Updates to user_libs from seL4 10.1.x to 11.0.x

util_libs

  • libplatsupport: Refactor TX2 timers to use multiple 4k mappings instead of a single large mapping.
  • libplatsupport: Updated clock driver for exynos5422 that has different clocks layout compared to previous exynos54XX platforms.
  • libplatsupport: exynos/serial: Attempt TX IRQ handle on uart write.
  • libethdrivers: 64-bit compatibility fixes
  • libpci: Only print verbose log messages when logging verbosely
  • libplatsupport: Add BCM2837 system timer driver.
  • libplatsupport: Update BCM2837 ltimer to use system timer for absolute time.
  • libplatsupport: remove static init in ltimers. The regular init functions can be used with an implementation of ps_io_ops_t that is a static implementation.
  • libplatsupport: Add Arm Fixed virtual platform(FVP) driver support: serial, SP804 timer, ltimer.
  • libelf: remove debug functions. These functions have not been maintained and are out of date.
  • libelf: delete unnecessary functions.
    • elf_getProgramHeaderInfo: This is an awkward convenience function that appears to be unused.
    • elfxx_getProgramSegmentTable, elfxx_getSegmentType: Functions with different names but the same functionality already exist.
    • elfxx_getSegmentInfo: Both of the above.
  • libelf: make elf32.h, elf64.h internal header files.
  • libelf: introduce memory safety:
    • The size of the buffer containing the ELF file needs to be known to access it safely.
    • Change all public void * references to elf_t *, which requires a size parameter.
  • libelf: delete struct definitions that are also provided by musllibc or newlib.
  • libelf: normalise types.
    • Use size_t and uintptr_t where appropriate.
    • Add enum elf_addr_type for physical/virtual memory.
  • libelf: remove duplicate and add missing functions. By normalising return types, most functions in elfxx.c can be merged and moved into elf.c. Also add missing prototypes and functions for accessing ELF fields.
    • getSectionStringTableIndex
    • getSectionNameOffset
    • getSectionOffset
    • getSectionLink
    • getSectionInfo
    • getSectionAddrAlign
    • getSectionEntrySize
  • libelf: const-qualify strings. Strings returned by this library should be considered read-only. If string tables are to be modified, elf_getSection should be used.
  • libelf: add elf_check_magic function to check if a pointer to a file contains the ELF magic number.
  • libcpio: avoid side effects when failing in cpio_parse_header by waiting until success before setting return values.
  • libcpio: introduce memory safety by requiring file_length argument to all CPIO functions.
  • libplatsupport: Cap the imx timer counter values if it cannot fit in 32 bits.
  • libplatsupport: Fix ZYNQ ltimer handle_irq() to return EINVAL correctly
  • libplatsupport: Change NVIDIA plat default timers. We use TMR1 instead of TMR0 due to the fact that the IRQ for TMR1 is missing from the DTS file for TX1. It exists for TX2, but for the sake of compatibility, we use TMR1 for both.
  • libplatsupport: Add IRQ type with trigger (PS_TRIGGER). Allows using IRQControl_GetTrigger in libsel4simple.
  • libplatsupport: Add timer and serial drivers for the Odroid-C2.
  • libcpio: make position-independent
  • Import libfdt library from linux kernel sourced from linux kernel version : 5.0.6.
  • libplatsupport: added ps_io_fdt in interface to return a pointer to an FDT blob.
  • libplatsupport: Add ‘other’ IRQ type (PS_OTHER) to ps_irq_t interface.
  • libplatsupport: Add ps_irq_ops_t interface for registering interrupt callbacks.
  • libutils: Add an unsigned long version of the POPCOUNT macro.
  • libplatsupport: Added initial i.MX8M Quad EVK Platform support.
  • libplatsupport: Add ps_irq_ops_t to ps_io_ops structure
  • libplatsupport: Add RISC-V HiFive serial and pwm drivers.
  • libplatsupport: zynqmp: Don’t set baud in serial driver init. The driver doesn’t seem to have the correct clk frequency that it uses to program the baud and this leads to incorrect baud settings. We assume that the baud is already configured by the loaders that came before for now.
  • libplatsupport: extend generic timer implementation.
    • update generic timer implementation to work on aarch64 in addition to aarch32.
