ereport: Task faulted/panicked

app/cosmo/base.toml

@@ -33,6 +33,9 @@ net = "jefe-state-change"
 host_sp_comms = "jefe-state-change"
 spd = "jefe-state-change"
 
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
+
 [tasks.jefe.config.allowed-callers]
 set_state = ["cosmo_seq"]
 set_reset_reason = ["sys"]
@@ -133,6 +136,7 @@ start = true
 # task-slots is explicitly empty: packrat should not send IPCs!
 task-slots = []
 features = ["cosmo", "ereport"]
+notifications = ["task-faulted"]
 
 [tasks.rng_driver]
 features = ["h753", "ereport"]

app/gimlet/base.toml

@@ -28,6 +28,9 @@ net = "jefe-state-change"
 host_sp_comms = "jefe-state-change"
 spd = "jefe-state-change"
 
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
+
 [tasks.jefe.config.allowed-callers]
 set_state = ["gimlet_seq"]
 set_reset_reason = ["sys"]
@@ -127,6 +130,7 @@ start = true
 # task-slots is explicitly empty: packrat should not send IPCs!
 task-slots = []
 features = ["gimlet", "ereport"]
+notifications = ["task-faulted"]
 
 [tasks.thermal]
 name = "task-thermal"

app/gimletlet/app.toml

@@ -22,6 +22,9 @@ request_reset = ["hiffy", "control_plane_agent", "udprpc"]
 [tasks.jefe.config.on-state-change]
 host_sp_comms = "jefe-state-change"
 
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
+
 [tasks.sys]
 # Enable EXTI in the sys task so that we can notify sprot when the RoT
 # raises an IRQ.
@@ -51,6 +54,7 @@ start = true
 task-slots = []
 stacksize = 1096
 features = ["ereport"]
+notifications = ["task-faulted"]
 
 [tasks.control_plane_agent]
 name = "task-control-plane-agent"

app/grapefruit/app-dev.toml

@@ -11,6 +11,10 @@ interrupts = {"uart8.irq" = "usart-irq"}
 [tasks.packrat]
 stacksize = 1096
 features = ["ereport"]
+notifications = ["task-faulted"]
+
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
 
 [tasks.snitch]
 name = "task-snitch"

app/oxcon2023g0/app.toml

@@ -6,7 +6,7 @@ board = "oxcon2023g0"
 
 [kernel]
 name = "oxcon2023g0"
-requires = {flash = 11680, ram = 1296}
+requires = {flash = 11776, ram = 1296}
 stacksize = 640
 
 [tasks.jefe]

app/psc/base.toml

@@ -27,6 +27,9 @@ extern-regions = ["sram1", "sram2", "sram3", "sram4"]
 [tasks.jefe.config.on-state-change]
 net = "jefe-state-change"
 
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
+
 [tasks.jefe.config.allowed-callers]
 set_reset_reason = ["sys"]
 request_reset = ["hiffy", "control_plane_agent"]
@@ -123,6 +126,7 @@ start = true
 # task-slots is explicitly empty: packrat should not send IPCs!
 task-slots = []
 features = ["ereport"]
+notifications = ["task-faulted"]
 
 [tasks.sequencer]
 name = "drv-psc-seq-server"

app/sidecar/base.toml

@@ -28,6 +28,9 @@ extern-regions = ["sram1", "sram2", "sram3", "sram4"]
 set_reset_reason = ["sys"]
 request_reset = ["hiffy", "control_plane_agent"]
 
+[tasks.jefe.config.on-task-fault]
+packrat = "task-faulted"
+
 [tasks.sys]
 name = "drv-stm32xx-sys"
 features = ["h753", "exti", "no-panic"]
@@ -262,6 +265,7 @@ start = true
 # task-slots is explicitly empty: packrat should not send IPCs!
 task-slots = []
 features = ["ereport"]
+notifications = ["task-faulted"]
 
 [tasks.sequencer]
 name = "drv-sidecar-seq-server"

idl/ereportulator.idol

@@ -20,5 +20,12 @@ Interface(
             ),
             idempotent: true,
         ),
+        "panicme": (
+            doc: "Make the ereportulator panic",
+            args: {
+            },
+            reply: Simple("()"),
+            idempotent: true,
+        ),
     }
 )

sys/kern/src/kipc.rs

@@ -482,12 +482,6 @@ fn find_faulted_task(
     message: USlice<u8>,
     response: USlice<u8>,
 ) -> Result<NextTask, UserError> {
-    if caller != 0 {
-        return Err(UserError::Unrecoverable(FaultInfo::SyscallUsage(
-            UsageError::NotSupervisor,
-        )));
-    }
-
     let index = deserialize_message::<u32>(&tasks[caller], message)? as usize;
 
     // Note: we explicitly permit index == tasks.len(), which causes us to wrap

sys/num-tasks/build.rs

@@ -23,6 +23,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     if build_util::has_feature("task-enum") {
         writeln!(task_file, "#[allow(non_camel_case_types)]").unwrap();
+        writeln!(task_file, "#[derive(Copy, Clone)]").unwrap();
         writeln!(task_file, "pub enum Task {{").unwrap();
         for line in task_enum {
             writeln!(task_file, "{line}").unwrap();

task/ereportulator/Cargo.toml

@@ -4,7 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-userlib = { path = "../../sys/userlib" }
+userlib = { path = "../../sys/userlib", features = ["panic-messages"] }
 idol-runtime.workspace = true
 zerocopy.workspace = true
 zerocopy-derive.workspace = true

task/ereportulator/src/main.rs

@@ -150,6 +150,13 @@ impl idl::InOrderEreportulatorImpl for ServerImpl {
 
         Ok(())
     }
+
+    fn panicme(
+        &mut self,
+        _msg: &RecvMessage,
+    ) -> Result<(), RequestError<Infallible>> {
+        panic!("im dead lol")
+    }
 }
 
 impl idol_runtime::NotificationHandler for ServerImpl {

task/jefe/build.rs

@@ -5,7 +5,7 @@
 use anyhow::{Context, Result};
 use serde::Deserialize;
 use std::collections::{BTreeMap, BTreeSet};
-use std::io::Write;
+use std::io::{self, Write};
 
 fn main() -> Result<()> {
     build_util::expose_m_profile()?;
@@ -35,29 +35,21 @@ fn main() -> Result<()> {
     let mut out =
         std::fs::File::create(dest_path).context("creating jefe_config.rs")?;
 
