userspace: Support for split 64 bit arguments

System call arguments, at the arch layer, are single words. So passing wider values requires splitting them into two registers at call time. This gets even more complicated for values (e.g k_timeout_t) that may have different sizes depending on configuration. This patch adds a feature to gen_syscalls.py to detect functions with wide arguments and automatically generates code to split/unsplit them. Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't work with functions like this, because for N arguments (our current maximum N is 10) there are 2^N possible configurations of argument widths. So this generates the complete functions for each handler and wrapper, effectively doing in python what was originally done in the preprocessor. Another complexity is that traditional the z_hdlr_*() function for a system call has taken the raw list of word arguments, which does not work when some of those arguments must be 64 bit types. So instead of using a single Z_SYSCALL_HANDLER macro, this splits the job of z_hdlr_*() into two steps: An automatically-generated unmarshalling function, z_mrsh_*(), which then calls a user-supplied verification function z_vrfy_*(). The verification function is typesafe, and is a simple C function with exactly the same argument and return signature as the syscall impl function. It is also not responsible for validating the pointers to the extra parameter array or a wide return value, that code gets automatically generated. This commit includes new vrfy/msrh handling for all syscalls invoked during CI runs. Future commits will port the less testable code. Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 13:34:31 -07:00 · 2019-08-06 13:34:31 -07:00 · 6564974bae
commit 6564974bae
parent 1846fc600f
36 changed files with 746 additions and 979 deletions
--- a/include/syscall.h
+++ b/include/syscall.h
@ -34,44 +34,17 @@ extern "C" {
 * - Mixed or indeterminate code, these inlines will do a runtime check
 *   to determine what course of action is needed.
 *
- * All system calls require a handler function and an implementation function.
- * These must follow a naming convention. For a system call named k_foo():
+ * All system calls require a verifier function and an implementation
+ * function.  These must follow a naming convention. For a system call
+ * named k_foo():
 *
- * - The handler function will be named z_hdlr_k_foo(). Handler functions
- *   are always of type _k_syscall_handler_t, verify arguments passed up
- *   from userspace, and call the implementation function. See
- *   documentation for that typedef for more information.
- * - The implementation function will be named z_impl_k_foo(). This is the
- *   actual implementation of the system call.
- *
- * The basic declartion macros are as follows. System calls with 0 to 10
- * parameters are supported. For a system call with N parameters, that returns
- * a value and is* not implemented inline, the macro is as follows (N noted
- * as {N} for clarity):
- *
- * K_SYSCALL_DECLARE{N}(id, name, ret, t0, p0, ... , t{N-1}, p{N-1})
-
- * @param id System call ID, one of K_SYSCALL_* defines
- * @param name Symbol name of the system call used to invoke it
- * @param ret Data type of return value
- * @param tX Data type of parameter X
- * @param pX Name of parameter x
- *
- * For system calls that return no value:
- *
- * K_SYSCALL_DECLARE{n}_VOID(id, name, t0, p0, .... , t{N-1}, p{N-1})
- *
- * This is identical to above except there is no 'ret' parameter.
- *
- * For system calls where the implementation is an inline function, we have
- *
- * K_SYSCALL_DECLARE{n}_INLINE(id, name, ret, t0, p0, ... , t{N-1}, p{N-1})
- * K_SYSCALL_DECLARE{n}_VOID_INLINE(id, name, t0, p0, ... , t{N-1}, p{N-1})
- *
- * These are used in the same way as their non-INLINE counterparts.
- *
- * These macros are generated by scripts/gen_syscall_header.py and can be
- * found in $OUTDIR/include/generated/syscall_macros.h
+ * - The handler function will be named z_vrfy_k_foo(). Handler
+ *   functions have the same type signature as the wrapped call,
+ *   verify arguments passed up from userspace, and call the
+ *   implementation function. See documentation for that typedef for
+ *   more information.  - The implementation function will be named
+ *   z_impl_k_foo(). This is the actual implementation of the system
+ *   call.
 */

 /**
@ -115,36 +88,6 @@ typedef u32_t (*_k_syscall_handler_t)(u32_t arg1, u32_t arg2, u32_t arg3,
 				      void *ssf);
 #ifdef CONFIG_USERSPACE

