Struct kernel::process::SequentialProcessLoaderMachine

source ·
pub struct SequentialProcessLoaderMachine<'a, C: Chip + 'static> {
    client: OptionalCell<&'a dyn ProcessLoadingAsyncClient>,
    checker: &'static ProcessCheckerMachine,
    procs: MapCell<&'static mut [Option<&'static dyn Process>]>,
    proc_binaries: MapCell<&'static mut [Option<ProcessBinary>]>,
    flash: Cell<&'static [u8]>,
    app_memory: Cell<&'static mut [u8]>,
    deferred_call: DeferredCall,
    kernel: &'static Kernel,
    chip: &'static C,
    policy: OptionalCell<&'a dyn AppIdPolicy>,
    fault_policy: &'static dyn ProcessFaultPolicy,
    state: OptionalCell<SequentialProcessLoaderMachineState>,
}
Expand description

A machine for loading processes stored sequentially in a region of flash.

Load processes (stored as TBF objects in flash) into runnable process structures stored in the procs array. This machine scans the footers in the TBF for cryptographic credentials for binary integrity, passing them to the checker to decide whether the process has sufficient credentials to run.

Fields§

§client: OptionalCell<&'a dyn ProcessLoadingAsyncClient>

Client to notify as processes are loaded and process loading finishes.

§checker: &'static ProcessCheckerMachine

Machine to use to check process credentials.

§procs: MapCell<&'static mut [Option<&'static dyn Process>]>

Array of stored process references for loaded processes.

§proc_binaries: MapCell<&'static mut [Option<ProcessBinary>]>

Array to store ProcessBinarys after checking credentials.

§flash: Cell<&'static [u8]>

Flash memory region to load processes from.

§app_memory: Cell<&'static mut [u8]>

Memory available to assign to applications.

§deferred_call: DeferredCall

Mechanism for generating async callbacks.

§kernel: &'static Kernel

Reference to the kernel object for creating Processes.

§chip: &'static C

Reference to the Chip object for creating Processes.

§policy: OptionalCell<&'a dyn AppIdPolicy>

The policy to use when determining ShortIds and process uniqueness.

§fault_policy: &'static dyn ProcessFaultPolicy

The fault policy to assign to each created Process.

§state: OptionalCell<SequentialProcessLoaderMachineState>

Current mode of the loading machine.

Implementations§

source§

impl<'a, C: Chip> SequentialProcessLoaderMachine<'a, C>

source

pub fn new( checker: &'static ProcessCheckerMachine, procs: &'static mut [Option<&'static dyn Process>], proc_binaries: &'static mut [Option<ProcessBinary>], kernel: &'static Kernel, chip: &'static C, flash: &'static [u8], app_memory: &'static mut [u8], fault_policy: &'static dyn ProcessFaultPolicy, policy: &'static dyn AppIdPolicy, _capability_management: &dyn ProcessManagementCapability, ) -> Self

This function is made pub so that board files can use it, but loading processes from slices of flash an memory is fundamentally unsafe. Therefore, we require the ProcessManagementCapability to call this function.

source

fn find_open_process_slot(&self) -> Option<usize>

Find a slot in the PROCESSES array to store this process.

source

fn find_open_process_binary_slot(&self) -> Option<usize>

Find a slot in the PROCESS_BINARIES array to store this process.

source

fn load_and_check(&self)

source

fn discover_process_binary(&self) -> Result<ProcessBinary, ProcessBinaryError>

Try to parse a process binary from flash.

Returns the process binary object or an error if a valid process binary could not be extracted.

source

fn load_process_objects(&self) -> Result<(), ()>

Create process objects from the discovered process binaries.

This verifies that the discovered processes are valid to run.

source

fn is_blocked_from_loading_by( &self, pb1: &ProcessBinary, pb2: &ProcessBinary, ) -> bool

Check if pb1 is blocked from running by pb2.

pb2 blocks pb1 if:

  • They both have the same AppID or they both have the same ShortId, and
  • pb2 has a higher version number.
source

fn is_blocked_from_loading_by_process( &self, pb: &ProcessBinary, process: &dyn Process, ) -> bool

Check if pb is blocked from running by process.

process blocks pb if:

  • They both have the same AppID, or
  • They both have the same ShortId

Since process is already loaded, we only have to enforce the AppID and ShortId uniqueness guarantees.

Trait Implementations§

source§

impl<'a, C: Chip> DeferredCallClient for SequentialProcessLoaderMachine<'a, C>

source§

impl<'a, C: Chip> ProcessCheckerMachineClient for SequentialProcessLoaderMachine<'a, C>

source§

fn done( &self, process_binary: ProcessBinary, result: Result<(), ProcessCheckError>, )

Check is finished, and the check result is in result.0 Read more
source§

impl<'a, C: Chip> ProcessLoadingAsync<'a> for SequentialProcessLoaderMachine<'a, C>

source§

fn set_client(&self, client: &'a dyn ProcessLoadingAsyncClient)

Set the client to receive callbacks about process loading and when process loading has finished.
source§

fn set_policy(&self, policy: &'a dyn AppIdPolicy)

Set the credential checking policy for the loader.
source§

fn start(&self)

Start the process loading operation.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.