If an architecture declares support for IPI, we still want to use it
only when running in SMP mode.
(This also fixes a build failure on ARC, which declares
CONFIG_SCHED_IPI_SUPPORTED but doesn't actually implement
z_arch_sched_ipi() yet).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The timeout code has an optimization where it refuses to send a new
timeout to the driver unless it is sooner than one already scheduled.
This won't work on SMP, though, because the timeout value when
timeslicing is enabled depends on the current thread, and on SMP the
decision as to the next thread will not be made until later (when we
swap, or exit an interrupt).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that we have a working IPI framework, there's no reason for the
default spin loop for the SMP idle thread. Just use the default
platform idle and send an IPI when a new thread is readied.
Long term, this can be optimized if necessary (e.g. only send the IPI
to idling CPUs, or check priorities, etc...), but for a 2-cpu system
this is a very reasonable default.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Our thread struct gets initialized piecewise in a bunch of locations
(this is sort of a design flaw). The is_idle field, which was
introduced to identify idle threads in SMP (where there can be more
than one), was correctly set for idle threads but was being left
uninitialized elsewhere, and in a tiny handful of cases was turning up
nonzero.
The case in pipes. was particularly vexsome, as that isn't a thread at
all but one of the "dummy" threads used for timeouts (another design
flaw IMHO).
Get this right everywhere.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In uniprocessor mode, the kernel knows when a context switch "is
coming" because of the cache optimization and can use that to do
things like update time slice state. But on SMP the scheduler state
may be updated on the other CPU at any time, so we don't know that a
switch is going to happen until the last minute.
Expose reset_time_slice() as a public function and call it when needed
out of z_swap().
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The loop in thread abort on SMP where we wait for the results on an
IPI correctly handled the case where a thread running on another CPU
gets its interrupt and self-aborts, but it missed the case where the
other thread pends before receiving the interrupt.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There were two related bugs when in SMP mode:
1. Underneath z_reschedule(), the code was inexplicably checking the
swap_ok flag on the current CPU to see if it was OK to preempt the
current thread, but reschedule is the DEFINITION of a schedule
point and we always want to swap, even if the current thread is
non-preemptible.
2. With similar symptoms: in k_yield() a previous fix correct the
queue handling for SMP, but it missed the case where a thread of
the SAME priority as _current was on the queue and would fail to
swap. Yielding must always add the current thread to the back of
the current priority.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
z_spin_lock_valid() reads shared variable twice to do two checkings. If
this variable is modified by other CPU between two read accesses, the
checking value is inconsistent. This inconsistency causes the error
that CPU0 can pass the checking when it doesn't hold spinlock because
zeroed-out thread_cpu value is ambiguous with the CPU0 ID.
Fix the inconsistency by only reading shared variable once and using
local variable value to do two checkings.
Fixes#19299.
Signed-off-by: Jim Shu <cwshu@andestech.com>
The boot time measurement sample was giving bogus values on x86: an
assumption was made that the system timer is in sync with the CPU TSC,
which is not the case on most x86 boards.
Boot time measurements are no longer permitted unless the timer source
is the local APIC. To avoid issues of TSC scaling, the startup datum
has been forced to 0, which is in line with the ARM implementation
(which is the only other platform which supports this feature).
Cleanups along the way:
As the datum is now assumed zero, some variables are removed and
calculations simplified. The global variables involved in boot time
measurements are moved to the kernel.h header rather than being
redeclared in every place they are referenced. Since none of the
measurements actually use 64-bit precision, the samples are reduced
to 32-bit quantities.
In addition, this feature has been enabled in long mode.
Fixes: #19144
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Initial thread creation and tracing information
occurs with empty thread names. For better tracing information,
we need to a way to get actual thread names if they are set
in order to better track thread names and their IDs.
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
It was reported in the code coverage report that Z_SYSCALL_HANDLER() was
not called by other code, if we run "sanitycheck -p qemu_x86 --coverage
-T tests/kernel/device/".
The root cause is that we include "errno.h", which includes
"include/generated/syscalls/device.h". It causes that the
declare of device_get_binding() in "include/generated/syscalls/device.h"
is marked as "has been called", rather than Z_SYSCALL_HANDLER()
in device.c.
So I remove "#include <errno.h>", which is useless in device.c. Also,
"#include <sys/util.h>" is removed for the same reason.
Signed-off-by: Steven Wang <steven.l.wang@linux.intel.com>
The semi-automated API changes weren't checkpatch aware. Fix up
whitespace warnings that snuck into the previous patches. Really this
should be squashed, but that's somewhat difficult given the structure
of the series.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These calls are not accessible in CI test, nor do they get built on
common platforms (in at least one case I found a typo which proved the
code was truly unused). These changes are blind, so live in a
separate commit. But the nature of the port is mechanical, all other
syscalls in the system work fine, and any errors should be easily
corrected.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These calls are buildable on common sanitycheck platforms, but are not
invoked at runtime in any tests accessible to CI. The changes are
mostly mechanical, so the risk is low, but this commit is separated
from the main API change to allow for more careful review.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
1) Dump time sinse last scheduler call
Could be handy for tickless kernel debug.
Will indicate that no rtc irq is called
2) Dump current timeout of each thread
Could be used to find yout when thread will wake up
3) Dump human friendly thread state
4) Use shell_prin instead shell_fprintf
Signed-off-by: Pavlo Hamov <pavlo_hamov@jabil.com>
The current implementation does not return the low 32 bits of
k_uptime_get() as suggested by it's documentation; it returns the number
of milliseconds represented by the low 32-bits of the underlying system
clock. The truncation before translation results in discontinuities at
every point where the system clock increments bit 33.
Reimplement it using the full-precision value, and update the
documentation to note that this variant has little value for
long-running applications.
Closes#18739.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The reason we decide to ignore it in code coverage:
1.No test case can cover the function for code coverage.
2.Even if we added a test for testing, it would be marked as
"never be called by other code" because the function cause
CPU halted and it can't return.
Signed-off-by: Peng Su <peng.su@intel.com>
The mutex locking was written to use k_sched_lock(), which doesn't
work as a synchronization primitive if there is another CPU running
(it prevents the current CPU from preempting the thread, it says
nothing about what the others are doing).
Use the pre-existing spinlock for all synchronization. One wrinkle is
that the priority code was needing to call z_thread_priority_set(),
which is a rescheduling call that cannot be called with a lock held.
So that got split out with a low level utility that can update the
schedule state but allow the caller to defer yielding until later.
Fixes#17584
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This needs further design work due to problems with logging
C strings. Just send always to printk() for now until this
is resolved.
Fixes: #18052
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The scheduler lock is a nestable lock. Unlocking a nested,
still-having, lock shouldn't preempt the current thread.
k_sched_lock();
k_sched_lock();
k_sched_unlock(); /* <--- this shouldn't be a scheduling point */
k_sched_unlock(); /* <--- this is a scheduling point */
This commit changes the preempt_ok argument from 1 to 0. This let
should_preempt() check whether it should preempt at the point or not.
This fixes#17869.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
The current API was assuming too much, in that it expected that
arch-specific memory domain configuration is only maintained
in some global area, and updates to domains that are not currently
active have no effect.
This was true when all memory domain state was tracked in page
tables or MPU registers, but no longer works when arch-specific
memory management information is stored in thread-specific areas.
This is needed for: #13441#13074#15135
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some options like stack canaries use more stack space,
and on x86 this is not quite enough for ztest's main
thread stack to be 512 bytes.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Populate thread->stack_obj earlier in the thread initialization
process such that it is set when z_new_thread() is called.
There was nothing specific about its position, or the rest of
the code in that CONFIG_USERSPACE block, so just move it all up..
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The `next_timeout()` function used to call the `elapsed()` function
directly in the `MAX` macro call. This caused the `elapsed()` function
to be executed twice, with possible different results, if the system
clock incremented its value in a meantime.
As a result, the whole `MAX(0, to->dticks - elapsed()` expresion could
return an incorrect value of -1, which represents the K_FOREVER timeout.
This led to a stall in devices running tickless kernel (as observed on
nRF52840).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Any fatal error will print "ZEPHYR FATAL ERROR" now, so
we don't have to maintain a set of strings in the
sanitycheck harness.py
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is now called z_arch_esf_t, conforming to our naming
convention.
This needs to remain a typedef due to how our offset generation
header mechanism works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We introduce a new z_fatal_print() API and replace all
occurrences of exception handling code to use it.
This routes messages to the logging subsystem if enabled.
Otherwise, messages are sent to printk().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* z_NanoFatalErrorHandler() is now moved to common kernel code
and renamed z_fatal_error(). Arches dump arch-specific info
before calling.
* z_SysFatalErrorHandler() is now moved to common kernel code
and renamed k_sys_fatal_error_handler(). It is now much simpler;
the default policy is simply to lock interrupts and halt the system.
If an implementation of this function returns, then the currently
running thread is aborted.
* New arch-specific APIs introduced:
- z_arch_system_halt() simply powers off or halts the system.
* We now have a standard set of fatal exception reason codes,
namespaced under K_ERR_*
* CONFIG_SIMPLE_FATAL_ERROR_HANDLER deleted
* LOG_PANIC() calls moved to k_sys_fatal_error_handler()
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
zero slice_ticks when can't time slice so that next_timeout will
ignore slice_ticks of _current_cpu and system can stay low power
state longer time.
Fixes: #17368.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
This commit adds a DTCM (Device Tightly Coupled Memory) section for
Cortex F7 MCUs. The Address and length is defined in the corresponding
device tree file.
Signed-off-by: Alexander Wachter <alexander.wachter@student.tugraz.at>
Hitting wundef in kernel_structs.h, switching to match other instances
where #ifdef is used instead of #if
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
On SMP systems, currently scheduled threads are not in the run queue
and can't be unconditionally removoed/added.
Fixes#17170
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The implementation of z_impl_float_disable was missplaced
inside the #ifdef SPIN_VALIDATE. Fixing it.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The accounting data stored at the beginning of a memory block used by
malloc must push the returned memory address to a word boundary. This
is already the case on 32-bit systems, but not on 64-bit systems where
e.g. struct k_mem_block_id still has a size of 4.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The scheduler API has always allowed setting a zero slice size as a
way to disable timeslicing. But the workaround introduced for
CONFIG_SWAP_NONATOMIC forgot that convention, and was calling
reset_time_slice() with that zero value (i.e. requesting an immediate
interrupt) in circumstances where z_swap() had been interrupted
nonatomically.
In practice, this never happened. And if it did, it was a single
spurious no-op interrupt that no one cared about. Until it did,
anyway...
Now that ticks on nRF devices are at full 32 kHz speed, we can get
into a situation where the rapidly triggering timeslice interrupts are
interrupting z_swap() calls, and the process feeds back on itself and
becomes self-sustaining.
Put that test into the time slice code itself to prevent this kind of
mistake in the future.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When tickless is available, all existing devices can handle much
higher timing precision than 10ms. A 10kHz default seems acceptable
without introducing too much range limitation (rollover for a signed
time delta will happen at 2.5 days). Leave the 100 Hz default in
place for ticked configurations, as those are going to be special
purpose usages where the user probably actually cares about interrupt
rate.
Note that the defaulting logic interacts with an obscure trick:
setting the tick rate to zero would indicate "no clock exists" to the
configuration (some platforms use this to drop code from the build).
But now that becomes a kconfig cycle, so to break it we expose
CONFIG_SYS_CLOCK_EXISTS as an app-defined tunable and not a derived
value from the tick rate. Only one test actually did this.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments are indexed from 1 to 6, so arg0
is corrected to arg1 in two occasions. In addition, the
ARM function for system calls is now called z_arm_do_syscall,
so we update the inline comment in __svc handler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This mechanism had multiple problems:
- Missing parameter documentation strings.
- Multiple calls to k_thread_name_set() from user
mode would leak memory, since the copied string was never
freed
- k_thread_name_get() returns memory to user mode
with no guarantees on whether user mode can actually
read it; in the case where the string was in thread
resource pool memory (which happens when k_thread_name_set()
is called from user mode) it would never be readable.
- There was no test case coverage for these functions
from user mode.
To properly fix this, thread objects now have a buffer region
reserved specifically for the thread name. Setting the thread
name copies the string into the buffer. Getting the thread name
with k_thread_name_get() still returns a pointer, but the
system call has been removed. A new API k_thread_name_copy()
is introduced to copy the thread name into a destination buffer,
and a system call has been provided for that instead.
We now have full test case coverge for these APIs in both user
and supervisor mode.
Some of the code has been cleaned up to place system call
handler functions in proximity with their implementations.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There's no need for a system call for this; futexes live in
user memory and the initialization bit is ignored.
It's sufficient to just do an atomic_set().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an oddball API. It's untested. In fact testing its proper
behavior requires very elaborate automation (you need a device outside
the Zephyr hardware to measure real world time, and a mechanism for
getting the device into and out of idle without using the timer
driver). And this makes for needless difficulty managing code
coverage metrics.
It was always just a hint anyway. Mark the old API deprecated and
replace it with a kconfig tunable. The effect of that is just to
change the timeout value passed to the timer driver, where we can
manage code coverage metrics more easily (only one driver cares to
actually support this feature anyway).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/gcov.h to debug/gcov.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/sflist.h to sys/sflist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/rb.h to sys/rb.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mutex.h to sys/mutex.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/libc-hooks.h to sys/libc-hooks.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/dlist.h to sys/dlist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move entropy.h to drivers/entropy.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move sys_io.h to sys/sys_io.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move power.h to power/power.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move tracing.h to debug/tracing.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The first word is used as a pointer, meaning it is 64 bits on 64-bit
systems. To reserve it, it has to be either a pointer, a long, or an
intptr_t. Not an int nor an u32_t.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
While fixing the ASSERT expressions in mem_domain.c to use
%lx instead of %x for uintptr_t variables, commit
f32330b22c has overlooked
one ASSERT expression specific to ARMv8-M. This causes
printk compilation warnings for ARMv8-M builds, so we
provide a fix here.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Move internal and architecture specific headers from include/drivers to
subfolder for timer:
include/drivers/timer
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
A k_futex is a lightweight mutual exclusion primitive designed
to minimize kernel involvement. Uncontended operation relies
only on atomic access to shared memory. k_futex structure lives
in application memory. And when using futexes, the majority of
the synchronization operations are performed in user mode. A
user-mode thread employs the futex wait system call only when
it is likely that the program has to block for a longer time
until the condition becomes true. When the condition comes true,
futex wake operation will be used to wake up one or more threads
waiting on that futex.
This patch implements two futex operations: k_futex_wait and
k_futex_wake. For k_futex_wait, the comparison with the expected
value, and starting to sleep are performed atomically to prevent
lost wake-ups. If different context changed futex's value after
the calling use-mode thread decided to block himself based on
the old value, the comparison will help observing the value
change and will not start to sleep. And for k_futex_wake, it
will wake at most num_waiters of the waiters that are sleeping
on that futex. But no guarantees are made on which threads are
woken, that means scheduling priority is not taken into
consideration.
Fixes: #14493.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
The block alignment must be enforced for statically allocated slabs
as well as runtime initialized ones. It is best to implement this
check only once in create_free_list() which is invoked by both
k_mem_slab_init() and init_mem_slab_module(), where pointers are about
to be set for the first time. It is then unnecessary to perform this
test on every slab allocation as the alignment won't change at that
point.
And not only the block size needs to be aligned, but the buffer
as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Zephyr has two unrelated build _VERSIONs: KERNEL_VERSION and
BUILD_VERSION. Prefix them slightly differently in BOOT_BANNER so anyone
can instantly zoom in on which one is being used without having to
compare the implementation details of both.
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Threads that are sleeping forever may be woken up with
k_wakeup(), this shouldn't fail assertions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
LCOV/gcovr doesn't understand what CODE_UNREACHABLE means.
Adding LCOV_EXCL_LINE to the macro definition unfortunately
doesn't work.
Exclude a bit of code which spins endlessly when multi-
threading is disabled that runs after the coverage report
is dumped.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We don't get any coverage past when we dump the coverage data,
so exclude the end of the function and move setting the main
thread as nonessential to immediately before the coverage dump.
The comment was also amended.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
data copying and bss zero are called from arch code
before z_cstart(), and coverage data gathering doesn't
work properly at that point. Not all arches use this
code anyway, some do it in optimized assembly instead.
Weak main() is also excluded; it does nothing and every
test overrides it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The k_stack data type cannot be u32_t on a 64-bit system as it is
often used to store pointers. Let's define a dedicated type for stack
data values, namely stack_data_t, which can be adjusted accordingly.
For now it is defined to uintptr_t which is the integer type large
enough to hold a pointer, meaning it is equivalent to u32_t on 32-bit
systems and u64_t on 64-bit systems.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
We introduce k_float_disable() system call, to allow threads to
disable floating point context preservation. The system call is
to be used in FP Sharing Registers mode (CONFIG_FP_SHARING=y).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Change removes tracing hooks before threads are initialized
and thread switched out hook for ARM before first time switching
to main thread.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Given that the section name and boundary simbols can be inferred from
the struct object name, it makes sense to create an iterator that
abstracts away the access details and reduce the possibility for
mistakes.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This name collides with one in the bt subsystem, and wasn't named in
proper zephyrese anyway.
Fixes#16604
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We had both kernel and os as domains covering low level layers, just use
one and fix the issue of the os domain not being registered.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The internal "reschedule" API has always understood the idea that it
might run in a ISR context where it can't swap. But it has always
been happy to swap away when in thread mode, even when the environment
contains an outer lock that would NOT be expecting to swap! As it
happened, the way irq locks are implemented (they store flag state
that can be restored without context) this would "work" even though it
was completely breaking the synchronization promise made by the outer
lock.
But now, with spinlocks, the error gets detected (albeit in a clumsy
way) in debug builds. The unexpected swap triggers SPIN_VALIDATE
failures in later threads (this gets reported as a "recursive" lock,
but what actually happened is that another thread got to run before
the lock was released and tried to grab the same lock).
Fix this so that swap can only be called in a situation where the irq
lock key it was passed would have the effect of unmasking interrupts.
Note that this is a real behavioral change that affects when swaps
occur: it's not impossible that there is code out there that actually
relies on this "lock breaking reschedule" for correct behavior. But
our previous implementation was irredeemably broken and I don't know
how to address that.
Fixes#16273
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The z_reschedule() call (as of the accompanying fix) will not swap
away from a thread if called with a nested irq lock held.
But for the specific case of aborting the current thread, we
absolutely need to swap regardless of how many locks the thread that
just aborted might have held. So call z_swap() explicitly here.
This preserves the existing z_reschedule() call in other circumstances
for compatibility with existing test cases, but adds a note explaining
why it's there when the only obvious reason for it is already covered.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We do have a multi-architecture latency benchmark now, this one was x86
only, was never used or compiled in and is out-dated.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This stores a combination of a pointer and a CPU number in the low
2 bits. On 64-bit systems, the pointer part won't fit in an int.
Let's use uintptr_t for this purpose.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Memory boundaries are declared as extern char arrays which can be used
directly rather than casting their addresses. The cast to u32_t also
breaks 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
- Delete CONFIG_TEST_USERSPACE=n no-ops because it's the default
since commit 7b1ee5cf13
- Some tests have a "userspace" tag pretending to TEST_USERSPACE but
don't and vice versa: fix missing or spurious "userspace" tags in
testcase.yaml files.
Tests have a _spurious_ "userspace" tag when they PASS this command
cause none should pass:
./scripts/sanitycheck --tag=userspace -p qemu_x86 \
--extra-args=CONFIG_TEST_USERSPACE=n \
--extra-args=CONFIG_USERSPACE=n | tee userspace.log
All tests run by this command must either fail to build or fail to run
with some userspace related error. Shortcut to look at all test
failures:
zephyr_failure_logs() {
awk '/see.*log/ {print $2}' "$@"
}
Tests _missing_ "userspace" tag FAIL to either build or to run with some
userspace related error when running this:
./scripts/sanitycheck --exclude=userspace -p qemu_x86 \
--extra-args=CONFIG_TEST_USERSPACE=n \
--extra-args=CONFIG_USERSPACE=n | tee excludeuserspace.log
Note the detection methods above are not 100% perfect because some
flexible tests like tests/kernel/queue/src/main.c evade them with #ifdef
CONFIG_USERSPACE smarts. Considering they never break, it is purely the
test author's decision to include or not such flexible tests in the
"userspace" subset.
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Remove a redundant #ifdef CONFIG_MULTITHREADING guard
for a code block already inside CONFIG_MULTITHREADING.
Add some inline #endif comments for ease of reading.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For architectures with custom swap to main, currently:
- arm
- posix
we are now using K_THREAD_STACK_SIZEOF macro to pass the
main thread stack size to z_arch_switch_to_main_thread().
This does not introduce any behavioral changes for posix;
the K_THREAD_STACK_SIZEOF() simply returns the sizeof()
the stack object. For Arm, this allows us to clean-up one
more occurence of CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT
in kernel_arch_func.h.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
If the system sets its clock frequency at runtime, this is
stored in a variable that can't be directly read by user
mode. For this case only, add a system call to fetch its
value and modify the definition of
sys_clock_hw_cycles_per_sec() to use it.
Since this is now a system call, store in a temporary variable
inside z_ms_to_ticks(). The syscall overhead only applies
when called from user mode, other contexts are completely
inlined.
Added stub syscall header for mocking framework, to get rid
of inclusion errors.
Fixes: #16238
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add k_usleep() API, analogous to k_sleep(), excepting that the argument
is in microseconds rather than milliseconds.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Current z_impl_k_sleep() does double duty, converting between units
specified by the API and ticks, as well as implementing the sleeping
mechanism itself. This patch separates the API from the mechanism,
so that sleeps need not be tied to millisecond timescales.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
When compiling the kernel with CONFIG_SYS_CLOCK_TICKS_PER_SEC=0,
the CONFIG_SYS_CLOCK_EXISTS internal variable is unset.
This completely disables timer handling in the kernel, but a couple of
spots missed the required conditional compilation.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
k_stack_alloc_init() was creating a buffer that was 4 times
too small to support the requested number of entries, since
each entry in a k_stack is a u32_t.
Fixes: #15911
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We are just at the knife edge with 512, with stack
overflows being observed with stack canaries enabled.
Given the special case for the idle thread stack size
on this arch, seems reasonable to increase it here
for that arch.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When some header are included into C++ source file, this kind of
compilations errors are generated:
error: invalid conversion from 'void*'
to 'u32_t*' {aka 'unsigned int*'} [-fpermissive]
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Update the name of mem-domain API function to add a partition
so that it complies with the 'z_' prefix convention. Correct
the function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
STACK_POINTER_RANDOM depends on a random generator, this can be either a
non-random generator (used for testing purpose) or a real random
generator. Make this dependency explicitly in Kconfig to avoid linking
problems.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We don't actually need spinlocks here.
For user_copy(), we are checking that the pointer/size passed in
from user mode represents an area that the thread can read or
write to. Then we do a memcpy into the kernel-side buffer,
which is used from then on. It's OK if another thread scribbles
on the buffer contents during the copy, as we have not yet
begun any examination of its contents yet.
For the z_user_string*_copy() functions, it's also possible
that another thread could scribble on the string contents,
but we do no analysis of the string other than to establish
a length. We just need to ensure that when these functions
exit, the copied string is NULL terminated.
For SMP, the spinlocks are removed as they will not prevent a
thread running on another CPU from changing the buffer/string
contents, we just need to safely deal with that possibility.
For UP, the locks do prevent another thread from stepping
in, but it's better to just safely deal with it rather than
affect the interrupt latency of the system.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The struct _caller_saved is not used. Most architectures put
automatically the registers onto stack, in others architectures the
exception code does it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The struct _kernel_ach exists only because ARC' s port needed it, in
all other ports this was defined as an empty struct. Turns out that
this struct is not required even for ARC anymore, this is a legacy
code from nanokernel time.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
revert commit 3e255e968 which is to adjust stack size
on qemu_x86 platform for coverage test, but break other
platform's CI test.
Fixes: #15379.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
for SDK 0.10.0, it consumes more stack size when coverage
enabled, so adjust stack size to fix stack overflow issue.
Fixes: #15206.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If a test tries to create a user thread, and the platform
suppors user mode, and CONFIG_TEST_USERSPACE has not been
enabled, fail an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This macro is slated for complete removal, as it's not possible
on arches with an MPU stack guard to know the true buffer bounds
without also knowing the runtime state of its associated thread.
As removing this completely would be invasive to where we are
in the 1.14 release, demote to a private kernel Z_ API instead.
The current way that the macro is being used internally will
not cause any undue harm, we just don't want any external code
depending on it.
The final work to remove this (and overhaul stack specification in
general) will take place in 1.15 in the context of #14269Fixes: #14766
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
for SDK 0.10.0, it consumes more stack size when coverage enabled
on qemu_x86 and mps2_an385 platform, adjust stack size for most of
the test cases, otherwise there will be stack overflow.
Fixes: #14500.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Rename reserved function names in arch/ subdirectory. The Python
script gen_priv_stacks.py was updated to follow the 'z_' prefix
naming.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
For systems without userspace enabled, these work the same
as a k_mutex.
For systems with userspace, the sys_mutex may exist in user
memory. It is still tracked as a kernel object, but has an
underlying k_mutex that is looked up in the kernel object
table.
Future enhancements will optimize sys_mutex to not require
syscalls for uncontended sys_mutexes, using atomic ops
instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Checking the stack sentinel may abort the current thread,
make this check before we determine what the next thread
to run is.
Fixes: #15037
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There are some remaining code from object monitoring which simply
expands to empty loop macros. Remove them as they are not
functional anyway.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Clarify the warning in the help for CONFIG_MULTITHREADING to make it
clear that many things will break if this is set to 'n'.
Signed-off-by: David Brown <david.brown@linaro.org>
Controlling expression of if and iteration statements must have a
boolean type.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Functions z_spin_lock_valid and z_spin_unlock_valid are essentially
boolean functions, just change their signature to return a bool instead
of an integer.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
k_busy_wait() does not work when multithreading is disabled, so do not
try to wait during boot.
Fixes#14454
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This function was returning an essentially boolean value. Just changing
the signature to return a bool.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
BIT macro uses an unsigned int avoiding implementation-defiend behavior
when shifting signed types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add SYS_POWER_ prefix to HAS_STATE_SLEEP_, HAS_STATE_DEEP_SLEEP_
options to align them with names of power states they control.
Following is a detailed list of string replacements used:
s/HAS_STATE_SLEEP_(\d)/HAS_SYS_POWER_STATE_SLEEP_$1/
s/HAS_STATE_DEEP_SLEEP_(\d)/HAS_SYS_POWER_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit cleans up names of system power management functions by
assuring that:
- all functions start with 'sys_pm_' prefix
- API functions which should not be exposed to the user start with '_'
- name of the function hints at its purpose
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
There exists SoCs, e.g. STM32L4, where one of the low power modes
reduces CPU frequency and supply voltage but does not stop the CPU. Such
power modes are currently not supported by Zephyr.
