Merge pull request #5275 from alzix/upgrade-uvisor-v0.31.0

uVisor: Upgrade to v0.31.0

Author: 0xc0170

features/FEATURE_UVISOR/AUTHORS.txt

@@ -1,25 +1,26 @@
    600	Alessandro Angelino
    592	Milosch Meriac
-   190	Jaeden Amero
+   213	Jaeden Amero
     89	Niklas Hauser
-    10	Fangyi Zhou
-     6	Michael Schwarcz
-     5	Irit Arkin
-     5	Alexander Zilberkant
-     4	Amir Cohen
-     3	Hugo Vincent
+    27	Fangyi Zhou
+    14	Michael Schwarcz
+     8	Alexander Zilberkant
+     7	Irit Arkin
+     6	Amir Cohen
+     6	Roman Kuznetsov
+     4	Amanda Butler
+     4	Oren Cohen
      3	AnotherButler
-     3	Roman Kuznetsov
+     3	Danny Shavit
+     3	Hugo Vincent
+     3	Jan Jongboom
      3	JaredCJR
      3	Jim Huang
-     2	tonyyanxuan
-     2	Amanda Butler
-     2	Jan Jongboom
+     2	Jethro Hsu
      2	Nathan Chong
-     2	Oren Cohen
      2	Vincenzo Frascino
      2	ccli8
-     1	Russ Butler
-     1	Jethro Hsu
+     2	tonyyanxuan
      1	Aksel Skauge Mellbye
-     1	Danny Shavit
+     1	Michael Bartling
+     1	Russ Butler

features/FEATURE_UVISOR/README.md

@@ -248,7 +248,7 @@ static void private_button_on_press(void)
         for (int i = 0; i < PRIVATE_BUTTON_BUFFER_COUNT; ++i) {
             uvisor_ctx->pc->printf("%lu ", uvisor_ctx->buffer[i]);
         }
-        uvisor_ctx->pc->printf("\r\n");
+        uvisor_ctx->pc->printf("\n");
     }
 
 }
@@ -265,7 +265,7 @@ static void private_button_main_thread(const void *)
     /* Create the buffer and cache its pointer to the private static memory. */
     uvisor_ctx->buffer = (uint32_t *) malloc(PRIVATE_BUTTON_BUFFER_COUNT * sizeof(uint32_t));
     if (uvisor_ctx->buffer == NULL) {
-        uvisor_ctx->pc->printf("ERROR: Failed to allocate memory for the button buffer\r\n");
+        uvisor_ctx->pc->printf("ERROR: Failed to allocate memory for the button buffer\n");
         mbed_die();
     }
     uvisor_ctx->index = 0;
@@ -408,7 +408,7 @@ int main(void)
 {
     while (true) {
         led = !led;
-        printf("Secure index is %d\r\n", secure_get_index());
+        printf("Secure index is %d\n", secure_get_index());
         Thread::wait(500);
     }
 }
@@ -482,5 +482,6 @@ Repeat the process multiple times until all ACLs have been added to the list. Wh
 
 - [uVisor API documentation](API.md).
 - [Debugging uVisor on mbed OS](DEBUGGING.md).
+- [Using nonvolatile storage from uVisor on mbed OS](manual/Flash.md).
 
 If you found any bug or inconsistency in this guide, please [raise an issue](https://github.com/ARMmbed/uvisor/issues/new).

features/FEATURE_UVISOR/VERSION.txt

@@ -1 +1 @@
-v0.30.0
+v0.31.0

features/FEATURE_UVISOR/includes/uvisor/api/inc/api.h

@@ -65,7 +65,6 @@ typedef struct {
     int (*box_namespace)(int box_id, char *box_namespace, size_t length);
     int (*box_id_for_namespace)(int * const box_id, const char * const box_namespace);
 
-    void (*debug_init)(const TUvisorDebugDriver * const driver);
     void (*error)(THaltUserError reason);
     void (*start)(void);
     void (*vmpu_mem_invalidate)(void);
@@ -74,8 +73,8 @@ typedef struct {
     int                (*pool_queue_init)(uvisor_pool_queue_t *, uvisor_pool_t *, void *, size_t, size_t);
     uvisor_pool_slot_t (*pool_allocate)(uvisor_pool_t *);
     uvisor_pool_slot_t (*pool_try_allocate)(uvisor_pool_t *);
-    void               (*pool_queue_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
-    int                (*pool_queue_try_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
+    uvisor_pool_slot_t (*pool_queue_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
+    uvisor_pool_slot_t (*pool_queue_try_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_free)(uvisor_pool_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_try_free)(uvisor_pool_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_queue_dequeue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);

