Skip to content

Handoff untypeds to a PD after initialisation#322

Draft
Willmish wants to merge 6 commits intoseL4:mainfrom
au-ts:szymon/handoff-untypeds
Draft

Handoff untypeds to a PD after initialisation#322
Willmish wants to merge 6 commits intoseL4:mainfrom
au-ts:szymon/handoff-untypeds

Conversation

@Willmish
Copy link

@Willmish Willmish commented Mar 12, 2026
edited
Loading

Depends on changes to microkit: seL4/microkit#436

This is still WIP, but opening for tracking and visibility.

Changes to rust capDL initializer that allow a thread to receive capabilities to all untyped objects. Motivation for this is to a) enable static systems that require memory allocation at runtime during initialisation (see PCIe Driver Design discussion) b) enable building dynamic systems with microkit bootstrapping.
Assumes that the root CNode of the TCB receiving the untypeds has been restructured similar to this proof-of-concept, see the microkit PR for more details.

TODOs:

  • Currently hands off ALL untypeds from bootinfo (including partially allocated ones). Need to retype the remaining space in these untypeds into smaller untyped objects, and only pass capabilities to those.
  • If creating objects at specific physical addresses, temporary untyped objects were created in "hold_slots" and discarded for alignment. Need to instead keep them and pass capabilities to those untypeds also.
  • Need to rethink structure, initialisation (and naming) of the CapDLBootInfo struct
  • Currently marking CNode to receive the untyped caps and Frame to receive the metadata struct with a receive_all_untypeds boolean in the capDL spec. Can't think of a better way for the CNode, but the Frame can maybe instead be a new FIllEntry? https://github.com/au-ts/rust-sel4/blob/3059c2d236bf56b066936dd48d8966255e172c3b/crates/sel4-capdl-initializer/src/initialize.rs#L570C17-L587C18

@Willmish
WIP: Handing off untypeds to PD
43700e8 
Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
@Willmish
WIP: add patching in frame with untyped metadata
eea81b5 
* Temporarily swap the original CNode cap pointing to CNode receiving
  the untypeds with the one specified in the capDL spec which has a
specific guard setup.

Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
@Willmish
Working: handing off untypeds to microkit PD
5a37178 
requires modified microkit, szymon/handoff-untypeds branch

Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
@Willmish
cleanup
e664959 
Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
@Willmish
fix: change hardcoded value to extract capDL info
ced578d 
* For PD that receives untypeds, compute index of the receiving untypeds
  CNode based on the guard size of its cap and the sizeBits of the
CNode.

Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
@Willmish
Use capdl spec marking of Frame to receive untyped
b3ef693 
Signed-off-by: Szymon Duchniewicz <s.duchniewicz@unsw.edu.au>
This was referenced Mar 12, 2026
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nspin nspin Awaiting requested review from nspin nspin will be requested when the pull request is marked ready for review nspin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Willmish