This suite was fairly messy and very unstable on how it re-used
kernel objects.
* Unnecessary ztest_test_pass() or self-aborts removed
* k_thread_join() now used to wait for child thread completion,
instead of a strange use of a semaphore which was effectively
a 10ms sleep
* Barriers simplified
* the number of thread objects in kobject.c is now drastically reduced
* test case function names are now descriptive and made static if
only used in local scope in kobject.c
* SMP no longer disabled
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a k_timeout_t type, and use it everywhere that kernel API
functions were accepting a millisecond timeout argument. Instead of
forcing milliseconds everywhere (which are often not integrally
representable as system ticks), do the conversion to ticks at the
point where the timeout is created. This avoids an extra unit
conversion in some application code, and allows us to express the
timeout in units other than milliseconds to achieve greater precision.
The existing K_MSEC() et. al. macros now return initializers for a
k_timeout_t.
The K_NO_WAIT and K_FOREVER constants have now become k_timeout_t
values, which means they cannot be operated on as integers.
Applications which have their own APIs that need to inspect these
vs. user-provided timeouts can now use a K_TIMEOUT_EQ() predicate to
test for equality.
Timer drivers, which receive an integer tick count in ther
z_clock_set_timeout() functions, now use the integer-valued
K_TICKS_FOREVER constant instead of K_FOREVER.
For the initial release, to preserve source compatibility, a
CONFIG_LEGACY_TIMEOUT_API kconfig is provided. When true, the
k_timeout_t will remain a compatible 32 bit value that will work with
any legacy Zephyr application.
Some subsystems present timeout (or timeout-like) values to their own
users as APIs that would re-use the kernel's own constants and
conventions. These will require some minor design work to adapt to
the new scheme (in most cases just using k_timeout_t directly in their
own API), and they have not been changed in this patch, instead
selecting CONFIG_LEGACY_TIMEOUT_API via kconfig. These subsystems
include: CAN Bus, the Microbit display driver, I2S, LoRa modem
drivers, the UART Async API, Video hardware drivers, the console
subsystem, and the network buffer abstraction.
k_sleep() now takes a k_timeout_t argument, with a k_msleep() variant
provided that works identically to the original API.
Most of the changes here are just type/configuration management and
documentation, but there are logic changes in mempool, where a loop
that used a timeout numerically has been reworked using a new
z_timeout_end_calc() predicate. Also in queue.c, a (when POLL was
enabled) a similar loop was needlessly used to try to retry the
k_poll() call after a spurious failure. But k_poll() does not fail
spuriously, so the loop was removed.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Kernel timeouts have always been a 32 bit integer despite the
existence of generation macros, and existing code has been
inconsistent about using them. Upcoming commits are going to make the
timeout arguments opaque, so fix things up to be rigorously correct.
Changes include:
+ Adding a K_TIMEOUT_EQ() macro for code that needs to compare timeout
values for equality (e.g. with K_FOREVER or K_NO_WAIT).
+ Adding a k_msleep() synonym for k_sleep() which can continue to take
integral arguments as k_sleep() moves away to timeout arguments.
+ Pervasively using the K_MSEC(), K_SECONDS(), et. al. macros to
generate timeout arguments.
+ Removing the usage of K_NO_WAIT as the final argument to
K_THREAD_DEFINE(). This is just a count of milliseconds and we need
to use a zero.
This patch include no logic changes and should not affect generated
code at all.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Private type, internal to the kernel, not directly associated
with any k_object_* APIs. Is the return value of z_object_find().
Rename to struct z_object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
I've been seeing these cause errors on the more recent versions of
Doxygen which come with Arch Linux for a while now. Fix these:
error: Illegal format for option TCL_SUBST, no equal sign ('=') specified for item 'YES'
$ZEPHYR_BASE/tests/kernel/mem_protect/futex/src/main.c:461: warning: end of file with unbalanced grouping commands
Just trying to get them out of my local output and as preparation for
whenever they start showing up for Ubuntu.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
* arc supports mpu gap filling now.
