The toplevel adc_seq_table is now copied onto the stack and
the stack copy used.
The contained entries array is now copied onto an allocation
drawn from the caller's resource pool, to prevent modification
of the buffer pointers.
The return value policy here is to oops the caller if bad memory
or objects are passed in, but return an error otherwise.
Based on an original patch by Leandro Pereira, rebased and the
copy of the entries array added.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The various macros to do checks in system call handlers all
implictly would generate a kernel oops if a check failed.
This is undesirable for a few reasons:
* System call handlers that acquire resources in the handler
have no good recourse for cleanup if a check fails.
* In some cases we may want to propagate a return value back
to the caller instead of just killing the calling thread,
even though the base API doesn't do these checks.
These macros now all return a value, if nonzero is returned
the check failed. K_OOPS() now wraps these calls to generate
a kernel oops.
At the moment, the policy for all APIs has not changed. They
still all oops upon a failed check/
The macros now use the Z_ notation for private APIs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Driver APIs might not implement all operations, making it possible for
a user thread to get the kernel to execute a function at 0x00000000.
Perform runtime checks in all the driver handlers, checking if they're
capable of performing the requested operation.
Fixes#6907.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Straightforward conversion for adc_enable/disable.
adc_read() uses a sequence table, which points to an array
of struct adc_seq_entry, each element pointing
to memory buffers. Need to validate all of these as being readable
by the caller, and the buffers writable.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Andrew Boie