In stack_sentinel_timer(), the timer should not be allocated on the
stack. If it gets added to the list of timeouts by k_timer_start,
then an unexpected exception may occur when the timer expires since it
may have been overwritten.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Several user mode tests cannot run on twr_ke18f because
either the platform does not have a sufficient number of
MPU regions required for the tests, or, the tests also
require HW stack protection (which has been, by default,
excluded in user mode tests for twr_ke18f board). We
excluded the board from all those tests.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This is now called z_arch_esf_t, conforming to our naming
convention.
This needs to remain a typedef due to how our offset generation
header mechanism works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* z_NanoFatalErrorHandler() is now moved to common kernel code
and renamed z_fatal_error(). Arches dump arch-specific info
before calling.
* z_SysFatalErrorHandler() is now moved to common kernel code
and renamed k_sys_fatal_error_handler(). It is now much simpler;
the default policy is simply to lock interrupts and halt the system.
If an implementation of this function returns, then the currently
running thread is aborted.
* New arch-specific APIs introduced:
- z_arch_system_halt() simply powers off or halts the system.
* We now have a standard set of fatal exception reason codes,
namespaced under K_ERR_*
* CONFIG_SIMPLE_FATAL_ERROR_HANDLER deleted
* LOG_PANIC() calls moved to k_sys_fatal_error_handler()
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
HW stack protection in ARMv8-M is implemented by default
with the built-in stack guard mechanism. Therefore, by
default all tests for ARMv8-M will use the built-in stack
overflow mechanism (CONFIG_BUILTIN_STACK_GUARD is set in
tests). However, we would like have some coverage on the
MPU stack guard mechanism for ARMv8-M. The added test case
manually disables BUILTIN_STACK_GUARD and enables the
MPU_STACK_GUARD option, to provide that test coverage.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
CONFIG_TEST_HW_STACK_PROTECTION is set by default in tests,
and that one selects HW_STACK_PROTECTION option. Therefore,
we do not need to set that one explicitly in the test project
configuration files. We clean up some redundant occurrences of
CONFIG_HW_STACK_PROTECTION=y from the tree.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Test the HW stack protection feature for threads that are
pre-tagged as FPU users, when building with support for FP
shared registers mode (CONFIG_FP_SHARING=y).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For the ARM architecture we would like to test the HW
Stack Protection feature when building with support for
FP shared registers mode (CONFIG_FP_SHARING=y), as a
means of increasing coverage.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We would like to test the HW stack protection feature in ARM
builds with no user-mode support, i.e. CONFIG_USERSPACE=n. For
that we add a new test-case in tests/kernel/fatal test suite.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a test in tests/kernel/fatal test-suite, which checks
that the HW stack overflow detection works as expected during a user
thread system call.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Contrary to the comment in code, this test is NOT, in fact, compiled
with a traditional ticked kernel. Spinning won't work reliably
because interrupts won't necessarily be delivered when you expect.
This test case would fail spuriously as I moved things around when
debugging.
Doing it right (using a k_timer in this case) is actually less code
anyway.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
- Delete CONFIG_TEST_USERSPACE=n no-ops because it's the default
since commit 7b1ee5cf13
- Some tests have a "userspace" tag pretending to TEST_USERSPACE but
don't and vice versa: fix missing or spurious "userspace" tags in
testcase.yaml files.
Tests have a _spurious_ "userspace" tag when they PASS this command
cause none should pass:
./scripts/sanitycheck --tag=userspace -p qemu_x86 \
--extra-args=CONFIG_TEST_USERSPACE=n \
--extra-args=CONFIG_USERSPACE=n | tee userspace.log
All tests run by this command must either fail to build or fail to run
with some userspace related error. Shortcut to look at all test
failures:
zephyr_failure_logs() {
awk '/see.*log/ {print $2}' "$@"
}
Tests _missing_ "userspace" tag FAIL to either build or to run with some
userspace related error when running this:
./scripts/sanitycheck --exclude=userspace -p qemu_x86 \
--extra-args=CONFIG_TEST_USERSPACE=n \
--extra-args=CONFIG_USERSPACE=n | tee excludeuserspace.log
Note the detection methods above are not 100% perfect because some
flexible tests like tests/kernel/queue/src/main.c evade them with #ifdef
CONFIG_USERSPACE smarts. Considering they never break, it is purely the
test author's decision to include or not such flexible tests in the
"userspace" subset.
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
for SDK 0.10.0, it consumes more stack size when coverage
enabled, so adjust stack size to fix stack overflow issue.
Fixes: #15206.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Unlike CONFIG_HW_STACK_PROTECTION, which greatly helps
expose stack overflows in test code, activating
userspace without putting threads in user mode is of
very limited value.
Now CONFIG_TEST_USERSPACE is off by default. Any test
which puts threads in user mode will need to set
CONFIG_TEST_USERSPACE.
