Expand description
This crate provides straightforward, pure-Rust bindings to the seL4 API.
Most items in this crate correspond to types, constants, and functions in libsel4
. See the
seL4 manual for more information about
the seL4 concepts and libsel4
items references in this crate’s documentation.
This crate’s implementation is based on the lower-level sel4-sys
crate, which is
generated from the libsel4 headers and interface definition files.
§Features
§"state"
Functions in the C libsel4 use the thread-local variable __sel4_ipc_buffer
to obtain a pointer
to the current thread’s IPC buffer:
extern __thread seL4_IPCBuffer *__sel4_ipc_buffer;
libmicrokit, which does not support
thread-local storage uses the following snippet to force __sel4_ipc_buffer
to global rather
than thread-local:
#define __thread
#include <sel4/sel4.h>
For the sake of flexibility and applicability, this crate can be configured to use no state at
all. Users can opt out of state and explicitly pass around references to the active IPC buffer
instead of relying on the implementation to obtain such a reference using thread-local or global
state. Such a paradigm is useful in certain uncommon circumstances, but most users will benefit
from the convenience of an implicit IPC buffer. The "state"
feature, enabled by default, uses
state to allow one to make seL4 API calls without having to explicitly specify an IPC buffer.
For the sake of interoperability with C, the state looks something like: static mut __sel4_ipc_buffer: *mut IpcBuffer
. If the "state-exposed"
feature is enabled, it is exposed
with #![no_mangle]
. If the "state-extern"
feature is enabled, it is wrapped in an extern "C"
block. Whether it is thread-local is determined by the following pseudocode:
cfg_if! {
if #[cfg(all(any(target_thread_local, feature = "tls"), not(feature = "non-thread-local-state")))] {
// thread-local
} else if #[cfg(not(feature = "thread-local-state"))] {
// not thread-local
} else {
compile_error!(r#"invalid configuration"#);
}
}
The non-thread-local configuration should only be used in cases where the language runtime does
not support thread-local storage. In those cases without thread-local storage where this crate
will only ever run in a single thread, use the "single-threaded"
feature to enable a more
efficient implementation. Note that enabling the "single-threaded"
feature in a case where
this crate runs in more than one thread is unsafe.
At the API level, the "state"
feature causes NoExplicitInvocationContext
to be an alias
for ImplicitInvocationContext
, which implements InvocationContext
by accessing the
thread-local pointer to an IPC buffer. When the "state"
feature is not enabled,
NoExplicitInvocationContext
is an alias for NoInvocationContext
, which does not
implement InvocationContext
. The thread-local IPC buffer pointer is modified and accessed by
set_ipc_buffer
, with_ipc_buffer
, and with_ipc_buffer_mut
. The lower-level
try_with_ipc_buffer_slot
and try_with_ipc_buffer_slot_mut
are provided as well.
§Building
This crate and its dependencies depend, at build time, on the libsel4 headers. The location of
these headers is provided to this crate at build time by environment variables. If
SEL4_INCLUDE_DIRS
is set, then its value is interpreted as a colon-separated list of include
paths for the libsel4 headers. Otherwise, if SEL4_PREFIX
is set, then
$SEL4_PREFIX/libsel4/include
is used.
Re-exports§
pub use sel4_config as config;
pub use sel4_sys as sys;
Modules§
- Marked aliases of
Cap
. - Markers corresponding to capability types and classes of capability types.
- Items that are applicable within the context of the root task’s initial thread’s CSpace.
- Items describing the layout of address translation structures for this kernel configuration.
Macros§
- Like
std::debug_print!
, except backed byseL4_DebugPutChar
. - Like
std::debug_println!
, except backed byseL4_DebugPutChar
. - Like
core::cfg!
, except using the seL4 kernel configuration. - Like
core::cfg!
, except using the seL4 kernel configuration. - Like
core::cfg!
, except using the seL4 kernel configuration. - Like
core::cfg!
