- Devel - lists.sel4.systems

kernel builds w/ different memory configurations
by Sam Leffler 27 Jan '23

27 Jan '23

I have a target platform w/ 2 pre-defined memory configs. I've created separate .dts files w/ the different memory sizes and then in src/plat/sparrow/config.cmake do: if(KernelDebugBuild) list(APPEND KernelDTSList "tools/dts/sparrow-debug.dts") else() list(APPEND KernelDTSList "tools/dts/sparrow.dts") Overloading KernelDebugBuild is awkward (it seems contrary to it's purpose) and fragile. How is this handled for existing platforms? -Sam

2 2

help with Nvidia Jetson Xavier port
by Axel Heider 27 Jan '23

27 Jan '23

Hi, we are working on porting seL4 to the Nvidia Jetson Xavier. The kernel is booting, but then there are random crashes in user mode where the cores seem to stop completely within a minute, no crash output is visible. Our test applications are just doing some integer number crunching to create load, there are no drivers involved (besides a bit of UART output). It looks like this also happened to others, a similar problem was described in this post: https://forums.developer.nvidia.com/t/illegal-instruction-with-i-cache-disa… Did anybody get seL4 userland running stable there? Axel

1 0

Inquiry to Verified Components
by Seoyeon Hwang 26 Jan '23

26 Jan '23

Hello, From this document https://apps.dtic.mil/sti/pdfs/AD1027690.pdf <https://urldefense.com/v3/__https://apps.dtic.mil/sti/pdfs/AD1027690.pdf__;…>, we figured out that system call APIs are verified (except for their composition with sel4 kernel proofs). However, we are not sure whether other process/thread-spawning APIs are also verified. We use the APIs (listed below) in our project, hoping to develop a formally verified root-of-trust architecture atop seL4. Could you let us know if they are all verified, and if so, could you also point out the resources we can cite in our paper? Thanks, Seoyeon APIs used in our projects are: Initial Process-related APIs platsupport_get_bootinfo simple_default_init_bootinfo bootstrap_use_current_simple allocman_make_vka simple_get_cnode simple_get_pd Thread Spawning APIs vka_alloc_tcb vka_alloc_frame seL4_ARCH_Page_Map vka_alloc_page_table seL4_ARCH_PageTable_Map vka_alloc_endpoint vka_mint_object seL4_TCB_Configure seL4_TCB_SetPriority sel4utils_set_instruction_pointer sel4utils_set_stack_pointer seL4_TCB_WriteRegisters sel4runtime_write_tls_image sel4runtime_set_tls_variable seL4_TCB_SetTLSBase seL4_TCB_Resume Process Spawning APIs sel4utils_bootstrap_vspace_with_bootinfo_leaky vspace_reserve_range bootstrap_configure_virtual_pool process_config_default_simple sel4utils_configure_process_custom vka_cspace_make_path sel4utils_mint_cap_to_process sel4utils_create_word_args sel4utils_spawn_process_v IPC/System call APIs seL4_MessageInfo_new seL4_MessageInfo_get_length seL4_SetMR seL4_GetMR seL4_Call seL4_Recv seL4_Reply seL4_Wait seL4_Yield

7 10

sel4test:nested timeout fault test flaky?
by Sam Leffler 25 Jan '23

25 Jan '23

We run sel4test regularly for a 64-bit raspi target under qemu and occasionally see failures like this: Starting test 129: TIMEOUTFAULT0003 > Running test TIMEOUTFAULT0003 (Nested timeout fault) > Error: Check badge(3) == expected_badge(2) failed. at line 9 This is a stock sel4test <https://github.com/AmbiML/sparrow-sel4test> + dep libs but an older kernel <https://github.com/AmbiML/sparrow-kernel>. Anyone know if this is an old (presumably fixed) bug or known issue? -Sam

3 5

Reminder seL4 developer hangout
by Birgit Brecknell 25 Jan '23

25 Jan '23

Hi all A friendly reminder that the seL4 developer hangout is on again this week: Tue, Jan 24, 9pm (UTC), Topics: (open) * Sydney: Wed, Jan 25, 8am * Central Europe: Tue, Jan 24, 10pm * US Pacific Time: Tue, Jan 24, 1pm Zoom link: https://unsw.zoom.us/j/82640784431 cheers Birg --- Dr. Birgit Brecknell Project Officer Trustworthy Systems, UNSW, birgit.brecknell(a)unsw.edu.au<mailto:birgit.brecknell@unsw.edu.au> seL4 Foundation, birgit(a)sel4.systems<mailto:birgit@sel4.systems> 0433 880 571 Mon 9am-5pm Wed 9am-12pm Fri 9am-5pm

3 2

Sel4 on RISC-V AllwinnerD1 MangoPi MQ1PH boot problem
by alex＠nixd.org 19 Jan '23

