Commit Graph

29 Commits

Author SHA1 Message Date
Andrew Boie f1d12aa45b userspace: deprecate k_mem_domain_remove_thread()
This is just equivalent to calling k_mem_domain_add_thread()
on the default memory domain now.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-26 20:35:02 -04:00
Andrew Boie 9bfc8d82d0 userspace: introduce default memory domain
We make a policy change here: all threads are members of a
memory domain, never NULL. We introduce a default memory domain
for threads that haven't been assigned to or inherited another one.

Primary motivation for this change is better MMU support, as
one common configuration will be to maintain page tables at
the memory domain level.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-26 20:35:02 -04:00
Andrew Boie 1a9f490353 userspace: deprecate k_mem_domain_destroy()
We don't have use-cases and it introduces complexities with
allocating page tables on MMU systems.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-26 20:35:02 -04:00
Andrew Boie 86ad13d960 userspace: clarify some mem domain doxyen
Make a few miscellaneous comments clearer.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-20 13:58:54 -04:00
Andrew Boie bc35b0b780 userspace: add optional member to memory domains
Some systems may need to associate arch-specific data to
a memory domain. Add a Kconfig and `arch` field for this,
and a new arch API to initialize it.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-20 13:58:54 -04:00
Andrew Boie f8d743a1cb userspace: fix ifdef for k_mem_partition
Wrap the entire definition around CONFIG_MEMORY_PROTECTION.
Add incomplete declaration for IS_ENABLED() purposes.

Some arch code uses struct k_mem_partition internally for
MPU management, even if userspace isn't enabled.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-20 13:58:54 -04:00
Andrew Boie ca1921aaa3 userspace: fix ifdef for k_mem_domain
ifdef the entire struct k_mem_domain around CONFIG_USERSPACE,
this is specifically and only a userspace feature.

Add an incomplete definition for purposes of allowing the APIs
to be used with IS_ENABLED().

Prevents accidental useless instatiation of k_mem_domain structs.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-20 13:58:54 -04:00
Andrew Boie 75d5c0bc4b userspace: move mem domain defines
This now has its own header instead of kernel.h. The code is
unchanged other than a forward declaration of k_tid_t.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-08-20 13:58:54 -04:00
Andrew Boie 354053441d userspace: mark z_app_regions as const
These are read-only structures used to clear the various
BSS regions. Mark as constant data.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-07-20 13:47:10 +02:00
Krzysztof Chruscinski 1b4b9386e5 sys: util: Added separator to FOR_EACH_ macros
Added separator (e.g. comma or semicolon) parameter to FOR_EACH_ family.
Separator is added between macro execution for each argument and not at
the end.

Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
2020-06-10 11:58:13 +02:00
Andrew Boie a824821b86 kernel: fix k_mem_partition data types
We need a size_t and not a u32_t for partition sizes,
for 64-bit compatibility.

Additionally, app_memdomain.h was also casting the base
address to a u32_t instead of a uintptr_t.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-12-12 14:48:42 -08:00
Anas Nashif ee9dd1a54a cleanup: include/: move misc/dlist.h to sys/dlist.h
move misc/dlist.h to sys/dlist.h and
create a shim for backward-compatibility.

No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.

Related to #16539

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2019-06-27 22:55:49 -04:00
Ioannis Glaropoulos 1212604488 kernel: app_memdomain: remove unused defines
Remove unused definition of MEMDOMAIN_ALIGN_SIZE macro
from include/app_memory/app_memdomain.h.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2019-06-17 10:00:22 -07:00
Anas Nashif 3ae52624ff license: cleanup: add SPDX Apache-2.0 license identifier
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier.  Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.

By default all files without license information are under the default
license of Zephyr, which is Apache version 2.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2019-04-07 08:45:22 -04:00
Patrik Flykt 4344e27c26 all: Update reserved function names
Update reserved function names starting with one underscore, replacing
them as follows:
   '_k_' with 'z_'
   '_K_' with 'Z_'
   '_handler_' with 'z_handl_'
   '_Cstart' with 'z_cstart'
   '_Swap' with 'z_swap'

This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.

Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.

Various generator scripts have also been updated as well as perf,
linker and usb files. These are
   drivers/serial/uart_handlers.c
   include/linker/kobject-text.ld
   kernel/include/syscall_handler.h
   scripts/gen_kobject_list.py
   scripts/gen_syscall_header.py

Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
2019-03-11 13:48:42 -04:00
Andrew Boie f084c38d44 userspace: properly namespace linker vars
App shared memory defines a bunch of symbols in the
linker script. Namespace them properly as private
zephyr variables.

The variables which indicate the bounds of the entire
partition now end with "_part_start", "_part_size",
and "_part_end" to make them easy for scripts to
distinguish them from other generated symbols for
data/bss sizes.

Finally, the bss size is not rounded up, this was
causing unnecessary memory to be zeroed.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-03-05 10:02:27 -08:00
Andrew Boie e686aefe09 mbedtls: provide user mode access
The mbedtls library has some globals which results in faults
when user mode tries to access them.