, except using the seL4 kernel configuration. - Like
sel4_cfg_match
, except it works on stable, at the expense of not being an attribute macro.
Structs§
- A
CPtrWithDepth
to be resolved in the context of a particularCNode
. - Corresponds to
seL4_BootInfo
. - An extra bootinfo chunk along with its ID.
- An iterator for accessing the
BootInfoExtra
entires associated with aBootInfoPtr
. - A wrapped pointer to a
BootInfo
block. - Corresponds to
seL4_CNode_CapData
. - A capability pointer.
- A capability pointer with a number of bits to resolve.
- The result of
cap::Endpoint::call_with_mrs
. - A capability pointer to be resolved in the current CSpace.
- Corresponds to
seL4_Fault_CapFault
. - Corresponds to
seL4_CapRights_t
. - Helper for constructing
CapRights
. - Implements
core::fmt::Write
usingdebug_put_char
. - The strategy for discovering the current thread’s IPC buffer which uses thread-local state.
- Under this configuration, no reply authority is required.
- Corresponds to
seL4_IPCBuffer
. - Corresponds to
seL4_MessageInfo_t
. - Helper for constructing
MessageInfo
. - The absence of a strategy for discovering the current thread’s IPC buffer.
- Corresponds to
seL4_Fault_NullFault
. - The result of
cap::Endpoint::recv_with_mrs
. - Corresponds to
seL4_Fault_UnknownSyscall
. - Corresponds to
seL4_UntypedDesc
. - Corresponds to
seL4_Fault_UserException
. - Corresponds to
seL4_X86_VMAttributes
. - Corresponds to
seL4_Fault_VMFault
.
Enums§
- Corresponds to
seL4_BootInfoID
. - Corresponds to
seL4_Error
. - Frame object types for this kernel configuration.
- An object description for
Untyped::untyped_retype
. - Corresponds to
seL4_ObjectType
. - Translation table object types for this kernel configuration.
Constants§
- Number of message registers in the IPC buffer.
- The size of
Word
in bits.
Traits§
- Trait for marker types corresponding to capability types in the seL4 API.
- Trait for
CapType
s which correspond to frame objects. - Trait for
CapType
s which correspond to frame objects of fixed size. - Trait for
CapType
s which correspond to kernel objects. - Trait for
CapType
s which correspond to kernel objects of fixed size. - Trait for
CapType
s which correspond to kernel objects of variable size. - Trait for
CapType
s which correspond to translation table objects. - Trait for types from which
ReplyAuthority
can be derived. - Trait for types which can hold the contents of a set of inline message registers.
- Trait for types whose members which logically contain a
CPtrWithDepth
. - A strategy for discovering the current thread’s IPC buffer.
- Trait for
CapType
s which are used as targets of IPC syscalls.
Functions§
- Corresponds to
seL4_DebugPutChar
. - Corresponds to
seL4_DebugSnapshot
. - Returns whether this crate’s IPC buffer slot is thread-local.
- Corresponds to
seL4_Reply
. - Sets the IPC buffer that this crate will use for this thread.
- Corresponds to
seL4_SetTLSBase
. - Provides low-level access to this thread’s IPC buffer.
- Provides low-level mutable access to this thread’s IPC buffer.
- Provides access to this thread’s IPC buffer.
- Provides mutable access to this thread’s IPC buffer.
- Corresponds to
seL4_Yield
.
Type Aliases§
- A capability badge.
- The raw bits of a capability pointer.
- The default strategy for discovering the current thread’s IPC buffer.
- Configuration-dependant alias for conveying reply authority to syscalls.
- Alias for
Result<_, Error>
. - Corresponds to
seL4_Word
.
Attribute Macros§
- Make the attached code conditional on a seL4 kernel configuration expression.
- Make the associated attribute expression conditional on a seL4 kernel configuration expression.
- Allows an
enum
’s variants to use thesel4_cfg
attribute. - Allows a
match
expression’s variants to use thesel4_cfg
attribute. - Allows a
struct
’s fields to use thesel4_cfg
attribute.