html#method.recover + StorageError, + + /// Storage is invalid. + /// + /// The storage should be erased and the store [recovered]. The store would be empty and have + /// lost track of lifetime. + /// + /// [recovered]: struct.Store.html#method.recover + InvalidStorage, +} + +impl From for StoreError { + fn from(error: StorageError) -> StoreError { + match error { + StorageError::CustomError => StoreError::StorageError, + // The store always calls the storage correctly. + StorageError::NotAligned | StorageError::OutOfBounds => unreachable!(), + } + } +} + +pub type StoreResult = Result; diff --git a/patches/tock/01-persistent-storage.patch b/patches/tock/01-persistent-storage.patch index ea6b004..0c18aa3 100644 --- a/patches/tock/01-persistent-storage.patch +++ b/patches/tock/01-persistent-storage.patch @@ -1,11 +1,11 @@ diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_dongle/src/main.rs -index fc53f59..d72d204 100644 +index fc53f59c8..d72d20482 100644 --- a/boards/nordic/nrf52840_dongle/src/main.rs +++ b/boards/nordic/nrf52840_dongle/src/main.rs @@ -55,6 +55,11 @@ const NUM_PROCS: usize = 8; static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] = [None; NUM_PROCS]; - + +static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation { + address: 0xC0000, + size: 0x40000, @@ -13,16 +13,16 @@ index fc53f59..d72d204 100644 + // Static reference to chip for panic dumps static mut CHIP: Option<&'static nrf52840::chip::Chip> = None; - + @@ -90,6 +95,7 @@ pub struct Platform { 'static, capsules::virtual_alarm::VirtualMuxAlarm<'static, nrf52840::rtc::Rtc<'static>>, >, + nvmc: &'static nrf52840::nvmc::SyscallDriver, } - + impl kernel::Platform for Platform { -@@ -108,19 +114,42 @@ impl kernel::Platform for Platform { +@@ -108,10 +114,30 @@ impl kernel::Platform for Platform { capsules::ieee802154::DRIVER_NUM => f(Some(self.ieee802154_radio)), capsules::temperature::DRIVER_NUM => f(Some(self.temp)), capsules::analog_comparator::DRIVER_NUM => f(Some(self.analog_comparator)), @@ -51,25 +51,24 @@ index fc53f59..d72d204 100644 + } + } } - + /// Entry point in the vector table called on hard reset. - #[no_mangle] - pub unsafe fn reset_handler() { +@@ -120,7 +146,10 @@ pub unsafe fn reset_handler() { // Loads relocations and clears BSS nrf52840::init(); - + - let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES)); + let board_kernel = static_init!( + kernel::Kernel, + kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS) + ); - + // GPIOs let gpio = components::gpio::GpioComponent::new( @@ -286,6 +315,14 @@ pub unsafe fn reset_handler() { nrf52840::acomp::Comparator )); - + + let nvmc = static_init!( + nrf52840::nvmc::SyscallDriver, + nrf52840::nvmc::SyscallDriver::new( @@ -79,7 +78,7 @@ index fc53f59..d72d204 100644 + ); + nrf52_components::NrfClockComponent::new().finalize(()); - + let platform = Platform { @@ -300,6 +337,7 @@ pub unsafe fn reset_handler() { temp, @@ -88,22 +87,22 @@ index fc53f59..d72d204 100644 + nvmc, ipc: kernel::ipc::IPC::new(board_kernel, &memory_allocation_capability), }; - + diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs -index 169f3d3..2ebb384 100644 +index 169f3d393..2ebb384d8 100644 --- a/boards/nordic/nrf52840dk/src/main.rs +++ b/boards/nordic/nrf52840dk/src/main.rs @@ -123,6 +123,11 @@ const NUM_PROCS: usize = 8; static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] = [None; NUM_PROCS]; - + +static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation { + address: 0xC0000, + size: 0x40000, +}]; + static mut CHIP: Option<&'static nrf52840::chip::Chip> = None; - + /// Dummy buffer that causes the linker to reserve