This should greatly increase sanitycheck build times
as there is non-trivial build time overhead to
enabling this feature. This also allows some tests
which failed the build on RAM-constrained platforms
to compile properly.
tests/drivers/build_all is a special case; it doesn't
put threads in user mode, but we want to ensure all
the syscall handlers compile properly.
Fixes: #15103 (and probably others)
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This lets us quickly filter tests that exercise userspace
when developing it.
Some tests had a whitelist with qemu_cortex_m3; change
this to mps2_an385, which is the QEMU target with an
MPU enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Tickless kernel is now always disabled, ensuring that when
the kernel's tick count changes, we really did get a timer
interrupt.
The test now awaits a change in tick count instead of busy
waiting for an arbitrary time period.
Fixes: #15013
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
stack check exception may come out with other protection
vilation, e.g. MPU read/write. So the possible paramter
will be 0x02 | [0x4 | 0x8].
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This commit removes the #ifdefs for ARM platforms in
tests/kernel/fatal/main.c, as all the tests suite can be
executed for platforms supporting the ARM and the NXP MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
(Chunk 1 of 3 - this patch was split across pull requests to address
CI build time limitations)
Zephyr has always been a uniprocessor system, and its kernel tests are
rife with assumptions and outright dependence on single-CPU operation
(for example: "low priority threads will never run until this high
priority thread blocks" -- not true if there's another processor to
run it!)
About 1/3 of our tests fail right now on x86_64 when dual processor
operation is made default. Most of those can probably be recovered on
a case-by-case basis with simple changes (and a few of them might
represent real bugs in SMP!), but for now let's make sure the full
test suite passes by turning the second CPU off. There's still plenty
of SMP coverage in the remaining cases.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We weren't testing whether stack overflows in user mode
were correctly reported.
A more aggressive stack overflow logic is enabled if
HW-based stack overflow detection is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These functions, for good design reason, take a locking key to
atomically release along with the context swtich. But there's still a
common pattern in code to do a switch unconditionally by passing
irq_lock() directly. On SMP that's a little hurtful as it spams the
global lock. Provide an _unlocked() variant for
_Swap/_reschedule/_pend_curr for simplicity and efficiency.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Disabled the CONFIG_COVERAGE for benchmarks and other tests.
This is needed because it interferes with normal behavior of the
test case.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Move to latest cmake version with many bug fixes and enhancements.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
When using an IDE (e.g. Eclipse, Qt Creator), the project name gets
displayed. This greatly simplifies the navigation between projects when
having many of them open at the same time. Naming every project "NONE"
defeats this functionality.
This patch tries to use sensible project names while not duplicating
too much of what is already represented in the path. This is done by
using the name of the directory the relevant CMakeLists.txt file is
stored in. To ensure unique project names in the samples (and again, in
the tests folder) folder, small manual adjustments have been done.
Signed-off-by: Reto Schneider <code@reto-schneider.ch>
bat_commit is an old and obsolete tag that has not been maintained over
time and was supposed to serve a purpose that is obsolete now. Also
rename core tag with kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fixed condition and wrong Kconfig name, shoud be CONFIG_CPU_HAS_NXP_MPU
instead of only CPU_HAS_NXP_MPU.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Prepend the text 'cmake_minimum_required(VERSION 3.8.2)' into the
application and test build scripts.
Modern versions of CMake will spam users with a deprecation warning
when the toplevel CMakeLists.txt does not specify a CMake
version. This is documented in bug #8355.
To resolve this we include a cmake_minimum_required() line into the
toplevel build scripts. Additionally, cmake_minimum_required is
invoked from within boilerplate.cmake. The highest version will be
enforced.
This patch allows us to afterwards change CMake policy CMP000 from OLD
to NEW which in turn finally rids us of the verbose warning.
The extra boilerplate is considered more acceptable than the verbosity
of the CMP0000 policy.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Even CONFIG_HW_STACK_PROTECTION is no here,
it is still yes as it will be re-selected by
CONFIG_TEST_HW_STACK_PROTECTION in tests/Kconfig.
So the correct setting here is:
CONFIG_TEST_HW_STACK_PROTECTION=n
This fixes#8092 (case1)
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
In arc, privileged stack is merged into defined stack. So
the real stack size should add privileged stack size.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The generation of Stack Corruptions reports is, now, supported
in ARM SOCs with the ARM MPU (CONFIG_ARM_MPU). Therefore, this
commit removes the workaround for ARM architecture in
tests/kernel/fatal/ and keeps it only for SOCs with the NXP MPU
(CONFIG_MXU_MPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
An errant commit accidentally disabled all testing of
hardware-based stack protection. Restore it, and work
around a problem with how these kinds of exceptions are
reported on ARM until #7706 is fixed.
We need to globally disable user mode due to how the
select statements in Kconfig work, the stack sentinel
is incompatible with user mode.
Some build warnings when compiling as native_posix
fixed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The kernel.fatal.stack_protection was filtering on
ARCH_HAS_STACK_PROTECTION and that should be
CONFIG_ARCH_HAS_STACK_PROTECTION
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Vincent Wan