features/FEATURE_UVISOR/includes/uvisor/api/inc/box_config.h

@@ -18,6 +18,7 @@
 #define __UVISOR_API_BOX_CONFIG_H__
 
 #include "api/inc/uvisor_exports.h"
+#include "api/inc/debug_exports.h"
 #include "api/inc/page_allocator_exports.h"
 #include "api/inc/rpc_exports.h"
 #include <stddef.h>
@@ -169,4 +170,22 @@ UVISOR_EXTERN void const * const public_box_cfg_ptr;
 
 #define __uvisor_ctx (((UvisorBoxIndex *) __uvisor_ps)->bss.address_of.context)
 
+
+/* Use this macro after calling the box configuration macro, in order to register your box as a debug box.
+ * It will create a valid debug driver struct with the halt_error_func parameter as its halt_error() function */
+#define UVISOR_DEBUG_DRIVER(box_name, halt_error_func) \
+        UVISOR_EXTERN TUvisorDebugDriver const __uvisor_debug_driver; \
+        TUvisorDebugDriver const __uvisor_debug_driver = { \
+            UVISOR_DEBUG_BOX_MAGIC, \
+            UVISOR_DEBUG_BOX_VERSION, \
+            &box_name ## _cfg, \
+            halt_error_func \
+        };
+
+/* Use this macro after calling the box configuration macro, in order to
+ * register the public box as a debug box. */
+#define UVISOR_PUBLIC_BOX_DEBUG_DRIVER(halt_error_func) \
+        UVISOR_DEBUG_DRIVER(public_box, halt_error_func)
+
+
 #endif /* __UVISOR_API_BOX_CONFIG_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/debug.h

@@ -19,12 +19,19 @@
 
 #include "api/inc/halt_exports.h"
 #include <stdint.h>
+#include "api/inc/vmpu_exports.h"
 
-/* Debug box driver -- Version 0
+
+#define UVISOR_DEBUG_BOX_VERSION    (1)
+
+
+/* Debug box driver
  * A constant instance of this struct must be instantiated by the unprivileged
  * code to setup a debug box.*/
 typedef struct TUvisorDebugDriver {
-    uint32_t (*get_version)(void);
+    const uint32_t magic;
+    const uint32_t version;
+    const UvisorBoxConfig * const box_cfg_ptr;
     void (*halt_error)(THaltError, const THaltInfo *);
 } TUvisorDebugDriver;
 

features/FEATURE_UVISOR/includes/uvisor/api/inc/debug_exports.h

@@ -17,6 +17,8 @@
 #ifndef __UVISOR_API_HALT_EXPORTS_H__
 #define __UVISOR_API_HALT_EXPORTS_H__
 
+#include "uvisor_exports.h"
+
 #define UVISOR_ERROR_INVALID_BOX_ID             (-2)
 #define UVISOR_ERROR_BUFFER_TOO_SMALL           (-3)
 #define UVISOR_ERROR_BOX_NAMESPACE_ANONYMOUS    (-4)

features/FEATURE_UVISOR/includes/uvisor/api/inc/halt_exports.h

@@ -51,10 +51,12 @@ UVISOR_EXTERN int ipc_waitforall(uint32_t wait_tokens, uint32_t * done_tokens, u
 
 /** Asynchronously send an IPC message
  *
- * @note The memory used for sending the message (pointed to by msg) must be
- * valid until after the send is complete.
+ * @note The memory used for receiving the message (pointed to by msg) and the
+ * IPC descriptor (pointed to by desc) must be valid until after the send is
+ * complete. In addition, each IPC message should use its own IPC descriptor.
+ * Reusing an IPC descriptor will lead to unpredictable behaviours.
  *
- * @param[in]  desc   an IPC descriptor for the message
+ * @param[inout]  desc   an IPC descriptor for the message
  * @param[in]  msg    the message to send
  *
  * @return     0 on success, non-zero error code otherwise
@@ -63,8 +65,10 @@ UVISOR_EXTERN int ipc_send(uvisor_ipc_desc_t * desc, const void * msg);
 