enough space for the stack. @@ -158,6 +163,7 @@ pub struct Platform { capsules::virtual_alarm::VirtualMuxAlarm<'static, nrf52840::rtc::Rtc<'static>>, @@ -111,7 +110,7 @@ index 169f3d3..2ebb384 100644 nonvolatile_storage: &'static capsules::nonvolatile_storage_driver::NonvolatileStorage<'static>, + nvmc: &'static nrf52840::nvmc::SyscallDriver, } - + impl kernel::Platform for Platform { @@ -177,10 +183,30 @@ impl kernel::Platform for Platform { capsules::temperature::DRIVER_NUM => f(Some(self.temp)), @@ -142,24 +141,24 @@ index 169f3d3..2ebb384 100644 + } + } } - + /// Entry point in the vector table called on hard reset. @@ -204,7 +230,10 @@ pub unsafe fn reset_handler() { UartChannel::Pins(UartPins::new(UART_RTS, UART_TXD, UART_CTS, UART_RXD)) }; - + - let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES)); + let board_kernel = static_init!( + kernel::Kernel, + kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS) + ); - + let gpio = components::gpio::GpioComponent::new( board_kernel, @@ -411,6 +440,14 @@ pub unsafe fn reset_handler() { nrf52840::acomp::Comparator )); - + + let nvmc = static_init!( + nrf52840::nvmc::SyscallDriver, + nrf52840::nvmc::SyscallDriver::new( @@ -169,7 +168,7 @@ index 169f3d3..2ebb384 100644 + ); + nrf52_components::NrfClockComponent::new().finalize(()); - + let platform = Platform { @@ -426,6 +463,7 @@ pub unsafe fn reset_handler() { alarm, @@ -178,33 +177,32 @@ index 169f3d3..2ebb384 100644 + nvmc, ipc: kernel::ipc::IPC::new(board_kernel, &memory_allocation_capability), }; - + diff --git a/chips/nrf52/src/nvmc.rs b/chips/nrf52/src/nvmc.rs -index b70162c..9dcb82b 100644 +index b70162cae..9dcb82b07 100644 --- a/chips/nrf52/src/nvmc.rs +++ b/chips/nrf52/src/nvmc.rs -@@ -3,15 +3,16 @@ +@@ -3,6 +3,7 @@ //! Used in order read and write to internal flash. - + use core::cell::Cell; +use core::convert::TryFrom; use core::ops::{Index, IndexMut}; use kernel::common::cells::OptionalCell; use kernel::common::cells::TakeCell; - use kernel::common::cells::VolatileCell; - use kernel::common::deferred_call::DeferredCall; +@@ -11,7 +12,7 @@ use kernel::common::deferred_call::DeferredCall; use kernel::common::registers::{register_bitfields, ReadOnly, ReadWrite}; use kernel::common::StaticRef; use kernel::hil; -use kernel::ReturnCode; +use kernel::{AppId, AppSlice, Callback, Driver, Grant, ReturnCode, Shared}; - + use crate::deferred_call_tasks::DeferredCallTask; - + @@ -141,7 +142,13 @@ register_bitfields! [u32, static DEFERRED_CALL: DeferredCall = unsafe { DeferredCall::new(DeferredCallTask::Nvmc) }; - + +type WORD = u32; +const WORD_SIZE: usize = core::mem::size_of::(); const PAGE_SIZE: usize = 4096; @@ -212,13 +210,13 @@ index b70162c..9dcb82b 100644 +const MAX_PAGE_ERASES: usize = 10000; +const WORD_MASK: usize = WORD_SIZE - 1; +const PAGE_MASK: usize = PAGE_SIZE - 1; - + /// This is a wrapper around a u8 array that is sized to a single page for the /// nrf. Users of this module must pass an object of this type to use the @@ -219,6 +226,11 @@ impl Nvmc { } } - + + pub fn configure_readonly(&self) { + let regs = &*self.registers; + regs.config.write(Configuration::WEN::Ren); @@ -235,11 +233,11 @@ index b70162c..9dcb82b 100644 + regs.eraseuicr.write(EraseUicr::ERASEUICR::ERASE); while !self.is_ready() {} } - + @@ -326,7 +338,7 @@ impl Nvmc { // Put the NVMC in write mode. regs.config.write(Configuration::WEN::Wen); - + - for i in (0..data.len()).step_by(4) { + for i in (0..data.len()).step_by(WORD_SIZE) { let word: u32 = (data[i + 0] as u32) << 0 @@ -427,7 +425,7 @@ index b70162c..9dcb82b 100644 + } +} diff --git a/kernel/src/lib.rs b/kernel/src/lib.rs -index dbe5035..428d90c 100644 +index dbe503515..428d90c29 100644 --- a/kernel/src/lib.rs +++ b/kernel/src/lib.rs @@ -123,7 +123,7 @@ pub use crate::sched::cooperative::{CoopProcessNode, CooperativeSched}; @@ -436,17 +434,17 @@ index dbe5035..428d90c 100644 pub use crate::sched::round_robin::{RoundRobinProcessNode, RoundRobinSched}; -pub use crate::sched::{Kernel, Scheduler}; +pub use crate::sched::{Kernel, Scheduler, StorageLocation}; - + // Export only select items from the process module. To remove the name conflict // this cannot be called `process`, so we use a shortened version. These diff --git a/kernel/src/memop.rs b/kernel/src/memop.rs -index 348c746..5465c95 100644 +index 348c746a5..5465c95f4 100644 --- a/kernel/src/memop.rs +++ b/kernel/src/memop.rs @@ -108,6 +108,25 @@ pub(crate) fn memop(process: &dyn ProcessType, op_type: usize, r1: usize) -> Ret ReturnCode::SUCCESS } - + + // Op Type 12: Number of storage locations. + 12 => ReturnCode::SuccessWithValue { value: process.number_storage_locations() }, + @@ -470,13 +468,13 @@ index 348c746..5465c95 100644 } } diff --git a/kernel/src/process.rs b/kernel/src/process.rs -index 4dfde3b..0ceff3e 100644 +index 4dfde3b4f..8380af673 100644 --- a/kernel/src/process.rs +++ b/kernel/src/process.rs @@ -360,6 +360,15 @@ pub trait ProcessType { /// writeable flash region. fn get_writeable_flash_region(&self, region_index: usize) -> (u32, u32); - + + /// How many storage locations are defined for this process. + fn number_storage_locations(&self) -> usize; + @@ -489,10 +487,10 @@ index 4dfde3b..0ceff3e 100644 /// Debug function to update the kernel on where the stack starts for this /// process. Processes are not required to call this through the memop /// system call, but it aids in debugging the process. -@@ -1015,6 +1024,32 @@ impl ProcessType for Process<'_, C> { +@@ -1015,6 +1024,35 @@ impl ProcessType for Process<'_, C> { self.header.get_writeable_flash_region(region_index) } - + + fn number_storage_locations(&self) -> usize { + self.kernel.storage_locations().len() + } @@ -502,30 +500,33 @@ index 4dfde3b..0ceff3e 100644 + } + + fn fits_in_storage_location(&self, ptr: usize, len: usize) -> bool { -+ self.kernel.storage_locations().iter().any(|storage_location| { -+ let storage_ptr = storage_location.address; -+ let storage_len = storage_location.size; -+ // We want to check the 2 following inequalities: -+ // (1) `storage_ptr <= ptr` -+ // (2) `ptr + len <= storage_ptr + storage_len` -+ // However, the second one may overflow written as is. We introduce a third -+ // inequality to solve this issue: -+ // (3) `len <= storage_len` -+ // Using this third inequality, we can rewrite the second one as: -+ // (4) `ptr - storage_ptr <= storage_len - len` -+ // This fourth inequality is equivalent to the second one but doesn't overflow when -+ // the first and third inequalities hold. -+ storage_ptr <= ptr && len <= storage_len && ptr - storage_ptr <= storage_len - len -+ }) ++ self.kernel ++ .storage_locations() ++ .iter() ++ .any(|storage_location| { ++ let storage_ptr = storage_location.address; ++ let storage_len = storage_location.size; ++ // We want to check the 2 following inequalities: ++ // (1) `storage_ptr <= ptr` ++ // (2) `ptr + len <= storage_ptr + storage_len` ++ // However, the second one may overflow written as is. We introduce a third ++ // inequality to solve this issue: ++ // (3) `len <= storage_len` ++ // Using this third inequality, we can rewrite the second one as: ++ // (4) `ptr - storage_ptr <= storage_len - len` ++ // This fourth inequality is equivalent to the second one but doesn't overflow when ++ // the first and third inequalities hold. ++ storage_ptr <= ptr && len <= storage_len && ptr - storage_ptr <= storage_len - len ++ }) + } + fn update_stack_start_pointer(&self, stack_pointer: *const u8) { if stack_pointer >= self.mem_start() && stack_pointer < self.mem_end() { self.debug.map(|debug| { -@@ -1664,6 +1699,33 @@ impl Process<'_, C> { +@@ -1664,6 +1702,33 @@ impl Process<'_, C> { return Err(ProcessLoadError::MpuInvalidFlashLength); } - + + // Allocate MPU region for the storage locations. The storage locations are currently + // readable by all processes due to lack of stable app id. + for storage_location in kernel.storage_locations() { @@ -557,13 +558,13 @@ index 4dfde3b..0ceff3e 100644 // memory space just for kernel and grant state. We need to make // sure we allocate enough memory just for that. diff --git a/kernel/src/sched.rs b/kernel/src/sched.rs -index 88eea40..ed3ae82 100644 +index 88eea4042..ed3ae8260 100644 --- a/kernel/src/sched.rs +++ b/kernel/src/sched.rs -@@ -118,15 +118,24 @@ pub enum SchedulingDecision { +@@ -118,6 +118,12 @@ pub enum SchedulingDecision { TrySleep, } - + +/// Represents a storage location in flash. +pub struct StorageLocation { + pub address: usize, @@ -573,12 +574,10 @@ index 88eea40..ed3ae82 100644 /// Main object for the kernel. Each board will need to create one. pub struct Kernel { /// How many "to-do" items exist at any given time. These include - /// outstanding callbacks and processes in the Running state. - work: Cell, - +@@ -127,6 +133,9 @@ pub struct Kernel { /// This holds a pointer to the static array of Process pointers. processes: &'static [Option<&'static dyn process::ProcessType>], - + + /// List of storage locations. + storage_locations: &'static [StorageLocation], + @@ -586,7 +585,7 @@ index 88eea40..ed3ae82 100644 /// created. This is used to create new unique identifiers for processes. process_identifier_max: Cell, @@ -170,9 +179,17 @@ pub enum StoppedExecutingReason { - + impl Kernel { pub fn new(processes: &'static [Option<&'static dyn process::ProcessType>]) -> Kernel { + Kernel::new_with_storage(processes, &[]) @@ -604,7 +603,7 @@ index 88eea40..ed3ae82 100644 grant_counter: Cell::new(0), grants_finalized: Cell::new(false), @@ -899,4 +916,8 @@ impl Kernel { - + (return_reason, time_executed_us) } + diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index 5a3c874..6d0a138 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ dd5920dfb172d9371b29d019b6a37fae1a995bf9d814000944d9ef36bad31513 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -8868f4fa542d9dd9c88abfbd84b4527bcd2f4b9ae16caf3098a3d5e73eae0067 target/nrf52840dk_merged.hex +fe868d9398863ff6e484742d93a4266ee7afa1ac34f9fa5ed570f8309272156a target/nrf52840dk_merged.hex e4acfa602a5cc5d7c61d465f873918e8e0858628d0e5f8e0db26a7b7dd0b94d4 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -c162cfdd219306940f919716a4f53d053b0bcfed2963f8787e1098a5163ae704 target/nrf52840_dongle_merged.hex +acca7d690ecc4733be4606ff9cd491fbc62dc3216ce0b98132e5669c8b2cba29 target/nrf52840_dongle_merged.hex c0ace9f13ef3fd18c576a735ae23b3956bf8dd346f20c6217086e748d6bad8a2 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -c1e79ad3aa2c9566c13c5469a389195a3814839b815253ffc4f5325329496b26 target/nrf52840_dongle_dfu_merged.hex +e5cf030db968b0d78a30683d7278e7481d5e2d385b80e6509e76cfb9392899b2 target/nrf52840_dongle_dfu_merged.hex 06a38a0d6d356145467a73c765e28a945878f663664016f888393207097bfe10 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -d0b23e0dd0c349ded966fb5563a5a65c3935710d1741ade0ae7d9e06a176f442 target/nrf52840_mdk_dfu_merged.hex -aacf3873a90bf93f0c51ccc85d0c03642d078865d16c4aeb0b805d1f6865e6ba target/tab/ctap2.tab +3735572cccfc0c39540f77e2c55d0a25aa82dd22ad698824fd2630fcbd87f611 target/nrf52840_mdk_dfu_merged.hex +4d36b3b456de9340e4e18fd595ae25e71298431f73ef17653bb7fb707830a9af target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index f328b0f..4e9f503 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ 2426ee9a6c75e325537818081d45445d95468a4c0a77feacdc6133d7d9aa227a third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -c8507168c7e81d388641177c17c917b7473c8fe27849678cc7e558c64b33e9f5 target/nrf52840dk_merged.hex +b4248106097b9d54b882cd1dd1f88710585a3e274ee5edff334dcb2b26c8af51 target/nrf52840dk_merged.hex c53d1e1db72df25950fa6d28699a2d38757def0dcbeb0d09d2366481cf0149a6 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -103888792b1b81a50e16746f1e2e2bee7cc01599881c464b56d9d7f6ae856c3e target/nrf52840_dongle_merged.hex +ac2d36a3c7f8326496c66d1e4aa8a82bbe2d689fe9cd86308f1304393bc125ec target/nrf52840_dongle_merged.hex 233b5ba4459523759e3171cee83cdb3a383bbe65727c8ece64dfe5321d6ebe34 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -ca1847ac82a3b3498f79918746f5662863033a0c69300d669e466701f485e3d9 target/nrf52840_dongle_dfu_merged.hex +aff4b19511486548529f02be3a32bd47bd6329f813aef6e761c15dce8284bfa7 target/nrf52840_dongle_dfu_merged.hex 1baaf518a74c6077cb936d9cf178b6dd0232e7562fa56174886b05b77886cc32 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -97f89caa930fde44193d16e3f396584de6044ca4c46092c7275b5b44b9eed774 target/nrf52840_mdk_dfu_merged.hex -7e05f90206506e78aa9eec0b1495bf3548d7a0446722c1f40b3a84f674d2ca0e target/tab/ctap2.tab +a2f1e440b9c875f0ca1dd0952fd435686dfd1c29d708771b08827ae21fc31c51 target/nrf52840_mdk_dfu_merged.hex +5eb8a111c5eb1554785e86bb8168180ee984ee69bc110d859cad1043b79daa2e target/tab/ctap2.tab diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 7e58539..0be6bb7 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -6,8 +6,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187352 (0x2dbd8) bytes. + Adding .stack section. Offset: 187480 (0x2dc58). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -30,8 +30,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187352 (0x2dbd8) bytes. + Adding .stack section. Offset: 187480 (0x2dc58). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -54,8 +54,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187352 (0x2dbd8) bytes. + Adding .stack section. Offset: 187480 (0x2dc58). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -78,8 +78,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187352 (0x2dbd8) bytes. + Adding .stack section. Offset: 187480 (0x2dc58). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index 7e58539..39375f4 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -6,8 +6,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187344 (0x2dbd0) bytes. + Adding .stack section. Offset: 187472 (0x2dc50). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -30,8 +30,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187344 (0x2dbd0) bytes. + Adding .stack section. Offset: 187472 (0x2dc50). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -54,8 +54,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187344 (0x2dbd0) bytes. + Adding .stack section. Offset: 187472 (0x2dc50). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -78,8 +78,8 @@ Min RAM size from segments in ELF: 20 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes. - Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 187344 (0x2dbd0) bytes. + Adding .stack section. Offset: 187472 (0x2dc50). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2