Instantiate a memory partition for mbedtls's globals.
The linker will place all globals found by building this
library into this partition.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-03-05 08:27:20 -05:00
Andrew Boie 7707060959 userspace: get rid of app section placeholders
We used to leave byte-long placeholder symbols to ensure
that empty application memory sections did not cause
build errors that were very difficult to understand.

Now we use some relatively portable inline assembly to
generate a symbol, but don't take up any extra space.

The malloc and libc partitions are now only instantiated
if there is some data to put in them.

Fixes: #13923

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-03-04 08:05:16 -08:00
Andrew Boie 4ce652e4b2 userspace: remove APP_SHARED_MEM Kconfig
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-02-23 07:43:55 -05:00
Andrew Boie 80e3a2c246 app_shmem: include stub macro definitions
We'd like these macros to simply do nothing if the
feature isn't enabled rather than erroring out.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-02-22 18:50:43 -05:00
David B. Kinder 1de7038f1e doc: fix doxygen API comment misspellings
Fix misspellings in doxygen comments missed during regular reviews

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-02-16 09:23:41 -06:00
Andrew Boie 7adff462e7 app_shmem: overhaul partition specification
* K_APP_DMEM_SECTION/K_MEM_BMEM_SECTION macros now exist
  to specifically define the name of the sections for data
  and bss respectively.

* All boards now use the gen_app_partitions.py script, the
  padding hacks for non-power-of-two arches didn't work right
  in all cases. Linker scripts have been updated.

* The defined k_mem_partition is now completely initialized
  at build time. The region data structures now only exist
  to zero BSS.

Based on some work submitted by Adithya Baglody
<adithya.baglody@intel.com>

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-02-08 07:04:30 -05:00
Andrew Boie c253a686bf app_shmem: auto-initialize partitions
There are no longer per-partition initialization functions.
Instead, we iterate over all of them at boot to set up the
derived k_mem_partitions properly.

Some ARC-specific hacks that should never have been applied
have been removed from the userspace test.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-01-30 23:15:51 -05:00
Andrew Boie 85e1fcb02a app_shmem: renamespace and document
The public APIs for application shared memory are now
properly documented and conform to zephyr naming
conventions.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-01-30 15:43:58 -08:00
Andrew Boie f278f31da1 app_shmem: delete parallel API for domains
The app shared memory macros for declaring domains provide
no value, despite the stated intentions.

Just declare memory domains using the standard APIs for it.

To support this, symbols declared for app shared memory
partitions now are struct k_mem_partition, which can be
passed to the k_mem_domain APIs as normal, instead of the
app_region structs which are of no interest to the end
user.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-01-29 11:11:49 -08:00
Ioannis Glaropoulos bf34cf9443 arch: arm: mpu: Updates in ARM MPU-related convenience macros
This commit does the following:
- it introduces additional convenience macros for representing
  MPU attributions for no-cacheability, in both ARMv7-M and
  ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
  macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
  the architecture-specific MPU headers, so it can be defined
  per-architecture. It generalizes app_mem_domain.h, to be able
  to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
  to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
  permissions' attributes inside nxp_mpu.h, to align with what
  we do for ARM MPU.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2018-12-05 15:15:07 -05:00
Adithya Baglody ae92f2badf subsys: app_memory: Fixed the size calculation for power of 2 MPUs
The size calculation for power of 2 MPUs were incorrect.
The calculation was not taking into account the amount of padding
the linker does when doing the required alignment. Hence the size
being calculated was completely incorrect.

With this patch the code now is optimized and the size of
partitions is now provided by the linker.

Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
2018-09-20 11:25:53 -04:00
Flavio Ceolin 67ca176754 headers: Fix headers across the project
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2018-09-17 15:49:26 -04:00
Shawn Mosley 573f32b6d2 userspace: compartmentalized app memory organization
Summary: revised attempt at addressing issue 6290.  The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains.  Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications.  This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.

Overview: The current patch uses qualifiers to group data into
subsections.  The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.

Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main.  This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.

Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.

In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated.  This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file.  This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.

Usage:
 - Requires: app_memory/app_memdomain.h .
 - _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
 - _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
 - These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
 - To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
 - To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
 - To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
 - Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
 - After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
 - The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
  Example:
        /* create partition at top of file outside functions */
        app_mem_partition(part0);
        /* create domain */
        app_mem_domain(dom0);
        _app_dmem(dom0) int var1;
        _app_bmem(dom0) static volatile int var2;

        int main()
        {
                init_part_part0();
                init_app_memory();
                init_domain_dom0(part0);
                add_thread_dom0(k_current_get());
                ...
        }

 - If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:

        FOR_EACH(app_mem_partition, part0, part1, part2);

or, for multiple domains, similarly:

        FOR_EACH(app_mem_domain, dom0, dom1);

Similarly, the init_part_* can also be used in the macro:

        FOR_EACH(init_part, part0, part1, part2);

Testing:
 - This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board.  It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards.  These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
 - When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT.  This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
 - This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.

Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon).  In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses.  Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.

Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component.  This commit
seperates the Kconfig definition from the definition used for the
conditional code.  The change is in response to changes in the
way the build system treats definitions.  The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives.  A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM.  By addining the default linker script
the prebuild stages link properly prior to the python script running

Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
2018-07-25 12:02:01 -07:00