To facilitate adding support for such class of power modes in the future
and to ensure the naming convention makes it clear that the currently
supported power modes stop the CPU this commit renames Low Power States
to Slep States and updates the documentation.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
On SMP, there was a bug where the logic that re-adds _current to the
run queue at swap time would accidentally reschedule threads that had
just gone to sleep, because the is_thread_prevented_from_running()
predicate only tests for threads that are "suspended" or "pending" and
not sleeping.
Overload _THREAD_SUSPENDED to indicate "sleeping" also. Simple fix
for an immediate bug, though long term we really want to unify all the
blocked conditions to prevent this kind of state bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This is throwing errors in static analysis, complaining that comparing
that a prior is higher and lower is impossible. That is wrong per my
eyes (I swear I think it might be cueing off the names of the
functions, which invert "higher" and "lower" to match our reversed
priority numbers).
But frankly this was never a very readable macro to begin with.
Refactor to put the bounds into the term, so the static analyzer can
prove it locally, and add a build assertion to catch any errors (there
are none currently) where the low<->high priority range is invalid.
Long term, we should probably remove this macro, it doesn't provide
much value. But removing it in response to a static analysis failure
is... not very responsible as a development practice.
Fixes#14816Fixes#14820
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The pointer arithmetic used didn't account for ARC
supervisor mode stacks, which are allocated at the
end of the stack object. Use the new macro to know
exactly how much space is reserved.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Daniel Leung caught a good one: In the (SMP) case where we were
aborting a thread that was not currently scheduled, we were flagging
the DEAD state on _current and not the thread we were aborting! This
wasn't as fatal as it seems, as the thread that called z_sched_abort()
would effectively go on living (as a zombie?) in a state where it
would always be preempted, but would otherwise remain scheduleable.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Most CPUs have instructions like LOCK, LDREX/STREX, etc which
allows for atomic operations without locking interrupts that
can be invoked from user mode without complication. They typically
use compiler builtin atomic operations, or custom assembly
to implement them.
However, some CPUs may lack these kinds of instructions, such
as Cortex-M0 or some ARC. They use these C-based atomic
operation implementations instead. Unfortunately these require
grabbing a spinlock to ensure proper concurrency with other
threads and ISRs. Hence, they will trigger an exception when
called from user mode.
For these platforms, which support user mode but not atomic
operation instructions, the atomic API has been exposed as
system calls.
Some of the implementations in atomic_c.c which can be instead
expressed in terms of other atomic operations have been removed.
The kernel test of atomic operations now runs in user mode to
prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The workaround for nonatomic swap had yet another edge case: it would
save off the _current pointer when pending a thread so that the next
time slice interrupt could test it to see if the swap had actually
happened before assuming that _current could be rescheduled (if it
just pended itself, that's impossible). Then it would clear the
pending_current pointer so future interrupts wouldn't be confused.
BUT: it turns out that qemu, when faced with really rapid timer rates
that exceed its (host-based) timing accuracy, is perfectly willing to
"stack up" timer interrupts such the one goes pending before the
previous one is finished executing. In that case, we can enter the
SECOND timer interrupt, to try timeslicing a SECOND time, STILL before
the PendSV exception has run to actually effect the context switch.
Except this time pending_current has been cleared and we try to
reschedule the pended _current thread incorrectly. In theory real
hardware could do this too, though it would involve absolutely crazy
interrupt latency problems.
Work around this by moving the clear to the thread itself, immediately
after it wakes up from the pend call it retakes a lock and clears
pending_current if it still matches _current. That is not a perfect
fix: there remains a 2-3 instruction race at that moment where we
return from pend and before we can lock interrupts again where a timer
interrupt will see an incorrect pointer. But I hammered at this and
couldn't make qemu do that (i.e. return from a timer interrupt but
flag a new one in just a cycle or two).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing device_set_power_state() API works only in synchronous
mode and this is not desirable for devices(ex: Gyro) which take
longer time (few 100 mSec) to suspend/resume.
To support async mode, a new callback argument is added to the API.
The device drivers can asynchronously suspend/resume and call the
callback function upon completion of the async request.
This commit adds the missing callback parameter to all the drivers
to make it compliant with the new API.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Corrections in the documentation of arguments in
Z_SYSCALL_MEMORY, Z_SYSCALL_MEMORY_READ, and
Z_SYSCALL_MEMORY_WRITE macros.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhances the documentation of z_arch_buffer_validate
describing the cases where the validation is performed
successfully, as well as the cases where the result is
undefined.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This was always doing a remove/add of the _current thread to the run
queue, which is wrong because in SMP _current isn't in the queue to
remove. But it went undetected until the recent dlist changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In SMP, we are setting the _current pointer while holding the
scheduler spinlock locally, which means that when we try to release it
the validation layer (not the spinlock per se) will scream at us
because the thread that took the lock doesn't match the one releasing
it.
Special case this when validation is enabled.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The k_spin_lock() validation was setting the new owner of the spinlock
BEFORE the actual lock was taken, so it could race against other
processors trying the same thing. Split the modification step out
into a separate function that can be called after we affirmatively
have the lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The tracing fixes in commit e87193896a ("subsys: debug: tracing: Fix
thread tracing") were... not a readability win. The point appears to
have been to put a tracing hook immediately before and after the
assignment to the _current pointer. So do that in an abstracted
function and clean up _get_next_switch_handle() (which is a subtle and
important function already polluted with some unavoidable preprocessor
testing!)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Currently thread abort doesn't work if a thread is currently scheduled
on a different CPU, because we have no way of delivering an interrupt
to the other CPU to force the issue. This patch adds a simple
framework for an architecture to provide such an IPI, implements it
for x86_64, and uses it to implement a spin loop in abort for the case
where a thread is currently scheduled elsewhere.
On SMP architectures (xtensa) where no such IPI is implemented, we
fall back to waiting on an arbitrary interrupt to occur. This "works"
for typical code (and all current tests), but of course it cannot be
guaranteed on such an architecture that k_thread_abort() will return
in finite time (e.g. the other thread on the other CPU might have
taken a spinlock and entered an infinite loop, so it will never
receive an interrupt to terminate itself)!
On non-SMP architectures this patch changes no code paths at all.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Tickless timers mean that k_busy_wait() won't work until after the
timer driver is initialized, which is very early but not as early as
SMP. No need for it, just spin.
Also the original code used a stack variable for the start flag, which
racily presumed that _arch_start_cpu() would comes back synchronously
with the other CPU fired up and running right now. The cleaned up smp
bringup API on x86_64 isn't so perky, so it exposed the bug. The flag
just needs to be static.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In SMP, _current is not "queued". (The run queue only stores
unscheduled threads because we can't rely on the head of the list
being _current). We weren't updating the cache choice, which would
flag swap_ok, so calling k_thread_abort(_current) (for example, when a
thread exits from its entry function) would try to switch back into
the thread and then run off the end of the function.
Amusingly this was more benign than you'd think. Stumbled on it by
accident.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When CONFIG_SMP is enabled but CONFIG_MP_NUM_CPUS is 1 (which is a
legal configuration, though a weird one) this static function ends up
being defined but unused, producing a compiler warning.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a detected user error in the code where racing insertions of
k_delayed_work items into different queues would be detected and
flagged as an error (honestly I don't see much value there -- Zephyr
doesn't as a general rule protect against errors like this, and
work_q's are inherently kernel things that don't require
userspace-style checking).
This got broken with spinlockification, where each work_q object got
its own lock, so the single lock wouldn't protect against the other
insert function any more. As it happens, that was needless. The core
synchronization on a work_q is in the internal k_queue object anyway
-- the lock in this file was only ever used for (very fast,
noncontending) delayed work insertion. So go back to a global lock to
preserve the original behavior.
Fixes#14104
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Rename scheduler spinlock sched_lock to sched_spinlock as it will
collide with the cleanup of the reserved function name _sched_lock(),
which will also be called sched_lock().
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Add a note in the documentatation of _setup_new_thread()
function stating that the caller is responsible for
providing a size argument that corresponds to the availabe
thread stack area.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit forces architecture-specific implementation for
initializing the are for user mode local thread data. This
has been enforced already for ARC. We now do the same for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The mbedtls library has some globals which results in faults
when user mode tries to access them.
Instantiate a memory partition for mbedtls's globals.
The linker will place all globals found by building this
library into this partition.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some init tasks may use some bss app memory areas and
expect them to be zeroed out. Do this much earlier
in the boot process, before any of the init tasks
run.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We used to leave byte-long placeholder symbols to ensure
that empty application memory sections did not cause
build errors that were very difficult to understand.
Now we use some relatively portable inline assembly to
generate a symbol, but don't take up any extra space.
The malloc and libc partitions are now only instantiated
if there is some data to put in them.
Fixes: #13923
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
On x86, if a supervisor thread belonging to a memory domain
adds a new partition to that domain, subsequent context switches
to another thread in the same domain, or dropping itself to user
mode, does not have the correct setup in the page tables.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In some circumstances (e.g., a tickless kernel), k_timer_remaining_get()
would not account for time passed that didn't involve clock interrupts.
This adds a simple fix for that, and adds a test case. In addition, the
return value of k_timer_remaining_get() is clamped at 0 in the case of
overdue timers and the API description is adjusted to reflect this.
Fixes: #13353
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Retpolines were never completely implemented, even on x86.
Move this particular Kconfig to only concern itself with
the assembly code, and don't default it on ever since we
prefer SSBD instead.
We can restore the common kernel-wide CONFIG_RETPOLINE once
we have an end-to-end implementation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nonatomic swap strikes again. These issues are all longstanding, but
were unmasked by the dlist work in commit d40b8ce1fb ("sys: dlist:
Add sys_dnode_is_linked") where list node pointers become nulls on
removal.
The previous fix was for a specific case where a timeslicing interrupt
would try to slice out the "wrong" current thread because the thread
has "just" pended itself. That was incomplete, because the parallel
code in k_sleep() didn't flag itself the same way.
And beyond that, it turns out to be basically impossible (now that I'm
thinking about it correctly) to prevent interrupt code from calling
into the scheduler to suspend a "just pended but not quite" current
and/or preempt away to another thread. In any of these cases, the
scheduler modifications to the state bits remain correct but the queue
nodes may be corrupt because the thread was already removed from the
ready queue. So we have to test and correct this at the lowest level,
where a thread is being removed from a priq: check that it's (1) the
ready queue and not a waitq, (2) the current thread, and (3) already
marked suspended and thus not in the queue.
There are lots of existing issues filed in the last few months all
pointing to odd instability on ARM platforms. I'm reasonably certain
this is the root cause for most or all of them.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
CPU_LPS_n name used to indicate a low power state is cryptic and
incorrect. The low power states act on the whole SoC and not exclusively
on the CPU. This patch renames CPU_LPS_n states to LOW_POWER_n. Also
HAS_ pattern for Kconfig options is used in favor of a non standard
_SUPPORTED. Naming of deep sleep states was adjusted accordingly.
Following is a detailed list of string replacements used:
s/SYS_POWER_STATE_CPU_LPS_(\d)_SUPPORTED/HAS_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_CPU_LPS_(\d)/SYS_POWER_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_DEEP_SLEEP_(\d)_SUPPORTED/HAS_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit removes dependency on SYS_POWER_LOW_POWER_STATES_SUPPORTED,
SYS_POWER_DEEP_SLEEP_STATES_SUPPORTED Kconfig options. Power management
SYS_POWER_LOW_POWER_STATES, SYS_POWER_DEEP_SLEEP_STATES options depend
now directly on specific power states supported by the given SoC. This
simplifies maintenance of SoC Kconfig files.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
We can just implement this as a macro and not needlessly
run afoul of MISRC-C rule 17.1
Fixes: #10012
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode needs to be able to read this value in
compiler generated function prologues/epilogues.
Special handling in init.c for arches that use
_data_copy. This happens before _Cstart() gets
called. We need to make sure that the compiler
stack canary checks in _data_copy itself do not
fail.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need a generic name for the partition containing
essential C library globals. We're going to need to
add the stack canary guard to this area so user mode
can read it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having to enable ramfunc support manually, just make it
transparently available to users, keeping the MPU region disabled if not
used to not waste a MPU region. This however wastes 24 bytes of code
area when the MPU is disabled and 48 bytes when it is enabled, and
probably a dozen of CPU cycles during boot. I believe it is something
acceptable.
Note that when XIP is used, code is already in RAM, so the __ramfunc
keyword does nothing, but does not generate an error.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The linker file defines the __ramfunc_ram_size symbols to get the size
of the __ramfunc_ram section. Use that instead of computing the value at
runtime from the start and end symbols. This saves 16 bytes of code with
CONFIG_RAM_FUNCTION=y.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Using __ramfunc to places a function in RAM instead of Flash.
Code that for example reprograms flash at runtime can't execute
from flash, in that case must placing code into RAM.
This commit create a new section named '.ramfunc' in link scripts,
all functions has __ramfunc keyword saved in thats sections and
will load from flash to sram after the system booted.
Fixes: #10253
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
This commit simplifies OS <-> Application interface controlling power
management. In the previous approach application-based PM required
overriding sys_suspend() and sys_resume() functions. As these functions
actually implemented power state change, in such case application
basically had to provide own implementation of all PM-related stuff,
which was not portable and hard to maintain.
This commit changes this scheme: The sys_suspend() and sys_resume()
are now system functions while the application could either use
built-in power management policies or provide its own. All details
of power mode switching are now handled by the OS.
Also, this commit cleans up the Kconfig options related to system-level
power management grouping them under common CONFIG_SYS_PM_ prefix.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Work queues are implemented in terms of k_queue objects which provide
their own synchronization. In particular insertion is potentially
blocking and always acts as a reschedule point, which means that it
must not be called with spinlocks held.
Release the lock first, and do a little cleanup of the resulting
k_delayed_work_submit_to_queue() logic.
Fixes#13411
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Upon hard/soft irq or exception entry/exit, handle transitions
off or onto the trampoline stack, which is the only stack that
can be used on the kernel side when the shadow page table
is active. We swap page tables when on this stack.
Adjustments to page tables are now as follows:
- Any adjustments for stack memory access now are always done
to the user page tables
- Any adjustments for memory domains are now always done to
the user page tables
- With KPTI, resetting a page now clears the present bit
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Minor style (syntax) fix in the help text of symbol
config EXECUTION_BENCHMARKING.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit changes the names of SYS_POWER_DEEP_SLEEP* Kconfig
options in order to match SYS_POWER_LOW_POWER_STATE* naming
scheme.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The SYS_POWER_LOW_POWER_STATE_SUPPORTED and SYS_POWER_LOW_POWER_STATE
suggests one low power state but these options control multiple
low power state. This commit uses plural in the names to indicate
that.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This API doesn't use the normal thread priority comparison itself, so
doesn't get the magic that thread_base.prio provides. If called when
another thread should be run, this would preempt the current thread
always, even if the scheduler lock was taken.
That was benign until recent spinlockifiation exposed it: a mutex in
the philosophers test run in preempt_only mode would swap away while
holding a spinlock (which used to work with irq locks) and fail later
with a "recursive" spinlock assert.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This port is a little different. Most subsystem synchronization uses
simple critical sections that can be replaced with global or
per-object spinlocks. But the userspace code was heavily exploiting
the fact that irq_lock was recursive and could be taken at any time.
So outer functions were doing locking and then calling into inner
helpers that would take their own lock (because they were called from
other contexts that did not lock).
Rather than try to rework this right now, this just creates a set of
spinlocks corresponding to the recursive states in which they are
taken, to preserve the existing semantics exactly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simple global lock around the timer API. Actually a lot of this usage
was using needless vestigial locking around existing scheduler and
timeout APIs that are now internally synchronized.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
One spinlock per pipe object. Also removed some vestigial locking
around _ready_thread(). That call is internally synchronized now.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The k_sleep() locking was actually to protect the _current state from
preemption before the context switch, so document that and replace
with a spinlock. Should probably unify this with the rather cleaner
logic in pend_curr(), but right now "sleeping" and "pended" are
needlessly distinct states.
And we can remove the locking entirely from k_wakeup(). There's no
reason for any of that to need to be synchronized. Even if we're
racing with other thread modifiations, the state on exit will be a
runnable thread without a timeout, or whatever timeout/pend state the
other side was requesting (i.e. it's a bug, but not one solved by
synhronization).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Use a subsystem lock, not a per-object lock. Really we want to lock
at mutex granularity where possible, but (1) that has non-trivial
memory overhead vs. e.g. directly spinning on the mutex state and (2)
the locking in a few places was originally designed to protect access
to the mutex *owner* priority, which is not 1:1 with a single mutex.
Basically the priority-inheriting mutex code will need some rework
before it works as a fine-grained locking abstraction in SMP.
Note that this fixes an invisible bug: with the older code,
k_mutex_unlock() would actually call irq_unlock() twice along the path
where there was a new owner, which is benign on existing architectures
(so long as the key argument is unchanged) but was never guaranteed to
work. With a spinlock, unlocking an unlocked/unowned lock is a
detectable assertion condition.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Straightforward port. Each struct k_queue object gets a spinlock to
control obvious data ownership.
Note that this port actually discovered a preexisting bug: the -ENOMEM
case in queue_insert() was failing to release the lock. But because
the tests that hit that path didn't rely on other threads being
scheduled, they ran to successful completion even with interrupts
disabled. The spinlock API detects that as a recursive lock when
asserts are enabled.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The two APIs protected by this lock are themselves internally
synchronized. Replace the irq_lock with a spinlock anyway, because
what I think it's doing is trying to prevent a race where something
else like an ISR or something it wakes up mucks with the thread before
this completes. Seems fragile on SMP as it stands, but this preserves
behavior on uniprocessor architectures.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Straightforward spinlock around the global thread state. Two changes
to the locking strategy were needed:
1. There was a needless recursive lock taken in schedule_new_thread().
This is only ever invoked in circumstances where the lock was already
held, or where there is no need for internal synchronization.
2. The recursive irq_lock() around the loop that spawns the initial
static threads (which happens at the start of main thread execution)
was removed. Most of the job (i.e. making sure the threads don't run
before the loop is finished) was already duplicated by the sched_lock
it was already taking, and the attempt to promise that all the
timeouts happen on the same tick is already true by construction at
system startup on uniprocessor systems, and not possible to guarantee
at all under SMP (where other CPUs can take that timer interrupt). We
don't document or test for this feature, so don't try to be fancy.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Really the locking in this file is vestigial. It only exists because
the scheduler's _unpend_all() call to wake up everyone waiting on a
wait_q is unsynchronized, because it was written to assume
irq_lock-style-locking. It would be cleaner to put that locking into
the wait_q itself and/or use the scheduler's subsystem lock. But it's
not clear there's any performance benefit, so let's stick with the
more easily verifiable change first.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Poll gets a single subsystem lock for now. The existing locking in
Ben's code is subtle, being used both for latency control and for
critical section protection. So getting each k_poll_event to use a
separate lock will require care and a little logic change. Do the
simple version for now, which still works to decouple it from the
global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These functions, for good design reason, take a locking key to
atomically release along with the context swtich. But there's still a
common pattern in code to do a switch unconditionally by passing
irq_lock() directly. On SMP that's a little hurtful as it spams the
global lock. Provide an _unlocked() variant for
_Swap/_reschedule/_pend_curr for simplicity and efficiency.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Switch semaphores to use a subsystem spinlock instead of the system
irqlock.
Note that this is only "half way there". Semaphores will no longer
contend with other irqlock users on SMP systems, but all semaphores
are still sharing the same lock. Really we want semaphores to be
independently synchronized, but adding 4 bytes to every one (there are
a LOT of these things) for a separate spinlock is too much to pay.
Rather, a proper SMP-aware implementation would spin on the count
variable directly. But let's not rock that boat quite yet.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Just like with _Swap(), we need two variants of these utilities which
can atomically release a lock and context switch. The naming shifts
(for byte count reasons) to _reschedule/_pend_curr, and both have an
_irqlock variant which takes the traditional locking.
Just refactoring. No logic changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Mostly useless patch. All architectures have their own code for
atomic operations and don't use this fallback. Still, it's a trivial
locking setup and we might as well.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Each work_q object gets a separate spinlock to synchronize access
instead of the global lock. Note that there was a recursive lock
condition in k_delayed_work_cancel(), so that's been split out into an
internal unlocked version and the API entry point that wraps it with a
lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The validation checking recently added to spinlocks is useful, but
requires kernel-internals like _current and _current_cpu in a header
context that tends to be needed before those are declared (or where we
don't want them declared), and is causing big header dependency
headaches.
Move it to C code, it's just a validation tool, not a performance
thing.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These two spots were duplicating logic that is already done inside
_reschedule(), which is the cleaner, less dangerous API. Use it where
possible when outside the scheduler internals.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Since we know do DTS before Kconfig we should try and remove dts from
creating Kconfig namespaced symbols and leave that to Kconfig. So
rename CONFIG_CCM_<FOO> to DT_CCM_<FOO>.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The power management framework used two different abstractions
to describe power states. The SYS_PM_* given coarse information
what kind of power state (low power or deep sleep) was used,
while the SYS_POWER_STATE_* abstraction provided information
about particular power mode.
This commit removes the SYS_PM_* abstraction as the same
information is already carried in SYS_POWER_STATE_*.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Newlib now defines a special z_newlib_partition containing
all globals relevant to newlib. Most of these are in libc.a
with a heap tracking variable in newlib's hooks.
* Both C libraries now expose a k_mem_partition containing the
bounds of the malloc heap arena. Threads that want to use
libc malloc() will need to add this to their memory domain.
* z_newlib_get_heap_bounds has been removed, in favor of the
memory partition for the heap arena
* ztest now includes the C library partitions in its memory
domain.
* The mem_alloc test now runs in user mode to prove that this
all works for both C libraries.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Dynamic kernel objects enforce that the permission state
of an object is also a reference count; using a kernel
object without permission regardless of caller privilege
level is a programming bug.
However, this is not the case for static objects. In
particular, supervisor threads are allowed to use any
object they like without worrying about permissions, and
the logic here was causing cleanup functions to be called
over and over again on kernel objects that were actually
in use.
The automatic cleanup mechanism was intended for
dynamic objects anyway, so just skip it entirely for
static objects.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch puts checks in place to ensure that callers to the k_mem_slab
APIs provide word aligned block sizes. If this is not done, this can
result in unaligned accesses and subsequent crashes.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This commit extends the implementation of sane_partition(..) in
kernel/mem_domain.c so that it generates an ASSERT if partitions
inside a mem_domain overlap. This extension is only implemented
for the case when the MPU requires non-overlapping regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This adds a simple implementation of SMP CPU affinity to Zephyr. The
API is simple and doesn't try to invent abstractions like "cpu sets".
Each thread has an enable/disable flag associated with each CPU in the
system, and the bits can be turned on and off (for threads that are
not currently runnable, of course) using an easy three-function API.
Because the implementation picked requires enumerating runnable
threads in priority order looking for one that match the current CPU,
this is not a good fit for the SCALABLE or MULTIQ scheduler backends,
so it currently can be enabled only for SCHED_DUMB (which is the
default anyway). Fancier algorithms do exist, but even the best of
them scale as O(N_CPUS), so aren't quite constant time and often
require significant memory overhead to keep separate lists for
different cpus/sets.
The intended use here is for apps that want to "pin" threads to
specific CPUs for latency control, or conversely to prevent certain
threads from taking time on specific CPUs to leave them free for fast
response.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When under SMP, _current is a macro that indirects to a CPU-specific
address, and that trick won't work until kernel_arch_init() has
returned.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Idle threads must (for obvious reasons!) always be preemptible from
the perspective of the scheduler. But when preemptive scheduling is
disabled, they are given a priority of -1, which is the lowest
COOPERATIVE priority. So the scheduler preemption logic needed an
extra test for this case and couldn't just rely on the existing
priority comparison. This was a measurable performance loss, as this
is a hot path on existing benchmarks.
Limit that test to circumstances (!CONFIG_PREEMPT_ENABLED) where it's
actually needed.
Longer term it would be better to just force the existence of one
"preemptible" thread priority always, but right now the number of
priorities and the state of the PREEMPT_ENABLED kconfig flag are
linked, and the existing interrupt return code (with no preemption,
you know with certainty which thread you are returning to and can skip
some work) on some platforms fails when I try this.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
For historical reasons, some architectures had a valid _current thread
pointer at initialization time and others didn't. So the scheduler
logic had a test that checks _current vs. NULL every time it needed to
check premption, when this was only a workaround for initialization
state.
Fix things so that there is a dummy thread always (and clean up the
code to do a struct assignment instead of a memset of bare memory),
and we can remove that test from the scheduler hot path.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
GCC 6.2.0 is making frustratingly poor inlining decisions with some of
these routines, resulting in an awful lot of runtime calls for code
that is only ever expanded once or twice within the file.
Treat with targetted ALWAYS_INLINE's to force the issue. The
scheduler code is a hot path.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_dlist_insert_*() functions had a behavior where a NULL
argument for the insertion position to sys_dlist_insert_after/before()
was interpreted as "the end of the list". We never used that
convention (except in one spot internal to dlist.h which was not
itself used anywhere), and of course already have an API for appending
and prepending to a list.
In practice this was a performance disaster. The NULL check is
virtually never provable statically by the compiler, so that test and
branch is present always. And worse, the check and call to another
function was pushing this beyond the complexity limit for gcc to
inline a function (at -Os optimization anyway), forcing us to use
function calls for what should be a ~8 instruction sequence. The
upshot is that dlist insertions were 2-3x slower than they needed to
be.
Deprecate these older APIs and introduce a new sys_dlist_insert() call
which can be much better optimized.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The fix in commit e664c78b82 ("kernel/timeout: Fix recursive
spinlock in z_set_timeout_expiry()") missed a spot that had also been
introduced with recent locking work. The new
_get_next_timeout_expiry() implementation takes its own lock, which is
recursive when called from z_clock_announce(). Fix by calling the
wrapped implementation instead.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Whether a timeout is linked into the timeout queue can be determined
from the corresponding sys_dnode_t linked state. This removes the need
to use a special flag value in dticks to determine that the timeout is
inactive.
Update _abort_timeout to return an error code, rather than the flag
value, when the timeout to be aborted was not active.
Remove the _INACTIVE flag value, and replace its external uses with an
internal API function that checks whether a timeout is inactive.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
k_poll events are registered in a linked list when their signal
condition has been met. The code to clear event registration did not
account for events that were not registered, resulting in double-removes
that produced core dumps on native-posix sanitycheck.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
CONTAINER_OF() on a NULL pointer returns some offset around NULL and not
another NULL pointer. We have to check for that ourselves.
