K_NUM_PRIORITIES and K_NUM_PRIO_BITMAPS were defined in
nano_internal.h, but used in only a handful of places. Move to
kernel_structs.h (somewhat higher up in the hierarchy) to help with
include file cycle-breaking. Arguably they are a better fit there
anyway.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
_Swap() is defined in nano_internal.h. Everything calls _Swap().
Pretty much nothing that called _Swap() included nano_internal.h,
expecting it to be picked up automatically through other headers (as
it happened, from the kernel arch-specific include file). A new
_Swap() is going to need some other symbols in the inline definition,
so I needed to break that cycle. Now nothing sees _Swap() defined
anymore. Put nano_internal.h everywhere it's needed.
Our kernel includes remain a big awful yucky mess. This makes things
more correct but no less ugly. Needs cleanup.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This sample (which should eventually become a proper test) suite
builds from simple applications of the new primitives to a full
context switch test and interrupt handling suite (based on the
CPU-internal CCOMPARE2 timer).
It's been extraordinarily useful finding regressing as the asm2 code
gets modified and should probably stick around as long as possible.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
SMP needs a new context switch primitive (to disentangle _swap() from
the scheduler) and new interrupt entry behavior (to be able to take a
global spinlock on behalf of legacy drivers). The existing code is
very obtuse, and working with it led me down a long path of "this
would be so much better if..." So this is a new context and entry
framework, intended to replace the code that exists now, at least on
SMP platforms.
New features:
* The new context switch primitive is xtensa_switch(), which takes a
"new" context handle as an argument instead of getting it from the
scheduler, returns an "old" context handle through a pointer
(e.g. to save it to the old thread context), and restores the lock
state(PS register) exactly as it is at entry instead of taking it as
an argument.
* The register spill code understands wrap-around register windows and
can avoid spilling A4-A15 registers when they are unused by the
interrupted function, saving as much as 48 bytes of stack space on
the interrupted stacks.
* The "spill register windows" routine is entirely different, using a
different mechanism, and is MUCH FASTER (to the tune of almost 200
cycles). See notes in comments.
* Even better, interrupt entry can be done via a clever "cross stack
call" I worked up, meaning that the interrupted thread's registers
do not need to be spilled at all until they are naturally pushed out
by the interrupt handler or until we return from the interrupt into
a different thread. This is a big efficiency win for tiny
interrupts (e.g. timers), and a big latency win for all interrupts.
* Interrupt entry is 100% symmetric with respect to medium/high
interrupts, avoiding the problems seen with hooking high priority
interrupts with the current code (e.g. ESP-32's watchdog driver).
* Much smaller code size. No cut and paste assembly. No use of HAL
calls.
* Assumes "XEA2" interrupt architecture, the register window extension
(i.e. no CALL0 ABI), and the "high priority interrupts" extension.
Does not support the legacy processor variants for which we have no
targets. The old code has some stuff in there to support this, but
it seems bitrotten, untestable, and I'm all but certain it doesn't
work.
Note that this simply adds the primitives to the existing tree in a
form where they can be unit tested. It does not replace the existing
interrupt/exception handling or _Swap() implementation.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Xtensa has a "high priority" class of interrupt levels which ignore
the EXCM bit and can thus interrupt running exception handlers. These
can't be used for C handlers in the general case[1] because C code
needs to be able to throw window over/underflow exceptions, which are
not reentrant.
But the high priority interrupts might be useful to a carefully
designed application, or to unit tests of low level architecture code.
So make their generation optional with this kconfig option.
[1] ESP-32 has a high priority interrupt for its watchdog, apparently.
Which is sort of OK given that it never needs to return to the
interrupted code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing hand-written interrupt code is manually calling the timer
ISR, which is sort of silly and about to be replaced. Correctly
declare the ISR with IRQ_CONNECT() so that a conventional interrupt
handling implementation can find it. With current code this is a
noop.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The new thread stack layout is as follow:
|---------------------|
| user stack |
|---------------------|
| stack guard (opt.) |
|---------------------|
| privilege stack |
-----------------------
For MPUv2
* user stack is aligned to the power of 2 of user stack size
* the stack guard is 2048 bytes
* the default size of privileg stack is 256 bytes.
For user thread, the following MPU regions are needded
* one region for user stack, no need of stack guard for user stack
* one region for stack guard when stack guard is enbaled
* regions for memory domain.
