pub trait KernelMPU {
type KernelMpuConfig: Display;
// Required methods
fn new_kernel_config(&self) -> Option<Self::KernelMpuConfig>;
fn allocate_kernel_region(
&self,
memory_start: *const u8,
memory_size: usize,
permissions: Permissions,
config: &mut Self::KernelMpuConfig
) -> Option<Region>;
fn enable_kernel_mpu(&self, config: &mut Self::KernelMpuConfig);
}Expand description
The generic trait that particular kernel level memory protection unit implementations need to implement.
This trait provides generic functionality to extend the MPU trait above to also allow the kernel to protect itself. It is expected that only a limited number of SoCs can support this, which is why it is a seperate implementation.
Required Associated Types§
sourcetype KernelMpuConfig: Display
type KernelMpuConfig: Display
MPU-specific state that defines a particular configuration for the kernel MPU. That is, this should contain all of the required state such that the implementation can be passed an object of this type and it should be able to correctly and entirely configure the MPU.
It is Default so we can create empty state when the kernel is
created, and Display so that the panic!() output can display the
current state to help with debugging.
Required Methods§
sourcefn new_kernel_config(&self) -> Option<Self::KernelMpuConfig>
fn new_kernel_config(&self) -> Option<Self::KernelMpuConfig>
Creates a new kernel MPU configuration.
The underlying implementation may only be able to allocate a finite
number of MPU configurations. It may return None if this resource is
exhausted.
sourcefn allocate_kernel_region(
&self,
memory_start: *const u8,
memory_size: usize,
permissions: Permissions,
config: &mut Self::KernelMpuConfig
) -> Option<Region>
fn allocate_kernel_region( &self, memory_start: *const u8, memory_size: usize, permissions: Permissions, config: &mut Self::KernelMpuConfig ) -> Option<Region>
Mark a region of memory that the Tock kernel owns.
This function will optionally set the MPU to enforce the specified constraints for all accessess (even from the kernel). This should be used to mark read/write/execute areas of the Tock kernel to have the hardware enforce those permissions.
If the KernelMPU trait is supported a board should use this function to set permissions for all areas of memory the kernel will use. Once all regions of memory have been allocated, the board must call enable_kernel_mpu(). After enable_kernel_mpu() is called no changes to kernel level code permissions can be made.
Note that kernel level permissions also apply to apps, although apps
will have more constraints applied on top of the kernel ones as
specified by the MPU trait.
Not all architectures support this, so don’t assume this will be implemented.
Arguments
memory_start: start of memory regionmemory_size: size of unallocated memorypermissions: permissions for the regionconfig: MPU region configuration
Return Value
Returns the start and size of the requested memory region. If it is infeasible to allocate the MPU region, returns None. If None is returned no changes are made.
sourcefn enable_kernel_mpu(&self, config: &mut Self::KernelMpuConfig)
fn enable_kernel_mpu(&self, config: &mut Self::KernelMpuConfig)
Enables the MPU for the kernel.
This function must enable the permission restrictions on the various
kernel regions specified by allocate_kernel_region() protected by
the MPU.
It is expected that this function is called in main().
Once enabled this cannot be disabled. It is expected there won’t be any changes to the kernel regions after this is enabled.