This only worked because the dnode happened to be at the start of the
struct.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The help text has been stating that CONFIG_STACK_CANARIES will
silently be ignored when the compiler does not support them. But this
is not the desired behaviour of CONFIG_STACK_CANARIES[1].
This patch corrects the help text to state that an error will occur if
this feature is enabled, but not supported.
[1] "I would much rather see the build break if someone tries to
enable the stack canaries, and the compiler doesn't support
it. Because what happens now is that if someone enables this option,
and there is no support, the build will succeed but there are no
actual stack canaries in place, and unless the user is paying close
attention to the cmake test output they will have no idea."
--
https://github.com/zephyrproject-rtos/zephyr/issues/5019
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
There is an effort underway to make most of the Zephyr build script's
reentrant. Meaning, the build scripts can be executed multiple times
during the same CMake invocation.
Reentrancy enables several use-cases, the motivating one is the
ability to build several Zephyr executables, or images, for instance a
bootloader and an application.
For build scripts to be reentrant they cannot be directly referencing
global variables, like target names, but must instead reference
variables, which can vary from entry to entry.
Therefore, in this patch, we replace global targets with variables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The z_set_timeout_expiry() function was added in part to simply the
locking strategy, but it missed a case where a function it was calling
was re-locking the same spinlock. It "works"[1] in uniprocessor
environments, but can be a deadlock in SMP.
Fix this by moving the meat of the function to an unlocked utility,
use that locally, and turn the entry point into one that does locking.
Actually this only gets called from idle now, which is a use case that
will go away when TICKLESS_IDLE is removed as a separate feature (once
you know all timeouts are set tickless, you don't need to set it from
the idle entry at all).
Discovered via lucky inspection.
[1] It doesn't work. It releases the lock prematurely at the end of
the inner block. But in practice this wasn't discovered.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch provides support for generating Code coverage reports.
The prj.conf needs to enable CONFIG_COVERAGE. Once enabled, the
code coverage data dump now comes via UART.
This data dump on the UART is triggered once the main
thread exits.
Next step is to save this data dump on file. Then run
scripts/gen_gcov_files.py with the serial console log as argument.
The last step would be be to run the gcovr. Use the following cmd
gcovr -r . --html -o gcov_report/coverage.html --html-details
Currently supported architectures are ARM and x86.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Timeslicing works by removing the _current thread from the run queue
and re-adding it at the end of its priority. On systems with a
_Swap() that can be preempted by a timer interrupt, that means it's
possible for the timeslice to try to slice out a thread that had
already pended itself!
This behavior used to be benign (or at least undetectable) as the
duplicated list operations were idempotent. But now the dlist code is
stricter about correctness and has exposed the bug -- it will blow up
if you try to remove an already-removed list node.
Fix (on affected platforms) by stashing the _current pointer in
_pend_current_thread() that is checked and cleared in the timer
interrupt. If we discover we're trying to interrupt a thread that's
already interrupted itself, we can safely exit z_time_slice() as a
noop. The timeslicing bookeeping was already done for us underneath
the pend code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This is a refactoring of the fix in commit 6c95dafd82 to limit its
application to affected platforms now that the root cause is
understood.
Note that the bug that fix was addressing was rare and seen only on
after multi-hour sessions on Michael Scott's test rig. So if
something regresses, this is where to look!
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
On ARM, _Swap() isn't atomic and a hardware interrupt can land after
the (irq_locked) caller has entered _Swap() but before the context
switch actually happens. This will require some platform-specific
workarounds in a few places in the scheduler.
This commit is just the Kconfig and selection on ARM.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The call to _arch_switch is a giant screaming sign inviting optimizer
bugs. The code that appears before is what happened long ago when we
were switched out, but the version that EXECUTED just now is actually
in a different thread. So the assignment to _current before the
switch actually assigned OUR thread (the "new_thread" of the old
context!) to _current.
But obviously the optimizer looks at that code and assumes that the
_current which got assigned to the thread we were switching to long
ago is still correct, and used it when retrieving the swap return
value.
Obviously the real bug here is that the _arch_switch() in question
lacked a memory clobber (and it's getting one).
But we can remove two lines, remove code from inside the interrupt
lock and make the implementation more robust by moving the read to
after the irq_unlock() (which generally also has a memory clobber).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These files were using z_thread_malloc() without including
kernel_internal.h. On existing architectures that works due to
transitive includes, but x86_64 has a thinner include layer and
doesn't do it for us. Include the files required for the APIs we use.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Commit 76b3518ce6 ("kernel: Make statements evaluate boolean
expressions") changed the type of is_polling in the struct _poller
from int to bool. In the conversion a "0" has been changed into "true"
instead of "false". Fix that.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This API was using variable number of arguments. Which is not
allowed according to misra c guidelines(Rule 17.1). Hence making
this API into a macro and using the util macro FOR_EACH_FIXED_ARG
to get the same functionality.
There is one deviation from the old function. The last argument
shouldn't be NULL.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The logic in z_set_timeout_expiry() missed the case where the ticks
argument could be zero (or lower), which can happen naturally due to
timing/interrupt slop. In those circumstances, it would still try to
reset a timer that was "about to expire at the next tick", which would
run afoul of the drivers' internal decisions about how soon a timer
interrupt could be set, and then get pushed out to the next tick.
Explicitly detect this as an "imminent" predicate to make the logic
clearer.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The recent change that added a locked z_set_timeout_expiry() API
obsoleted the subtle note about synchronization above
reset_time_slice(). None of that matters any more, the API is
synchronized internally in a conventional way.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The use of dticks == INACTIVE to tell whether or not a timeout was
already in the list was insufficient. There is a time period between
the moment a timeout is removed from the list and the end of its
handler where it is not in the list, yet its list node pointers still
point into it. Doing things like aborting a thread while that is true
(which can be asynchronous too!) would corrupt the list even though
all the operations on it were "atomic".
Set the timeout node pointers to nulls atomically when removed, and
check for double-remove conditions (which, again, might be perfectly
OK).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This loop was structured badly, as a while(true) with multiple "exit
if" cases in the body. It was bad enough that I genuinely fooled
myself into rewriting it, having convinced myself there was a bug in
it when there wasn't.
So keep the rewritten loop which expresses the iteration in a more
invariant way (i.e. "while we have an element to expire" and not "test
if we have to exit the loop"). Shorter and easier. Also makes the
locking clearer as we can simply release the lock around the callback
in a natural/obvious way.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Don't present USE_SWITCH and SMP to user applications that are
configuring for platforms that do not support SMP or USE_SWITCH.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
SMP requires the new-style '_arch_switch' to be enabled. To prevent
users from creating invalid configurations where SMP is enabled while
_arch_switch is not, we add a dependency from SMP to USE_SWITCH.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
RETPOLINE has been enabled by default on most platforms, but it is
only supported on X86.
Features should only be enabled if they are supported and active on
the given platform. To rectify this we have RETPOLINE depend on X86,
the only platform on which it is implemented.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
In general driver system calls are implemented at a subsystem
layer. However, some drivers may have capabilities specific to
the hardware not covered by the subsystem API. Such drivers may
want to define their own system calls.
This macro makes it simple to validate in the driver-specific
system call handlers that not only does the untrusted device
pointer correspond to the expected subsystem, initialization
state, and caller permissions, but also that the device object
is an instance of a specific driver (and not just any driver in
that subsystem).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The main function is just a weak function that should be override by the
applications if they need. Just adding a nop instructions to explicitly
says that this function does nothing.
MISRA-C rule 2.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
If initialization fails, zero the API struct so that
device_get_binding() can't fetch it, and do not mark
the driver object as initialized to user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch splits the text section into 2 parts. The first section
will have some info regarding vector tables and debug info. The
second section will have the complete text section.
This is needed to force the required functions and data variables
the correct locations.
This is due to the behavior of the linker. The linker will only link
once and hence this text section had to be split to make room
for the generated linker script.
Added a new Kconfig CODE_DATA_RELOCATION which when enabled will
invoke the script, which does the required relocation.
Added hooks inside init.c for bss zeroing and data copy operations.
Needed when we have to copy data from ROM to required memory type.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
MISRA-C says all declarations of an object or function must use the
same name and qualifiers.
MISRA-C rule 8.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In C90 was introduced function prototype, that allows argument types
to be checked against parameter types, though it is not necessary
specify names for the parameters. MISRA-C requires names for function
prototype parameters, it claims that names can provide useful
information regarding the function interface.
MISRA-C rule 8.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The order of evaluation of function calls in the arguments of a
function. This is undefined (32)/ unspecified(15-18) in C99.
MISRA-C rule 13.2 does not allow that a value of an expression and its
side effects happens in not deterministic order to avoid these
undefined behaviors.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
According with MISRA-C and unconditional break statement must
terminate every switch-clause.
MISRA-C rule 16.1 and 16.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
MISRA-C requires the right-hand operand of && or || operator does not
contain persistent effect.
MISRA-C rule 13.5
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When a memory partition is removed, it is not required
to clear the start and attr fields, since a free partition
is only indicated by a zero size field. This commit removes
the un-necessary clearing of start and attr fields.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
It is necessary to delay setting lock_count = 0 because an unlocking thread
maybe swapped out when it calls adjust_owner_prio(). If the thread that starts
running sees lock_count = 0 it will successfully acquire the mutex even though
it is not fully unlocked yet.
Fixes#11798.
Signed-off-by: Nicolás Bértolo <nicolasbertolo@gmail.com>
The comment explaining why _IntLibInit was being invoked was left in
place after the invocation itself was removed. Remove it too.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The function that checks if an object is valid is essentially a boolean
function. Just changing its return type to reflect it.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This allows for workqueues to be started in user mode.
No additional kernel objects or system calls are defined
other than starting the workqueue in user mode; for
permission purposes the embedded queue and thread objects
are sufficient.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
k_work and k_work_q are not kernel objects, nor will they
be. k_work_q contains some kernel objects which are tracked
independently.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There were many platforms where this function was doing nothing. Just
merging its functionality with _PrepC function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
System must not set the clock expiry via backdoor as it may
effect in unbound time drift of all scheduled timeouts.
Fixes: #11502
Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no>
System Power Management is only supported in Tickless Idle mode.
This patch modifies Kconfig dependencies to ensure System Power
Management option selects Tickless Idle one.
Fixes: #11046
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
The call to z_clock_set_timeout() was being made outside the timeout
lock, which can race against other contexts setting sooner-expiring
timeouts.
Also add a long comment to one spot (timeslicing) where this call is
made outside the timeout spinlock (inside the scheduler lock) and why
this is OK.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add implementation for k_msgq_peek() which is similar to k_msgq_get()
except the message is not deleted from the queue.
Signed-off-by: Sathish Kuttan <sathish.k.kuttan@intel.com>
If we just had the kernel's implementation, we could
just move this to lib/, but possible arch-specific
implementations dictate that we just make this a
syscall.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We aren't going to allow any user mode access to the
k_mem_slab APIs, but in some cases (specifically in the
case of the I2S subsystem) we need to allow user mode
to assign a memory slab to a particular driver.
This will let us verfiy (in supervisor mode) that a provided
k_mem_slab pointer is really a k_mem_slab, and know its
initialization state, and have permissions assigned to it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit optimizes the process of checking that the
added partitions in a mem_domain are sane. It places the
sane_partition checking inside the loop of adding the
partitions in the mem_domain, so that the checkings are
not performed twice, and no partition is checked against
itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes the calculations of the partition ending
addresses in two places in the code, according to:
<last> = <start> + <size> - 1. We also rename 'end' to 'last'
to stress that we calculate the last address in the partition.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
User mode may need to use this API to get a handle on
devices by name, expose as a system call. We impose
a maximum name length as the system call handler needs
to make a copy of the string passed in from user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If this function is itself interrupted by a timeslice event, the
slicing state can be corrupted. Just re-use the scheduler lock
instead of using a new spinlock; this is a low-latency function that
won't deadlock. Found by inspection.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add a TICKLESS_CAPABLE kconfig variable which is used by the kernel to
select tickless mode's default automatically on drivers that support
it (rather than having to set the default per-board). Select it from
the ARM SysTick and Intel HPET drivers.
Also remove the old qemu_cortex_m3 default settings which this
replaces.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Some places are using the same tag identifier with different types.
This is a MISRA-C violation and makes the code less readable.
MISRA-C rule 5.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
k_poll_signal was being used by both, struct and function. Besides
this being extremely error prone it is also a MISRA-C violation.
Changing the function to contain a verb, since it performs an action
and the struct will be a noun. This pattern must be formalized and
followed and across the project.
MISRA-C rules 5.7 and 5.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There was an struct and a variable called _kernel. This is error prone
and a MISRA-C violation. It is changing the struct to have a unique
identifier.
MISRA-C rule 5.8
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
According with MISRA-C an object should be defined in a block scope if
it is used in a single function.
MISRA-C rule 8.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This is not violating any MISRA-C rule, though, it seems to be
triggering a false (rule 9.1) positive in some static analysis
tools. Nevertheless, it is more readable declare all variables in the
same scope together.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There is a struct and a macro called _ready_q, this is error
prone. Just removing it.
MISRA-C rule 5.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The tracing variable in alert.c was declared by default. This
should have been declared only when CONFIG_OBJECT_TRACING is set.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch fixes few issues in queue.c. This patch also changes
the return type of k_queue_alloc_append and k_queue_alloc_prepend
from int to s32_t.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This commit introduces k_sleep() return value, which provides
information about actual sleep time. If the returned value is
not-zero, the thread slept shorter than requested, which is
only possible if the thread has been woken up by k_wakeup() call.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Fixing a few minor typo fixes in kernel/mem_domain.c
and the respective documentation section.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix a compile warning if we build using int types defined to match the
compiler. We get the following warnings:
kernel/msg_q.c: In function ‘_impl_k_msgq_alloc_init’:
kernel/msg_q.c:75:9: warning: passing argument 3 of ‘__builtin_umul_overflow’ from incompatible pointer type [-Wincompatible-pointer-types]
(u32_t *)&total_size)) {
^
kernel/msg_q.c:75:9: note: expected ‘unsigned int *’ but argument is of type ‘u32_t * {aka long unsigned int *}’
__builtin_umul_overflow expects to be passed unsigned int for all its
arguments, so cast to that instead of u32_t.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Previously, a generic "workqueue" name was used, but there're few
workqueues in a typical Zephyr setup, and it wasn't possible to
distinguish them.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In _pend_current_thread the argument key is always a unsigned
interger type and this function forces it to become a signed
interger. This is a dangerous behavior and cant be trusted to
work as expected.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Duh: "remove()" is a POSIX symbol, and on at least some platforms
stdio.h can be included here out of platform headers causing a name
collision.
Fixes#10669's direct issue, though the broader issue of how to choose
names for statics remains controversial.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This API shouldn't take a int type but instead it should take
u32_t. This argument has to be similar to irq_lock() and
irq_unlock().
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
In tickless mode, not all elapsed ticks may have been announced yet,
so future z_time_slice() calls will include "extra" ticks that we have
to account for when setting up the slice count.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Our funny convention holds that passing ticks==1 to _add_timeout()
means "at the next tick". But that means that 1, 0, and all negative
numbers are expected to behave the same. In ticked mode, that's fine
because it will, after all, expire at the next tick.
But in tickless, the next announcement may be for several ticks, and
that zero will appear to expire "before" the next tick in the
consumption loop.
Make sure all "next tick" expirations look the same.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When fetching the next timeout to expire, the value is relative to the
last announced tick, so you subtract the timer-provided elapsed time
to get the true delta from "now". When adding a new timeout, you
*have* a value relative to now, so you compute the delta vs. the last
announced tick by adding the elapsed() time. Duh.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was wrong in subtle ways. In tickless mode it's possible to get
an announcement for multiple ticks at a time and have multiple
callbacks to execute that were technically scheduled at different
times. We want to fix the current tick at the value represented by
the currently-executing callback's EXPIRATION (even if we missed it!),
so that any new timeouts it sets (c.f. a k_timer period) happen at the
right point, in phase with the expected series. In single-tick mode
the code ends up the same always, so the bug wasn't visible.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The previous comment correctly and carefully explained why the 64 bit
value in curr_tick doesn't require locking when reading only the low
32 bits.
It completely missed the fact that the calculation of elapsed time and
the read of curr_tick ABSOLUTELY DO require locking, because the
former is expressed in terms of the latter. This was always bug, even
in the old code, but never witnessed because we ran so little software
in tickless mode.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
It's possible to interrupt a thread that has already scheduled a
timeout. Really this is a race against the usage of
_add_thread_timeout() and needs some design work to provide proper
locking (which is a distinct requirement from the scheduler lock and
timeout lock!), as the users of that API are spread around the kernel.
But existing usage always schedules the timeouts first, so this is
safe.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The timeout APIs are properly synchronized now. This irq_lock() (and
the comment explaining it) isn't needed anymore.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These options are rapidly becoming a default configuration, which is
complicated by having them be hidden inside of a SYS_POWER_MANAGEMENT
variable that has to be enabled first. Put them at the top level of
the kernel config.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
I was pretty careful, but these snuck in. Most of them are due to
overbroad string replacements in comments. The pull request is very
large, and I'm too lazy to find exactly where to back-merge all of
these.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that the API has been fixed up, replace the existing timeout queue
with a much smaller version. The basic algorithm is unchanged:
timeouts are stored in a sorted dlist with each node nolding a delta
time from the previous node in the list; the announce call just walks
this list pulling off the heads as needed. Advantages:
* Properly spinlocked and SMP-aware. The earlier timer implementation
relied on only CPU 0 doing timeout work, and on an irq_lock() being
taken before entry (something that was violated in a few spots).
Now any CPU can wake up for an event (or all of them) and everything
works correctly.
* The *_thread_timeout() API is now expressible as a clean wrapping
(just one liners) around the lower-level interface based on function
pointer callbacks. As a result the timeout objects no longer need
to store backpointers to the thread and wait_q and have shrunk by
33%.
* MUCH smaller, to the tune of hundreds of lines of code removed.
* Future proof, in that all operations on the queue are now fronted by
just two entry points (_add_timeout() and z_clock_announce()) which
can easily be augmented with fancier data structures.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
_timeout_remaining_get() was a function on a struct _timeout, doing
iteration on the timeout list, but it was defined in timer.c (the
higher level abstraction).
Move it to where it belongs. Also have it return ticks instead of ms
to conform to scheme in the rest of the timeout API. And rename it to
a more standard zephyr name.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The current z_clock_uptime() call (recently renamed from
_get_elapsed_program_time) requires the driver to track a full 64 bit
uptime value in ticks, which is entirely separate from the one the
kernel is already keeping.
Don't do that. Just ask the drivers to track uptime since the last
call to z_clock_announce(), since that is going to map better to
built-in hardware capability.
Obviously existing drivers already have this feature, so they're
actually getting slightly larger in order to implement the new API in
terms of the old one. But future drivers will thank us.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add the callback parameter to add_timeout(), and remove the thread
argument. Now the "low level" timeout API can be expressed without
reference to threads.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that this is known to be an unused value, remove it from the API.
Note that this caught a few spots where we were passing values (a
non-NULL wait_q with a NULL thread handle) that were always being
ignored before.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing timeout API wants to store a wait_q on which the thread
is waiting, but it only uses that value in one spot (and there only as
a boolean flag indicating "this thread is waiting on a wait_q).
As it happens threads can already store their own backpointers to a
wait_q (needed for the SCALABLE scheduler backend), so we should use
that instead.
This patch doesn't actually perform that unification yet. It
reorgnizes things such that the pended_on field is always set at the
point of timeout interaction, and adds a bunch of asserts to make 100%
sure the logic is correct. The next patch will modify the API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The timeout_q.h scheme, where it declared real functions, but the
stubs for when there was no clock were in wait_q.h was senselessly
weird. Put them in the same file.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Instead of checking every time we hit the low-level context switch
path to see if the new thread has a "partner" with which it needs to
share time, just run the slice timer always and reset it from the
scheduler at the points where it has already decided a switch needs to
happen. In TICKLESS_KERNEL situations, we pay the cost of extra timer
interrupts at ~10Hz or whatever, which is low (note also that this
kind of regular wakeup architecture is required on SMP anyway so the
scheduler can "notice" threads scheduled by other CPUs). Advantages:
1. Much simpler logic. Significantly smaller code. No variance or
dependence on tickless modes or timer driver (beyond setting a
simple timeout).
2. No arch-specific assembly integration with _Swap() needed
3. Better performance on many workloads, as the accounting now happens
at most once per timer interrupt (~5 Hz) and true rescheduling and
not on every unrelated context switch and interrupt return.
4. It's SMP-safe. The previous scheme kept the slice ticks as a
global variable, which was an unnoticed bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This got broken. Add some #ifery to handle the case. Not clean, will
clean up in a future pass once the API is final.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This feature was a useless noop based on mistaken API understanding.
The idea seems to have been that k_busy_wait() included guards to
ensure "clock_always_on" was true duing the loop, presumably because
the original author was afraid that "turning the clock off" would
affect the operation of k_cycle_get_32().
Then later someone came around and "optimized" this for Quark SE,
where the cycle counter is the RTC and unrelated to the timer driver
used by the clock_always_on feature. (Except even there it presumably
should have been done at the SoC level and not just in the C1000
devboard -- note that Arduino 101 never would have gotten this).
But it was all a mistake: "clock_always_on" has nothing to do with
en/disabling the system cycle timer (which never happens when the
system is active, that's a feature of idle), it's a control over the
delivery of timer interrupts. And needless to say we don't care about
timer interrupts when we're spinning on a cycle counter.
Yank the whole mess.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The current API has an rather unfortuate collision between two APIs:
z_clock_announce(), which is called out of the timer interrupt to
inform the kernel of time passage (and which is responsible for
invoking timer callbacks), and z_tick_set(), which is ALSO used by the
timer drivers for... confusing and inconsistent purposes.
This is sort of a mess. The tick_set API needs to go away, but before
that I'm adding some assertions to at least make sure the existing
drivers are using them consistently.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was no good reason to have these rather large functions in a
header. Put them into sys_clock.c for now, pending rework to the
system.
Now the API is clearly visible in a small header.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
If the idle code was detecting that it needed to sleep for less than
CONFIG_SYS_TICKLESS_IDLE_THRESH, then it would never call
z_clock_set_timeout() at all, which means that the system would never
wake up unless it already had a timeout scheduled! Apparently we
lacked a test case to detect this condition.
Honestly this seems like a crazy feature to me. There's no benefit in
delivering needless tick announcements. If the system has the
capacity to enter deeper sleep for long timeouts, that's already
exposed via the PM APIs, the timer subsystem needn't be involved.
But... we actually have a test (tickless_concept) that looks at this,
so support it for now and consider deprecation later.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This code (just refactored as part of the timer API work) turns out to
be needless. It's trying to detect the case where we're being asked
to idle for zero time, but that's not possible with a properly
functioning timer driver: the call to z_clock_announce() must happen
out of an interrupt, and this is the idle thread, which must sit below
any possible interrupt priority. The call to z_clock_uptime() must
not ever return "too late" until after the timer interrupt has fired,
at which point we'll be inspecting the next timeout (which itself is
guaranteed to be in the future for the same reason).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The tickless driver had a bunch of "hairy" APIs which forced the timer
drivers to do needless low-level accounting for the benefit of the
kernel, all of which then proceeded to implement them via cut and
paste. Specifically the "program_time" calls forced the driver to
expose to the kernel exactly when the next interrupt was due and how
much time had elapsed, in a parallel API to the existing "what time is
it" and "announce a tick" interrupts that carry the same information.
Remove these from the kernel, replacing them with synthesized logic
written in terms of the simpler APIs.
In some cases there will be a performance impact due to the use of the
64 bit uptime call, but that will go away soon.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Rename timer driver API functions to be consistent. ADD DOCS TO THE
HEADER so implementations understand what the requirements are.
Remove some unused functions that don't need declarations here.
Also removes the per-platform #if's around the power control callback
in favor of a weak-linked noop function in the driver initialization
(adds a few bytes of code to default platforms -- we'll live, I
think).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing API had two almost identical functions: _set_time() and
_timer_idle_enter(). Both simply instruct the timer driver to set the
next timer interrupt expiration appropriately so that the call to
z_clock_announce() will be made at the requested number of ticks. On
most/all hardware, these should be implementable identically.
Unfortunately because they are specified differently, existing drivers
have implemented them in parallel.
Specify a new, unified, z_clock_set_timeout(). Document it clearly
for implementors. And provide a shim layer for legacy drivers that
will continue to use the old functions.
Note that this patch fixes an existing bug found by inspection: the
old call to _set_time() out of z_clock_announce() failed to test for
the "wait forever" case in the situation where clock_always_on is
true, meaning that a system that reached this point and then never set
another timeout would freeze its uptime clock incorrectly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There were three separate "announce ticks" entry points exposed for
use by drivers. Unify them to just a single z_clock_announce()
function, making the "final" tick announcement the business of the
driver only, not the kernel.
Note the oddness with "_sys_idle_elapsed_ticks": this was a global
variable exposed by the kernel. But it was never actually used by the
kernel. It was updated and inspected only within the timer drivers,
and only so that it could be passed back to the kernel as the default
(actually hidden) argument to the announce function. Break this false
dependency by putting this variable into each timer driver
individually.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The system tick count is a 64 bit quantity that gets updated from
interrupt context, meaning that it's dangerously non-atomic and has to
be locked. The core kernel clock code did this right.
But the value was also exposed to the rest of the universe as a global
variable, and virtually nothing else was doing this correctly. Even
in the timer ISRs themselves, the interrupts may be themselves
preempted (most of our architectures support nested interrupts) by
code that wants to set timeouts and inspect system uptime.
Define a z_tick_{get,set}() API, eliminate the old variable, and make
sure everyone uses the right mechanism.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This flag is an indication to the timer driver that the OS doesn't
care about rollover conditions of the tick count while idling, so the
system doesn't need to wake up once per counter flip[1]. Obviously in
that circumstance values returned from k_uptime_get_32() are going to
be wrong, so the implementation had an assert to check for misuse.
But no one understood that from the docs, so the only place these APIs
were used in practice were as "guards" around code that needed to call
k_uptime_get_32(), even though that's 100% wrong per docs!
Clarify the docs. Remove the incorrect guards. Change the flag to
initialize to true so that uptime isn't broken-by-default in tickless
mode. Also move the implemenations of the functions out of the
header, as there's no good reason for these to need to be inlined.
[1] Which can be significant. A 100MHz ARM using the 24 bit SysTick
counter rolls over at about 6 Hz, and if it had to come out of
idle at that rate it would be a significant power issue that would
swamp the gains from tickless. Obviously systems with slow
counters like nRF or 64 bit ones like RISC-V or x86's TSC aren't
as affected.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was another "global variable" API. Give it function syntax too.