    • add more manipulation functions for using the generic timer when it is exported to user level. Note that exporting the generic timer to user level exposes a timing channel. This should only be done for testing and benchmarking and never in a verified configuration of the kernel.
  • libplatsupport: Add an ltimer backed by the arm generic timer. For use for debugging/testing/benchmarking when CONFIG_EXPORT_PCNT_USER is set.
  • Remove Configuration library from util_libs and append #include <<lib_name>/gen_config.h> after each #include <autoconf.h> since autoconf.h is only for the kernel and libsel4 config now.
  • libethdrivers: include config of lwip and picotcp since global autoconf is removed, we need to explicitly include the config of lwip and picotcp which will further indicate the existance of corresponding lib.
  • libplatsupport: Added initial i.MX8M Mini EVK Platform support
  • libplatsupport: Added rockpro64 Platform support: Serial and timer drivers.
  • libplatsupport: Add IRQ register logic to ltimer driver level. Instead of treating interrupt allocation being a OS/environment specific thing, this commit now uses the OS/environment agnostic IRQ interface to register these interrupts. Also fix bugs/clean-up the logic of the init and destroy functions.
  • libplatsupport: Allow user callbacks for ltimer With the IRQ changes to the ltimer, IRQs are now managed internally. This poses a problem with the management of the time manager and other services which rely on having known that an interrupt arrived for the timers. This also isn’t a good idea as it presents a leaky abstraction in that the services infers events based on interrupts received. This adds the ability to allow users to supply a callback that’ll be called when certain events occur for the timer, e.g. timeouts and etc.
  • libplatsupport: Remove handle_irq from ltimers. The ‘handle_irq’ function is no longer necessary and shouldn’t be called externally as the IRQs will be managed by the IRQ handling functions of the IRQ interface.
  • libplatsupport: mcs: Rename CONFIG_KERNEL_RT to CONFIG_KERNEL_MCS
  • zynqmp: Allow 32-bit free-running clock. The current zynq machine code assumes a 16-bit counter, which is only true for the zynq7000. The zynqmp has a 32-bit counter. The timestamp timer would stop functioning on the zynqmp after it overflowed. This commit handles the overflow properly on the zynqmp.
  • zynq: implement serial interrupt handler
  • pc99: Ack interrupts before handling timer when interrupts are edge triggered.
  • CMake: Add Findutil_libs.cmake module. This adds support for importing this project via find_package(util_libs) if the project exists in the CMAKE_MODULE_PATH.
  • libplatsupport: Add FDT parsing library This FDT parsing library is a collection of utility functions which parses the FDT with the help of libfdt to simplify the common use cases of the FDT.
  • liplatsupport: Add IRQ controller parsing library. This is a private library that the FDT parsing library uses to parse the interrupt properties of devices that use a specific IRQ controller.
    • GICv2
    • Tegra IRQ controller parser
  • libutils: add uthash, a well documented, easy-to-use hash table header.
  • libplatsupport: add new PER_CPU irq type to ps_irq_t.
  • libplatsupport: nvidia,tx2: Remove hard-coded addr and IRQ numbers as these can be retrieved from the DTB and are no longer necessary.
  • libplatsupport: Add design docs for FDT parsing library
  • libplatsupport: Added the new qemu-arm-virt platform drivers: serial and timer.
  • libplatsupport: bbone-timer: update timer for mcs.
    • remove tick calculations and use frequency lib
    • fix bug checking wrong irq bit
    • update get time to use 64bit counter
    • fix race in ltimer
    • return correct error
    • use UINT32_MAX
  • libplatsupport: Add placeholder support for Ariane. Added placeholders in libplatsupport for Ariane to pass the compilation. The actual driver is yet to be implemented.
  • libplatsupport: am335x/ltimer: return ETIME when timeout in past.
  • libethdrivers: The imx8mq-evk reuses the imx6 Ethernet drivers as the devices and setup are very similar. This is a bit of a hack at the moment and will eventually be cleaned up.
  • libutils: Add next-power-of-2 macro which calculates the next power of 2 for a 32 bit integer.

