[][src]Trait kernel::mpu::MPU

pub trait MPU {
    type MpuConfig: Default + Display = MpuConfigDefault;
    fn enable_mpu(&self) { ... }
fn disable_mpu(&self) { ... }
fn number_total_regions(&self) -> usize { ... }
fn allocate_region(
        &self,
        unallocated_memory_start: *const u8,
        unallocated_memory_size: usize,
        min_region_size: usize,
        permissions: Permissions,
        config: &mut Self::MpuConfig
    ) -> Option<Region> { ... }
fn allocate_app_memory_region(
        &self,
        unallocated_memory_start: *const u8,
        unallocated_memory_size: usize,
        min_memory_size: usize,
        initial_app_memory_size: usize,
        initial_kernel_memory_size: usize,
        permissions: Permissions,
        config: &mut Self::MpuConfig
    ) -> Option<(*const u8, usize)> { ... }
fn update_app_memory_region(
        &self,
        app_memory_break: *const u8,
        kernel_memory_break: *const u8,
        permissions: Permissions,
        config: &mut Self::MpuConfig
    ) -> Result<(), ()> { ... }
fn configure_mpu(&self, config: &Self::MpuConfig) { ... } }

The generic trait that particular memory protection unit implementations need to implement.

This trait is a blend of relatively generic MPU functionality that should be common across different MPU implementations, and more specific requirements that Tock needs to support protecting applications. While a less Tock-specific interface may be desirable, due to the sometimes complex alignment rules and other restrictions imposed by MPU hardware, some of the Tock details have to be passed into this interface. That allows the MPU implementation to have more flexibility when satisfying the protection requirements, and also allows the MPU to specify some addresses used by the kernel when deciding where to place certain application memory regions so that the MPU can appropriately provide protection for those memory regions.

Associated Types

type MpuConfig: Default + Display = MpuConfigDefault

MPU-specific state that defines a particular configuration for the MPU. That is, this should contain all of the required state such that the implementation can be passed an object of this type and it should be able to correctly and entirely configure the MPU.

This state will be held on a per-process basis as a way to cache all of the process settings. When the kernel switches to a new process it will use the MpuConfig for that process to quickly configure the MPU.

It is Default so we can create empty state when the process is created, and Display so that the panic!() output can display the current state to help with debugging.

Loading content...

Provided methods

fn enable_mpu(&self)

Enables the MPU.

This function must enable the permission restrictions on the various regions protected by the MPU.

fn disable_mpu(&self)

Disables the MPU.

This function must completely disable any access control enforced by the MPU. This will be called before the kernel starts to execute as on some platforms the MPU rules apply to privileged code as well, and therefore the MPU must be completely disabled for the kernel to effectively manage processes.

fn number_total_regions(&self) -> usize

Returns the maximum number of regions supported by the MPU.

fn allocate_region(
    &self,
    unallocated_memory_start: *const u8,
    unallocated_memory_size: usize,
    min_region_size: usize,
    permissions: Permissions,
    config: &mut Self::MpuConfig
) -> Option<Region>

Allocates a new MPU region.

An implementation must allocate an MPU region at least min_region_size bytes in size within the specified stretch of unallocated memory, and with the specified user mode permissions, and store it in config. The allocated region may not overlap any of the regions already stored in config.

Arguments

  • unallocated_memory_start: start of unallocated memory
  • unallocated_memory_size: size of unallocated memory
  • min_region_size: minimum size of the region
  • permissions: permissions for the region
  • config: MPU region configuration

Return Value

Returns the start and size of the allocated MPU region. If it is infeasible to allocate the MPU region, returns None.

fn allocate_app_memory_region(
    &self,
    unallocated_memory_start: *const u8,
    unallocated_memory_size: usize,
    min_memory_size: usize,
    initial_app_memory_size: usize,
    initial_kernel_memory_size: usize,
    permissions: Permissions,
    config: &mut Self::MpuConfig
) -> Option<(*const u8, usize)>

Chooses the location for a process's memory, and allocates an MPU region covering the app-owned part.

An implementation must choose a contiguous block of memory that is at least min_memory_size bytes in size and lies completely within the specified stretch of unallocated memory.

It must also allocate an MPU region with the following properties:

  1. The region covers at least the first initial_app_memory_size bytes at the beginning of the memory block.
  2. The region does not overlap the last initial_kernel_memory_size bytes.
  3. The region has the user mode permissions specified by permissions.

The end address of app-owned memory will increase in the future, so the implementation should choose the location of the process memory block such that it is possible for the MPU region to grow along with it. The implementation must store the allocated region in config. The allocated region may not overlap any of the regions already stored in config.

Arguments

  • unallocated_memory_start: start of unallocated memory
  • unallocated_memory_size: size of unallocated memory
  • min_memory_size: minimum total memory to allocate for process
  • initial_app_memory_size: initial size of app-owned memory
  • initial_kernel_memory_size: initial size of kernel-owned memory
  • permissions: permissions for the MPU region
  • config: MPU region configuration

Return Value

This function returns the start address and the size of the memory block chosen for the process. If it is infeasible to find a memory block or allocate the MPU region, or if the function has already been called, returns None.

fn update_app_memory_region(
    &self,
    app_memory_break: *const u8,
    kernel_memory_break: *const u8,
    permissions: Permissions,
    config: &mut Self::MpuConfig
) -> Result<(), ()>

Updates the MPU region for app-owned memory.

An implementation must reallocate the MPU region for app-owned memory stored in config to maintain the 3 conditions described in allocate_app_memory_region.

Arguments

  • app_memory_break: new address for the end of app-owned memory
  • kernel_memory_break: new address for the start of kernel-owned memory
  • permissions: permissions for the MPU region
  • config: MPU region configuration

Return Value

Returns an error if it is infeasible to update the MPU region, or if it was never created.

fn configure_mpu(&self, config: &Self::MpuConfig)

Configures the MPU with the provided region configuration.

An implementation must ensure that all memory locations not covered by an allocated region are inaccessible in user mode and accessible in supervisor mode.

Arguments

  • `config: MPU region configuration
Loading content...

Implementors

impl MPU for ()[src]

Implement default MPU trait for unit.

Loading content...