Also add a warning, because on nRF devices (at least) the cycle clock
runs in kHz and is too slow to give a precise answer here.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was only used in a few places just to indirect the already
perfectly valid SYS_CLOCK_TICKS_PER_SEC value. There's no reason for
these to ever have been kconfig units, and in fact the distinction
appears to have introduced a hidden/untested bug in the power
subsystem (the two variables were used interchangably, but they were
defined in reciprocal units!).
Just use "ticks" as our time unit pervasively, and clarify the docs to
explain that.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing API defined sys_clock_{hw_cycles,ticks}_per_sec as simple
"variables" to be shared, except that they were only real storage in
certain modes (the HPET driver, basically) and everywhere else they
were a build constant.
Properly, these should be an API defined by the timer driver (who
controls those rates) and consumed by the clock subsystem. So give
them function syntax as a stepping stone to get there.
Note that this also removes the deprecated variable
_sys_clock_us_per_tick rather than give it the same treatment.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The builtin function __builtin_umul_overflow returns a boolean and
should not checked as an integer.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Removing an unnecessary check in k_mem_pool_alloc. The condition is
already being checked in the if.
MISRA-C rule 14.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
A final else statement must be provided when an if statement is
followed by one or more else if.
MISRA-C rule 15.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When delta_ticks_from_prev is not 0, the variable ticks will necessarily
be lesser or equal 0, so the if checking that is no necessary.
MISRA-C rule 15.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
According C99 the first 31 characters of an identifier must be unique.
Shortening the namespace of the generated objects to achieve it.
C99 - 5.2.4.1
MISRA-C rule 5.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Under GNU C, sizeof(void) = 1. This commit merely makes it explicit u8.
Pointer arithmetics over void types is:
* A GNU C extension
* Not supported by Clang
* Illegal across all ISO C standards
See also: https://gcc.gnu.org/onlinedocs/gcc/Pointer-Arith.html
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Change APIs that essentially return a boolean expression - 0 for
false and 1 for true - to return a bool.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added k_thread_name_set() and enable thread name setting when declaring
static threads. This is enabled only when THREAD_MONITOR is used. System
threads get a name by default.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit improves the help text of INIT_STACKS
Kconfig option, so it indicates that the stack
initialization applies also to the interrupt stack.
Fixes#7196.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The Kconfig option CONFIG_BUILD_TIMESTAMP became unused when
BUILD_VERSION was introduced, but it's option and parts of it's
implementation was not completely cleaned from the repository.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add ifdef guard to the z_reset_timeslice() to fix compilation
errors when CONFIG_TIMESLICING is disabled.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Several style and typo fixes in inline comments of arm kernel
files and thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
_pend_current_thread can return any arbitrary value set by
_set_thred_return_value(), it happens that most cases set 0. This
function can not rely on this behavior otherwise it may return an
invalid value and/or not set data's value.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Make while statement using pointers explicitly check whether
the value is NULL or not.
The C standard does not say that the null pointer is the same
as the pointer to memory address 0 and because of this is a good
practice always compare with the macro NULL.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
MISRA C requires that every controlling expression of and if or while
statement have a boolean type.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Make if statement using pointers explicitly check whether the value is
NULL or not.
The C standard does not say that the null pointer is the same as the
pointer to memory address 0 and because of this is a good practice
always compare with the macro NULL.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Rename _DEVICE_STRUCT_SIZE to _DEVICE_STRUCT_SIZEOF. This causes it to
be picked by the script 'gen_offset_header.py' and inserted into the
header file 'include/generated/offsets.h'.
Renaming from x_SIZE to x_SIZEOF will align it's name with the other
symbols that denote a sctruct's size, like K_THREAD_SIZEOF.
Furthermore, it will allow the symbol to be accessed through a header
file define, instead of only as an extern symbol. This is more
flexible, and more aligned with the other symbols in offsets.
Finally, if we are able to move all of offsets.c symbols into the
offsets.h header file we be able to remove offsets.o from the link and
thereby simplify the linking process.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
With have *many* violations on Zephyr's code, this commit is tackling
only the violations caused by headers guards. It also takes the
opportunity to normalize them using the filename in uppercase and
replacing dot with underscore. e.g file.h -> FILE_H
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Checking the return of some scattered functions across kernel.
MISRA-C requires that all non-void functions have their return value
checked, though, in some cases there is nothing to do. Just
acknowledging it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
k_thread_create is used only in k_word_q_start that has no error
handling, so the return of that function is not used.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
A lot of times this API is called during some cleanup even if the
timeout was not set to make the code simpler. In these cases it's not
necessary checking the return. Adding a cast to acknowledge it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Ignoring the return of _abort_timeout when there is nothing to
do. Either because the condition to return something different from 0
was prior checked or because it was called during come cleanup.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There are some cases that there is nothing to do with
_pend_current_thread() return (that is _Swap return value).
As MISRA-C requires that all non-void functions have their
return value checked, we are explicitly ignoring it when there is
nothing to do.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
__swap function was returning -EAGAIN in some case, though its return
value was declared as unsigned int.
This commit changes this function to return int since it can return a
negative value and its return was already been propagate as int.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The implementation of this syscall can return either 0 or -ENOMEM, but
when USERSPACE is enabled and it is called through syscall it always
return 0.
Just change this syscall implementation to return the value of
_impl_k_stack_alloc_init
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
MISRA-C requires that every switch clause has a break instruction.
Changing gen_kobject_list script to generates compliance code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This reverts commit 17e9d623b4.
Single thread keep introducing more issues, decided to remove the
feature completely and push any required changes for after 1.13.
See #9808
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Now that we call main() with interrupts enabled in !MULTITHREADING, we
need to disable them again for the final fallback "loop-forever
because user code returned" state. Otherwise some architectures will
toss interrupts into a context where we obviously aren't prepared.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Previously (as introduced in 48fadfe62), if k_poll() waited on a
queue (or subclass like fifo), and wait was cancelled on queue's
side using k_queue_cancel_wait(), k_poll returned -EINTR. But it
did not set event->state field (to anything else but
K_POLL_STATE_NOT_READY), so in case of waiting on multiple queues,
it was not possible to differentiate which of them was cancelled.
This in particular broke detection of network socket EOF conditions
in POSIX poll() implementation.
This situation is now resolved with introduction of explicit
K_POLL_STATE_CANCELLED state, which is now set for cancelled queue
(-EINTR return remains the same).
This change also elaborates docstring for the functions mentioned, to
document this behavior.
Fixes: #9032
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If k_pipe_block_put() is called and the pipe does not have enough
space to accomodate all the data in the memory pool, the subsequent
get operation will cause a CPU fault. The CPU fault is caused by
the timeout struct in the dummy thread not being initialized and
thus the scheduler will read bad memory. After fixing this,
another issue came up where the get operation would stall with
k_pipe_block_put() in same situation. This is due to the async
descriptor not being setup correctly. So fix this too.
This was discovered when debugging #9273.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
When adding a new runnable thread in tickless mode, we need to detect
whether it will timeslice with the running thread and reset the timer,
otherwise it won't get any CPU time until the next interrupt fires at
some indeterminate time in the future.
This fixes the specific bug discussed in #7193, but the broader
problem of tickless and timeslicing interacting badly remains. The
code as it exists needs some rework to avoid all the #ifdef mess.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Some applications have a use case for a tiny MULTITHREADING=n build
(which lacks most of the kernel) but still want special-purpose
drivers in that mode that might need to handle interupts. This
creates a chicken and egg problem, as arch code (for obvious reasons)
runs _Cstart() with interrupts disabled, and enables them only on
switching into a newly created thread context. Zephyr does not have a
"turn interrupts on now, please" API at the architecture level.
So this creates one as an arch-specific wrapper around
_arch_irq_unlock(). It's implemented as an optional macro the arch
can define to enable this behavior, falling back to the previous
scheme (and printing a helpful message) if it doesn't find it defined.
Only ARM and x86 are enabled in this patch.
Fixes#8393
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When adding a new runnable thread in tickless mode, we need to detect
whether it will timeslice with the runnable thread and reset the
timer, otherwise it won't get any CPU time until the next interrupt
fires at some indeterminate time in the future.
This fixes the specific bug discussed in #7193, but the broader
problem of tickless and timeslicing interacting badly remains. The
code as it exists needs some rework to avoid all the #ifdef mess.
Note that the patch also moves _ready_thread() from a ksched.h inline
to sched.c.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This fixes#8669, and is distressingly subtle for a one-line patch:
The list iteration code in _handle_expired_timeouts() would remove the
timeout from our (temporary -- the dlist header is on the stack of our
calling function) list of expired timeouts before invoking the
handler. But sys_dlist_remove() only fixes up the containing list
pointers, leaving garbage in the node. If the action of that handler
is to re-add the timeout (which is very common!) then that will then
try to remove it AGAIN from the same list.
Even then, the common case is that the expired list contains only one
item, so the result is a perfectly valid empty list that affects
nothing. But if you have more than one, you get a corrupt cycle in
the iteration list and things get weird.
As it happens, there's no value in trying to remove this timeout from
the temporary list at all. Just iterate over it naturally.
Really, this design is fragile: we shouldn't be reusing the list nodes
in struct _timeout for this purpose and should figure out some other
mechanism. But this fix should be good for now.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add support for OS managed Power Management framework for Zephyr
under 'subsys/power'. This framework takes care of implementing
the _sys_soc_suspend/_sys_soc_resume API's, a PM policy based on
SoC Low Power residencies and also provides necessary API's to
do devices suspend and resume.
Also add necessary changes to support the existing Application
managed Power Management framework.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Move to more generic tracing hooks that can be implemented in different
ways and do not interfere with the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This patch provides support needed to get timing related
information from xtensa based SOC.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This enables reserving little space on the top of stack to store
data local to thread when CONFIG_USERSPACE. The first customer
of this is errno.
Note that ARC, due to how it lays out the user stack and
privilege stack, sets the pointer itself rather than
relying on the common way.
Fixes: #9067
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
memcpy always return a pointer to dest, it can be ignored. Just making
it explicitly so compilers will never raise warnings/errors to this.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
queue_insert will always return 0 when no memory is allocated, just
explicitly marking that we are ignoring return value in these cases.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Bitwise operators should be used only with unsigned integer operands
because the result os bitwise operations on signed integers are
implementation-defined.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There exist two symbols that became equivalent when PR #9383 was
merged; _SYSCALL_LIMIT and K_SYSCALL_LIMIT. This patch deprecates the
redundant _SYSCALL_LIMIT symbol.
_SYSCALL_LIMIT was initally introduced because before PR #9383 was
merged K_SYSCALL_LIMIT was an enum, which couldn't be included into
assembly files. PR #9383 converted it into a define, which can be
included into assembly files, making _SYSCALL_LIMIT redundant.
Likewise for _SYSCALL_BAD.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The time slicing settings was kept in milliseconds while all related
operations was based on ticks. Continuous back and forth conversion
between ticks and milliseconds introduced an accumulating error due
to rounding in _ms_to_ticks() and __ticks_to_ms(). As result
configured time slice duration was not achieved.
This commit removes excessive ticks <-> ms conversion by using ticks
as time unit for all operations related to time slicing.
Also, it fixes#8896 as well as #8897.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The _update_time_slice_before_swap() function directly compared
_time_slice_duration (expressed in ms) with value returned by
_get_remaining_program_time() which used ticks as a time unit.
Moreover, the _time_slice_duration was also used as an argument
for _set_time(), which expects time expressed in ticks.
This commit ensures that the same unit (ticks) is used in
comparsion and timer adjustments.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Socket APIs pass pointers to these disguised as file descriptors.
This lets us effectively validate them.
Kernel objects now can have Kconfig dependencies specified, in case
certain structs are not available in all configurations.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The time slicing settings was kept in milliseconds while all related
operations was based on ticks. Continuous back and forth conversion
between ticks and milliseconds introduced an accumulating error due
to rounding in _ms_to_ticks() and __ticks_to_ms(). As result
configured time slice duration was not achieved.
This commit removes excessive ticks <-> ms conversion by using ticks
as time unit for all operations related to time slicing.
Also, it fixes#8896 as well as #8897.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The _update_time_slice_before_swap() function directly compared
_time_slice_duration (expressed in ms) with value returned by
_get_remaining_program_time() which used ticks as a time unit.
Moreover, the _time_slice_duration was also used as an argument
for _set_time(), which expects time expressed in ticks.
This commit ensures that the same unit (ticks) is used in
comparsion and timer adjustments.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Up until now, Zephyr has patched Kconfig to use the last 'default' with
a satisfied condition, instead of the first one. I'm not sure why the
patch was added (it predates Kconfiglib), but I suspect it's related to
Kconfig.defconfig files.
There are at least three problems with the patch:
1. It's inconsistent with how Kconfig works in other projects, which
might confuse newcomers.
2. Due to oversights, earlier 'range' properties are still preferred,
as well as earlier 'default' properties on choices.
In addition to being inconsistent, this makes it impossible to
override 'range' properties and choice 'default' properties if the
base definition of the symbol/choice already has 'range'/'default'
properties.
I've seen errors caused by the inconsistency, and I suspect there
are more.
3. A fork of Kconfiglib that adds the patch needs to be maintained.
Get rid of the patch and go back to standard Kconfig behavior, as
follows:
1. Include the Kconfig.defconfig files first instead of last in
Kconfig.zephyr.
2. Include boards/Kconfig and arch/<arch>/Kconfig first instead of
last in arch/Kconfig.
3. Include arch/<arch>/soc/*/Kconfig first instead of last in
arch/<arch>/Kconfig.
4. Swap a few other 'source's to preserve behavior for some scattered
symbols with multiple definitions.
Swap 'source's in some no-op cases too, where it might match the
intent.
5. Reverse the defaults on symbol definitions that have more than one
default.
Skip defaults that are mutually exclusive, e.g. where each default
has an 'if <some board>' condition. They are already safe.
6. Remove the prefer-later-defaults patch from Kconfiglib.
Testing was done with a Python script that lists all Kconfig
symbols/choices with multiple defaults, along with a whitelist of fixed
symbols. The script also verifies that there are no "unreachable"
defaults hidden by defaults without conditions
As an additional test, zephyr/.config was generated before and after the
change for several samples and checked to be identical (after sorting).
This commit includes some default-related cleanups as well:
- Simplify some symbol definitions, e.g. where a default has 'if FOO'
when the symbol already has 'depends on FOO'.
- Remove some redundant 'default ""' for string symbols. This is the
implicit default.
Piggyback fixes for swapped ranges on BT_L2CAP_RX_MTU and
BT_L2CAP_TX_MTU (caused by confusing inconsistency).
Piggyback some fixes for style nits too, e.g. unindented help texts.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Kernel threads created at build time have unique indexes to map them
into various bitarrays. This patch extends these indexes to
dynamically created threads where the associated kernel objects are
allocated at runtime.
Fixes: #9081
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
We now have functions for handling all the details of copying
data to/from user mode, including C strings and copying data
into resource pool allocations.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
The errno "variable" is required to be thread-specific.
It gets defined to a macro which dereferences a pointer
returned by a kernel function.
In user mode, we cannot simply read/write the thread struct.
We do not have thread-local storage mechanism, so for now
use the lowest address of the thread stack to store this
value, since this is guaranteed to be read/writable by
a user thread.
The downside of this approach is potential stack corruption
if the stack pointer goes down this far but does not exceed
the location, since a fault won't be generated in this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Define _sys_soc_resume() only if CONFIG_SYS_POWER_LOW_POWER_STATE
is enabled.
Define _sys_soc_resume_from_deep_sleep() only if
CONFIG_SYS_POWER_DEEP_SLEEP is enabled.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Simplify k_thread_foreach API conditional inclusion by putting
the whole logic under CONFIG_THREAD_MONITOR config option.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Minor improvement in the help text description of Kconfig option
SYS_CLOCK_HW_CYCLES_PER_SEC, clarifying that the option can be
defined in either SOC or Board Kconfig file.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Log API can be used before user can explicitly initialize the logger.
In order to ensure that logger core is ready to buffer log messages
it must be initialize as early as possible. Initialization does not
include initialization of default backend since driver may not be
ready and backend is needed only when log messages are processed.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
This commit moves all implementations of the _ms_to_ticks() into
single file. Also, the function is now inline even if
_NEED_PRECISE_TICK_MS_CONVERSION is defined.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Zephyr 1.12 removed the old scheduler and replaced it with the choice
of a "dumb" list or a balanced tree. But the old multi-queue
algorithm is still useful in the space between these two (applications
with large-ish numbers of runnable threads, but that don't need fancy
features like EDF or SMP affinity). So add it as a
CONFIG_SCHED_MULTIQ option.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Make these "choice" items instead of a single boolean that implies the
element unset.
Also renames WAITQ_FAST to WAITQ_SCALABLE, as the rbtree is really
only "fast" for large queue sizes (it's constant factor overhead is
bigger than a list's!)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Uncovered by clang we have some functions being only used conditionally,
so gaurd them to make them only available when those conditions are met.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Also simplify the definitions of COOP_ENABLED, PREEMPT_ENABLED, and
SYS_CLOCK_EXISTS. 'default' (and def_bool) can take any expression, not
just a fixed value.
(It would work without the parentheses around the comparisons too.)
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The prepare_multithreading()/switch_to_main_thread() steps were being
done unconditionally, when with multhreading disabled we want to jump
straight into the main thread on the existing stack.
Needless to say, that doesn't work well. Fixes#8361.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The _THREAD_POLLING bit in thread_state was never actually a
legitimate thread "state". It is a clever synchronization trick
introduced to allow the thread to release the irq_lock while looping
over the input event array without dropping events.
Instead, make that flag a word in the "poller" struct that lives on
the stack of the thread calling k_poll. The disadvantage is the 4
bytes of thread space needed. Advantages:
+ Cleaner API, it's now internal to poll instead of being globally
visible.
+ The thread_state bit space is just one byte, and was almost full
already.
+ Smaller code to write/test a full word and not a bitfield
+ Words are atomic, so no need for one of irq lock/unlock pairs.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The queue loop when CONFIG_POLL is in used has an inherent race
between the return of k_poll() and the inspection of the list where no
lock can be held. Other contending readers of the same queue can
sneak in and steal the item out of the list before the current thread
gets to the sys_sflist_get() call, and the current loop will (if it
has a timeout) spuriously return NULL before the timeout expires.
It's not even a hard race to exercise. Consider three threads at
different priorities: High (which can be an ISR too), Mid, and Low:
1. Mid and Low both enter k_queue_get() and sleep inside k_poll() on
an empty queue.
2. High comes along and calls k_queue_insert(). The queue code then
wakes up Mid, and reschedules, but because High is still running Mid
doesn't get to run yet.
3. High inserts a SECOND item. The queue then unpends the next thread
in the list (Low), and readies it to run. But as before, it won't
be scheduled yet.
4. Now High sleeps (or if it's an interrupt, exits), and Mid gets to
run. It dequeues and returns the item it was delivered normally.
5. But Mid is still running! So it re-enters the loop it's sitting in
and calls k_queue_get() again, which sees and returns the second
item in the queue synchronously. Then it calls it a third time and
goes to sleep because the queue is empty.
6. Finally, Low wakes up to find an empty queue, and returns NULL
despite the fact that the timeout hadn't expired.
The fix is simple enough: check the timeout expiration inside the loop
so we don't return early.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Default value of CONFIG_SYSTEM_WORKQUEUE_PRIORITY is -1, which means
it's run by the cooperative thread. Explicitly mention (in the Kconfig
help) that it means that any work handler submited to this default
queue won't be preempted by some other thread (which is generally
good, but worth documenting explicitly).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The original implementation of CONFIG_THREAD_MONITOR would
try to leverage a thread's initial stack layout to provide
the entry function with arguments for any given thread.
This is problematic:
- Some arches do not have a initial stack layout suitable for
this
- Some arches never enabled this at all (riscv32, nios2)
- Some arches did not enable this properly
- Dropping to user mode would erase or provide incorrect
information.
Just spend a few extra bytes to store this stuff directly
in the k_thread struct and get rid of all the arch-specific
code for this.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We are using _is_thread_prevented_from_running() to see if the
_current thread can be preempted in should_preempt(). The idea
being that even if the _current thread is a high priority coop
thread, we can still preempt it when it's pending, suspended,
etc.
This does not take into account if the thread is sleeping.
k_sleep() merely removes the thread from the ready_q and calls
Swap(). The scheduler will swap away from the thread temporarily
and then on the next cycle get stuck to the sleeping thread for
however long the sleep timeout is, doing exactly nothing because
other functions like _ready_thread() use _is_thread_ready() as a
check before proceeding.
We should use !_is_thread_ready() to take into account when threads
are waiting on a timer, and let other threads run in the meantime.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
All other checks of thread_state use a bit wise & operator incase
there are other flags attached to the thread_state. Let's fix
the only outlier in _check_stack_sentinel() to be the same.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The should_preempt() code was catching some of the "unrunnable" cases
but not all of them, opening the possibility of failing to preempt a
just-pended thread and thus waking it up synchronously. There are
reports of this causing spin loops over k_poll() in the network stack
work queues (see #8049).
Note that the previous _is_dummy() call is folded into (the somewhat
verbosely named) _is_thread_prevented_from_running(), and that the
order of tests has been changed/optimized to hopefully catch common
cases earlier.
Suggested-by: Michael Scott <michael@opensourcefoundries.com>
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes post-scheduler-rewrite broke scheduling on SMP:
The "preempt_ok" feature added to isolate preemption points wasn't
honored in SMP mode. Fix this by adding a "swap_ok" field to the CPU
record (not the thread) which is set at the same time out of
update_cache().
The "queued" flag wasn't being maintained correctly when swapping away
from _current (it was added back to the queue, but the flag wasn't
set).
Abstract out a "should_preempt()" predicate so SMP and uniprocessor
paths share the same logic, which is distressingly subtle.
There were two places where _Swap() was predicated on
_get_next_ready_thread() != _current. That's no longer a benign
optimization in SMP, where the former function REMOVES the next thread
from the queue. Just call _Swap() directly in SMP, which has a
unified C implementation that does this test already. Don't change
other architectures in case it exposes bugs with _Swap() switching
back to the same thread (it should work, I just don't want to break
anything).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_mem_pool implementation has a subtle error case where it
detected a simultaneous allocation after having released the lock, in
which case exactly one of the racing allocators will return with
-EAGAIN (the other one suceeds of course).
I documented this condition at the lower level, but forgot to actually
handle it at the k_mem_pool level where we want to retry once before
going to sleep, as it doesn't generally represent an empty heap. It
got caught by code auditing in:
https://github.com/zephyrproject-rtos/zephyr/issues/6757
(Full disclosure: I tested this by whiteboxing the first failure. I
wasn't able to put together a rig to reliably exercise the actual
race.)
This patch also fixes a noop thinko in the return logic in the same
function, which contained:
(ret == -EAGAIN) || (ret && ret != -ENOMEM)
The first term is needless and implied by the second.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The metairq feature exposed the fact that all of our arch code (and a
few mistaken spots in the scheduler too) was trying to interpret
"preemptible" threads independently.
As of the scheduler rewrite, that logic is entirely within sched.c and
doing it externally is redundant. And now that "cooperative" threads
can be preempted, it's wrong and produces test failures when used with
metairq threads.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
During the early boot process, in prepare_multithreading(), the kernel
structures and scheduler are not ready yet. In order to obtain entropy
for early works such as stack randomization, optionally use when present
the ISR-specific function that some drivers will provide.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
We generalize querying the entropy driver directly with
a new internal API, which is now used by CONFIG_STACK_RANDOM
and stack canary initialization.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some sys_rand32_get() implementation will use shared state and protect
that using some synchronization primitive such as a mutex or a
semaphore. It's too early in the boot process to use any of them,
which causes some issues.
Use the entropy API directly to set up the stack canaries.
This doesn't completely solve the problem, as some drivers will use the
same synchronization primitives anyway. Some drivers (e.g. the NRF5
entropy driver) provide an API to be used by ISRs that might be
suitable here, but not all drivers do that.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This was in prepare_multithreading(), which was moved
to after driver initialization and not before it.
The function now really just prepares system threads.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
STACK_ALIGN has somewhat different semantics across our arches,
particularly ARC.
These checks are unnecessary, _new_thread() is required
to properly align stack sizes anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Very simple implementation of deadline scheduling. Works by storing a
single word in each thread containing a deadline, setting it (as a
delta from "now") via a single new API call, and using it as extra
input to the existing thread priority comparison function when
priorities are equal.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch adds a set of priorities at the (numerically) lowest end of
the range which have "meta-irq" behavior. Runnable threads at these
priorities will always be scheduled before threads at lower
priorities, EVEN IF those threads are otherwise cooperative and/or
have taken a scheduler lock.
Making such a thread runnable in any way thus has the effect of
"interrupting" the current task and running the meta-irq thread
synchronously, like an exception or system call. The intent is to use
these priorities to implement "interrupt bottom half" or "tasklet"
behavior, allowing driver subsystems to return from interrupt context
but be guaranteed that user code will not be executed (on the current
CPU) until the remaining work is finished.
As this breaks the "promise" of non-preemptibility granted by the
current API for cooperative threads, this tool probably shouldn't be
used from application code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The scheduler rewrite added a regression in uniprocessor mode where
cooperative threads would be unexpectedly preempted, because nothing
was checking the preemption status of _current at the point where the
next-thread cache pointer was being updated.
Note that update_cache() needs a little more context: spots like
k_yield() that leave _current runable need to be able to tell it that
"yes, preemption is OK here even though the thread is cooperative'.
So it has a "preempt_ok" argument now.
Interestingly this didn't get caught because we don't test that. We
have lots and lots of tests of the converse cases (i.e. making sure
that threads get preempted when we expect them to), but nothing that
explicitly tries to jump in front of a cooperative thread.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
prepare_multithreading() was done very early as it had a call
to initialize the interrupt subsystem. This was causing problems
with stack pointer randomization as any HW-based entropy drivers
had not been initialized.
Move the call to initialize the interrupt system out of
prepare_multithreading(), which now really does just prepare
the system to start threads. This is now done after the PRE_KERNEL
phases.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Leading/trailing whitespace in prompts requires ugly workarounds in
genrest.py, as e.g. *prompt * is invalid RST. strip() all prompts in
Kconfiglib and get rid of the genrest.py workarounds. Add a warning too.
The Kconfiglib update has some unrelated cleanups and fixes (that won't
affect Zephyr).
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
These assertions snuck through in crossed pull requests. There's a
specific API for _wait_q_t now, you can't hit the list directly
(because it might be a tree).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This replaces the existing scheduler (but not priority handling)
implementation with a somewhat simpler one. Behavior as to thread
selection does not change. New features:
+ Unifies SMP and uniprocessing selection code (with the sole
exception of the "cache" trick not being possible in SMP).