* these tests can be used for any arch which supports mpu gap
filling.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Extend the bad syscall-ID test case to cover
erroneously supplied larged unsiged syscall-ID
values.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Hammer all CPUs with multiple threads all making system calls
that do memory allocations and buffer validation, in the hopes
that it will help smoke out concurrency issues.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This works around an issue with this emulator's configuration where
there is no memory address that can be poked to generate a fault,
it is simulating memory for the entire address space.
Fixes: #22561
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The existing stack_analyze APIs had some problems:
1. Not properly namespaced
2. Accepted the stack object as a parameter, yet the stack object
does not contain the necessary information to get the associated
buffer region, the thread object is needed for this
3. Caused a crash on certain platforms that do not allow inspection
of unused stack space for the currently running thread
4. No user mode access
5. Separately passed in thread name
We deprecate these functions and add a new API
k_thread_stack_space_get() which addresses all of these issues.
A helper API log_stack_usage() also added which resembles
STACK_ANALYZE() in functionality.
Fixes: #17852
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The "alternate thread" test would spawn a thread and then exit the
test, but on SMP that other thread runs asynchronously and it was
possible for the main thread to exit the test entirely before the test
thread had a chance to run (and overflow its stack), leading to
spurious test case failures.
Obviously we can't exactly synchronize to an async crash, so put a
short delay in after spawning the thread.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Interrupts should not be locked when servicing a system call,
and the kernel should not think we are in an interrupt handler
either.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Exceptions on x86_64 are incorrectly implemented, and if
a preemptible thread faults, and in its overridden
k_sys_fatal_error_handler() does something which invokes
a scheduling point (such as here where we give semaphores),
the thread will be swapped out on the per-CPU exception stack
and probably explode when it is switched back in.
For now, change the faulting thread priority to co-op so this
doesn't happen.
Workaround for #21462
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Most of the scenarios in this test case spawn child threads
and expect them to complete before execution proceeds.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nearly all of these cases create a child thread that needs
to complete before the main test proceeds further. If the
child thread runs simultaneously on another CPU, this gets
messed up.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test spawns a child thread and expects it to complete.
Use one CPU for it. Get rid of the useless k_thread_abort()
call and add a k_yield() to ensure the child does its
thing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
This symbol should already be getting enabled if CONFIG_USERSPACE is
enabled, because CONFIG_ERRNO is default y and has
select THREAD_USERSPACE_LOCAL_DATA if USERSPACE
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Before introducing the code for ARM64 (AArch64) we need to relocate the
current ARM code to a new AArch32 sub-directory. For now we can assume
that no code is shared between ARM and ARM64.
There are no functional changes. The code is moved to the new location
and the file paths are fixed to reflect this change.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
tc_number is passed to a child thread as a parameter, which is
void *. We want to treat it as an integer, but a direct cast
to int causes a warning on 64-bit platforms; cast to uintptr_t
first to suppress it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In addition to not assuming all pointers fit in a u32_t,
logic is added to find the privilege mode stack on x86_64
and several error messages now contain more information.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test has a problem, specifically in the scenario for
test_mem_domain_remove_partitions. A low priority thread (10)
is created which is expected to produce an exception. Then
the following happens:
- The thread indeed crashes and ends up in the custom fatal
error handler, on the stack used for exceptions
- The call to ztest_test_pass() is made
- ztest_test_pass() gives the test_end_signal semaphore
- We then context switch to the ztest main thread which is
higher priority, leaving the thread that crashed context
switched out *on the exception stack*
- More tests are run, and some of them also produce exceptions
- Eventually we do a sleep and the original crashed thread is
swapped in again
- Since several other exceptions have taken place on the
exception stack since then, resuming context results in
an unexpected error, causing the test to fail
Only seems to affect arches that have a dedicated stack for
exceptions, like x86_64. For now, increase the priority of
the child thread so it's cleaned up immediately. Longer-term,
this all needs to be re-thought in the test case to make this
less fragile.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Builds of docs with doxygen 1.8.16 has a number of warnings of the form:
'warning: unbalanced grouping commands'. Fix those warnings be either
balancing the group command or removing it.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Fix coverity issue 20534: read the status of a volatile
variable in an ASSERT statement via a stack variable
declared and defined for this purpose.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Entering irq_offload() on multiple CPUs can cause
difficult to debug/reproduce crashes. Demote irq_offload()
to non-inline (it never needed to be inline anyway) and
wrap the arch call in a semaphore.