seL4_libs

  • libsel4simple: Fix translation of cap numbers to CPtrs seL4_CapIOPortControl only exists on x86, while seL4_CapIOSpace only exists on x86 with an IOMMU. Simple does not address these on other configurations. Ensure that this is correctly accounted for on all configurations and architectures.
  • libsel4simple-default: Don’t assert return pointers in simple_default_nth_untyped.
  • libsel4utils: updates the address that seL4utils thinks is the maximum usable userspace vaddr for aarch64-hyp where the kernel provides a 44-bit userspace vaddrspace range.
  • libsel4vka: Lift the Arm VCPU object to arch level. This makes it available to aarch64.
  • libsel4utils, elf: Handle new GrantReply right in ELF loading code.
  • libsel4vka: add function for setting the receive cap slot with a path. (This is the receive slot for receiving caps over IPC)
  • libsel4utils: use seL4_UserTop and remove hard coded KERNEL_RESERVED_START values (which is mean to represent the last page mappable by user-level) and calculates the value from seL4_UserTop instead, such that if seL4_UserTop changes at any point the vspace code will still work.
  • libsel4utils: new new function: sel4_strfault() which returns a string for an seL4 fault type
  • libsel4vka: Validate object type first in vka_alloc_object_at_maybe_dev and return if invalid. As a follow up, invalid object type argument error handling becomes non-fatal.
  • libsel4vka: “implement” utspace_paddr in nullvka and also ensure the struct is zeroed, just in case.
  • libsel4allocman: Fix bug in internal _destroy_second_level function where 32 was used instead of seL4_WordBits.
  • libsel4utils: transition to new libelf API. This newer API requires tighter buffer bounds checking on input ELF file.
  • libsel4vmm: update to use new libelf API
  • libsel4utils: transition to new libcpio API. This newer API requires tighter buffer bounds checking on input CPIO archive.
  • libsel4utils: Return NULL if sel4utils_elf_get_vsyscall cannot find __vsyscall symbol instead of memory faulting.
  • libsel4debug: add prefix for register dump to allow register dumps to identify the source of the dump.
  • libsel4platsupport,riscv: Fix stack overflow in crt0. A stack frame of 10 words is created, but we were accidentally overwriting the end due to a fence-post error.
  • libsel4vspace: Add seL4_ARCH_Page_GetAddress, ARCHPageGetAddress and seL4_ARCH_Page_GetAddress_t definitions for RISC-V.
  • libsel4simple: Add IRQControl_GetTrigger interface to specify edge or level trigger on ARM platforms.
  • libsel4bench: add SEL4BENCH_RESET_CCNT macro definition for arm. This is not possible on x86, but required on arm if a benchmark is relying on the 32bit cycle count not overflowing.
  • libsel4vspace: Implemented a ‘vspace_access_page_with_callback’ function. This performs a mapping of a page from a source to destination vspace. The mapping is subsequently passed to a user defined callback before being unmapped out of the destination vspace.
  • libsel4vspace: Enable sharing of mem range 0x0-0x1000
  • libsel4utils: avoid binding null sched contexts (mcs) when configuring passive threads.
  • libsel4vspace: add vspace_map_page_fn_t type and vspace_iospace_map_page iospace wrapper. This allows all page mapping functions we currently use to have the same type signature.
  • libsel4vspace: extend map object to io and ept structures. This allows code implementing vspace management to abstract over different page table structures such as IOMMU page tables.
  • libsel4utils: allow 0 to be mapped by map_page. 0 is a valid address to map in many scenarios (eg virtualisation).
  • libsel4allocman: fix use of ALLOCMAN_NO_PADDR. Throughout allocman, various parts of the code for allocating a specific paddr would check that the paddr fell within the bounds of a given untyped node. Unfortunately, in some cases ALLOCMAN_NO_PADDR + node->size would overlap with the paddr and cause a false positive - allocman would think that a given node contains the request paddr, when in fact it didn’t. Eventually, everything would fall apart: ALLOCMAN_NO_PADDR+node->size would not be large enough to reach the paddr, and allocman would end up with a NULL node where it wasn’t expecting one. Fix this issue by avoiding nodes with paddr == ALLOCMAN_NO_PADDR whenever we’re searching through node lists, thus preventing such ‘false positive’ situations from occurring.
  • libsel4platsupport: Remove CRT runtime files in favor of sel4runtime. Sel4runtime now provides the CRT.
  • libsel4platsupport: Remove TLS primitives and ELF segment definitions in favour of the ones provided by sel4runtime.