+ The old static multi-queue implementation is gone and has been
replaced with a build-time choice of either a "dumb" list
implementation (faster and significantly smaller for apps with only
a few threads) or a balanced tree queue which scales well to
arbitrary numbers of threads and priority levels. This is
controlled via the CONFIG_SCHED_DUMB kconfig variable.
+ The balanced tree implementation is usable symmetrically for the
wait_q abstraction, fixing a scalability glitch Zephyr had when many
threads were waiting on a single object. This can be selected via
CONFIG_WAITQ_FAST.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The SMP testing missed the case where _Swap() decides to return back
into the _current. Obviously there is no valid switch handle for the
running thread into which we can restore, and everything blows up.
(What happened is that the new scheduler code opened up a spot where
k_thread_priority_set() does a _reschedule() unconditionally and
doens't check to see whether or not it's needed like the old code).
But that isn't incorrect! It's entirely possible that _Swap() may
find that no thread is runnable except _current (due, for example, to
another CPU racing the other thread you expected off to sleep or
something). Don't blow up, check and return a noop.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Rescheduling was called unconditionally at the end of k_mem_slab_free
call. It is necessary only when thread is pending in the wait queue.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
There were multiple spots where code was using the _wait_q_t
abstraction as a synonym for a dlist and doing direct list management
on them with the dlist APIs. Refactor _wait_q_t into a proper opaque
struct (not a typedef for sys_dlist_t) and write a simple wrapper API
for the existing usages. Now replacement of wait_q with a different
data structure is much cleaner.
Note that there were some SYS_DLIST_FOR_EACH_SAFE loops in mailbox.c
that got replaced by the normal/non-safe macro. While these loops do
mutate the list in the code body, they always do an early return in
those circumstances instead of returning into the macro'd for() loop,
so the _SAFE usage was needless.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Refactoring. Mempool wants to unpend all threads at once. It's
cleaner to do this in the scheduler instead of the IPC code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
k_poll is now accessible from user mode. A memory allocation takes place
from the caller's resource pool to copy the provided poll_events
array; this can be large enough to make allocating it on the stack
not preferable.
k_poll_signal are now proper kernel objects. Two APIs have been added,
one to reset the signaled state and one to check the current signaled
state and result value.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The various macros to do checks in system call handlers all
implictly would generate a kernel oops if a check failed.
This is undesirable for a few reasons:
* System call handlers that acquire resources in the handler
have no good recourse for cleanup if a check fails.
* In some cases we may want to propagate a return value back
to the caller instead of just killing the calling thread,
even though the base API doesn't do these checks.
These macros now all return a value, if nonzero is returned
the check failed. K_OOPS() now wraps these calls to generate
a kernel oops.
At the moment, the policy for all APIs has not changed. They
still all oops upon a failed check/
The macros now use the Z_ notation for private APIs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode may now use queue objects. Instead of embedding the kernel's
linked list information directly in the data item, a container struct
is allocated from the caller's resource pool which is then added to
the queue. The new sflist type is now used to store a flag indicating
whether a data item needs to be freed when removed from the queue.
FIFO/LIFOs are derived from k_queues and have had allocator functions
added.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This used to be done by hand but can easily be generated like
we do other switch statements based on object type.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Similar to what has been done with pipes and message queues,
user mode can't be trusted to provide a buffer for the kernel
to use. Remove k_stack_init() as a syscall and offer
k_stack_alloc_init() which allocates a buffer from the caller's
resource pool.
Fixes#7285
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode can't be trusted to provide a memory buffer to
k_msgq_init(). Introduce k_msgq_alloc_init() which allocates
the buffer out of the calling thread's resource pool and expose
that as a system call instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode can't be trusted to provide the kernel buffers for
internal use. The syscall for k_pipe_init() has been removed
in favor of a new API to draw the buffer memory from the
calling thread's resource pool.
K_PIPE_DEFINE() now properly locates the allocated buffer into
kernel memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Dynamic kernel objects no longer is hard-coded to use the kernel
heap. Instead, objects will now be drawn from the calling thread's
resource pool.
Since we now have a reference counting mechanism, if an object
loses all its references and it was dynamically allocated, it will
be automatically freed.
A parallel dlist is added for efficient iteration over the set of
all dynamic objects, allowing deletion during iteration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some kernel APIs may need to allocate memory in order to function
correctly, especially if they are exposed to userspace where
buffers provided by user code cannot be trusted.
Instead of simply drawing from the system heap, specific pools
may instead be assigned to threads, and any requests made on
behalf of the calling thread will draw heap memory from that pool.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
An object's set of permissions is now also used as a form
of reference counting. If an object's permission bitmap gets
completely cleared, it is now possible to specify object type
specific cleanup functions to be implicitly called.
Currently no objects are enabled yet. Forthcoming patches
will do this on a per object basis.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Forthcoming patches will dual-purpose an object's permission
bitfield as also reference tracking for kernel objects, used to
handle automatic freeing of resources.
We do not want to allow user thread A to revoke thread B's access
to some object O if B is in the middle of an API call using O.
However we do want to allow threads to revoke their own access to
an object, so introduce a new API and syscall for that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This works like k_malloc() but allows the user to designate
a specific memory pool to use instead of the kernel heap.
Test coverage provided by existing tests for k_malloc(), which is
now derived from this API.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The _thread_entry() is not really a part of the kernel but a part of
the zephyr's C runtime support library. Hence moving just the
function to lib/thread_entry.c
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Normally a syscall would check the current privilege level and then
decide to go to _impl_<syscall> directly or go through a
_handler_<syscall>.
__ZEPHYR_SUPERVISOR__ is a compiler optimization flag which will
make all the system calls from the kernel files directly link
to the _impl_<syscall>. Thereby reducing the overhead of checking the
privileges.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add k_thread_foreach API to iterate over all the threads in
the system.
This API can be used for debugging threads in multi threaded
environment to dump and analyze various thread parameters like
priority, state, stack address etc...
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
MPU devices that enforce power-of-two alignment now
specify the size of the buffer used for the newlib heap.
This buffer will be properly aligned and a pointer
exposed in a kernel header, such that it can be added
to a user thread's memory domain configuration if
necessary.
MPU devices that don't have these restrictions allocate
the heap as normal.
In all cases, if an MPU/MMU region needs to be programmed,
the z_newlib_get_heap_bounds() API will return the necessary
information.
Given how precious MPU regions are, no automatic programming
of the MPU is done; applications will need to do this as
needed in their memory domain configurations.
On x86, the x86 MMU-specific code has been moved to arch/x86
using the new z_newlib_get_heap_bounds() API.
Fixes: #6814
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This was wrong in two ways, one subtle and one awful.
The subtle problem was that the IRQ lock isn't actually globally
recursive, it gets reset when you context switch (i.e. a _Swap()
implicitly releases and reacquires it). So the recursive count I was
keeping needs to be per-thread or else we risk deadlock any time we
swap away from a thread holding the lock.
And because part of my brain apparently knew this, there was an
"optimization" in the code that tested the current count vs. zero
outside the lock, on the argument that if it was non-zero we must
already hold the lock. Which would be true of a per-thread counter,
but NOT a global one: the other CPU may be holding that lock, and this
test will tell you *you* do. The upshot is that a recursive
irq_lock() would almost always SUCCEED INCORRECTLY when there was lock
contention. That this didn't break more things is amazing to me.
The rework is actually simpler than the original, thankfully. Though
there are some further subtleties:
* The lock state implied by irq_lock() allows the lock to be
implicitly released on context switch (i.e. you can _Swap() with the
lock held at a recursion level higher than 1, which needs to allow
other processes to run). So return paths into threads from _Swap()
and interrupt/exception exit need to check and restore the global
lock state, spinning as needed.
* The idle loop design specifies a k_cpu_idle() function that is on
common architectures expected to enable interrupts (for obvious
reasons), but there is no place to put non-arch code to wire it into
the global lock accounting. So on SMP, even CPU0 needs to use the
"dumb" spinning idle loop.
Finally this patch contains a simple bugfix too, found by inspection:
the interrupt return code used when CONFIG_SWITCH is enabled wasn't
correctly setting the active flag on the threads, opening up the
potential for a race that might result in a thread being scheduled on
two CPUs simultaneously.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The smp_init() call was too early. Device and subsystem
initialization doesn't happen until after the main thread starts
running. Starting extra CPUs and allowing them to schedule threads
before their drivers are alive is a bad idea, even if it works in a
unit test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Adding a new kernel object type or driver subsystem requires changes
in various different places. This patch makes it easier to create
those devices by generating as much as possible in compile time.
No behavior change.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Driver APIs might not implement all operations, making it possible for
a user thread to get the kernel to execute a function at 0x00000000.
Perform runtime checks in all the driver handlers, checking if they're
capable of performing the requested operation.
Fixes#6907.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
There was a ton of junk in this header. Pare it down to just the
stuff actually used by code outside of sched.c, move the needed
internal stuff into sched.c itself, and drop everything else.
Note that (other than the tiny inlines that remain here in the header)
the scheduler interface exposed to the rest of the system is now
composed of just 12 functions.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A red-black tree is maintained containing the metadata for all
dynamically created kernel objects, which are allocated out of the
system heap.
Currently, k_object_alloc() and k_object_free() are supervisor-only.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ensure this value during static initialization (with build assertions),
and dynamic initializations through system calls.
If initial count is larger than the limit, it's possible for the count
to wraparound, causing locking issues.
Expanding the BUILD_ASSERT() macros after declaring a k_sem struct in
K_SEM_DEFINE() is necessary to support cases where a semaphore is
defined statically.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
In order to mitigate Spectre variant 2 (branch target injection), use
retpolines for indirect jumps and calls.
The newly-added hidden CONFIG_X86_NO_SPECTRE flag, which is disabled
by default, must be set by a x86 SoC if its CPU performs speculative
execution. Most targets supported by Zephyr do not, so this is
set to "y" by default.
A new setting, CONFIG_RETPOLINE, has been added to the "Security
Options" sections, and that will be enabled by default if
CONFIG_X86_NO_SPECTRE is disabled.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The POSIX layer had a simple ready_one_thread() utility. Move this to
the scheduler API (with a prepended underscore -- it's an internal
API) so that it can be synchronized along with the rest of the
scheduler.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Almost everywhere this was called, it was immediately followed by
_abort_thread_timeout(), for obvious reasons. The only exceptions
were in timeout and k_timer expiration (unifying these two would be
another good cleanup), which are peripheral parts of the scheduler and
can plausibly use a more "internal" API.
So make the common case the default, and expose the old behavior as
_unpend_thread_no_timeout(). (Along with identical changes for
_unpend_first_thread) Saves code bytes and simplifies scheduler
surface area for future synchronization work.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes to the scheduler API means we can simplify this
further: move the assignment to mutex->owner outside the if(), which
removes the need to have an else clause (which just set that field to
NULL when the new_owner was already NULL); and we can likewise move
the irq_unlock() outside the block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that other work has eliminated the two cases where we had to do a
reschedule "but yield even if we are cooperative", we can squash both
down to a single _reschedule() function which does almost exactly what
legacy _Swap() did, but wrapped as a proper scheduler API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes have eliminated most use of _Swap() in favor of higher
level scheduler abstractions. We can remove the header too.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Everywhere the current thread is pended, the code is going to have to
do a _Swap() soon afterward, yet the scheduler API exposed these as
separate steps. Unify this pattern everywhere it appears, which saves
some code bytes and gets _Swap() out of the general scheduler API at
zero cost.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a somewhat promiscuous pattern in the kernel where IPC
mechanisms would do something that might effect the current thread
choice, then check _must_switch_threads() (or occasionally
__must_switch_threads -- don't ask, the distinction is being replaced
by real English words), sometimes _is_in_isr() (but not always, even
in contexts where that looks like it would be a mistake), and then
call _Swap() if everything is OK, otherwise releasing the irq_lock().
Sometimes this was done directly, sometimes via the inverted test,
sometimes (poll, heh) by doing the test when the thread state was
modified and then needlessly passing the result up the call stack to
the point of the _Swap().
And some places were just calling _reschedule_threads(), which did all
this already.
Unify all this madness. The old _reschedule_threads() function has
split into two variants: _reschedule_yield() and
_reschedule_noyield(). The latter is the "normal" one that respects
the cooperative priority of the current thread (i.e. it won't switch
out even if there is a higher priority thread ready -- the current
thread has to pend itself first), the former is used in the handful of
places where code was doing a swap unconditionally, just to preserve
precise behavior across the refactor. I'm not at all convinced it
should exist...
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The mailbox code was written to use the _remove_thread_from_ready_q()
API directly, which would be good to get out of the scheduler internal
API. What it really wanted to do is to mark a thread "PENDING"
without actually adding it to a wait queue, which is sane enough (the
message stores the "thread to wake up on receipt" handle).
So allow that naturally in the _pend_thread() API by passing a NULL
wait_q. Really a wait_q needn't be the only way a thread can block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A priority value cannot be simultaneously higher than the maximum
possible value and smaller than the minimum value. Rewrite the
_VALID_PRIO() macro as a function so that this if either of these
invariants are invalid, the priority is considered invalid.
Coverity-CID: 182584
Coverity-CID: 182585
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
* _StackCheckHandler is FUNC_NORETURN
* if _ARCH_EXCPET is redefined for specific arch and
has function return in some cases, e.g., interrupt or
exception, a compiler warning will come out
* So add CODE_UNREACHABLE to guarantee it will not return
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Assertions should never be used to test for error conditions, such as
checking for overflows. It should only be used to test for invariants.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
If a large size is requested, the expression `size += sizeof(...)`
might overflow, leading to a small block being requested and returned
by k_malloc().
Use a GCC builtin to trap the overflow and return NULL in this case.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
commit ec7ecf7900 moved some code around
such that the total_size variable is used regardless of how
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT is set. So move the
decleration of total_size outside of the ifndef block so things build
properly.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The handler for k_thread_create() wasn't verifying that the
provided stack size actually fits in the requested stack object
on systems that enforce power-of-two size/alignment for stacks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This uses the version and hash (git describe) and replaces the timestamp
currently used in the boot banner. This works much better than using
timestamps. It lets us point to the exact commit being used to run a
certain application or test.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
To make Zephyr builds more reproducible, default to disabling build
timestamps. Expand the documentation for CONFIG_BUILD_TIMESTAMP to
explain that enabling it will make the build unreproducible.
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Move posix layer from 'kernel' to 'lib' folder as it is not
a core kernel feature.
Fixed posix header file dependencies as part of the move and
also removed NEWLIBC related macros from posix headers.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
We would like to offer the capability to have memory pool heap data
structures that are usable from user mode threads. The current
k_mem_pool implementation uses IRQ locking and system-wide membership
lists that make it incompatible with user mode constraints.
However, much of the existing memory pool code can be abstracted to some
common functions that are used by both k_mem_pool and the new
sys_mem_pool implementations.
The sys_mem_pool implementation has the following differences:
* The alloc/free APIs work directly with pointers, no internal memory
block structures are exposed to the end user. A pointer to the source
pool is provided for allocation, but freeing memory just requires the
pointer and nothing else.
* k_mem_pool uses IRQ locks and required very fine-grained locking in
order to not affect system latency. sys_mem_pools just use a semaphore
to protect the pool data structures at the API level, since there aren't
implications for system responsiveness with this kind of concurrency
control.
* sys_mem_pools do not support the notion of timeouts for requesting
memory.
* sys_mem_pools are specified at compile time with macros, just like
kernel memory pools. Alternative forms of specification at runtime
will be a later enhancement.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently sleep and usleep functions are into unistd.h file.
unistd includes toold chain secific unistd.h file and this file
too has declaration for these functions. This is in conflict when
posix specific unistd.h is included.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
When randomizing the stack pointer on thread creation
(CONFIG_STACK_POINTER_RANDOM), the fuzz amount might exceed the stack
size, causing an underflow.
Ensure that this will never underflow by only adjusting the stack size
if there's enough space.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
For posix layer implementation of message queue, we need to fetch
basic attributes of message queue. Currently this routine is not
present in Zephyr. So adding this routing into message queue.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
calculate_timeout function calcualtes timeout in msecs
from timespec. It is used multiple place inside posix
code. So moving it under pthead_common.c file.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The result of left shifting a bit into the sign-bit is undefined
behavior. This makes the offending shift operation unsigned.
Signed-off-by: Kristian Klomsten Skordal <kristian.skordal@nordicsemi.no>
Modifies several functions that are causing wrong
behaviour.
* semaphore.h: add missing restrict keyword.
* sem_destroy(): check that nobody is waiting
before destroying the object.
* sem_timedwait(): simpify function logic and
fix a bug when abstime > currtime, that passed
ticks instead of ms to k_sem_take().
* sem_wait(): avoid unnecessary checks.
* sem_init(): add pshared value assertion.
Signed-off-by: Juan Manuel Torres Palma <j.m.torrespalma@gmail.com>
* ring_bufffer is in lib, so move the Kconfig out of the kernel.
* move one Kconfig used for json to lib/Kconfig alongside other
Kconfigs.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The scheduler has a kernel-internal _pend_thread() utility which
sounds like a function which will add an arbitrary thread to a wait_q.
This is essentially unsupportable in SMP, where that thread might
actually be executing on a different CPU.
Thankfully we never used it like that. The only spots outside the
scheduler that use the API are in pipes and mailbox, which both just
want to pend a DUMMY thread to track the timeout but will never try to
pend a true foreign thread.
Clarify the comment and add an assertion to make sure this promise
isn't broken in the future.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was the only spot where the scheduler-internal
_peek_first_pending_thread() API was used. Given that this kind of
thing is inherently racy (it may not be pending as long as you expect
if a timeout expires, etc...), it would be nice to retire it.
And as it happens all the queue code was using it for was to detect
the case of a non-empty wait_q over which it was looping, which is
trivial to do without API support.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The scheduler exposed two APIs to do the same thing:
_add_thread_to_ready_q() was a low level primitive that in most cases
was wrapped by _ready_thread(), which also (1) checks that the thread
_is_ready() or exits, (2) flags the thread as "started" to handle the
case of a thread running for the first time out of a waitq timeout,
and (3) signals a logger event.
As it turns out, all existing usage was already checking case #1.
Case #2 can be better handled in the timeout resume path instead of on
every call. And case #3 was probably wrong to have been skipping
anyway (there were paths that could make a thread runnable without
logging).
Now _add_thread_to_ready_q() is an internal scheduler API, as it
probably always should have been.
This also moves some asserts from the inline _ready_thread() wrapper
to the underlying true function for code size reasons, otherwise the
extra use of the inline added by this patch blows past code size
limits on Quark D2000.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The xtensa asm2 layer had a function to select the next switch handle
to return into following an exception. There is no arch-specific code
there, it's just scheduler logic. Move it to the scheduler where it
belongs.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This is a component of address space layout randomization that we can
implement even though we have a physical address space.
Support for upward-growing stacks omitted for now, it's not done
currently on any of our current or planned architectures.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Names that begin with an underscore are reserved by the C standard.
This patch does not change names of functions defined and implemented
in header files.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
pthread_setschedparam() uses k_thread_priority_set()
to set pthread priority. There is an error in argument
in k_thread_priority_seti() due to which system correct
priority was not set. Correcting this error.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
timer_gettime() internally uses k_timer_remaining_get()
to get time remaining to expire. Time unit for
k_timer_remaining_get is msec not ticks.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
_sem_give_non_preemptible is non preemptible and no need to move thread
to ready queue for any real use case. Remove old code. This is also
not public API
Signed-off-by: Punit Vara <punit.vara@intel.com>
Commit 08de658eb ("kernel: mem_domain: Check for overlapping regions
when considering W^X") introduced some compile issues on various
platforms.
The k_mem_partition_attr_t member is attr not attrs. Also, fix an issue
where sane_partition_domain neesd a pointer to a parition.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
During system initialization, the global static variable (to
mem_domain.c) is initialized with the number of maximum partitions per
domain. This variable is of u8_t type.
Assertions throughout the code will check ranges and test for overflow
by relying on implicit type conversion.
Use an u8_t instead of u32_t to avoid doubts. Also, reorder the
k_mem_partition struct to remove the alignment hole created by reducing
sizeof(num_partitions).
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Multiple partitions can be added to a domain, and if they overlap, they
can have different attributes. The previous check would only check for
W^X for individual partitions, and this is insufficient. Overlapping
partitions could have W^X attributes, but in the end, a memory region
would be writable and executable.
The way this is performed is quite "heavyweight", as it is implemented
in a O(n^2) operation. The number of partitions per domain is small on
most devices, so this isn't an issue. CONFIG_EXECUTE_XOR_WRITE is
still an optional feature.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This patch does following:-
1. Default scheduling policy should be set to SCHED_RR only when
Preemptive is enabled.
2. Default priority in attr object should equivalent to
K_LOWEST_APPLICATION_THREAD_PRIO. Posix priority corresponding
to K_LOWEST_APPLICATION_THREAD_PRIO is 1.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
As per IEEE 1003.1 POSIX APIs should return ERROR_CODE on error.
But currently these are returning -ERROR_CODE instead of ERROR_CODE.
So fixing the return value.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The attributes are an u32_t only on ARM and ARC; on x86, it's something
else entirely. Use the proper type to avoid attributes being
truncated.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Traditionally k_thread_abort() of the current thread has done a
synchronous _Swap() to the new context. Doing this from an ISR has
never worked portably (some architectures can do it, some can't) for
this reason.
But on Xtensa/asm2, exception handlers now run in interrupt context
and it's a very reasonable requirement for them to abort the excepting
thread.
So simply don't swap, but do the rest of the bookeeping, returning to
the calling context. As a side effect it's now possible to terminate
threads from interrupts, even if they have been interrupted.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In SMP, the system timer is used for timeslicing on auxiliary CPUs,
but the base system timekeeping via _nano_sys_clock_tick_announce() is
still done on CPU0 only (because the framework isn't prepared for
asynchronous notification yet). Skip processing on CPU1+.
Also, due to a hardware interaction* that is difficult to work around,
timer initialization on the auxiliary CPUs is done at the very end of
the CPU bringup, just before the swap into the scheduler. A
smp_timer_init() API has been added for this purpose.
* On ESP-32, enabling the timer seems to result in a near-synchronous
interrupt being delivered despite my best attempts to keep it
masked, then blowing things up because the CPU record isn't set up
to handle it yet.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that all the pieces are in place, enable SMP for real:
Initialize the CPU records, launch the CPUs at the end of kernel
initialization, have them wait for a flag to release them into the
scheduler, then enter into the runnable threads via _Swap().
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A pure timer-based idle won't work well in SMP. Without an IPI to
wake up idle CPUs out of the scheduler they will sleep far too long
and the main CPU will do all the scheduling of wake-up-and-sleep
processes. Instead just have the auxilary CPUs do a traditional
busy-wait scheduler in their idle loop.
We will need to revisit an architecture that allows both
wait-for-timer-interrupt idle and SMP.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The scheduler needs a few tweaks to work in SMP mode:
1. The "cache" field just doesn't work. With more than one CPU,
caching the highest priority thread isn't useful as you may need N
of them at any given time before another thread is returned to the
scheduler. You could recalculate it at every change, but that
provides no performance benefit. Remove.
2. The "bitmask" designed to prevent the need to individually check
priorities is likewise dropped. This could work, but in fact on
our only current SMP system and with current K_NUM_PRIOPRITIES
values it provides no real benefit.
3. The individual threads now have a "current cpu" and "active" flag
so that the choice of the next thread to run can correctly skip
threads that are active on other CPUs.
The upshot is that a decent amount of code gets #if'd out, and the new
SMP implementations for _get_highest_ready_prio() and
_get_next_ready_thread() are simpler and smaller, at the expense of
having to drop older optimizations.
Note that scheduler synchronization is unchanged: all scheduler APIs
used to require that an irq_lock() be held, which means that they now
require the global spinlock via the same API. This should be a very
early candidate for lock granularity attention!
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In SMP mode, the idea of a single "IRQ lock" goes away. Long term,
all usage needs to migrate to spinlocks (which become simple IRQ locks
in the uniprocessor case). For the near term, we can ease the
migration (at the expense of performance) by providing a compatibility
implementation around a single global lock.
Note that one complication is that the older lock was recursive, while
spinlocks will deadlock if you try to lock them twice. So we
implement a simple "count" semantic to handle multiple locks.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simple implementation that caps at 4 CPUs. Long term we should use
some linker magic to define as many as needed and loop over them
without needlessly increasing data or code size for the tracking.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When in SMP mode, the nested/irq_stack/current fields are specific to
the current CPU and not to the kernel as a whole, so we need an array
of these. Place them in a _cpu_t struct and implement a
_arch_curr_cpu() function to retrieve the pointer.
When not in SMP mode, the first CPU's fields are defined as a unioned
with the first _cpu_t record. This permits compatibility with legacy
assembly on other platforms. Long term, all users, including
uniprocessor architectures, should be updated to use the new scheme.
Fundamentally this is just renaming: the structure layout and runtime
code do not change on any existing platforms and won't until someone
defines a second CPU.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The xtensa-asm2 work included a patch that added nano_internal.h
includes in lots of places that needed to have _Swap defined, because
it had to break a cycle and this no longer got pulled in from the arch
headers.
Unfortunately those new includes created new and more amusing cycles
elsewhere which led to breakage on other platforms.
Break out the _Swap definition (only) into a separate header and use
that instead. Cleaner. Seems not to have any more hidden gotchas.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simply define the Kconfig variables in this patch so they can be used
in later patches. Define MP_NUM_CPUS correctly on esp32. No code
changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When using _arch_switch() context switching, the thread return value
is a generic hook and not provided by the architecture.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing __swap() mechanism is too high level for some
applications because of its scheduler-awareness. This introduces a
new _arch_switch() mechanism, which is a simpler primitive that looks
like:
void _arch_switch(void *handle, void **old_handle_out);
The new thread handle (typically just a stack pointer) is specified
explicitly instead of being picked up from the scheduler by
per-architecture code, and on return the "old" thread handle that got
switched out is returned through the pointer.
The new primitive (currently available only on xtensa) is selected
when CONFIG_USE_SWITCH is "y". A new C _Swap() implementation based
on this primitive is then added which operates compatibly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
K_NUM_PRIORITIES and K_NUM_PRIO_BITMAPS were defined in
nano_internal.h, but used in only a handful of places. Move to
kernel_structs.h (somewhat higher up in the hierarchy) to help with
include file cycle-breaking. Arguably they are a better fit there
anyway.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
_Swap() is defined in nano_internal.h. Everything calls _Swap().
Pretty much nothing that called _Swap() included nano_internal.h,
expecting it to be picked up automatically through other headers (as
it happened, from the kernel arch-specific include file). A new
_Swap() is going to need some other symbols in the inline definition,
so I needed to break that cycle. Now nothing sees _Swap() defined
anymore. Put nano_internal.h everywhere it's needed.
