Commit Graph

9 Commits

Author SHA1 Message Date
Andrew Boie 945af95f42 kernel: introduce object validation mechanism
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.

The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.

- CONFIG_USERSPACE introduced. We are somewhat far away from having an
  end-to-end implementation, but at least need a Kconfig symbol to
  guard the incoming code with. Formal documentation doesn't exist yet
  either, but will appear later down the road once the implementation is
  mostly finalized.

- In the memory region for RAM, the data section has been moved last,
  past bss and noinit. This ensures that inserting generated tables
  with addresses of kernel objects does not change the addresses of
  those objects (which would make the table invalid)

- The DWARF debug information in the generated ELF binary is parsed to
  fetch the locations of all kernel objects and pass this to gperf to
  create a perfect hash table of their memory addresses.

- The generated gperf code doesn't know that we are exclusively working
  with memory addresses and uses memory inefficently. A post-processing
  script process_gperf.py adjusts the generated code before it is
  compiled to work with pointer values directly and not strings
  containing them.

- _k_object_init() calls inserted into the init functions for the set of
  kernel object types we are going to support so far

Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:33:33 -07:00
Leandro Pereira 27ea2d8eb7 arch: xtensa: Convert Xtensa port to use gen_isr_table
The Xtensa port was the only one remaining to be converted to the new
way of connecting interrupts in Zephyr.  Some things are still
unconverted, mainly the exception table, and this will be performed
another time.

Of note: _irq_priority_set() isn't called on _ARCH_IRQ_CONNECT(), since
IRQs can't change priority on Xtensa: while the architecture has the
concept of interrupt priority levels, each line has a fixed level and
can't be changed.

Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2017-08-09 12:26:14 -07:00
Anas Nashif 397d29db42 linker: move all linker headers to include/linker
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-06-18 09:24:04 -05:00
Andrew Boie 174f301147 build: simplfy how extra build steps are specified
For various reasons its often necessary to generate certain
complex data structures at build-time by separate tools outside
of the C compiler. Data is populated to these tools by way of
special binary sections not intended to be included in the final
binary. We currently do this to generate interrupt tables, forthcoming
work will also use this to generate MMU page tables.

The way we have been doing this is to generatea "kernel_prebuilt.elf",
extract the metadata sections with objcopy, run the tool, and then
re-link the kernel with the extra data *and* use objcopy to pull
out the unwanted sections.

This doesn't scale well if multiple post-build steps are needed.
Now this is much simpler; in any Makefile, a special
GENERATED_KERNEL_OBJECT_FILES variable may be appended to containing
the filenames to the generated object files, which will be generated
by Make in the usual fashion.

Instead of using objcopy to pull out, we now create a linker-pass2.cmd
which additionally defines LINKER_PASS2. The source linker script
can #ifdef around this to use the special /DISCARD/ section target
to not include metadata sections in the final binary.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-05-13 14:07:09 -04:00
Kumar Gala bf53ebf2c8 arch: convert to using newly introduced integer sized types
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types.  There are few places we dont convert over to the new
types because of compatiability with ext/HALs or for ease of transition
at this point.  Fixup a few of the PRI formatters so we build with newlib.

Jira: ZEP-2051

Change-Id: I7d2d3697cad04f20aaa8f6e77228f502cd9c8286
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-04-21 12:08:12 +00:00
Andrew Boie 3944d8313e gen_isr_tables: apply offset to irq parameter
The interrupts would be placed at incorrect offsets on systems where
some interrupt vectors are reserved for exceptions, such as ARC.

Change-Id: I5b1f00eb9e8aecb84ae66e3d0461a734ffb5fbe6
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-02-15 04:49:19 +00:00
Andrew Boie bd69c3bdf0 riscv32: enable gen_isr_tables mechanism
Change-Id: Ia09d9a4d3412424dcbb25db829059a0714d81214
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-02-15 04:49:17 +00:00
Andrew Boie c99c686b2c nios2: use gen_isr_tables mechanism
Change-Id: If1ffcedf86a015789b42e7aec45dae3cc58f74fa
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-02-11 01:28:00 +00:00
Andrew Boie 1927b3d020 gen_isr_tables: New static interrupt build mechanism
This is a new mechanism for generating interrupt tables which will
be useful on many architectures. It replaces the old linker-based
mechanism for creating these tables and has a couple advantages:

 1) It is now possible to use enums as the IRQ line argument to
    IRQ_CONNECT(), which should ease CMSIS integration.
 2) The vector table itself is now generated, which lets us place
    interrupts directly into the vector table without having to
    hard-code them. This is a feature we have long enjoyed on x86
    and will enable 'direct' interrupts.
 3) More code is common, requiring less arch-specific code to
    support.

This patch introduces the common code for this mechanism. Follow-up
patches will enable it on various arches.

Issue: ZEP-1038, ZEP-1165
Change-Id: I9acd6e0de8b438fa9293f2e00563628f7510168a
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-02-11 01:27:58 +00:00