-    let task = "hubris_num_tasks::Task";
-    {
-        let count = cfg.on_state_change.len();
+    gen_mailing_list(
+        "STATE_CHANGE_MAILING_LIST",
+        &cfg.on_state_change,
+        &mut out,
+    )
+    .context("generating state change mailing list")?;
 
-        writeln!(
-            out,
-            "pub(crate) const MAILING_LIST: [({task}, u32); {count}] = [",
-        )?;
-        for (name, rec) in cfg.on_state_change {
-            writeln!(
-                out,
-                "    ({task}::{name}, crate::notifications::{name}::{}_MASK),",
-                rec.to_ascii_uppercase().replace('-', "_"),
-            )?;
-        }
-        writeln!(out, "];")?;
-    }
+    gen_mailing_list("FAULT_MAILING_LIST", &cfg.on_task_fault, &mut out)
+        .context("generating task fault mailing list")?;
 
     {
         let count = cfg.tasks_to_hold.len();
-        writeln!(out, "pub(crate) const HELD_TASKS: [{task}; {count}] = [",)?;
+        writeln!(out, "pub(crate) const HELD_TASKS: [{TASK}; {count}] = [",)?;
         for name in cfg.tasks_to_hold {
-            writeln!(out, "    {task}::{name},")?;
+            writeln!(out, "    {TASK}::{name},")?;
         }
         writeln!(out, "];")?;
     }
@@ -67,6 +59,37 @@ fn main() -> Result<()> {
     Ok(())
 }
 
+const TASK: &str = "hubris_num_tasks::Task";
+
+/// Generates a "mailing list" of tasks to notify on a given event (such as a
+/// state change or a task fault), from a `BTreeMap` mapping task names to
+/// notification names.
+///
+/// The generated mailing list will be a `[(hubris_num_tasks::Task, u32)]` array
+/// named `list_name`.
+fn gen_mailing_list(
+    list_name: &str,
+    list: &BTreeMap<String, String>,
+    out: &mut impl std::io::Write,
+) -> io::Result<()> {
+    let count = list.len();
+
+    writeln!(
+        out,
+        "pub(crate) const {list_name}: [({TASK}, u32); {count}] = [",
+    )?;
+    for (name, rec) in list {
+        writeln!(
+            out,
+            "    ({TASK}::{name}, crate::notifications::{name}::{}_MASK),",
+            rec.to_ascii_uppercase().replace('-', "_"),
+        )?;
+    }
+    writeln!(out, "];")?;
+
+    Ok(())
+}
+
 /// Jefe task-level configuration.
 #[derive(Deserialize, Default)]
 #[serde(rename_all = "kebab-case", deny_unknown_fields)]
@@ -75,6 +98,12 @@ struct Config {
     /// notification name (in the target task)
     #[serde(default)]
     on_state_change: BTreeMap<String, String>,
+
+    /// Task requests to be notified when a task faults, as a map from task name to
+    /// notification name (in the target task)
+    #[serde(default)]
+    on_task_fault: BTreeMap<String, String>,
+
     /// Map of operation names to tasks allowed to call them.
     #[serde(default)]
     allowed_callers: BTreeMap<String, Vec<String>>,

task/jefe/src/external.rs

@@ -101,10 +101,10 @@ static JEFE_EXTERNAL_ERRORS: AtomicU32 = AtomicU32::new(0);
 /// potentially modifying the passed array.  Returns a boolean to indicate if
 /// a valid external request was received.
 ///
-pub(crate) fn check(states: &mut [TaskStatus], now: u64) {
+pub(crate) fn check(states: &mut [TaskStatus]) {
     // This wrapper is responsible for updating operation counters, and allowing
     // the inner function to use Result for convenience.
-    match check_inner(states, now) {
+    match check_inner(states) {
         Ok(true) => {
             JEFE_EXTERNAL_REQUESTS.fetch_add(1, Ordering::SeqCst);
         }
@@ -119,7 +119,7 @@ pub(crate) fn check(states: &mut [TaskStatus], now: u64) {
 }
 
 // Implementation factor of `check` that can use Result.
-fn check_inner(states: &mut [TaskStatus], now: u64) -> Result<bool, Error> {
+fn check_inner(states: &mut [TaskStatus]) -> Result<bool, Error> {
     if JEFE_EXTERNAL_KICK.swap(0, Ordering::SeqCst) == 0 {
         return Ok(false);
     }
@@ -170,7 +170,7 @@ fn check_inner(states: &mut [TaskStatus], now: u64) -> Result<bool, Error> {
             // task to clear a held fault.
             state.disposition = Disposition::Restart;
             if matches!(state.state, TaskState::HoldFault) {
-                state.state = TaskState::Running { started_at: now };
+                state.state = TaskState::Running;
                 kipc::reinit_task(ndx, true);
             }
         }