Our kernel includes remain a big awful yucky mess. This makes things
more correct but no less ugly. Needs cleanup.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fix Kconfig help sections and add spacing to be consistent across all
Kconfig file. In a previous run we missed a few.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split the search into two loops: in the common scenario, where device
names are stored in ROM (and are referenced by the user with CONFIG_*
macros), only cheap pointer comparisons will be performed.
Reserve string comparisons for a fallback second pass.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Instead of composing expressions with a logical AND, break down it into
multiple assertions. Smaller assertions are easier to read. While at
it, compare pointers against the NULL value, and numbers against 0
instead of relying on implicit conversion to boolean-ish values.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Without the parenthesis, the code was asserting this expression:
start + (size > start)
Where it should be this instead:
(start + size) > start
For a quick sanity check when adding these two unsigned values together.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
As discovered in https://github.com/zephyrproject-rtos/zephyr/issues/5952
...a duplicate call to k_delayed_work_submit_to_queue() on a work item
whose timeout had expired but which had not yet executed (i.e. it was
pending in the queue for the active work queue thread) would fail,
because the cancellation step wouldn't clear the PENDING bit, causing
the resubmission to see the object in an invalid state. Trivially
fixed by adding a bit clear.
It also turns out that the behavior of the code doesn't match the
docs, which state that a PENDING work item is not supposed to be
cancelled at all. Fix the docs to remove that.
And on yet further review, it turns out that there's no way to make a
test like the one in the linked bug threadsafe. The work queue does
no synchronization by design, so if the user code does no external
synchronization it might very well clobber the running handler. Added
a sentence to the docs to reflect this gotcha.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Remove unused _k_thread_single_start() as this logic is
now moved to _impl_k_thread_start().
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
As per current policy of requiring supervisor mode to register
callbacks, dma_config() is omitted.
A note added about checking the channel ID for start/stop, current
implementations already do this but best make it explicitly
documented.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename the nano_internal.h to kernel_internal.h and modify the
header file name accordingly wherever it is used.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This change proposes to handle the case where the handle_timeouts
function is called after a number of ticks greater than the first
timeout delta of the _timeout_q list. In the current implementation if
the case occurs, after subtracting the number of ticks the
delta_ticks_from_prev field becomes negative and the first timeout is
never processed. It is therefore necessary to treat this case and to
prevent delta_ticks_from_prev from becoming negative. Moreover, the lag
produced by the initial delay must also be applied to following timeouts
by browsing the list until it was entirely consumed.
Fixes#5401
Signed-off-by: Holman Greenhand <greenhandholman@gmail.com>
When CONFIG_THREAD_MONITOR is enabled, repeated thread abort
calls on a dead thread will cause the _thread_monitor_exit to
crash.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We don't need to store the full k_mem_block, rather just the
k_mem_block_id. In effect, this saves 4 bytes of memory per allocated
memory chunk. Also take advantage of the newly introduced
k_mem_pool_free_id API here.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The k_mem_pool_free API has no use for the full k_mem_block struct. In
particular, it only needs the k_mem_block_id. Introduce a new API
which takes only this essential struct. This paves the way to
simplify & improve the k_malloc/k_free implementation a bit.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Having posix headers in the default include path causes issues with the
posix port. Move to a sub-directory to avoid any conflicts.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
when a current thread is added to a memory domain the pages/sections
must be configured immediately.
A problem occurs when we add a thread to current and then drop
down to usermode. In such a case memory domain will become active
the next time a swap occurs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add an architecure specfic code for the memory domain
configuration. This is needed to support a memory domain API
k_mem_domain_add_thread.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Currently all posix APIs are put into single files (pthread.c).
This patch creates separate files for different API areas.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The linker was always picking a weak handler over the actual one.
The linker always searches for the first definition of any function
weak or otherwise. When it finds this function it just links and
skips traversing through the full list.
In the context of userspace, we create the _handlers_ for each system
call in the respective file. And these _handlers_ would get linked to
a table defined in syscalls_dispatch.c. If for instance that this
handler is not defined then we link to a default error handler.
In the build procedure we create a library file from the kernel folder.
When creating this library file, we need to make sure that the file
syscalls_dispatch.c is the last to get linked(i.e userspace.c).
Because the table inside syscalls_dispatch.c would need all the
correct _handler_ definitions. If this is not handled then the system
call layer will not function correctly because of the linker feature.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We have removed this features when we moved to the unified kernel. Those
functions existed to support migration from the old kernel and can go
now.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Having two implementations of the same thing is bad,
especially when one can just call the other inline version.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All arguments comes from userspace has data type u32_t but
base.prio has data type of s8_t. Comparision between s8_t and u32_t
cannot be done. That's why typecast priority coming from userspace(prio)
to s8_t data type.
Signed-off-by: Punit Vara <punit.vara@intel.com>
On arches which have custom logic to do the initial swap into
the main thread, _current may be NULL. This happens when
instantiating the idle and main threads.
If this is the case, skip checks for memory domain and object
permission inheritance, in this case there is never anything to
inherit.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
For the dummy thread, contents in the mem_domain structure
is insignificant hence setting it to NULL.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Added arch specific calls to handle memory domain destroy
and removal of partition.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Additional arch specific interfaces to handle memory domain
destroy and single partition removal.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Kernel object metadata had an extra data field added recently to
store bounds for stack objects. Use this data field to assign
IDs to thread objects at build time. This has numerous advantages:
* Threads can be granted permissions on kernel objects before the
thread is initialized. Previously, it was necessary to call
k_thread_create() with a K_FOREVER delay, assign permissions, then
start the thread. Permissions are still completely cleared when
a thread exits.
* No need for runtime logic to manage thread IDs
* Build error if CONFIG_MAX_THREAD_BYTES is set too low
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Some "random" drivers are not drivers at all: they just implement the
function `sys_rand32_get()`. Move those to a random subsystem in
preparation for a reorganization.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Use-cases for these subsystems appear to be limited to board/SOC
code, network stacks, or other drivers, no need to expose to
userspace at this time. If we change our minds it's easy enough
to add them back.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Intention of CONFIG_BOOT_DELAY is to delay booting of system for certain
time. Currently it is only delaying start of _main thread as delay is
created using k_sleep. This leads to putting _main thread into timeout
queue and continue kernel boot. This is causing some of undesirable
effects in some of test Automation usecase.
This patch changes k_sleep to k_busy_wait which result in delay in OS
boot instead of delaying start of _main.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix init_group bit clearing in _k_thread_group_leave()
Fix _k_object_uninit calling order. Though the order won't
make much difference in this case it is always good to destroy
or uninitialize in the reverse order of the object creation or
initialization.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Added arch specific calls to handle memory domain destroy
and removal of partition.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Additional arch specific interfaces to handle memory domain
destroy and single partition removal.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Most calls to device_get_binding() will pass named constants generated
by Kconfig; these constants will all point to the same place, so
compare the pointer before attempting to match the whole string.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
When k_poll is being used k_queue_cancel_wait shall mark the state as
K_POLL_STATE_NOT_READY so other threads will get properly notified with
a NULL pointer return.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
In case _handle_obj_poll_events is called with K_POLL_STATE_NOT_READY
set -EINTR as return to the poller thread.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
k_queue_get shall never return NULL when timeout is K_FOREVER which can
happen when a higher priority thread cancel/take an item before the
waiting thread.
Fixes issue #4358
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This is a runtime counterpart to K_THREAD_ACCESS_GRANT().
This function takes a thread and a NULL-terminated list of kernel
objects and runs k_object_access_grant() on each of them.
This function doesn't require any special permissions and doesn't
need to become a system call.
__attribute__((sentinel)) added to warn users if they omit the
required NULL termination.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's possible to declare static threads that start up as K_USER,
but these threads can't do much since they start with permissions on
no kernel objects other than their own thread object.
Rather than do some run-time synchronization to have some other thread
grant the necessary permissions, we introduce macros
to conveniently assign object permissions to these threads when they
are brought up at boot by the kernel. The tables generated here
are constant and live in ROM when possible.
Example usage:
K_THREAD_DEFINE(my_thread, STACK_SIZE, my_thread_entry,
NULL, NULL, NULL, 0, K_USER, K_NO_WAIT);
K_THREAD_ACCESS_GRANT(my_thread, &my_sem, &my_mutex, &my_pipe);
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently this is defined as a k_thread_stack_t pointer.
However this isn't correct, stacks are defined as arrays. Extern
references to k_thread_stack_t doesn't work properly as the compiler
treats it as a pointer to the stack array and not the array itself.
Declaring as an unsized array of k_thread_stack_t doesn't work
well either. The least amount of confusion is to leave out the
pointer/array status completely, use pointers for function prototypes,
and define K_THREAD_STACK_EXTERN() to properly create an extern
reference.
The definitions for all functions and struct that use
k_thread_stack_t need to be updated, but code that uses them should
be unchanged.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All sys_slist_*() functions aren't threadsafe and calls to them
must be protected with irq_lock. This is usually done in a wider
caller context, but k_queue_poll() is called with irq_lock already
relinquished, and is thus subject to hard to detect and explain
race conditions, as e.g. was tracked in #4022.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
User threads can only create other nonessential user threads
of equal or lower priority and must have access to the entire
stack area.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to track permission on stack memory regions like we do
with other kernel objects. We want stacks to live in a memory
area that is outside the scope of memory domain permission
management. We need to be able track what stacks are in use,
and what stacks may be used by user threads trying to call
k_thread_create().
Some special handling is needed because thread stacks appear as
variously-sized arrays of struct _k_thread_stack_element which is
just a char. We need the entire array to be considered an object,
but also properly handle arrays of stacks.
Validation of stacks also requires that the bounds of the stack
are not exceeded. Various approaches were considered. Storing
the size in some header region of the stack itself would not allow
the stack to live in 'noinit'. Having a stack object be a data
structure that points to the stack buffer would confound our
current APIs for declaring stacks as arrays or struct members.
In the end, the struct _k_object was extended to store this size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We also need macros to assert that an object must be in an
uninitialized state. This will be used for validating thread
and stack objects to k_thread_create(), which must not be already
in use.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is too powerful for user mode, the other access APIs
require explicit permissions on the threads that are being
granted access.
The API is no longer exposed as a system call and hence will
only be usable by supervisor threads.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's currently too easy to run out of thread IDs as they
are never re-used on thread exit.
Now the kernel maintains a bitfield of in-use thread IDs,
updated on thread creation and termination. When a thread
exits, the permission bitfield for all kernel objects is
updated to revoke access for that retired thread ID, so that
a new thread re-using that ID will not gain access to objects
that it should not have.
Because of these runtime updates, setting the permission
bitmap for an object to all ones for a "public" object doesn't
work properly any more; a flag is now set for this instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We got rid of letting uninitialized objects being a free-for-all
and permission to do stuff on an object is now done explicitly.
If a user thread is initializing an object, they will already have
permission on it.
If a supervisor thread is initializing an object, that supervisor
thread may or may not want that object added to its set of object
permissions for purposes of permission inheritance or dropping to
user mode.
Resetting all permissions on initialization makes objects much
harder to share and re-use; for example other threads will lose
access if some thread re-inits a shared semaphore.
For all these reasons, just keep the permissions as they are when
an object is initialized.
We will need some policy for permission reset when objects are
requested and released from pools, but the pool implementation
should take care of that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will allow these thread objects to be re-used.
_mark_thread_as_dead() removed, it was only being called in one
place.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
API to assist with re-using objects, such as terminated threads or
kernel objects returned to a pool.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Use some preprocessor trickery to automatically deduce the amount of
arguments for the various _SYSCALL_HANDLERn() macros. Makes the grunt
work of converting a bunch of kernel APIs to system calls slightly
easier.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Does the opposite of k_object_access_grant(); the provided thread will
lose access to that kernel object.
If invoked from userspace the caller must hace sufficient access
to that object and permission on the thread being revoked access.
Fix documentation for k_object_access_grant() API to reflect that
permission on the thread parameter is needed as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
By default, threads are created only having access to their own thread
object and nothing else. This new flag to k_thread_create() gives the
thread access to all objects that the parent had at the time it was
created, with the exception of the parent thread itself.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User threads aren't trusted and shouldn't be able to alter the
scheduling assumptions of the system by making thread priorities more
favorable.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now have macros which should significantly reduce the amount of
boilerplate involved with defining system call handlers.
- Macros which define the proper prototype based on number of arguments
- "SIMPLE" variants which create handlers that don't need anything
other than object verification
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- Dumping error messages split from _k_object_validate(), to avoid spam
in test cases that are expected to have failure result.
- _k_object_find() prototype moved to syscall_handler.h
- Clean up k_object_access() implementation to avoid double object
lookup and use single validation function
- Added comments, minor whitespace changes
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Computing the total size of the array need to handle the case where
the product overflow a 32-bit unsigned integer.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Use new _SYSCALL_OBJ/_SYSCALL_OBJ_INIT macros.
Use new _SYSCALL_MEMORY_READ/_SYSCALL_MEMORY_WRITE macros.
Some non-obvious checks changed to use _SYSCALL_VERIFY_MSG.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of boolean arguments to indicate memory read/write
permissions, or init/non-init APIs, new macros are introduced
which bake the semantics directly into the name of the macro.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Expecting stringified expressions to be completely comprehensible to end
users is wishful thinking; we really need to express what a failed
system call verification step means in human terms in most cases.
Memory buffer and kernel object checks now are implemented in terms of
_SYSCALL_VERIFY_MSG.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This API only gets used inside system call handlers and a specific test
case dedicated to it. Move definition to the private kernel header along
with the rest of the defines for system call handlers.
A non-userspace inline variant of this function is unnecessary and has
been deleted.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The old policy was that objects that are not marked as initialized may
be claimed by any thread, user or kernel.
This has some undesirable implications:
- Kernel objects that were initailized at build time via some
_<object name>_INITIALIZER macro, not intended for userspace to ever
use, could be 'stolen' if their memory addresses were figured out and
_k_object_init() was never called on them.
- In general, a malicious thread could initialize all unclaimed objects
it could find, resulting in denial of service for the threads that
these objects were intended for.
Now, performing any operation in user mode on a kernel object,
initialized or not, required that the calling user thread have
permission on it. Such permission would have to be explicitly granted or
inherited from a supervisor thread, as with this change only supervisor
thread will be able to claim uninitialized objects in this way.
If an uninitialized kernel object has permissions granted to multiple
threads, whatever thread actually initializes the object will reset all
permission bits to zero and grant only the calling thread access to that
object.
In other words, granting access to an uninitialized object to several
threads means that "whichever of these threads (or any kernel thread)
who actually initializes this object will obtain exclusive access to
that object, which it then may grant to other threads as it sees fit."
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now show the caller's thread ID and dump out the permissions array
for the object that failed the check.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This API has a return value which was not being propagated back to the
caller if invoked as a system call.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These are removed as the APIs that use them are not suitable for
exporting to userspace.
- Kernel workqueues run in supervisor mode, so it would not be
appropriate to allow user threads to submit work to them. A future
enhancement may extend or introduce parallel API where the workqueue
threads may run in user mode (or leave as an exercise to the user).
- Kernel slabs store private bookkeeping data inside the
user-accessible slab buffers themselves. Alternate APIs are planned
here for managing slabs of kernel objects, implemented within the
runtime library and not the kernel.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
k_pipe_block_put() will be done in another patch, we need to design
handling for the k_mem_block object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These modify kernel object metadata and are intended to be callable from
user threads, need a privilege elevation for these to work.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We want applications to be able to enable and disable userspace without
changing any code. k_thread_user_mode_enter() now just jumps into the
entry point if CONFIG_USERSPACE is disabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add the following application-facing memory domain APIs:
k_mem_domain_init() - to initialize a memory domain
k_mem_domain_destroy() - to destroy a memory domain
k_mem_domain_add_partition() - to add a partition into a domain
k_mem_domain_remove_partition() - to remove a partition from a domain
k_mem_domain_add_thread() - to add a thread into a domain
k_mem_domain_remove_thread() - to remove a thread from a domain
A memory domain would contain some number of memory partitions.
A memory partition is a memory region (might be RAM, peripheral
registers, flash...) with specific attributes (access permission,
e.g. privileged read/write, unprivileged read-only, execute never...).
Memory partitions would be defined by set of MPU regions or MMU tables
underneath.
A thread could only belong to a single memory domain any point in time
but a memory domain could contain multiple threads.
Threads in the same memory domain would have the same access permission
to the memory partitions belong to the memory domain.
The memory domain APIs are used by unprivileged threads to share data
to the threads in the same memory and protect sensitive data from
threads outside their domain. It is not only for improving the security
but also useful for debugging (unexpected access would cause exception).
Jira: ZEP-2281
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Everything get passed to handlers as u32_t, make it simpler to check
something that is known to be a pointer, like we already do with
_SYSCALL_IS_OBJ().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Device drivers need to be treated like other kernel objects, with
thread-level permissions and validation of struct device pointers passed
in from userspace when making API calls.
However it's not sufficient to identify an object as a driver, we need
to know what subsystem it belongs to (if any) so that userspace cannot,
for example, make Ethernet driver API calls using a UART driver object.
Upon encountering a variable representing a device struct, we look at
the value of its driver_api member. If that corresponds to an instance
of a driver API struct belonging to a known subsystem, the proper
K_OBJ_DRIVER_* enumeration type will be associated with this device in
the generated gperf table.
If there is no API struct or it doesn't correspond to a known subsystem,
the device is omitted from the table; it's presumably used internally
by the kernel or is a singleton with specific APIs for it that do not
take a struct device parameter.
The list of kobjects and subsystems in the script is simplified since
the enumeration type name is strongly derived from the name of the data
structure.
A device object is marked as initialized after its init function has
been run at boot.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
To define a system call, it's now sufficient to simply tag the inline
prototype with "__syscall" or "__syscall_inline" and include a special
generated header at the end of the header file.
The system call dispatch table and enumeration of system call IDs is now
automatically generated.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- syscall.h now contains those APIs needed to support invoking calls
from user code. Some stuff moved out of main kernel.h.
- syscall_handler.h now contains directives useful for implementing
system call handler functions. This header is not pulled in by
kernel.h and is intended to be used by C files implementing kernel
system calls and driver subsystem APIs.
- syscall_list.h now contains the #defines for system call IDs. This
list is expected to grow quite large so it is put in its own header.
This is now an enumerated type instead of defines to make things
easier as we introduce system calls over the new few months. In the
fullness of time when we desire to have a fixed userspace/kernel ABI,
this can always be converted to defines.
Some new code added:
- _SYSCALL_MEMORY() macro added to check memory regions passed up from
userspace in handler functions
- _syscall_invoke{7...10}() inline functions declare for invoking system
calls with more than 6 arguments. 10 was chosen as the limit as that
corresponds to the largest arg list we currently have
which is for k_thread_create()
Other changes
- auto-generated K_SYSCALL_DECLARE* macros documented
- _k_syscall_table in userspace.c is not a placeholder. There's no
strong need to generate it and doing so would require the introduction
of a third build phase.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A quick look at "man syscall" shows that in Linux, all architectures
support at least 6 argument system calls, with a few supporting 7. We
can at least do 6 in Zephyr.
x86 port modified to use EBP register to carry the 6th system call
argument.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Instead of a common system call entry function, we instead create a
table mapping system call ids to handler skeleton functions which are
invoked directly by the architecture code which receives the system
call.
* system call handler prototype specified. All but the most trivial
system calls will implement one of these. They validate all the
arguments, including verifying kernel/device object pointers, ensuring
that the calling thread has appropriate access to any memory buffers
passed in, and performing other parameter checks that the base system
call implementation does not check, or only checks with __ASSERT().
It's only possible to install a system call implementation directly
inside this table if the implementation has a return value and requires
no validation of any of its arguments.
A sample handler implementation for k_mutex_unlock() might look like:
u32_t _syscall_k_mutex_unlock(u32_t mutex_arg, u32_t arg2, u32_t arg3,
u32_t arg4, u32_t arg5, void *ssf)
{
struct k_mutex *mutex = (struct k_mutex *)mutex_arg;
_SYSCALL_ARG1;
_SYSCALL_IS_OBJ(mutex, K_OBJ_MUTEX, 0, ssf);
_SYSCALL_VERIFY(mutex->lock_count > 0, ssf);
_SYSCALL_VERIFY(mutex->owner == _current, ssf);
k_mutex_unlock(mutex);
return 0;
}
* the x86 port modified to work with the system call table instead of
calling a common handler function. fixed an issue where registers being
changed could confuse the compiler has been fixed; all registers, even
ones used for parameters, must be preserved across the system call.
* a new arch API for producing a kernel oops when validating system call
arguments added. The debug information reported will be from the system
call site and not inside the handler function.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Based on work by Chunlin Han <chunlin.han@linaro.org>.
This defines the interfaces that architectures will need to implement in
order to support memory domains in either MMU or MPU hardware.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Now creating a thread will assign it a unique, monotonically increasing
id which is used to reference the permission bitfield in the kernel
object metadata.
Stub functions in userspace.c now implemented.
_new_thread is now wrapped in a common function with pre- and post-
architecture thread initialization tasks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We already check the stack sentinel for outgoing thread when we _Swap,
just leverage that.
The thread state check in _check_stack_sentinel now only exits if the
current thread is a dummy thread.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Thread may be in user mode when it returns and can't look at
_current. Use k_current_get() which will be a system call.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will be used by system call handlers to ensure that any memory
regions passed in from userspace are actually accessible by the calling
thread.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In various places, a private _thread_entry_t, or the full prototype
were being used. Be consistent and use the same typedef everywhere.
Signen-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's now possible to instantiate a thread object, but delay its
execution indefinitely. This was already supported with K_THREAD_DEFINE.
A new API, k_thread_start(), now exists to start threads that are in
this state.
The intended use-case is to initialize a thread with K_USER, then grant
it various access permissions, and only then start it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Garbage values here could wreak havoc on the initial switch to main
depending on how arch-specific _Swap() manages memory permissions when
switching threads.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.
The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.
- CONFIG_USERSPACE introduced. We are somewhat far away from having an
end-to-end implementation, but at least need a Kconfig symbol to
guard the incoming code with. Formal documentation doesn't exist yet
either, but will appear later down the road once the implementation is
mostly finalized.
- In the memory region for RAM, the data section has been moved last,
past bss and noinit. This ensures that inserting generated tables
with addresses of kernel objects does not change the addresses of
those objects (which would make the table invalid)
- The DWARF debug information in the generated ELF binary is parsed to
fetch the locations of all kernel objects and pass this to gperf to
create a perfect hash table of their memory addresses.
- The generated gperf code doesn't know that we are exclusively working
with memory addresses and uses memory inefficently. A post-processing
script process_gperf.py adjusts the generated code before it is
compiled to work with pointer values directly and not strings
containing them.
- _k_object_init() calls inserted into the init functions for the set of
kernel object types we are going to support so far
Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fixes https://github.com/zephyrproject-rtos/zephyr/issues/1280, but
also many other failures, where output was garbled due to this. Other
similarly affected issues are missing first benchmark (context) in
latency benchmark and some net tests.
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
k_timer_start(timer, duration, period) is API used to
start a timer. Currently duration parameters accepts
only positive number.
But a user may require to do some periodic activity
ASAP and start timer with 0 value. So this patch
allows 0 as minimum value of duration.
In this patch, when duration value is set as 0 then
timer expiration handler is called instead of submiting
this into timeout queue.
Jira: ZEP-2497
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The API/Variable names in timing_info looks very speicific to
platform (like systick etc), whereas these variabled are used
across platforms (nrf/arm/quark).
So this patch :-
1. changing API/Variable names to generic one.
2. Creating some of Macros whose implimentation is platform
depenent.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
SYS_DLIST_FOR_EACH_CONTAINER is preferable over using
SYS_DLIST_FOR_EACH_NODE as that avoid casting directly which assumes the
node field is always at the beginning.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This is necessary in order for k_queue_get to work properly since that
is used with buffer pools which might be used by multiple threads asking
for buffers.
Jira: ZEP-2553
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The boot banner is being printed after static threads have started, for
example this is visible with tests using ztest.
This puts the banner message before starting any threads.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Partial implementation of the IEEE 1003.1 pthread API, including
mutexes and condition variables in their default behaviors, and
pthread barrier objects. The rwlock and spinlocks abstractions are
not supported in this commit (both only make sense in the presence of
multiple SMP processors).
Note that this is the IPC mechanisms only. The thread creation API
itself is unsupported: Zephyr threads work differently from pthreads
and don't port cleanly in all cases. Likewise the "_INITIALIZER"
macros from pthreads don't work cleanly here, and _DECLARE macros have
been provided to statically initialize pthread primitives in a manner
more native to Zephyr
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This has been a limitation caused by k_fifo which could only remove
items from the beggining, but with the change to use k_queue in
k_work_q it is now possible to remove items from any position with
use of k_queue_remove.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This makes use of POLL_EVENT in case k_poll is enabled which is
preferable over wait_q as that allows objects to be removed for the
data_q at any time.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Save some memory for small memory systems when running ztests. We have
our own stack in ztest so we should be able to get away reducing down
the main stack.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
* add nested interrupt support for interrupts
+ use a varibale exc_nest_count to trace nest interrupt and exception
+ regular interrupts can be nested by regular interrupts and fast
interrupts
+ fast interrupt's priority is the highest, cannot be nested
* remove the firq stack and exception stack
+ remove the coressponding kconfig option
+ all interrupts (normal and fast) and exceptions will be handled
in the same stack (_interrupt stack)
+ the pros are, smaller memory footprint (no firq stack), simpler
stack management, simpler codes, etc.. The cons are, possible
10-15 instructions overhead for the case where fast irq nests
regular irq
* add the case of ARC in test/kernel/gen_isr_table
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If there are multiple preemptive threads with same priority, and any
one thread preempts before its time slice expires (due to yields/
semaphore take/queue etc), then next schedules thread is getting
lower time slide than expected.
This patch fixes this issue by accounting time expired when a thread
releases CPU before its time slide expires.
Jira: ZEP-2217/ZEP-2218
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test was just wrong. If the current thread did not race with any
others during the allocation process, then the result will be false
because it was detected so earlier in the function. If we did race,
then sure: it might be true now if someone snuck in and freed a block.
But so what? We already have the block we want to break. The
behavior in the code as written was to early-exit from the break loop,
returning a buffer that was larger than the one requested (though
otherwise benign -- we wouldn't leak, just waste memory). No idea
what I was thinking.
Thanks to Du Quanwen for the diagnosis.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Subsequent patches will set this guard page as unmapped,
triggering a page fault on access. If this is due to
stack overflow, a double fault will be triggered,
which we are now capable of handling with a switch to
a know good stack.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adds common and Kinetis-specific adc device tree properties, and updates
all Kinetis SoC and board dts files to include adc nodes.