Some tests which were unnecessarily killing threads
have been fixed; these threads exit by themselves anyway
and we won't leave the semaphore dangling.
The definition of z_arch_irq_offload() moved to
arch_interface.h as it only gets called by kernel C code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We add a new test-case for the mem_protect and userspace tests,
to test the ARMv8-M MPU driver without the skipping of full SRAM
partitioning (i.e. gap filling).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors kernel and arch headers to establish a boundary
between private and public interface headers.
The refactoring strategy used in this commit is detailed in the issue
This commit introduces the following major changes:
1. Establish a clear boundary between private and public headers by
removing "kernel/include" and "arch/*/include" from the global
include paths. Ideally, only kernel/ and arch/*/ source files should
reference the headers in these directories. If these headers must be
used by a component, these include paths shall be manually added to
the CMakeLists.txt file of the component. This is intended to
discourage applications from including private kernel and arch
headers either knowingly and unknowingly.
- kernel/include/ (PRIVATE)
This directory contains the private headers that provide private
kernel definitions which should not be visible outside the kernel
and arch source code. All public kernel definitions must be added
to an appropriate header located under include/.
- arch/*/include/ (PRIVATE)
This directory contains the private headers that provide private
architecture-specific definitions which should not be visible
outside the arch and kernel source code. All public architecture-
specific definitions must be added to an appropriate header located
under include/arch/*/.
- include/ AND include/sys/ (PUBLIC)
This directory contains the public headers that provide public
kernel definitions which can be referenced by both kernel and
application code.
- include/arch/*/ (PUBLIC)
This directory contains the public headers that provide public
architecture-specific definitions which can be referenced by both
kernel and application code.
2. Split arch_interface.h into "kernel-to-arch interface" and "public
arch interface" divisions.
- kernel/include/kernel_arch_interface.h
* provides private "kernel-to-arch interface" definition.
* includes arch/*/include/kernel_arch_func.h to ensure that the
interface function implementations are always available.
* includes sys/arch_interface.h so that public arch interface
definitions are automatically included when including this file.
- arch/*/include/kernel_arch_func.h
* provides architecture-specific "kernel-to-arch interface"
implementation.
* only the functions that will be used in kernel and arch source
files are defined here.
- include/sys/arch_interface.h
* provides "public arch interface" definition.
* includes include/arch/arch_inlines.h to ensure that the
architecture-specific public inline interface function
implementations are always available.
- include/arch/arch_inlines.h
* includes architecture-specific arch_inlines.h in
include/arch/*/arch_inline.h.
- include/arch/*/arch_inline.h
* provides architecture-specific "public arch interface" inline
function implementation.
* supersedes include/sys/arch_inline.h.
3. Refactor kernel and the existing architecture implementations.
- Remove circular dependency of kernel and arch headers. The
following general rules should be observed:
* Never include any private headers from public headers
* Never include kernel_internal.h in kernel_arch_data.h
* Always include kernel_arch_data.h from kernel_arch_func.h
* Never include kernel.h from kernel_struct.h either directly or
indirectly. Only add the kernel structures that must be referenced
from public arch headers in this file.
- Relocate syscall_handler.h to include/ so it can be used in the
public code. This is necessary because many user-mode public codes
reference the functions defined in this header.
- Relocate kernel_arch_thread.h to include/arch/*/thread.h. This is
necessary to provide architecture-specific thread definition for
'struct k_thread' in kernel.h.
- Remove any private header dependencies from public headers using
the following methods:
* If dependency is not required, simply omit
* If dependency is required,
- Relocate a portion of the required dependencies from the
private header to an appropriate public header OR
- Relocate the required private header to make it public.