 /** Asynchronously receive an IPC message
  *
- * @note The memory used for receiving the message (pointed to by msg) must be
- * valid until after the receive is complete.
+ * @note The memory used for receiving the message (pointed to by msg) and the
+ * IPC descriptor (pointed to by desc) must be valid until after the receive is
+ * complete. In addition, each IPC message should use its own IPC descriptor.
+ * Reusing an IPC descriptor will lead to unpredictable behaviours.
  *
  * @param[inout] desc   an IPC descriptor for the message
  * @param[out]   msg    the memory to copy the message to

features/FEATURE_UVISOR/includes/uvisor/api/inc/ipc.h

@@ -37,6 +37,7 @@
 #define UVISOR_RPC_GATEWAY_MAGIC_SYNC  UDF_OPCODE(0x07C3)
 #define UVISOR_POOL_MAGIC              UDF_OPCODE(0x07C4)
 #define UVISOR_POOL_QUEUE_MAGIC        UDF_OPCODE(0x07C5)
+#define UVISOR_DEBUG_BOX_MAGIC         UDF_OPCODE(0x07C6)
 #else
 #error "Unsupported instruction set. The ARM Thumb-2 instruction set must be supported."
 #endif /* __thumb__ && __thumb2__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/magic_exports.h

@@ -19,7 +19,6 @@
 
 #include "api/inc/magic_exports.h"
 #include "api/inc/uvisor_exports.h"
-#include "api/inc/uvisor_semaphore_exports.h"
 #include "api/inc/uvisor_spinlock_exports.h"
 #include <stdint.h>
 #include <stddef.h>
@@ -115,8 +114,8 @@ UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_allocate(uvisor_pool_t * pool);
 UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_try_allocate(uvisor_pool_t * pool);
 
 /* Enqueue the specified slot into the queue. */
-UVISOR_EXTERN void uvisor_pool_queue_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot);
-UVISOR_EXTERN int uvisor_pool_queue_try_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot);
+UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot);
+UVISOR_EXTERN uvisor_pool_slot_t uvisor_pool_queue_try_enqueue(uvisor_pool_queue_t * pool_queue, uvisor_pool_slot_t slot);
 
 /* Free the specified slot back into the pool. Invalid slots are ignored.
  * Return the slot that was freed, or UVISOR_POOL_SLOT_IS_FREE if the slot was

features/FEATURE_UVISOR/includes/uvisor/api/inc/pool_queue_exports.h

@@ -28,7 +28,6 @@
 #include "api/inc/api.h"
 #include "api/inc/box_config.h"
 #include "api/inc/box_id.h"
-#include "api/inc/debug.h"
 #include "api/inc/disabled.h"
 #include "api/inc/error.h"
 #include "api/inc/interrupts.h"

features/FEATURE_UVISOR/includes/uvisor/api/inc/uvisor-lib.h

@@ -133,6 +133,12 @@
 #define UVISOR_MACRO_REGS_RETVAL(type, name) \
     register type name asm("r0");
 
+UVISOR_FORCEINLINE void uvisor_noreturn(void)
+{
+    volatile int var = 1;
+    while(var);
+}
+
 /* declare callee-saved input/output operands for gcc-style inline asm */
 /* note: this macro requires that a C variable having the same name of the
  *       corresponding callee-saved register is declared; these operands follow

features/FEATURE_UVISOR/includes/uvisor/api/inc/uvisor_exports.h

@@ -18,7 +18,6 @@
 #define __UVISOR_API_VMPU_EXPORTS_H__
 
 #include "api/inc/uvisor_exports.h"
-#include "api/inc/pool_queue_exports.h"
 #include <stdint.h>
 
 /* The maximum box namespace length is 37 so that it is exactly big enough for

features/FEATURE_UVISOR/includes/uvisor/api/inc/vmpu_exports.h

@@ -138,7 +138,7 @@ void page_allocator_init(void * const heap_start, void * const heap_end, const u
     g_page_map_shift -= (g_page_head_end_rounded - (uint32_t) g_page_heap_end) / g_page_size;
 
     DPRINTF(
-        "page heap: [0x%08x, 0x%08x] %ukB -> %u %ukB pages\r\n",
+        "page heap: [0x%08x, 0x%08x] %ukB -> %u %ukB pages\n",
             (unsigned int) g_page_heap_start,
             (unsigned int) g_page_heap_end,
             (unsigned int) (g_page_count_free * g_page_size / 1024),

features/FEATURE_UVISOR/source/page_allocator.c_inc

@@ -1 +1 @@
-e3b1385c7facc7fdab472440293c4c87ed2b2999
+36664e60639dda2b364e6e8b5ecf9a23116d280a