Jira: ZEP-1396
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Introduce a configurable boot delay option (defaulting to none) that
happens right after printing a boot delay banner, #before calling
main() in kernel/init.c:_main(), before taking timestamps for _main()
and once all the infrastructure is in place. Move also the boot banner
to happen after this delay.
The rationale for this is some boards will boot really fast and print
out some test case output in the serial port before the system that is
monitoring the serial port is able to read from the serial port.
This happens in MCUs whose serial port is embedded in a USB connection
which also is used to power the MCU board. When powering it on by
powering the USB port, there is a time it takes the host system to
detect the USB connection, enumerate the serial port, configure it and
load, start and read from the serial port. At this time, it might have
printed the output of the serial port.
While manually it is possible to press a reset button, on automation
setups this adds a lot of overhead and cabling or modifications to the
MCU that are easier (and cheaper) to overcome with this delay. Other
options (like using a separate serial line) might not be possible or
add a lot of cabling and cost, plus it'd also add extra build
configuration.
Change-Id: I2f4d1ba356de6cefa19b4ef5c9f19f87885d4dfd
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Commit 1bc2fdc70 ("dts: arm: STM32 boards use DT to configure I2C")
added a new Kconfig option, HAS_DTS_I2C, which should be set when the
target supports configuration of I2C peripherals via Device Tree.
Currently, STM32 targets select this. However, the fact that
HAS_DTS_I2C has no default is causing prompting when building Zephyr
on other targets with DTS. To avoid this and allow builds to complete
as usual, have HAS_DTS_I2C default to n.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Upcoming memory protection features will be placing some additional
constraints on kernel objects:
- They need to reside in memory owned by the kernel and not the
application
- Certain kernel object validation schemes will require some run-time
initialization of all kernel objects before they can be used.
Per Ben these initializer macros were never intended to be public. It is
not forbidden to use them, but doing so requires care: the memory being
initialized must reside in kernel space, and extra runtime
initialization steps may need to be peformed before they are fully
usable as kernel objects. In particular, kernel subsystems or drivers
whose objects are already in kernel memory may still need to use these
macros if they define kernel objects as members of a larger data
structure.
It is intended that application developers instead use the
K_<object>_DEFINE macros, which will automatically put the object in the
right memory and add them to a section which can be iterated over at
boot to complete initiailization.
There was no K_WORK_DEFINE() macro for creating struct k_work objects,
this is now added.
k_poll_event and k_poll_signal are intended to be instatiated from
application memory and have not been changed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Configure I2C using DT for the following STM32 boards:
disco_l475_iot1
nucleo_f401re
96b_carbon
olimexino_stm32
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
Applications will have their own BSS and data sections which
will need to be additionally copied.
This covers the common C implementation of these functions.
Arches which implement their own optimized versions will need
to be updated.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
1. Changed _tsc_read() to k_cycles_get_32(). Thus reading the
time stamp will be agnostic of the architecutre used.
2. Changed the variable names from *_tsc to *_time_stamp.
JIRA: ZEP-1426
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The existing __stack decorator is not flexible enough for upcoming
thread stack memory protection scenarios. Wrap the entire thing in
a declaration macro abstraction instead, which can be implemented
on a per-arch or per-SOC basis.
Issue: ZEP-2185
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).
This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.
This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.
The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.
Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The kernel tracks time slice usage with the _time_slice_elapsed global.
Every time the timer interrupt goes off and the timer driver calls
_nano_sys_clock_tick_announce() with the elapsed time, this is added to
_time_slice_elapsed. If it exceeds the total time slice, the thread is
moved to the back of the queue for that priority level and
_time_slice_elapsed is reset to zero.
In a non-tickless kernel, this is the only time _time_slice_elapsed is
reset. If a thread uses up a partial time slice, and then cooperatively
switches to another thread, the next thread will inherit the remaining
time slice, causing it not to be able to run as long as it ought to.
There does exist code to properly reset the elapsed count, but it was
only compiled in a tickless kernel. Now it is built any time
CONFIG_TIMESLICING is enabled.
Issue: ZEP-2107
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fixes sparse warning:
<snip>/zephyr/kernel/sched.c:368:6: warning: symbol '_dump_ready_q' was not declared. Should it be static?
Change-Id: I156e89f1d74178bbd99cc25e532da544c7ebee60
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
Fixes sparse warnings:
<snip>/zephyr/kernel/timer.c:15:16: warning: symbol '_trace_list_k_timer' was not declared. Should it be static?
<snip>/zephyr/kernel/sem.c:32:14: warning: symbol'_trace_list_k_sem' was not declared. Should it be static?
<snip>/zephyr/kernel/stack.c:24:16: warning: symbol '_trace_list_k_stack' was not declared. Should it be static?
<snip>/zephyr/kernel/queue.c:27:16: warning: symbol '_trace_list_k_queue' was not declared. Should it be static?
<snip>/zephyr/kernel/pipes.c:40:15: warning: symbol '_trace_list_k_pipe' was not declared. Should it be static?
<snip>/zephyr/kernel/mutex.c:46:16: warning: symbol '_trace_list_k_mutex' was not declared. Should it be static?
<snip>/zephyr/kernel/msg_q.c:26:15: warning: symbol '_trace_list_k_msgq' was not declared. Should it be static?
<snip>/zephyr/kernel/mem_slab.c:20:19: warning: symbol '_trace_list_k_mem_slab' was not declared. Should it be static?
<snip>/zephyr/kernel/mailbox.c:53:15: warning: symbol '_trace_list_k_mbox' was not declared. Should it be static?
Change-Id: I42d55aea9855b9c1dd560852ca033c9a19f1ac21
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
Fixes sparse warning:
CHECK <snip>/zephyr/kernel/thread.c
<snip>/zephyr/kernel/thread.c:184:20: error: symbol '_thread_entry' redeclared with different type (originally declared at <snip>/zephyr/kernel/include/nano_internal.h:43) - different modifiers
CC kernel/thread.o
Change-Id: I2223493cdf97c811c661773f8fd430e6c00cbaa0
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
This places a sentinel value at the lowest 4 bytes of a stack
memory region and checks it at various intervals, including when
servicing interrupts or context switching.
This is implemented on all arches except ARC, which supports stack
bounds checking directly in hardware.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The initial dummy thread context used for the initial __swap to
the main thread at early kernel initialization was not marked as a dummy
thread as it ought to be.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch amounts to a mostly complete rewrite of the k_mem_pool
allocator, which had been the source of historical complaints vs. the
one easily available in newlib. The basic design of the allocator is
unchanged (it's still a 4-way buddy allocator), but the implementation
has made different choices throughout. Major changes:
Space efficiency: The old implementation required ~2.66 bytes per
"smallest block" in overhead, plus 16 bytes per log4 "level" of the
allocation tree, plus a global tracking struct of 32 bytes and a very
surprising 12 byte overhead (in struct k_mem_block) per active
allocation on top of the returned data pointer. This new allocator
uses a simple bit array as the only per-block storage and places the
free list into the freed blocks themselves, requiring only ~1.33 bits
per smallest block, 12 bytes per level, 32 byte globally and only 4
bytes of per-allocation bookeeping. And it puts more of the generated
tree into BSS, slightly reducing binary sizes for non-trivial pool
sizes (even as the code size itself has increased a tiny bit).
IRQ safe: atomic operations on the store have been cut down to be at
most "4 bit sets and dlist operations" (i.e. a few dozen
instructions), reducing latency significantly and allowing us to lock
against interrupts cleanly from all APIs. Allocations and frees can
be done from ISRs now without limitation (well, obviously you can't
sleep, so "timeout" must be K_NO_WAIT).
Deterministic performance: there is no more "defragmentation" step
that must be manually managed. Block coalescing is done synchronously
at free time and takes constant time (strictly log4(num_levels)), as
the detection of four free "partner bits" is just a simple shift and
mask operation.
Cleaner behavior with odd sizes. The old code assumed that the
specified maximum size would be a power of four multiple of the
minimum size, making use of non-standard buffer sizes problematic.
This implementation re-aligns the sub-blocks at each level and can
handle situations wehre alignment restrictions mean fewer than 4x will
be available. If you want precise layout control, you can still
specify the sizes rigorously. It just doesn't break if you don't.
More portable: the original implementation made use of GNU assembler
macros embedded inline within C __asm__ statements. Not all
toolchains are actually backed by a GNU assembler even when the
support the GNU assembly syntax. This is pure C, albeit with some
hairy macros to expand the compile-time-computed values.
Related changes that had to be rolled into this patch for bisectability:
* The new allocator has a firm minimum block size of 8 bytes (to store
the dlist_node_t). It will "work" with smaller requested min_size
values, but obviously makes no firm promises about layout or how
many will be available. Unfortunately many of the tests were
written with very small 4-byte minimum sizes and to assume exactly
how many they could allocate. Bump the sizes to match the allocator
minimum.
* The mbox and pipes API made use of the internals of k_mem_block and
had to be ported to the new scheme. Blocks no longer store a
backpointer to the pool that allocated them (it's an integer ID in a
bitfield) , so if you want to "nullify" them you have to use the
data pointer.
* test_mbox_api had a bug were it was prematurely freeing k_mem_blocks
that it sent through the mailbox. This worked in the old allocator
because the memory wouldn't be touched when freed, but now we stuff
list pointers in there and the bug was exposed.
* Remove test_mpool_options: the options (related to defragmentation
behavior) tested no longer exist.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Unline k_thread_spawn(), the struct k_thread can live anywhere and not
in the thread's stack region. This will be useful for memory protection
scenarios where private kernel structures for a thread are not
accessible by that thread, or we want to allow the thread to use all the
stack space we gave it.
This requires a change to the internal _new_thread() API as we need to
provide a separate pointer for the k_thread.
By default, we still create internal threads with the k_thread in stack
memory. Forthcoming patches will change this, but we first need to make
it easier to define k_thread memory of variable size depending on
whether we need to store coprocessor state or not.
Change-Id: I533bbcf317833ba67a771b356b6bbc6596bf60f5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Newlib names this function __errno(), so if we want Zephyr to work
with Newlib seamlessly, it's better to just follow Newlib's naming
convention for Zephyr's own minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Currently, a queue/fifo getter chooses how long to wait for an
element. But there are scenarios when putter would know better,
there should be a way to expire getter's timeout to make it run
again. k_queue_cancel_wait() and k_fifo_cancel_wait() functions
do just that. They cause corresponding *_get() functions to return
with NULL value, as if timeout expired on getter's side (even
K_FOREVER).
This can be used to signal out of band conditions from putter to
getter, e.g. end of processing, error, configuration change, etc.
A specific event would be communicated to getter by other means
(e.g. using existing shared context structures).
Without this call, achieving the same effect would require e.g.
calling k_fifo_put() with a pointer to a special sentinal memory
structure - such structure would need to be allocated somewhere
and somehow, and getter would need to recognize it from a normal
data item. Having cancel_wait() functions offers an elegant
alternative. From this perspective, these calls can be seen as
an equivalent to e.g. k_fifo_put(fifo, NULL), except that such
call won't work in practice.
Change-Id: I47b7f690dc325a80943082bcf5345c41649e7024
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
fix misspelling in Kconfig files that would show up in configuration
documentation and screens.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Adds event based scheduling logic to the kernel. Updates
management of timeouts, timers, idling etc. based on
time tracked at events rather than periodic ticks. Provides
interfaces for timers to announce and get next timer expiry
based on kernel scheduling decisions involving time slicing
of threads, timeouts and idling. Uses wall time units instead
of ticks in all scheduling activities.
The implementation involves changes in the following areas
1. Management of time in wall units like ms/us instead of ticks
The existing implementation already had an option to configure
number of ticks in a second. The new implementation builds on
top of that feature and provides option to set the size of the
scheduling granurality to mili seconds or micro seconds. This
allows most of the current implementation to be reused. Due to
this re-use and co-existence with tick based kernel, the names
of variables may contain the word "tick". However, in the
tickless kernel implementation, it represents the currently
configured time unit, which would be be mili seconds or
micro seconds. The APIs that take time as a parameter are not
impacted and they continue to pass time in mili seconds.
2. Timers would not be programmed in periodic mode
generating ticks. Instead they would be programmed in one
shot mode to generate events at the time the kernel scheduler
needs to gain control for its scheduling activities like
timers, timeouts, time slicing, idling etc.
3. The scheduler provides interfaces that the timer drivers
use to announce elapsed time and get the next time the scheduler
needs a timer event. It is possible that the scheduler may not
need another timer event, in which case the system would wait
for a non-timer event to wake it up if it is idling.
4. New APIs are defined to be implemented by timer drivers. Also
they need to handler timer events differently. These changes
have been done in the HPET timer driver. In future other timers
that support tickles kernel should implement these APIs as well.
These APIs are to re-program the timer, update and announce
elapsed time.
5. Philosopher and timer_api applications have been enabled to
test tickless kernel. Separate configuration files are created
which define the necessary CONFIG flags. Run these apps using
following command
make pristine && make BOARD=qemu_x86 CONF_FILE=prj_tickless.conf qemu
Jira: ZEP-339 ZEP-1946 ZEP-948
Change-Id: I7d950c31bf1ff929a9066fad42c2f0559a2e5983
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Future tickless kernel patches would be inserting some
code before call to Swap. To enable this it will create
a mcro named as the current _Swap which would call first
the tickless kernel code and then call the real __swap()
Jira: ZEP-339
Change-Id: Id778bfcee4f88982c958fcf22d7f04deb4bd572f
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Historically, space for struct k_thread was always carved out of the
thread's stack region. However, we want more control on where this data
will reside; in memory protection scenarios the stack may only be used
for actual stack data and nothing else.
On some platforms (particularly ARM), including kernel_arch_data.h from
the toplevel kernel.h exposes intractable circular dependency issues.
We create a new per-arch header "kernel_arch_thread.h" with very limited
scope; it only defines the three data structures necessary to instantiate
the arch-specific bits of a struct k_thread.
Change-Id: I3a55b4ed4270512e58cf671f327bb033ad7f4a4f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patck adds the stack information into the k_thread data structure.
The information will be set by when creating a new thread (_new_thread)
and will be used by the scheduling process.
Change-Id: Ibe79fe92a9ef8bce27bf8616d8e0c878508c267d
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This adds a new event type to the kernel event logger that tracks
thread-related events: being added to the ready queue, pending a
thread, and exiting a thread.
It's the only event type that contains "subevents" and thus has a
non-void parameter in their respective _sys_k_event_logger_*()
function. Luckily, as isn't the case with other events (such as IRQs
and thread switching), these functions are called from
platform-agnostic places, so there's no need to worry about changing
the assembly guts.
This is the first patch in a series adding support for better real-time
profiling of Zephyr applications.
Jira: ZEP-1463
Change-Id: I6d63607ba347f7a9cac3d016fef8f5a0a830e267
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Unlike assertions, these APIs are active at all times. The kernel will
treat these errors in the same way as fatal CPU exceptions. Ultimately,
the policy of what to do with these errors is implemented in
_SysFatalErrorHandler.
If the archtecture supports it, a real CPU exception can be triggered
which will provide a complete register dump and PC value when the
problem occurs. This will provide more helpful information than a fake
exception stack frame (_default_esf) passed to the arch-specific exception
handling code.
Issue: ZEP-843
Change-Id: I8f136905c05bb84772e1c5ed53b8e920d24eb6fd
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For exceptions where we are just going to abort the current thread, we
need to exit handler mode properly so that PendSV can run and perform a
context switch. For ARM architecture this means that the fatal error
handling code path can indeed return if we were 1) in handler mode and
2) only wish to abort the current thread.
Fixes a very long-standing bug where a thread that generates an
exception, and should only abort the thread, instead takes down the
entire system.
Issue: ZEP-2052
Change-Id: Ib356a34a6fda2e0f8aff39c4b3270efceb81e54d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We do the same thing on all arch's right now for thread_monitor_init so
lets put it in a common place. This also should fix an issue on xtensa
when thread monitor can be enabled (reference to _nanokernel.threads).
Change-Id: If2f26c1578aa1f18565a530de4880ae7bd5a0da2
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We do a bit of the same stuff on all the arch's to setup a new thread.
So lets put that code in a common place so we unify it for everyone and
reduce some duplicated code.
Change-Id: Ic04121bfd6846aece16aa7ffd4382bdcdb6136e3
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are a few places that we used an naked unsigned type, lets be
explicit and make it 'unsigned int'.
Change-Id: I33fcbdec4a6a1c0b1a2defb9a5844d282d02d80e
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. This handles the remaining includes and kernel, plus
touching up various points that we skipped because of include
dependancies. We also convert the PRI printf formatters in the arch
code over to normal formatters.
Jira: ZEP-2051
Change-Id: Iecbb12601a3ee4ea936fd7ddea37788a645b08b0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a start to move away from the C99 {u}int{8,16,32,64}_t types to
Zephyr defined u{8,16,32,64}_t and s{8,16,32,64}_t. This allows Zephyr
to define the sized types in a consistent manor across all the
architectures we support and not conflict with what various compilers
and libc might do with regards to the C99 types.
We introduce <zephyr/types.h> as part of this and have it include
<stdint.h> for now until we transition all the code away from the C99
types.
We go with u{8,16,32,64}_t and s{8,16,32,64}_t as there are some
existing variables defined u8 & u16 as well as to be consistent with
Zephyr naming conventions.
Jira: ZEP-2051
Change-Id: I451fed0623b029d65866622e478225dfab2c0ca8
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This reverts commit 7b9dc107a8.
We revert this as we intent to move away from {u}int{8,16,32,64}_t types
to our own internal types for sized variables so we shouldn't need the
PRI macros anymore.
Change-Id: I1d9d797fee47ca266867ae65656c150f8fe2adb2
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To allow for various libc implementations (like newlib) in which the way
various {u}int{8,16,32}_t types are defined vary between both libc
implementations and across architectures we need to utilize the PRI
defines.
Change-Id: Ie884fb67015502288152ecbd64c37961a4f538e4
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Filter was wrong and sample was not being built on any boards. Exclude
platforms that do not support interrupt based UART drivers.
Jira: ZEP-2014
Change-Id: I84a690e7c93fae52335434830b83086019cfd00d
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This code is non-functional and is a left over from an old version of
the kernel that does not work and is covered through other new features
in the kernel, for example object tracing.
Jira: ZEP-2013
Change-Id: Id12ad09e2d06186b53cd2f0dd030ac6d37d1229f
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove deprecated macros and function and structs that
were deprecated 2 versions ago 1.6 for power management
jira:ZEP-973
Change-Id: I127e482c67e09afea6a2008672661862dbf00c80
Signed-off-by: Amir Kaplan <amir.kaplan@intel.com>
First step to removing legacy APIs, this will be a wakeup call for this
still using legacy APIs before we completely remove them.
Change-Id: I32db62ff73efaa7eb5ab9ebc4d4fdc4a7c34ae56
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
When enabling CONFIG_FP_SHARING on ARM, 64 extra bytes are necessary
on the stack of each task in order to save FPU registers S16 to S31.
In the case of the idle stack, the default value of 256 bytes is too
small. As described in ZEP-1470, when the idle task is scheduled out,
floating point registers are saved, which corrupts the stack frame
(especially the saved PC value). When scheduling the idle task, the
restored PC will jump to nowhere, leading to a Usage Fault.
Increase the size of the idle stack by 64 bytes to fix this issue.
JIRA: ZEP-1470
Change-Id: Ib800cd51e5189dda8bf59332db661c21399db3e3
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Once all users of k_lifo migrate to k_queue this should no longer be
needed.
Change-Id: Ib8af40c57bf8feba7b06d6d891cfa57b44faad42
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This makes k_fifo functions rely on k_queue and port k_poll to use
k_queue directly.
Once all users of k_fifo migrate to k_queue this should no longer be
needed.
Change-Id: Icf16d580f88d11b2cb89e1abd23ae314f43dbd20
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This unifies k_fifo and k_lifo APIs thus making it more flexible regarding
where the data elements are inserted.
Change-Id: Icd6e2f62fc8b374c8273bb763409e9e22c40f9f8
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Some inconsistent spacing and private types starting with '_'.
Change-Id: I3354b69cc3934717d3b8097cdda98474339c1f32
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
The loop was not tracking the correct next node in the list correctly.
However, it happened that the fix is way more involved than just fixing
that small issue, due to the way that semaphore group timeouts work.
Instead of handling timeouts one-by-one, we have to handle all timeouts
in a semaphore group as one. To do that, we use the fact that the
timeout of the real thread is always found first in the kernel's
timeout_q, and if it has expired, we do not even look at the timeouts of
the dummy threads.
Change-Id: Iadcfd06f33c6b335efa2592b2c01eeb5ca67afde
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Queuing in the timeout_q of timeouts expiring on the same tick queue
them in reverse order: as soon as the new timeout finds a timeout
expiring on the same tick or later, it get prepended to that timeout:
this allows exiting the traversal of the timeout as soon as possible,
which is done with interrupts locked, thus reducing interrupt latency.
However, this has the side-effect of handling the timeouts expiring on
the same tick in the reverse order that they are queued.
For example:
thread_c, prio 4:
uint32_t uptime = k_uptime_get_32();
while(uptime == k_uptime_get_32()); /* align on tick */
k_timer_start(&timer_a, 5, 0);
k_timer_start(&timer_b, 5, 0);
thread_a, prio 5:
k_timer_status_sync(&timer_a);
printk("thread_a got timer_a\n");
thread_b, prio 5:
k_timer_status_sync(&timer_b);
printk("thread_b got timer_b\n");
One could "reasonably" expect thread_a to run first, since both threads
have the same prio, and timer_a was started before timer_b, thus
inserted first in the timeout_q first (time-wise). However, thread_b
will run before thread_a, since timer_b's timeout is prepended to
timer_a's.
This patch keeps the reversing of the order when adding timeouts in the
timeout_q, thus preserving the same interrupt latency; however, when
dequeuing them and adding them to the expired queue, we now reverse that
order _again_, causing the timeouts to be handled in the expected order.
Change-Id: Id83045f63e2be88809d6089b8ae62034e4e3facb
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Modify _get_first_thread_to_unpend() so that it does not remove the
thread from the wait queue. Rename it to _find_first_thread_to_unpend()
to match the new behaviour.
This will be needed to fix a semaphore group bug.
Change-Id: I1b7531c3beecf3b6a86ecf88a93a02449edd0767
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Rather than explicitely checking the thread state bit.
Change-Id: Ic78427d9847e627a0e91d0147d3b6164450597f6
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
This has not bitten us yet, but it was a ticking timebomb.
This is similar to the issue that was found with irq_lock/irq_unlock
implementations on several architectures. Having a volatile variable is
not the way to force the sched_lock variable to be
incremented/decremented around the accesses to data it protects.
Instead, a compiler barrier must prevent the compiler from reordering
the memory accesses around setting of sched_lock. Needed in the inline
implementations _sched_lock()/_sched_unlock_no_reschedule(), which
resolve to simple decrement/increment of the per-thread sched_lock
variable.
Change-Id: I06f5b3524889f193efe69caa947118404b1be0b5
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Xtensa port uses more stack than others. This was discussed with the team and
we agreed that this can be accepted for the first beta.
We will investigate this later to see how to avoid allocating coproc registers
for the system threads in order to reduce the stack overhead. However this
will not be before the port is considered stable.
Change-Id: Icd5b2b0ab68d0906b5408f35f081b100acabc010
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
This patch adds support for using device tree configuration files for
configuring ARM platforms.
In this patch, only the FLASH_SIZE, SRAM_SIZE, NUM_IRQS, and
NUM_IRQ_PRIO_BITS were removed from the Kconfig options. A minimal set
of options were removed so that it would be easier to work through the
plumbing of the build system.
It should be noted that the host system must provide access to the
device tree compiler (DTC). The DTC can usually be installed on host
systems through distribution packages or by downloading and compiling
from https://git.kernel.org/pub/scm/utils/dtc/dtc.git
This patch also requires the Python yaml package.
This change implements parts of each of the following Jira:
ZEP-1304
ZEP-1305
ZEP-1306
ZEP-1307
ZEP-1589
Change-Id: If1403801e19d9d85031401b55308935dadf8c9d8
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Poll events were getting registered even when polling conditions had
already been met, but events with conditions met did not register and
did not increment the number of events registered. This caused a
possible discrepancy between the number of events registered and the
position of the last event registered in the events array.
As soon as one event condition is met, the next ones in the array should
not get registered even if their condition is not met. This is what the
code does now.
Change-Id: Ibcc3b135ec9d3cf463beb9da3f641fec962b34bf
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
This flag is no longer necessary and TICKLESS_IDLE will be
enabled by default if SYS_POWER_MANAGEMENT is enabled.
Jira: ZEP-1325
Change-Id: Ic6cd4b8dc0a17c6a413cabf6509b215a4558318d
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Due to a limitation on XCC, the inline assembly does not
produce the expected instructions. This results in a wrong
code sequence. On the other hand, plain C code works well.
The note about compilers seems to not be an issue on any of
our currently supported compilers.
Change-Id: I9d2ab0fbf8a48d9dad51da3fd54453f205516d74
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It was in the static initializers, but was missing from the object
runtime init functions.
Change-Id: I10d519760eabdbe640a19cc5cfa9241c1356b070
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
This will allow users to install a way of finding out what the event and
the objects are used for without looking at the object itself, or to
tag a bunch of objects that belong together.
The runtime init function _does not_ take a tag so that there is no
runtime hit if not needed. The static initializer macro _does_ take the
tag, so that it does not have to be initialized at runtime if needed,
and thus avoids a runtime hit.
Change-Id: I89a36c6f969ff952f9d1673b1bb5136e407535c6
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
When CONFIG_FP_SHARING is enabled without CONFIG_LEGACY
thread.c was referencing symbols like K_TASK_GROUP_FPU
which are defined in legacy.h
Change-Id: I4bb1723f91c3e3586c5d1bf05cf23a1c0d3d5aac
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
With the recently added k_poll feature, k_fifo_put_list was forgotten
about. Add the necessary code to wake up a k_poll call when
k_fifo_put_list is called.
Change-Id: Ib9baef5ee2bd00620e2eea5afdd81accc4518bd5
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
k_poll() is similar to the POSIX poll() API in spirit in that it allows
a single thread to monitor multiple events without actively polling
them, but rather pending for one or more to become ready. Such events
can be a direct event, or kernel objects (currently only semaphores and
fifos).
When a kernel object being polled on is ready, it is not "given" to the
poller: the poller must then acquire it via the regular API for the
object (e.g. k_sem_take()). Only one thread can poll on a particular
object at one time. These restrictions mean that k_poll() is most
effective when a single thread monitors multiple events that are not
subject for contention. For example, being the sole reader on multiple
fifos, or the only thread being signalled by multiple semaphores, or a
combination of both.