This commit supersedes #20047, addresses #19666, and fixes#3056.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
There are two set of code supporting x86_64: x86_64 using x32 ABI,
and x86 long mode, and this consolidates both into one x86_64
architecture and SoC supporting truly 64-bit mode.
() Removes the x86_64:x32 architecture and SoC, and replaces
them with the existing x86 long mode arch and SoC.
() Replace qemu_x86_64 with qemu_x86_long as qemu_x86_64.
() Updates samples and tests to remove reference to
qemu_x86_long.
() Renames CONFIG_X86_LONGMODE to CONFIG_X86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
After run Sanitycheck script I found out that some test cases
have the same test case name in the test result .xml file.
To get rid of it, I decided to change test cases names
for the kernel tests.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
We replace an inline assembly block of code with CMSIS
functions, to make it portable to ARMv6-M architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The struct definitions for pdpt, pd, and pt entries has been
removed:
- Bitfield ordering in a struct is implementation dependent,
it can be right-to-left or left-to-right
- The two different structures for page directory entries were
not being used consistently, or when the type of the PDE
was unknown
- Anonymous structs/unions are GCC extensions
Instead these are now u64_t, with bitwise operations used to
get/set fields.
A new set of inline functions for fetcing various page table
structures has been implemented, replacing the older macros.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This hasn't been necessary since we dropped support for 32-bit
non-PAE page tables. Replace it with u64_t and scrub any
unnecessary casts left behind.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will be used for both 32-bit and 64-bit mode.
This header gets pulled in by x86's arch/cpu.h, so put
it in include/arch/x86/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Re-run with updated script to convert integer literal delay arguments to
k_sleep to use the standard timeout macros.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This patch is a preparatory step in enabling the MMU in
long mode; no steps are taken to implement long mode support.
We introduce struct x86_page_tables, which represents the
top-level data structure for page tables:
- For 32-bit, this will contain a four-entry page directory
pointer table (PDPT)
- For 64-bit, this will (eventually) contain a page map level 4
table (PML4)
In either case, this pointer value is what gets programmed into
CR3 to activate a set of page tables. There are extra bits in
CR3 to set for long mode, we'll get around to that later.
This abstraction will allow us to use the same APIs that work
with page tables in either mode, rather than hard-coding that
the top level data structure is a PDPT.
z_x86_mmu_validate() has been re-written to make it easier to
add another level of paging for long mode, to support 2MB
PDPT entries, and correctly validate regions which span PDPTE
entries.
Some MMU-related APIs moved out of 32-bit x86's arch.h into
mmustructs.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The main and idle threads, and their associated stacks,
were being referenced in various parts of the kernel
with no central definition. Expose these in kernel_internal.h
and namespace with z_ appropriately.
The main and idle threads were being defined statically,
with another variable exposed to contain their pointer
value. This wastes a bit of memory and isn't accessible
to user threads anyway, just expose the actual thread
objects.
Redundance MAIN_STACK_SIZE and IDLE_STACK_SIZE defines
in init.c removed, just use the Kconfigs they derive
from.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Disabling SMP mode for certain tests was a one-release thing, done to
avoid having to triage every test independently (MANY are not
SMP-safe), and with the knowledge that it was probably hiding bugs in
the kernel.
Turn it on pervasively. Tests are treated with a combination of
flagging specific cases as "1cpu" where we have short-running tests
that can be independently run in an otherwise SMP environment, and via
setting CONFIG_MP_NUM_CPUS=1 where that's not possible (which still
runs the full SMP kernel config, but with only one CPU available).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Several user mode tests cannot run on twr_ke18f because
either the platform does not have a sufficient number of
MPU regions required for the tests, or, the tests also
require HW stack protection (which has been, by default,
excluded in user mode tests for twr_ke18f board). We
excluded the board from all those tests.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit replaces several CONFIG_USERSPACE=y
settings with CONFIG_TEST_USERSPACE=y. This allows
the test sub-system Kconfig structure to control
the settings of USERSPACE and HW_STACK_PROTECTION
in the various tests suites.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix unhandled return values as most other places handled in this
file, fix coverity issue 203454.
Fixes: #18443.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Andrew Boie