19 Jan '23

Hello, I just have a small question because I found the documentation about booting the Sel4 on RISC-V systems a bit confusing and not answering my questions. 1) I have ported all necessary code and I have successful compiled the `sel4test`. 2) I have flashed a SPL and U-Boot to 'mmc' which was built including OpenSBI fw_dynamic.bin but against most recent version (Sel4 was also compiled against most recent version OpenSBI v1.2 U-Boot SPL 2022.10-38338-g528ae9bc6c-dirty (Jan 11 2023 - 01:07:54 +0100)). 3) SPL and U-boot runs perfectly. 4) Sel4 does not want to boot. Why? So, in the DTS which I extracted from SDK it is said: ` /memreserve/ 0x40000000 0x200000; /* opensbi */ /memreserve/ 0x42000000 0x100000; /* dsp used 1MB */ memory@40000000 { device_type = "memory"; reg = <0x0 0x40000000 0x0 0x8000000>; }; ` For the elfloader objdump reports the `_start at 0x40a21000` so I hardcoded it into the following #define CONFIG_BOOTCOMMAND \ "if mmc rescan; then " \ "echo SD/MMC found on device ${mmc_dev};" \ "fatload mmc 0 0x40a21000 elfloader;" \ "fatload mmc 0 0x40a27940 archive.archive.o.cpio;" \ "bootelf 0x40a21000;" \ "fi;" \ And it reported an error: "Unhandled exception: Load access fault EPC: 000000007ffbd308 RA: 000000007ffbd33a TVAL: 00000005c66db5aa EPC: 0000000042e50308 RA: 0000000042e5033a reloc adjusted Code: 69a2 6145 8082 7480 1793 0069 9426 943e (641c) resetting ..." It seems that it relocates itself to 42e5033a (or not?) what actually I was trying to do manually. U-boot reports (for the domain0) the next address which is 0x0000000042e00000. And when I am loading elfloader there, it exists back to uboot shell without any errors and nothing happens. I can not understand what I am doing wrong, because FreeBSD and Linux starts normally. The #define seL4_UserTop is generated from DTS file if I understood correctly. But it seems it is incorrect. I will be happy for any hint. Thank you.

3 2

Can I launch two rumprun instances at the same time?
by mincheol＠vt.edu 06 Jan '23

06 Jan '23

Hi, I am trying to run two rumprun instances on seL4. I called launch_process(bin_name, CONFIG_RUMPRUN_COMMAND_LINE, 1); launch_process(bin_name, CONFIG_RUMPRUN_COMMAND_LINE, 2); in run_rr() of rumprun-sel4-demoapps/roottask/src/main.c. Then I got below: <<seL4(CPU 0) [decodeCNodeInvocation/107 T0xffffff801fe14400 "roottask" @4166c1]: CNode Copy/Mint/Move/Mutate: Source slot invalid o> sel4utils_move_cap_to_process@process.c:157 Failed to move cap <<seL4(CPU 0) [decodeX86PortControlInvocation/147 T0xffffff801fe14400 "roottask" @451efa]: IOPortControl: Some ports in range alread> arch_copy_IOPort_cap@arch.c:25 Failed to get IO port cap for range cf8 to cff I don't understand why I got these errors. launch_process() gets rump_process_t *process from process_from_id(id) so I should get a different slot with the different process id.

1 0

Question about non-blocking notification
by mincheol＠vt.edu 31 Dec '22

31 Dec '22

Hi, Do I need to use seL4-NBSend() for sending a non-blocking signal (cause seL4_Signal() is blocking)?

3 5

Question about sel4-tutorial dynamic-2 and dynamic-3
by mincheol＠vt.edu 29 Dec '22

29 Dec '22

Hi, I have two questions regarding dynamic-2 and dynamic-3 tutorials. 1. In dynamic-2 TASK 4, Why is the ipc_buffer_vaddr put in seL4_ARCH_PageTable_Map()? ipc_buffer_vaddr is the virtual address of the new physical frame allocated for the IPC buffer. I think seL4_ARCH_PageTable_Map's 3rd parameter is the virtual address of the page table frame. 2. In dynamic-3, it uses sel4utils_configure_process_custom() to create a new thread. I looked into the function and found that it created a vspace for the new thread. However, the tutorial's learning outcomes section says "this time the two threads will only share the same vspace", so I am confused. Does this tutorial create a new vspace for the new thread? Mincheol

2 2

Any reliable way to determine if a thread is suspended?
by Andrew Warkentin 28 Dec '22

28 Dec '22

Is there any reliable way to determine if a thread is suspended? seL4_TCB_Suspend() succeeds even if the thread was already suspended. I can force all calls to seL4_TCB_Suspend() and seL4_TCB_Resume() to go through a wrapper that updates a user-level flag (since my OS manages pretty much all capabilities in the root server and will only expose TCBs to regular user processes through a special filesystem); however, this leaves a race when a thread is suspended due to a fault instead of an API call (since the thread will already be suspended before the fault handler updates the "thread running" flag). My initial use for checking if a thread is running is to allow easy atomic updates of some metadata (shared between the root server and the non-root thread, and optionally shared between threads) for my IPC transport layer that implements Unix-like file descriptors on top of seL4 endpoints (and eventually notifications). To add an FD to a thread's list, the root server allocates a copy of the endpoint (and reply if the FD is server-side) into the thread's CSpace, suspends the thread, updates the metadata (which includes the underlying capabilities), and then resumes the thread if it was running. Obviously, I don't want to resume threads that weren't running in the first place. I don't want to use locks here since the root server can't trust regular user processes. Another use is to allow cancelling any in-progress transfers on FDs when they get closed and returning a status to the waiting threads, which I am planning to do by replacing the endpoint with a copy of a global "clunk endpoint" associated with a thread that repeatedly sends a "file descriptor closed" message (actually there will be two such threads - one for clients, and one for servers) and then resuming the thread.

1 0