  • libsel4debug: Update register layout descriptions due to recent seL4 TLS ABI changes.
  • libsel4platsupport: platsupport_get_bootinfo now locates bootinfo by calling sel4runtime_bootinfo() instead of looking for an environment variable.
  • libsel4utils: Use aux vectors to pass context to new processes Instead of encoding values in strings and storing them in environment variables, store raw pointers in auxiliary vectors so that the runtime can parse them without depending on <stdio.h>.
  • libsel4utils: Use sel4runtime to initialise TLS for newly created threads so that they get their own TLS regions.
  • libsel4platsupport: Add implementation of ps_irq_ops_t interrupt registration interface from libplatsupport. This implementation dynamically allocates interrupt handlers from a simple_t and vka_t interface, and also provides entry points for interrupts to be handled via blocking or polling.
  • libsel4test: add RPC support for allocating test resources over RPC.
  • libsel4serialserver: Create separate lib for tests so that they don’t need to get built in projects that don’t need them.
  • libserialserver: Remove sel4test library dependency.
  • libsel4platsupport: Remove serial_objects_t interface. This interface won’t scale to more complicated serial devices. Instead drivers describe their requirements via calls to ps_io_ops and the implementations of these interfaces can handle access and allocation policies.
  • libsel4utils, irqserver: Refactor IRQ server sources to use new libsel4platsupport ps_irq_ops_t interface. This changes the API, but the general design of the server is the same: the server provides an option of using several threads for forwarding IRQs to a single notification object such that more IRQs can be handled than what can fit on a single notification object.
  • Remove Configuration library from seL4_libs and append #include <<lib_name>/gen_config.h> after each #include <autoconf.h> since autoconf.h is only for the kernel and libsel4 config now.
  • libsel4platsupport: Add IO FDT ops implementation by returning fdt from seL4_BootInfo.
  • libsel4utils, elf, riscv: Add FENCE.I instruction in ELF loading code. Writes to executable memory may not become visible to execution until after FENCE.I instruction. This prevents programs loaded by this function crashing due to invalid program instructions.
  • utils/vka/vspace: update for aarch64 api change. Use seL4_ARM_VSpace* rather than seL4_ARM_PageGlobalDirectory*
  • libsel4vspace: Add definitions for 40-bit PA on aarch64-hyp.
  • libsel4vspace: Add deferred rights reservation mapping functions. vspace_reserve_deferred_rights_range_at and vspace_deferred_rights_map_pages_at_vaddr can be used to allocate reservations where the mapping rights will be supplied at time of mapping.
  • libsel4utils: Add implementations for mapping deferred rights reservations
  • libsel4platsupport: Refactor IO-related interfaces. This refactoring is intended to bring these interface initialisation functions more in line with the style of similar functions. Instead of accepting an rvalue (or an expression) of the interfaces, we accept a pointer to the interfaces themselves. Also add a warning regarding lifetimes and concurrency.
  • libsel4platsupport: Add mini IRQ interface. The new mini IRQ interface covers the common use case where there’s only a few interrupts to manage and these can fit into a single notification’s badge space. This also avoids the unneeded complexity that the standard IRQ interface offers.
  • mcs: Rename CONFIG_KERNEL_RT to CONFIG_KERNEL_MCS across all libraries
  • CMake: Add FindseL4_libs.cmake module. This adds support for importing this project via find_package(seL4_libs) if the project exists in the CMAKE_MODULE_PATH.
  • libsel4platsupport/libsel4simple: add per cpu irq support on arm
    • support PER_CPU interrupt type to specify a core
    • use GetTriggerCore on SMP (GetTrigger fails)
  • libsel4muslcsys: Set -u __vsyscall_ptr on link args. Projects that use this library expect __vsyscall_ptr to be present in the final binary, but require forcing the symbol because it is often not used by the final binary but by the loader when setting up the AUX vectors.
  • libsel4vspace: Remove Remap operation macro definitions as seL4 Remap operation was removed.
  • libsel4utils: mcs: add api method for SC consumed
  • libsel4muslcsys: Implement sys_write wrapper. This wraps sys_writev the same way that sys_read is implemented.
  • libsel4bench: sel4bench.h: update documentation and style
  • libsel4bench: remove libsel4bench/include/sel4bench/flog.h as file was unused.