-/*
- * Helper data structures for system calls with large argument lists
- */
-
-struct _syscall_7_args {
-	u32_t arg6;
-	u32_t arg7;
-};
-
-struct _syscall_8_args {
-	u32_t arg6;
-	u32_t arg7;
-	u32_t arg8;
-};
-
-struct _syscall_9_args {
-	u32_t arg6;
-	u32_t arg7;
-	u32_t arg8;
-	u32_t arg9;
-};
-
-struct _syscall_10_args {
-	u32_t arg6;
-	u32_t arg7;
-	u32_t arg8;
-	u32_t arg9;
-	u32_t arg10;
-};
-
 /*
 * Interfaces for invoking system calls
 */
@ -170,98 +113,36 @@ static inline u32_t z_arch_syscall_invoke6(u32_t arg1, u32_t arg2, u32_t arg3,
 					  u32_t arg4, u32_t arg5, u32_t arg6,
 					  u32_t call_id);

-static inline u32_t z_syscall_invoke7(u32_t arg1, u32_t arg2, u32_t arg3,
-				    u32_t arg4, u32_t arg5, u32_t arg6,
-				    u32_t arg7, u32_t call_id) {
-	struct _syscall_7_args args = {
-		.arg6 = arg6,
-		.arg7 = arg7,
-	};
-
-	return z_arch_syscall_invoke6(arg1, arg2, arg3, arg4, arg5, (u32_t)&args,
-				     call_id);
-}
-
-static inline u32_t z_syscall_invoke8(u32_t arg1, u32_t arg2, u32_t arg3,
-				    u32_t arg4, u32_t arg5, u32_t arg6,
-				    u32_t arg7, u32_t arg8, u32_t call_id)
-{
-	struct _syscall_8_args args = {
-		.arg6 = arg6,
-		.arg7 = arg7,
-		.arg8 = arg8,
-	};
-
-	return z_arch_syscall_invoke6(arg1, arg2, arg3, arg4, arg5, (u32_t)&args,
-				     call_id);
-}
-
-static inline u32_t z_syscall_invoke9(u32_t arg1, u32_t arg2, u32_t arg3,
-				    u32_t arg4, u32_t arg5, u32_t arg6,
-				    u32_t arg7, u32_t arg8, u32_t arg9,
-				    u32_t call_id)
-{
-	struct _syscall_9_args args = {
-		.arg6 = arg6,
-		.arg7 = arg7,
-		.arg8 = arg8,
-		.arg9 = arg9,
-	};
-
-	return z_arch_syscall_invoke6(arg1, arg2, arg3, arg4, arg5, (u32_t)&args,
-				     call_id);
-}
-
-static inline u32_t z_syscall_invoke10(u32_t arg1, u32_t arg2, u32_t arg3,
-				     u32_t arg4, u32_t arg5, u32_t arg6,
-				     u32_t arg7, u32_t arg8, u32_t arg9,
-				     u32_t arg10, u32_t call_id)
-{
-	struct _syscall_10_args args = {
-		.arg6 = arg6,
-		.arg7 = arg7,
-		.arg8 = arg8,
-		.arg9 = arg9,
-		.arg10 = arg10
-	};
-
-	return z_arch_syscall_invoke6(arg1, arg2, arg3, arg4, arg5, (u32_t)&args,
-				     call_id);
-}
-
-static inline u64_t z_syscall_ret64_invoke0(u32_t call_id)
-{
-	u64_t ret;
-
-	(void)z_arch_syscall_invoke1((u32_t)&ret, call_id);
-	return ret;
-}
-
-static inline u64_t z_syscall_ret64_invoke1(u32_t arg1, u32_t call_id)
-{
-	u64_t ret;
-
-	(void)z_arch_syscall_invoke2(arg1, (u32_t)&ret, call_id);
-	return ret;
-}
-
-static inline u64_t z_syscall_ret64_invoke2(u32_t arg1, u32_t arg2,
-					   u32_t call_id)
-{
-	u64_t ret;
-
-	(void)z_arch_syscall_invoke3(arg1, arg2, (u32_t)&ret, call_id);
-	return ret;
-}
+#endif /* CONFIG_USERSPACE */

 /**
 * Indicate whether we are currently running in user mode
 *
 * @return true if the CPU is currently running with user permissions
 */
+#ifdef CONFIG_USERSPACE
 static inline bool z_arch_is_user_context(void);
+#else
+#define z_arch_is_user_context() (true)
+#endif

-#endif /* CONFIG_USERSPACE */
+/* True if a syscall function must trap to the kernel, usually a
+ * compile-time decision.
+ */
+static ALWAYS_INLINE bool z_syscall_trap(void)
+{
+        bool ret = false;
+#ifdef CONFIG_USERSPACE
+#if defined(__ZEPHYR_SUPERVISOR__)
+        ret = false;
+#elif defined(__ZEPHYR_USER__)
+        ret = true;
+#else
+        ret = z_arch_is_user_context();
+#endif
+#endif
+        return ret;
+}

 /**
 * Indicate whether the CPU is currently in user mode