For kernel thread, the stack guard region will be at the top, adn
The user stack and privilege stack will be merged.
MPUv3 is the same as V2's layout, except no need of power of 2
alignment.
* reimplement the user mode enter function. Now it's possible for
kernel thread to drop privileg to user thread.
* add a separate entry for user thread
* bug fixes in the cleanup of regs when go to user mode
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
when USERSPACE is enabled, exception is handled in the privilege
stack of thread. This make thread context switch is possible in the
exception handler. For some case,e.g. tests, this is useful.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
disable the U bit of irq.ctrl, so the user thread's context will
be saved into privilege stack when interrupts/exception come.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The application memory area has a requirement of address alignment,
especially when MPU requires power of 2.
Modify the linker tmemplate to apply application memory address
alignment generation
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
scrub all the regs of kernel context before returnning to userspace.
For sys call, ro is not cleared as it's a return value of sys call.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Enable us bit to check user mode more efficienly.
US is read as zero in user mode. This will allow use mode sleep
instructions, and it enables a form of denial-of-service attack
by putting the processor in sleep mode, but since interrupt
level/mask can't be set from user space that's not worse than
executing a loop without yielding.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* user space support requires THREAD_INFO
* for MPU version 2, the stack align is at least 2048 bytes
* the smallest mpu region is 2048 bytes
* the region size must bt power of 2
* the start address of region must be aligned to the region size
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add the implementation of syscall
* based on 'trap_s' intruction, id = 3
* add the privilege stack
* the privilege stack is allocted with thread stack
* for the kernel thread, the privilege stack is also a
part of thread stack, the start of stack can be configured
as stack guard
* for the user thread, no stack guard, when the user stack is
overflow, it will fall into kernel memory area which requires
kernel privilege, privilege violation will be raised
* modify the linker template and add MPU_ADDR_ALIGN
* add user space corresponding codes in mpu
* the user sp aux reg will be part of thread context
* When user thread is interruptted for the 1st time, the context is
saved in user stack (U bit of IRQ_CTLR is set to 1). When nest
interrupt comes, the context is saved in thread's privilege stack
* the arc_mpu_regions.c is moved to board folder, as it's board
specific
* the above codes have been tested through tests/kernel/mem_protect/
userspace for MPU version 2
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Fixed incorrect comparison of FLASH_SLOT in microseconds
with ticks elapsed.
This caused Bluetooth controller to try scheduling events
beyond the acceptable soft real-time design limits, due to
the CPU halted for flash erase operation.
Fixes#6229.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Added missing HCI Supported Commands bit fields for PHY
Update feature. Also, refactored with missing conditional
compilation for other bit fields.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Revert incorrect calculation introduced in
commit ec5a787da2 ("Bluetooth: controller: Fix multiple
master role event scheduling") and revert a related
incorrect fix in commit a02606cbf9 ("Bluetooth:
controller: Fix missing ticks to us conversion").
Fixes the controller assert in ctrl.c line number 1477. A
64-bit arithmetic took ~35 us in Radio ISR for nRF51 causing
the ISR to take too much time before packet buffer could be
set.
Also, fixed master scheduling by correctly accounting for
the jitter between each master event.
Relates to: #5486
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix incorrect calculation of unreserved timespace which
should take into account the ticks_slot of current event,
and compensation for any reduced prepare in the current
event as well as in the next event.
This regression relates to the commit ad7c9d3d76
("Bluetooth: controller: Improved continuous scanning")
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Define a macro HAL_TIMER_SIGN_BIT to correspond to the most
significant bit support by counter hardware used by ticker.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use XON_BITMASK define instead of raw BIT(31) or bit shift
operations in code to represent use of reduced prepared by
an event.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix Kconfig help sections and add spacing to be consistent across all
Kconfig file. In a previous run we missed a few.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split the search into two loops: in the common scenario, where device
names are stored in ROM (and are referenced by the user with CONFIG_*
macros), only cheap pointer comparisons will be performed.
Reserve string comparisons for a fallback second pass.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
If there's no more room to store new pairings, send a proper error
instead of letting the SMP timeout expire.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Explicitly show representation peculiarities of the negative values.
Additionally mention that fractional part is in one-millionth parts.
Fixes: #5692
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This patch adjusts the default permissions on the bus master 3 (NET).
Recent changes restricted this to supervisor only, and this caused
issues with the network controllers access to memory.
