• R/O
  • SSH
  • HTTPS

chibios: Commit


Commit MetaInfo

Revision12980 (tree)
Time2019-09-11 21:53:31
Authorgdisirio

Log Message

Sandbox concept refinements.

Change Summary

Incremental Difference

--- trunk/demos/STM32/RT-STM32L476-DISCOVERY-SB_HOST/main.c (revision 12979)
+++ trunk/demos/STM32/RT-STM32L476-DISCOVERY-SB_HOST/main.c (revision 12980)
@@ -49,33 +49,39 @@
4949 static THD_FUNCTION(Unprivileged1, arg) {
5050 extern uint32_t __flash7_start__, __flash7_end__,
5151 __ram7_start__, __ram7_end__;
52- static const sb_regions_t regions = {
52+ static const sb_config_t sb_config = {
5353 .r0_base = (uint32_t)&__flash7_start__,
5454 .r0_end = (uint32_t)&__flash7_end__,
5555 .r1_base = (uint32_t)&__ram7_start__,
5656 .r1_end = (uint32_t)&__ram7_end__
5757 };
58+ sb_class_t sbx1;
5859
5960 (void)arg;
6061 chRegSetThreadName("unprivileged");
6162
62- /* MPU setup for the sandbox, both regions are used because it is
63- flash code.*/
63+ /* Sandbox object initialization.*/
64+ sbObjectInit(&sbx1);
65+
66+ /* Static MPU setup for the sandbox, both regions are used because in this
67+ demo it requires both a flash and a RAM regions.*/
6468 mpuConfigureRegion(MPU_REGION_0,
65- regions.r0_base,
69+ sb_config.r0_base,
6670 MPU_RASR_ATTR_AP_RO_RO |
6771 MPU_RASR_ATTR_CACHEABLE_WT_NWA |
6872 MPU_RASR_SIZE_16K |
6973 MPU_RASR_ENABLE);
7074 mpuConfigureRegion(MPU_REGION_1,
71- regions.r1_base,
75+ sb_config.r1_base,
7276 MPU_RASR_ATTR_AP_RW_RW |
7377 MPU_RASR_ATTR_CACHEABLE_WB_WA |
7478 MPU_RASR_SIZE_4K |
7579 MPU_RASR_ENABLE);
7680
77- sbStart((const sb_header_t *)&__flash7_start__, &regions);
78- chSysHalt("it returned");
81+ /* This thread goes in the sandbox and is trapped there, it cannot
82+ return, only invoke the sandbox API.*/
83+ sbStart(&sbx1, &sb_config);
84+ chSysHalt("zombies");
7985 }
8086
8187 /*
@@ -104,8 +110,8 @@
104110
105111 /* Creating the unprivileged thread.*/
106112 chprintf((BaseSequentialStream *)&SD2, "Starting unprivileged thread\r\n");
107- tp = chThdCreateStatic(waUnprivileged1, sizeof(waUnprivileged1), NORMALPRIO - 10U,
108- Unprivileged1, NULL);
113+ tp = chThdCreateStatic(waUnprivileged1, sizeof(waUnprivileged1),
114+ NORMALPRIO - 10U, Unprivileged1, NULL);
109115
110116 /* Waiting for the unprivileged thread to exit or fail.*/
111117 msg = chThdWait(tp);
--- trunk/os/sb/host/sbhost.c (revision 12979)
+++ trunk/os/sb/host/sbhost.c (revision 12980)
@@ -130,16 +130,27 @@
130130 }
131131
132132 /**
133+ * @brief Sandbox object initialization.
134+ */
135+void sbObjectInit(sb_class_t *sbcp) {
136+
137+ sbcp->config = NULL;
138+ sbcp->tp = NULL;
139+}
140+
141+/**
133142 * @brief Starts a sandboxed thread.
134143 *
135- * @param[in] sbhp pointer to the sandbox binary header
136- * @param[in] rp pointer to the regions descriptor
144+ * @param[in] sbcp pointer to the sandbox configuration structure
137145 * @return The function returns only if the operation failed.
138146 */
139-void sbStart(const sb_header_t *sbhp,
140- const sb_regions_t *rp) {
147+void sbStart(sb_class_t * sbcp, const sb_config_t *config) {
141148 uint32_t pc, psp;
149+ const sb_header_t *sbhp;
142150
151+ /* The header is conventionally placed at base of region zero.*/
152+ sbhp = (const sb_header_t *)config->r0_base;
153+
143154 /* Checking header magic numbers.*/
144155 if ((sbhp->hdr_magic1 != SB_MAGIC1) || (sbhp->hdr_magic2 != SB_MAGIC2)) {
145156 return;
@@ -151,8 +162,8 @@
151162 }
152163
153164 /* Checking regions, applet regions and sandbox regions must match.*/
154- if ((sbhp->r0_base != rp->r0_base) || (sbhp->r0_end != rp->r0_end) ||
155- (sbhp->r1_base != rp->r1_base) || (sbhp->r1_end != rp->r1_end)) {
165+ if ((sbhp->r0_base != config->r0_base) || (sbhp->r0_end != config->r0_end) ||
166+ (sbhp->r1_base != config->r1_base) || (sbhp->r1_end != config->r1_end)) {
156167 return;
157168 }
158169
@@ -160,17 +171,18 @@
160171 pc = (sbhp->r0_base + sbhp->hdr_size) | 1U;
161172
162173 /* PSP initial address, it is placed at end of the last region.*/
163- if (rp->r1_base == 0U) {
174+ if (config->r1_base == 0U) {
164175 /* Must be in region 1.*/
165- psp = rp->r0_end;
176+ psp = config->r0_end;
166177 }
167178 else {
168179 /* Must be in region 2.*/
169- psp = rp->r1_end;
180+ psp = config->r1_end;
170181 }
171182
172183 /* Additional context information.*/
173- chThdGetSelfX()->ctx.syscall.p = (const void *)rp;
184+ sbcp->config = config;
185+ chThdGetSelfX()->ctx.syscall.p = (const void *)sbcp;
174186 chThdGetSelfX()->ctx.syscall.psp = (regarm_t)__get_PSP();
175187
176188 /* Jumping to the unprivileged code.*/
--- trunk/os/sb/host/sbhost.h (revision 12979)
+++ trunk/os/sb/host/sbhost.h (revision 12980)
@@ -97,9 +97,23 @@
9797 * @note Zero if not used.
9898 */
9999 uint32_t r1_end;
100-} sb_regions_t;
100+} sb_config_t;
101101
102102 /**
103+ * @brief Type of a sandbox object.
104+ */
105+typedef struct {
106+ /**
107+ * @brief Pointer to the sandbox configuration data.
108+ */
109+ const sb_config_t *config;
110+ /**
111+ * @brief Thread running in the sandbox.
112+ */
113+ thread_t *tp;
114+} sb_class_t;
115+
116+/**
103117 * @brief Type of a sandbox applet headers.
104118 */
105119 typedef struct {
@@ -925,8 +939,8 @@
925939 extern "C" {
926940 #endif
927941 void port_syscall(struct port_extctx *ctxp, uint32_t n);
928- void sbStart(const sb_header_t *sbhp,
929- const sb_regions_t *rp);
942+ void sbObjectInit(sb_class_t *sbcp);
943+ void sbStart(sb_class_t *sbcp, const sb_config_t *config);
930944 #ifdef __cplusplus
931945 }
932946 #endif
Show on old repository browser