bschnepp / pantheon Goto Github PK
View Code? Open in Web Editor NEWTiny operating system for aarch64 devices
Tiny operating system for aarch64 devices
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
A side-effect of switching processes seems to encounter some problems with memory accesses: either the TLB isn't completely purged as expected, or it is possible to enter a race condition where a page table switches but hasn't been updated for the current context.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
Memory must always be in a consistent state
Additional information
Any additional information should be placed here.
One of the primary tasks that needs to be done is to get the other cores to boot. Naturally, it's rather unlikely to find an application-class aarch64 SoC/SoM out that that's still a uniprocessor in 2021, so at least SMP support is nice, and we can worry about asymmetric multiprocessing later with all the combined power saving performance core things that exist out there.
Something to do right this time, unlike in Feral, is to bulldoze straight to running a process, and worry about architectural correctness later (memory mapping and process isolation and all that stuff.) later. We can even go so far as to share kernel and userspace page tables for now. This was a mistake in the way Feral was built, focusing way too much on correctness the first time, and led to some incoherent architectural nonsense that still hasn't been entirely resolved 3 years later. Let's do that right this time.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
Support should be added to this board by modifying the relevant bootloader code and adapting necessary components to allow pantheon to boot.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
This is something to revisit in a few months: just an idea to look through later.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
The kernel should use global handles instead of the current per-process handle scheme. This decouples the process block from handles, and greatly eases the ability of passing ownership of a kernel object to another process.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
A driver should be implemented which support the GICv3 interrupt controller, for it's added benefits to
supported hardware, and lifting restrictions on core counts being very low. It is also important to note
that a GICv3 implementation may not be backwards compatible with the GICv2, requiring the creation
of this driver for hardware support.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
A graph of lambas should be used to handle startup initialization, so "board-specific" drivers that are currently in use which don't actually have to be tied to the device or board directly can be separated, and possibly even attach unit test cases to them. The primary and immediate use case for this is to properly detect the timer on the board, instead of simply assuming it's the generic system timer.
This should be achieved with a graph of lambas, and done in 3 passes: one for driver initialization to set the device up at the mmio address needed, another pass for the actual driver startup routine, and a final pass for any cleanup the driver needs to do. Each of these routines should be reentrant, and can maybe be called more than once.
These functions should be assembled based on the device tree when startup happens, and then executed in a depth-first order.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
The kernel should isolate device MMIO from ordinary memory, and have it virtually mapped in the higher half area.
This will (eventually) allow remapping of the whole kernel there, and begin properly using the MMU.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
A process can quickly exhaust all available resources on a handle, effectively doing a denial of service on any other user of that resource backed by that handle.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
A handle can't be overloaded
Additional information
Any additional information should be placed here.
Support should be added to check for architecture- or board-specific code correctness with unit tests. This can be most easily achieved by running the majority of tests on the host, then connect a development board to a Kubernetes cluster which runs CI build jobs. Said cluster would share the development board, and when it is free, upload the new firmware, then use the serial port to log the test status for all board-specific tests.
This would aid in covering the remaining, currently untestable, parts of the kernel.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
The scheduler should be rewritten to allow for O(1) lookup of process structures.
This can be achieved in two ways: a HashMap and giving a per-core scheduler a PID to execute,
or to use the GlobalScheduler to pass along pointers to processes (or nullptr) as needed.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
This feature should be considered as high priority.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
A running process may access kernel memory by issuing a pointer to higher-half memory as an argument to SVCLogText.
As the system call does not sanitize any pointers at this time, this means that an attacker is capable of using this to dump the contents of the kernel (and possibly all of system memory) through a serial port, if listening to it.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
The program should either crash, or the kernel should refuse to issue the text.
Additional information
This should be considered as a serious security bug. While not actually exploitable in practice (no physical system can run pantheon, nor can any arbitrary user programs be started: the only processes running are those put there initially.), this should be fixed quickly as when proper program loading occurs, it may be possible to exploit.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
A formally described style guidelines document, which will ensure consistency throughout the codebase
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
The ability to either create or drop permissions of the current thread to userland should be implemented. This needs to be done to ensure system level daemons are kept in userspace, and eventually isolated from the kernel's runtime memory.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
A basic GitLab CI script should be created which simply builds the project from source code.