projects_libs

  • Remove Configuration library from projects_libs and append #include <<lib_name>/gen_config.h> after each #include <autoconf.h> since autoconf.h is only for the kernel and libsel4 config now.
  • libvirtqueue: Updated to a new multi-buffer, scatter-gather libvirtqueue, closer to compliance with the virtio standard.
  • CMake: Add Findprojects_libs.cmake module. This adds support for importing this project via find_package(projects_libs) if the project exists in the CMAKE_MODULE_PATH.
  • Add libfdtgen, a library for generating device trees for virtual machines.

seL4_projects_libs

  • libsel4arm-vmm: add initial support for aarch64 virtualization
  • libsel4arm-vmm: Add tx1 platform virtualization library support.
  • libsel4arm-vmm: exynos5: Increase MAX_VIRQS to 200 to support odroid-xu4
  • libsel4arm-vmm: use new libelf API. This newer API requires tighter buffer bounds checking on input ELF file.
  • Added a new library, libsel4pci to provide virtual pci emulation. As a base, the pci driver code from the x86 vmm (libsel4vmm) has been copied to this library.
  • libsel4pci: Add support for using PCI emulation in Arm VMs.
  • Added libsel4vmmcore to be a collection of shared vmm drivers and utilities that can be used between the x86 and arm vmms.
  • libsel4vmmcore: Port PCI IOPort emulation from x86 to Arm.
  • libsel4vmmcore: Port virtio-net driver from x86 VMM and add support for Arm VMs.
  • libsel4arm-vmm: Add functions for installing virtual PCI device to guest VMs.
  • libsel4arm-vmm: Support for gzipped initrd image being passed outside of guest kernel image.
  • libsel4arm-vmm: Add tx2 platform support
  • Added functionality with in the libsel4pci and libsel4vmmcore libs for vuart devices over vpci.
  • Add libsel4rpc: a basic library for managing allocating resources over process boundaries.
  • Add libsel4nanopb: An interface between sel4 IPC buffers and nanopb.
  • Remove Configuration library from seL4_projects_libs and append #include <<lib_name>/gen_config.h> after each #include <autoconf.h> since autoconf.h is only for the kernel and libsel4 config now.
  • CMake: Add Findsel4_projects_libs.cmake module
  • libsel4arm-vmm: Added support for virtualization on qemu-arm-virt

musllibc

  • Remove musl runtime objects. These are now supplied by sel4runtime.
  • Remove __aeabi_read_tp symbol from sel4_arm. This is supplied by sel4runtime.
  • CMake: Add Findmusllibc.cmake module.