Certain types of system call validation may need to be pushed
deeper in the implementation and not performed in the verification
function. If such checks are only pertinent when the caller was
from user mode, we need an API to detect this situation.
This is implemented by having thread->syscall_frame be non-NULL
only while a user system call is in progress. The template for the
system call marshalling functions is changed to clear this value
on exit.
A test is added to prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The syscall exception frame was stored on the CPU struct during
syscall execution, but that's not right. System calls might "feel
like" exceptions, but they're actually perfectly normal kernel mode
code and can be preempted and migrated between CPUs at any time.
Put the field on the thread struct.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
gen_syscall_header.py is not longer necessary, it was just creating a
file including syscall.h. This header is now included directly by
gen_syscalls.py.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
None of the splitting logic is needed if 64-bit return
values or parameters fit inside a register.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to pass system call args using a register-width
data type and not hard-code this to u32_t.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit addresses the following portability issues:
1. gen_syscalls incorrectly assumes that the compiler is always GCC.
2. pragma GCC diagnostic push and pop are not supported in GCC < 4.6.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Python's Sets are not deterministic. This causes the following lines to
be emitted in random order in generated/syscall_dispatch.c
extern u32_t z_mrsh_k_object_release(u32_t arg1, ...
extern u32_t z_mrsh_k_object_access_grant(u32_t arg1, ...
extern u32_t z_mrsh_k_object_alloc(u32_t arg1, ...
Change noweak to a basic list.
Reproducibility regression introduced by commit 6564974bae
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We have several scripts used by the build system related
to generating code for system calls, privileged mode stacks,
kernel object metadata, and application shared memory
partitions. Add some overview documentation for each.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
According C99 the first 31 characters of an identifier must be unique.
Shortening the namespace of the generated objects to achieve it.
C99 - 5.2.4.1
MISRA-C rule 5.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit touches the C codebase and the python syscall generator.
The Z_GENLIST-macros expand to whole functions. Once expanded by the
preprocessor we notice a semicolon is put after the function body. But
ISO C99 does not allow extra ‘;’ outside of a function. Though this is
accepted by GCC with GNU extensions, it is not by Clang.
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
With have *many* violations on Zephyr's code, this commit is tackling
only the violations caused by headers guards. It also takes the
opportunity to normalize them using the filename in uppercase and
replacing dot with underscore. e.g file.h -> FILE_H
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We use the code generator 'gen_syscalls.py' to assign numeric
id's to each syscall. These id's have been defined using an enum
like this:
enum {
K_SYSCALL_ADC_DISABLE,
K_SYSCALL_ADC_ENABLE,
K_SYSCALL_LIMIT
};
but enums can not be included by assembly files. So we have been
compiling the enum values and then extracting them into #define's when
needed.
In this situation there happen to not be any benefits of using
'enum' over #define's so we can simplify by initially defining
them with #define instead.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
There's no particularly good reason to have one kind of
output from this script to be sent to stdout instead of
a filename specified by parameter, and it makes it
annoying to add debug print() statements.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
parse_syscalls.py was doing too much and was generating
derived and partial string output information that was
completed later by gen_syscalls.py.
Now parse_syscalls.py just breaks up system call information into
non-derived data which is fully processed by gen_syscalls.py.
The goal is to ease maintenance of system call generation with
all the mechanism on what to do with system call information in
one script location rather than two of them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The generated header uses Zephyr's custom integer type
definitions but wasn't including the proper header.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Names that begin with an underscore are reserved by the C standard.
This patch does not change names of functions defined and implemented
in header files.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This commit fixes
https://github.com/zephyrproject-rtos/zephyr/issues/5008.
It does so by splitting up gen_syscalls.py into two scripts with a
json metadata file to communicate syscall metadata between them. The
parsing script parses header files from include/ and writes syscall
metadata to a file if the contents changed. The generation script
reads from the json file and generates syscall code.
The build system DAG now looks like this:
always_rebuild -> json -> syscalls -> offset.o
The script for generating json will do so only if the content changes,
this ensures that the entire DAG does not always do a full rebuild.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is subject to the constraint that such system calls must have a
return value which is "u64_t" or "s64_t".
So far all the relevant kernel calls just have zero or one arguments,
we can later add more _syscall_ret64_invokeN() APIs as needed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This used to exist because in earlier versions of the system call
interfaces, an "extern" declaration of the system call implementation
function would precede the real inline version of the implementation.
The compiler would not like this and would throw "static declaration
of ‘foo’ follows non-static declaration". So alternate macros were
needed which declare the implementation function as 'static inline'
instead of extern.
However, currently the inline version of these system call
implementations appear first, the K_SYSCALL_DECLARE() macros appear in
the header generated by gen_syscalls.py, which is always included at the
end of the header file. The compiler does not complain if a
static inline function is succeeded by an extern prototype of the
same function. This lets us simplify the generated system call
macros and just use __syscall everywhere.
The disassembly of this was checked on x86 to ensure that for
kernel-only or CONFIG_USERSPACE=n scenarios, everything is still being
inlined as expected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In Python, if open() doesn't specify "encoding" parameter,
locale.getpreferredencoding(False) will be used as the default,
as explained in
https://docs.python.org/3/library/functions.html#open ,
which may differ from system to system. So, explicitly specify
"encoding" param in open() call.
Also, fix a typo in a comment.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
To define a system call, it's now sufficient to simply tag the inline
prototype with "__syscall" or "__syscall_inline" and include a special
generated header at the end of the header file.
The system call dispatch table and enumeration of system call IDs is now
automatically generated.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>