Unit tests confirming the correctness of the UTF-8 parser for these characters currently do not exist.
Correct parsing of length and other properties for these languages is currently not done.
Specifically, some test cases need to be added to check that:
- The length of the right-to-left (or left-to-right) marker character is ignored for CharLength(), but counted for DataLength()
- That a single character is always counted as a single character, even if that character is modified by a subsequent letter.
- That the returned value of a given character is the byte at the location, per the specification for operator[].
- Mixing these with Latin script should work as intended.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
Pages allocated by the virtual memory manager should never allocate contiguous pages (more than number of cache sets) in virtual memory which contend for the same cache line.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
At the moment, there is no method for the kernel to pass control off to a working thread. This should be implemented.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
A mechanism should be in place to handle "heavyweight" interrupt tasks without keeping the system waiting for it.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
An open source license should be used for this project, ideally something with few restrictions.
A reasonable license would be something like BSL-1.0, but something like X11, GPL or MPL isn't unreasonable as well.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
A userland process issuing a system call (ie, svcCreateNamedEvent) can pass in arbitrary values to the kernel.
These do not necessarily have to be valid arguments: they could be invalid memory, memory owned by another process, etc.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
The kernel returns an error, or refuses to complete the request
Additional information
This is a very serious bug. Any (and all) system calls need to be checked through some method of copyin/copyout from userland to a temporary kernel buffer to check if it's valid or not. Otherwise, issues like this could occur.
This is a significant module which should be checked for correctness as often as possible.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
Upon swapping to another process, the page tables for them do not appear to properly switch.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
Both processes should run correctly
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
It would be nice to have a single unified (authoritative) SDK for any program that should run under pantheon. As it is right now, there's the content within this repository, and another intended to be used by "real programs". This distinction is somewhat arbitrary.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
The repository in question is https://github.com/bSchnepp/pantheonSDK
It appears that in some situations, the timer interrupts only fire once, or not at all. The precise cause is still unknown.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
A slab allocator should be used by the kernel to allocate and initialize objects very quickly, and with minimal fragmentation.
Ideally, total fragmentation should not exceed 20% of a page size (roughly 800 bytes).
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
The userland image (either as some kind of initramfs, raw binaries in a table, etc.) should be included in the kernel binary.
Feature Benefits
List the reasons why this feature would be beneficial
Additional information
Any additional information should be placed here.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
The scheduler currently relies upon a race to reschedule a process, where there is a different idle thread found first before the it is picked up, as in 4bd7bee.
Correct behavior would show that with a given core and thread is run, after the number of ticks has expired, it picks up a different thread rather than the same one. The current setup always ensures there is at least one idle thread at any given time, so this condition should always occur.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
The output from kern_idle() should remain fairly similar between all of the threads, with some variance of being within a few thousand.
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
A port to the Raspberry Pi 4 should be done. This will allow pantheon to boot on a inexpensive arm64 board, which is (relatively) widely available and popular.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
At some point of execution, usually after a few hours, some condition occurs where code execution is resumed at some point causing a data abort or some other race. This causes the kernel to crash in a subtle way, but without triggering a kernel panic.
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
The kernel should never crash with expected behavior.
Additional information
This bug typically gets triggered after some condition with sysm causes it to stop being scheduled. It may help to look for race conditions there.
Issue Checklist
master
branch the bug is present in, with it's commit hash, is listed in this report=====================================================
Bug Description
The constructors of statically-declared objects are not initialized by the kernel before executing kern_main.
This is present in 17c5056
To Reproduce
Please list the steps to produce the bug below:
Screenshots
If relevant, please provide screenshots here.
Expected behavior
Constructors on all objects declared statically should be executed.
Additional information
Any additional information should be placed here.
Issue Checklist
wontfix
or closed=====================================================
Feature Description
Support for interaction with a secure world should be done to allow programs desiring to hold secrets from other programs to be ported.
Feature Benefits
List the reasons why this feature would be beneficial
Use case examples
List examples where this feature could be useful for end users.
Additional information
Any additional information should be placed here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.