Restrictions on access should really be enforced on the ARM core bus
master.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The previous default, "config-threadnet.h", is more or less arbitrary
choice made in a commit 312def2c78 1.5 years ago. In particular,
it's not related to Thread support in Zephyr per se (there was no
such support at that time).
It doesn't make sense to have a default intended for a particular,
not widely used (yet) protocol. Instead, the default should work
out of the box with a contemporary widely deployed arrays of TLS
servers, which are HTTPS server. config-mini-tls1_2.h works with
https://google.com, and by extension, with many other servers on
the Internet.
So, have that as the default, and let applications with special
needs to override that to what they need.
Addresses: #6132
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This config enables TLS 1.2 (only), as its name suggests, and
contrary to the (copy-pasted) comments in the file header, so
update these comments.
Fixes: #6131
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This patch adds an additional constraint to make sure that we only
do the application memory sizing if it is really necessary.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
platform_whitelist does not deal with comma separated strings. Also
remove build_only option, this should also run on those devices.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
For those still using old variable ZEPHYR_GCC_VARIANT.
raise an error if the variable is not defined.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This makes things slightly cleaner, and we don't need to rely on the
deprecated net_buf_simple_init() API (which was a bit hackish for
these custom-constructed net_buf_simple objects anyway).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When an __ASSERT() fails compiled for ARCH_POSIX,
instead of spinning forever (probably until sanitycheck times out)
it now terminates immediately and returns 1 to the shell
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
This is one way we can support out of tree board definitions. Basically
all this needs is a board definition in the application source directory
that follows the same structure we have in the main Zephyr tree (also
allowing multiple custom boards). An application tree would look like
this for example:
boards/
CMakeLists.txt
prj.conf
README.rst
src/
with boards following the same structure as in Zephyr:
.
├── boards
│ └── x86
│ └── arduino_101
│ ├── doc
│ │ └── img
│ └── support
└── src
To use this, you need to specify the BOARD_ROOT variable on the command
line when building:
cmake -DBOARD=<board name> -DBOARD_ROOT=<path to boards> ..
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
I am the original author of the API and initial drivers, and would
like to maintain this area.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The read/write_kernel_stack tests are confusingly named and incorrectly
implemented for ARM; they are intended to test that user mode threads
cannot read or write their privileged stacks. The privileged stacks
on ARM are not relative to the user stack, and thus their location
cannot be computed from the user stack. To find the privileged stack on
ARM, we have to use _k_priv_stack_find(), which we do during setup
in test_main() rather than from the usermode thread itself. Accessing
thread_stack directly from the test function requires making it
non-static in ztest, so we also give it a ztest_ prefix to avoid
collisions with other test programs. Rename the test functions and
global pointer variable to more accurately reflect their purpose.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Prior to this commit, `flash_area_layout()` was being passed a pointer
to the incorrect type (`uint32_t *` where `int *` was expected). This
caused the following warning to be reported:
```
[...]/subsys/storage/flash_map/flash_map.c: In
function 'flash_area_get_sectors':
[...]/subsys/storage/flash_map/flash_map.c:191:32:
warning: passing argument 2 of 'flash_area_layout' from incompatible
pointer type [-Wincompatible-pointer-types]
return flash_area_layout(idx, cnt, ret, get_sectors_cb, &data);
^~~
[...]/subsys/storage/flash_map/flash_map.c:136:12:
note: expected 'int *' but argument is of type 'uint32_t * {aka long
unsigned int *}'
static int flash_area_layout(int idx, int *cnt, void *ret,
^~~~~~~~~~~~~~~~~
```
This commit changes the argument type to `u32_t` for both functions.
Signed-off-by: Christopher Collins <ccollins@apache.org>
The contributing instructions were currently centered exclusively around
Linux. Make them generic and cross-plaform while highlighting the tools
that do not currently work on Windows, namely:
* sanitycheck
* checkpatch
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This fixes the issue when after incomplete timer expiration
host sent ACK.
The host failed in two cases:
1. Sending ACK right after the incomplete timer expiration;
2. Sending ACK from new RX context. Now, seq_auth of cancelled
message is not cleaned on RX reset, so segments of cancelled message
will be discarded when resend.
According to the Mesh Profile v1.0
"When the incomplete timer expires, the lower transport layer
shall consider that the message being received has failed and
cancel the acknowledgment timer. Any segment of a canceled
message shall be ignored."
Fixes#6023
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Andy Ross