Change-Id: I7035a9baf4aa016fb87afc5f5c0f5f8cb216480f
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Dissociate wait queue initialization from doubly-linked lists if the
underlying implementation is to be abstracted.
Change-Id: Id7544c6ac506643437f9c4f0ae97e7eecab8d06d
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
The K_<thread option> flags/options avaialble to users were hidden in
the kernel private header files: move them to include/kernel.h to
publicize them.
Also, to avoid any future confusion, rename the k_thread.execution_flags
field to user_options.
Change-Id: I65a6fd5e9e78d4ccf783f3304b607a1e6956aeac
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
The execution_flags will store the user-facing states of a thread.
This also fixes a bug where K_ESSENTIAL was already assigned to
execution_flags via the options field of
k_thread_spawn()/K_THREAD_DEFINE().
Change-Id: I91ad7a62b5d180e09eead8985ff519809959ecf2
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
They are not part of the API, so rename from K_<state> to
_THREAD_<state>.
Change-Id: Iaebb7d3083b80b9769bee5616e0f96ed2abc5c56
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Unused.
Reuse bit for K_FP_REGS to keep the used bits the lowest possible.
Change-Id: I5998801ef34156271d4f66d1948a05e0b2ce58f7
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
This will be needed for some thread user options that will move to
kernel.h since they are part of the user API.
Change-Id: I46e302b6cafcdddbad3458134b98feb5b8d45d9b
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
When prio and sched_locked were moved into a struct together to create a
union with the combined preempt field, the volatile qualifier moved from
sched_locked to prio by mistake.
Change-Id: I5a8e01324f14e77e3d7162c12515471826023633
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Make it depend on CONFIG_LEGACY_KERNEL being enabled.
Change-Id: Id5d3cd35a52d38bf7476ea8e51b71e2c687f0923
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The idle priority was not accounted for.
With this change, the philosophers demo runs in coop-only mode.
Change-Id: I23db33687bcf3b2107d5fc07977143730f62e476
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
If the system's priority inheritance priority ceiling is not the same as
the highest priority in the system, it was possible for a thread owning
the mutex to get its priority lowered instead of left unchanged.
Change-Id: Ic06a1c4a66322c2949b2ba2f53efa03200fb1fc1
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
-1 is reserved for the idle thread in coop-only mode and -1 does not
exist as a priority in preempt-only mode.
With this change, the philosophers demo runs in preempt-only mode.
Change-Id: Id15a6eafc7582966deaf0db9ed6960b5da74be33
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Similar to what was available with nano timers in the original kernel,
allow a user to associate opaque data with a timer.
Fix for ZEP-1558.
Change-Id: Ib8cf998b47988da27eba4ee5cd2658f90366b1e4
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Default 256 bytes stack size for idle task is not enough, as
stack grows/shrinks by a multiple of 16-bytes in the
RISC-V architecture.
Increase it to 512 bytes for RISCV32 architecture
Change-Id: I8321c48e4c1a877b252ba5561f3cbdd1fe475fc7
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
added _MOVE_INSTR for RISCV32 architecture
The store instruction has a different syntax in RISC-V,
compared to the other architectures. Hence, for each
architecture, specify the entire load instruction within
the _MOVE_INSTR variable.
Change-Id: Iedc421e73411876abd8b698f7d4b46081b473d79
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
For some of our samples/test we disable all console support, yet enable
BOOT_BANNER in tests/include/test.config, this can generate warnings
like:
warning: (BOOT_BANNER && BLUETOOTH_DEBUG_LOG && BLUETOOTH_DEBUG_MONITOR)
selects PRINTK which has unmet direct dependencies (CONSOLE_HAS_DRIVER)
So having BOOT_BANNER depend on CONSOLE_HAS_DRIVER cleans things up.
Change-Id: Ia6a6348fc08b0808ea6eaedb8c8833507f82c702
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The main, idle, interrupt and workqueue call stack definitions are not available
to applications to call stack_analyze() on, but they often require to be
measured empirically to tune their sizes in particular applications and
use cases.
This exposes a new k_call_stacks_analyze() API call that allows the
application to measure the used call stack space for the 4
kernel-defined call stacks.
Additionally for the ARC architecture the FIRQ stack is also profiled.
Change-id: I0cde149c7366cb6c4bbe8f9b0ab1cc5b56a36ed9
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
These two fields in the thread structure control the preemptibility of a
thread.
sched_locked is decremented when the scheduler gets locked, which means
that the scheduler is locked for values 0xff to 0x01, since it can be
locked recursively. A thread is coop if its priority is negative, thus
if the prio field value is 0x80 to 0xff when looked at as an unsigned
value.
By putting them end-to-end, this means that a thread is non-preemptible
if the bundled value is greater than or equal to 0x0080. This is the
only thing the interrupt exit code has to check to decide to try a
reschedule or not.
Change-Id: I902d36c14859d0d7a951a6aa1bea164613821aca
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Some thread fields were 32-bit wide, when they are not even close to
using that full range of values. They are instead changed to 8-bit fields.
- prio can fit in one byte, limiting the priorities range to -128 to 127
- recursive scheduler locking can be limited to 255; a rollover results
most probably from a logic error
- flags are split into execution flags and thread states; 8 bits is
enough for each of them currently, with at worst two states and four
flags to spare (on x86, on other archs, there are six flags to spare)
Doing this saves 8 bytes per stack. It also sets up an incoming
enhancement when checking if the current thread is preemptible on
interrupt exit.
Change-Id: Ieb5321a5b99f99173b0605dd4a193c3bc7ddabf4
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Add global option for legacy configurations and enable by default for
backward compatibility. Disable option on tests and keep it on legacy
samples and tests.
Jira: ZEP-964
Change-Id: I0831e2aa74d438b1ac74eb762186cb220a504beb
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove legacy option and use SYS_CLOCK_EXISTS where appropriate.
Change-Id: I3d524ea2776e638683f0196c0cc342359d5d810f
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Similar to _pend_queue, it's more efficient to do the logic inline.
Change-Id: I68ac4fbc26c97b6ec9322caef98504ff6ccc8727
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It's calling a function on every iteration, it's more efficient to just
do the logic inline.
Change-Id: I166e377d4ffb3056749fd625cb789173030904ac
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Use least significant bits for common flags and high bits for
arch-specific ones.
Change-Id: I982719de4a24d3588c19a0d30bbe7a27d9a99f13
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This will allow for an enhancement when checking if the thread is
preemptible when exiting an interrupt.
Change-Id: If93ccd1916eacb5e02a4d15b259fb74f9800d6f4
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Not needed, since only the thread itself can modifiy its own
sched_locked count.
Change-Id: I3d3d8be548d2b24ca14f51637cc58bda66f8b9ee
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Some tick frequencies lend themselves to optimized conversions from ms
to ticks and vice-versa.
- 1000Hz which does not need any conversion
- 500Hz, 250Hz, 125Hz where the division/multiplication are a straight
shift since they are power-of-two factors of 1000.
In addition, some more generally used values are made to use optimized
conversion equations rather than the generic one that uses 64-bit math,
and often results in calling compiler intrinsics.
These values are: 100Hz, 50Hz, 25Hz, 20Hz, 10Hz, 1Hz (the last one used
in some testing).
Avoiding the 64-bit math intrisics has the additional benefit, in
addition to increased performance, of using a significant lower amount
of stack space: 52 bytes on ARM Cortex-M and 80 bytes on x86.
Change-Id: I080eb338a2637d6b1c6838c119af1a9fa37fe869
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This limits the execution contexts that will go over the loop in
_unpend_first_thread() to only ISRs of very high priority that are
preempting the system clock timer ISR, and only during the time it is
handling timeouts.
Change-Id: Iaf0500d28a2de5e077c9cf9861a5a70244127d58
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Use a short name for this option CONFIG_OBJECT_TRACING.
Change-Id: Id27de7ef9ca299492b6b7d2324d9f5bcf8059a31
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Also remove mentions of unified kernel in various places in the kernel,
samples and documentation.
Change-Id: Ice43bc73badbe7e14bae40fd6f2a302f6528a77d
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Reorganise and cleanup Kernel Kconfig options and group options of the
same area under Menus to ease readability and to have a better structure
when using menuconfig.
Change-Id: Ic6b39730297861367abd345ede35e41c046c099d
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move those into a separate Kconfig file and include them instead.
Change-Id: Ifa25d6ec92937080ad5970af7ca5c3f07ddec961
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
rename NANOKERNEL_TICKLESS_IDLE_SUPPORTED to
TICKLESS_IDLE_SUPPORTED and remove nanokernel occurances in Kconfig
files.
Make TICKLESS_IDLE depend on hardware that supports it.
Change-Id: I6a2e4fb0f7cf4b45475b48e71823ea089ee98759
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Also remove some old cflags referencing directories that do not exist
anymore.
Also replace references to legacy APIs in doxygen documentation of
various functions.
Change-Id: I8fce3d1fe0f4defc44e6eb0ae09a4863e33a39db
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
And also remove now obsolete ARCH_HAS_TASK_ABORT.
ARC does not need the options either.
Change-Id: Ie52d63178a367ce12b911dacfe2d389f4f75ed2d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The system work queue spawns a coop thread to hanlde the work items. If
it is spawned before the kernel is up and the initialization dummy
thread's priority is lower, there will be a context switch into the
system work queue's thread at that time, before the kernel is ready to
handle this.
Change-Id: I879659ab58231c5a5cfaa34f2f65c2eccab99142
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Legacy applications still need that, otherwise kernel objects are not
configured correctly. Will be removed later.
Change-Id: I22df10e4adcc11f035f9813bea8c93dd1a560a1d
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
For very constrained systems, like bootloaders.
Only the main thread is available, so a main() function must be
provided. Kernel objects where pending is in play will not behave as
expected, since the main thread cannot pend, it being the only thread in
the system. Usage of objects should be limited to using K_NO_WAIT as the
timeout parameter, effectively polling on the object.
Change-Id: Iae0261daa98bff388dc482797cde69f94e2e95cc
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
A thread cannot have a coop priority in this case. It turns out a
priority is not needed when a thread is not inserted in the ready queue,
which is the case with the dummy thread.
The comment was also out-of-date, since it referred to a nanokernel
concept.
Change-Id: Id117501164bd72383d53f3df13030cf95dadc38b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Some kernel operations, like scheduler locking can be optmized out,
since coop threads lock the scheduler by their very nature. Also, the
interrupt exit path for all architecture does not have to do any
rescheduling, again by the nature of non-preemptible threads.
Change-Id: I270e926df3ce46e11d77270330f2f4b463971763
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
nano_cpu_idle/nano_cpu_atomic_idle were not ported to the unified
kernel, and only the old APIs were available. There was no real impact
since, in the unified kernel, only the idle thread should really be
doing power management. However, with a single-threaded kernel, these
functions can be useful again.
The kernel internals now make use of these APIs instead of the legacy
ones.
Change-Id: Ie8a6396ba378d3ddda27b8dd32fa4711bf53eb36
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The numbers of timeouts that expire on a given tick is arbitrary. When
handling them, interrupts were locked, which prevented higher-priority
interrupts from preempting the system clock timer handler.
Instead of looping on the list of timeouts, which needs interrupts being
locked since it can be manipulated at interrupt level, timeouts are
dequeued one by one, unlocking interrupts between each, and put on a
local 'expired' queue that is drained subsequently, with interrupts
unlocked. This scheme uses the fact that no timeout can be prepended
onto the timeout queue while expired timeouts are getting removed from
it, since adding a timeout of 0 is prohibited.
Timer handlers now run with interrupts unlocked: the previous behaviour
added potentially horrible non-determinism to the handling of timeouts.
Change-Id: I709085134029ea2ad73e167dc915b956114e14c2
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
These tick computation can take a significant amount of time, and there
is no reason to do them with interrupts locked.
Change-Id: I2d8803ec6025b827e9450fa493084bbf8be98bad
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Use _INACTIVE instead of hardcoding -1.
_EXPIRED is defined as -2 and will be used for an improvement so that
interrupts are not locked for a non-deterministic amount of time while
handling expired timeouts.
_abort_timeout/_abort_thread_timeout return _INACTIVE instead of -1 if
the timeout has already been disabled.
Change-Id: If99226ff316a62c27b2a2e4e874388c3c44a8aeb
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The way the ready thread cache was implemented caused it to not always
be "hot", i.e. there could be some misses, which happened when the
cached thread was taken out of the ready queue. When that happened, it
was not replaced immediately, since doing so could mean that the
replacement might not run because the flow could be interrupted and
another thread could take its place. This was the more conservative
approach that insured that moving a thread to the cache would never be
wasted.
However, this caused two problems:
1. The cache could not be refilled until another thread context-switched
in, since there was no thread in the cache to compare priorities
against.
2. Interrupt exit code would always have to call into C to find what
thread to run when the current thread was not coop and did not have the
scheduler locked. Furthermore, it was possible for this code path to
encounter a cold cache and then it had to find out what thread to run
the long way.
To fix this, filling the cache is now more aggressive, i.e. the next
thread to put in the cache is found even in the case the current cached
thread is context-switched out. This ensures the interrupt exit code is
much faster on the slow path. In addition, since finding the next thread
to run is now always "get it from the cache", which is a simple fetch
from memory (_kernel.ready_q.cache), there is no need to call the more
complex C code.
On the ARM FRDM K64F board, this improvement is seen:
Before:
1- Measure time to switch from ISR back to interrupted task
switching time is 215 tcs = 1791 nsec
2- Measure time from ISR to executing a different task (rescheduled)
switch time is 315 tcs = 2625 nsec
After:
1- Measure time to switch from ISR back to interrupted task
switching time is 130 tcs = 1083 nsec
2- Measure time from ISR to executing a different task (rescheduled)
switch time is 225 tcs = 1875 nsec
These are the most dramatic improvements, but most of the numbers
generated by the latency_measure test are improved.
Fixes ZEP-1401.
Change-Id: I2eaac147048b1ec71a93bd0a285e743a39533973
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Disable MDEF option and set it only in legacy projects.
Change-Id: I2e1f011eb1f876af929140e36f71f0efb5e955c1
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The ARG_UNUSED macro is added to avoid compiler warnings.
Change-Id: Ie9b72c94191318c1d667d7929eb029098c62e993
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
Use uint32_t for counters instead of int to avoid compiler warnings.
Change-Id: Ie96dfaca650b5f91562c0740c18610fc40968be6
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
mem_pool structures use uint32_t for counters and size_t
to specify sizes, however some routines in mem_pool.c
make use of int for similar purposes. This commit fixes
that situation by updating some variables to match
mem_pool data types.
Change-Id: I0aa01c27e512d06d40432e8091ed8fd9d959970c
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
Factor out the code for evaluating the remaining time for _timeout
structs so that it can also be used for other objects besides k_timer
structs (like k_delayed_work, coming in a subsequent patch).
Change-Id: I243a7b29fb2831f06e95086a31f0d3a6c37dad67
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Use the SYS_INIT() mechanism to invoke the sys_rand32_init() function
in random drivers that require an initializer. Remove all empty
sys_rand32_init() instances.
The existing explicit sys_rand32_init() function runs immediately after
PRE_KERNEL_2 before stack canaries are initialized. In order to get
equivalent behaviour with sys_rand32_init() we set SYS_INIT() to
initialize the random drivers at the lowest priority of PRE_KERNEL_2.
Change-Id: I4521e44daac806bc4eef01ce7fdf2ba5367e0587
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
To guarantee that the compiler does not reorder the execution of
irq_lock() with preceding operations, a volatile qualifier is
placed before the declaration of the ticks variable, which then
ensures that irq_lock() is executed after the tick calculation but
before accessing the ready and timeout queues.
Without the volatile keyword interrupts will be disabled during the
calculation of the ticks, which increases interrupt latency
significantly.
Change-Id: I2da82a1282e344f3b8d69e9457b36a4cb1d9ec18
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Use standard library calls like memset/memcpy for setting up BSS and DATA
sections during system initialization, this helps to take advantage of
architecture specific optimizations from standard library.
Change-Id: Ia72b42aa65b44d1df7c22dd1fbc39a44fa001be9
Signed-off-by: Mahavir Jain <mjain@marvell.com>
Make boot banner more informative by adding kernel version string
Change-Id: I21865ea3a001fba2c30fe58e6e052aae59fef3e2
Signed-off-by: Mahavir Jain <mjain@marvell.com>
If delayed work is already submitted or completed, then subsequent
cancel should return -EINVAL as return status.
Fixes ZEP-1373.
Change-Id: I16bbacca7e31a5a5d8e5a89e729d70302ada6223
Signed-off-by: Mahavir Jain <mjain@marvell.com>
Interrupt must be locked before inserting a timeout in the timeout
queue.
Change-Id: Iab0bf01f393e66a6403d2f85e899dbf737da4afc
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The fact that a thread is timing out was tracked via two flags: the
K_TIMING thread flag bit, and the thread's timeout's
delta_ticks_from_prev being -1 or not. This duplication could
potentially cause discrepancies if the two flags got out-of-sync, and
there was no benfits to having both.
Since timeouts that are not parts of a thread rely on the value of
delta_ticks_from_prev, standardize on it.
Since the K_TIMING bit is removed from the thread's flags, K_READY would
not reflect the reality anymore. It is removed and replaced by
_is_thread_prevented_froM_running(), which looks at the state flags that
are relevant. A thread that is ready now is not prevented from running
and does not have an active timeout.
Change-Id: I902ef9fb7801b00626df491f5108971817750daa
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Also remove NO_METRIC, which is not referenced anywhere anymore.
Change-Id: Ieaedf075af070a13aa3d975fee9b6b332203bfec
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Now that we're out of the unified kernel development phase, turn off
that debugging option.
Change-Id: I89decbdf445b1ba111a829edf2c8a36846419586
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It was possible for a dummy thread to be not timing, but not having
timeout.delta_ticks_from_prev not be -1 at the same time, which is a big
no-no.
Use _init_thread_base() to do a full initialization of the dummy thread.
Fixes ZEP-1312.
Change-Id: I16a2373be3329c142cf26f5dca6bfdbe6014ac5e
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Move _thread_base initialization to _init_thread_base(), remove mention
of "nano" in timeouts init and move timeout init to _init_thread_base().
Initialize all base fields via the _init_thread_base in semaphore groups
code.
Change-Id: I05b70b06261f4776bda6d67f358190428d4a954a
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Renamed main_stack and idle_stack, to _main_stack and
_idle_stack, respectively, and made them globals. This does
not affect performance. They are still kept kernel private
symbols and not part of kernel API.
This will allow these symbols to be referenced in calls to
stack_analyse misc functions to profile stack usage in
applications.
Change-id: Id6b746c5cfda617c26901c6e62c3e17114471f57
Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
It's possible that an architecture needs a custom way of switching to
the main() task, rather than using _Swap() with a dummy thread.
Change-Id: I14e9bc67be35174ff16209bcea27b18a069ff754
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Artifact from microkernel, for handling multiple pending tasks on
nanokernel objects.
Change-Id: I3c2959ea2b87f568736384e6534ce8e275f1098f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
In addition to more priorities taking more memory to host them, finding
the next thread to run when it is not cached is slower since each extra
set of 32 priorities maps to a loop iteration. That loop is remove
entirely when the number of priorities is less than 32 (31 + the idle
thread).
Fixes ZEP-1303.
Change-Id: I3205df90d379a0f4456ff1d7f1aaa67ad2cddf15
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rewrites the timestamping logic to always generate timestamps
via a function pointer that is initialized to sys_cycle_get_32(),
but can be changed to point to a user-supplied function. This
eliminates the need for an if/then/else construct in every place
that a timestamp is generated.
Change-Id: Id11f8c41b193a93cece16565978a525056010f0e
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Prepares the kernel event logger APIs for inclusion in the
API guide. Also corrects a couple of other issues:
* Gets rid of obsolete thread monitor code.
* Renames "timer_func" global variable to "_sys_k_timer_func"
to align it with kernel naming conventions.
Change-Id: I93d403f83ae44ff45dda489c2ead7bfec6ce1fa3
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Event logger APIs still express timeout delays in ticks;
need to convert to milliseconds when using unified kernel APIs.
Change-Id: I5fab66be660621cd2029417eaff3758e3ef4ba2c
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
When moving arch-specific thread structure to arch-agnostic, some field
accesses were missed when used in K_DEBUG statements, which are turned
off by default.
Change-Id: Ife0f49b8185a0db468deab73555f7034f20ca3e8
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Prio should be an int, since values are small integers, not a fixed-size
int32_t. It aligns with the prio parameters of the other APIs.
Stack size should be size_t.
Change-Id: Id29751b86c4ad7a7c2a7ffe446c2a96ae83c77bf
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
NANOKERNEL is obsolete and this kernel service is still using it causing
deperecaton warnings. Move it to POST_KERNEL
Change-Id: I17fabd080645f93a8599f4ea25da844e1ec5f4bb
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Replaces confusing (and excessively long) configuration option
names with more intuitive names. Also enhances the description
of each option to clarify its use.
Change-Id: If4d4541407627482b1e90302cfc9df3bc8130d44
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
SYS_DLIST_FOR_EACH_NODE() is marked as non-safe when an item is removed
from the list while looping over it. This is not true per-se, since the
item, when removed, keeps its next and prev pointers intact; however, it
is true if the item is then put into a list, be it a different one or
the same one. To prevent this, SYS_DLIST_FOR_EACH_NODE_SAFE() must be
used.
_mbox_message_put() can remove items from the rx queue and then put them
in the ready queue: this would cause the loop to start processing other
ready threads as item in the rx queue.
k_mbox_get() also removes items, from the tx queue, but does not seem to
add them to another list; however, it now uses the safe version as well,
since that is the proper usage.
Change-Id: Ieccbff238fc8a036c0d53d873eaaf55f4f5a14af
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There was a lot of duplication between architectures for the definition
of threads and the "nanokernel" guts. These have been consolidated.
Now, a common file kernel/unified/include/kernel_structs.h holds the
common definitions. Architectures provide two files to complement it:
kernel_arch_data.h and kernel_arch_func.h. The first one contains at
least the struct _thread_arch and struct _kernel_arch data structures,
as well as the struct _callee_saved and struct _caller_saved register
layouts. The second file contains anything that needs what is provided
by the common stuff in kernel_structs.h. Those two files are only meant
to be included in kernel_structs.h in very specific locations.
The thread data structure has been separated into three major parts:
common struct _thread_base and struct k_thread, and arch-specific struct
_thread_arch. The first and third ones are included in the second.
The struct s_NANO data structure has been split into two: common struct
_kernel and arch-specific struct _kernel_arch. The latter is included in
the former.
Offsets files have also changed: nano_offsets.h has been renamed
kernel_offsets.h and is still included by the arch-specific offsets.c.
Also, since the thread and kernel data structures are now made of
sub-structures, offsets have to be added to make up the full offset.
Some of these additions have been consolidated in shorter symbols,
available from kernel/unified/include/offsets_short.h, which includes an
arch-specific offsets_arch_short.h. Most of the code include
offsets_short.h now instead of offsets.h.
Change-Id: I084645cb7e6db8db69aeaaf162963fe157045d5a
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The unified kernel is now the only supported kernel, so this
option is unnessary. Eliminating this option also enables
the removal of some legacy code that is no longer required.
Change-Id: Ibfc339d643c8de16a2ed2009c9b468848b8b4972
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
k_alert_init() needs to set the "flags" field of its associated
work item to zero, indicating that the work item has not yet
been submitted to the system workqueue. Using the standard work
item initializer macro ensures this is done correctly.
Change-Id: I0001a5920f20fb1d8dc182191e6a549c5bf89be5
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
The API to disable _sys_soc_resume notification is currently
called _sys_soc_disable_wake_event_notification. This is
misleading because it is possible that the ISR from which
_sys_soc_resume is called could be from a different interrupt
with higher priority that happened before interrupts were
enabled. More accurately, it is a notification of exit from
kernel idling after pm operations.
Jira: ZEP-1271
Change-Id: I83747f2cacac1bc17f135d12f4aa4478970fc02d
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
_sys_soc_resume hook is over loaded to handle to different
scenarios. It is primarily called to notify exit of kernel idling
after PM operations. It is also used to notify exit from deep sleep.
This is very confusing and also makes the implementation of the
hook function very difficult because of very different conditions
involved in the 2 different use cases. Further, users may not require
either or both use cases depending of their custom boot flow and
power state handling. To simplify, create a separate hook for the
purpose of deep sleep exit notification. Use the existing one to
only notify kernel idling exit after PM operations.
Jira: ZEP-1256
Change-Id: I96350199a0fd37f16590c8ee5302a94a3d71b8ba
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
There was no check to see if the current context was running an ISR when
taking a decision whether to do a context switch or not.
Change-Id: Ib9c426de8c0893b3d9383290bb59f6e0e41e9f52
Signed-off-by: Benjamin Walsh <walsh.benj@gmail.com>
Useful for finding out if the current thread is protected against
preemption when using non-preemption to protect data structures.
Change-Id: Ib545a3609af3646ba49eeeb5a2c50dc51af010d4
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Oversight. These functions are used extensively in the kernel guts, but
are also supposed to be an API.
k_sched_lock used to be implemented as a static inline. However, until
the header files are cleaned-up, and everything, including applications
get access to the kernel internal data structures, it must be
implemented as a function. To reduce the cost to the internals of the
kernel, the new internal _sched_lock() contains the same implemetation,
but is inlined.
Change-Id: If2f61d7714f87d81ddbeed69fedd111b8ce01376
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
An application-supplied main() routine is now considered to be
essential to system operation. Thus, if main() experiences an
error that aborts the main thread a fatal system error is raised.
Note: If main() completes its work and does a standard return-
to-caller the main thread terminates normally.
Change-Id: Icc9499f13578299244a856a246ad2a7d34a72f54
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
A thread defined via a legacy MDEF that belongs to the FPU or
SSE task group must set the thread option bits for FP or SSE
register use prior to being spawned.
If this is not done, and the kernel is configured for SSE support,
the kernel will auto-enable the thread's use of floating point
so that the thread saves SSE register context info even if it
belongs to just the FPU task group, which could cause the thread
to overflow its stack.
Note that this change only increases footprint for x86-based
applications that enable floating point register sharing.
Change-Id: Idfe4d20bcd7bc42b4cee6ac40ad7987e2a45ccf6
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
PRIMARY, SECONDARY, NANOKERNEL, MICROKERNEL init levels are now
deprecated.
New init levels introduced: PRE_KERNEL_1, PRE_KERNEL_2, POST_KERNEL
to replace them.
Most existing code has instances of PRIMARY replaced with PRE_KERNEL_1,
SECONDARY with POST_KERNEL as SECONDARY has had a longstanding bug
where the documentation specified SECONDARY ran before the kernel started
up, but actually ran afterwards.
Change-Id: I771bc634e9caf7f17dbf214a270bc9967eed7d32
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Verify the thread priorities are within the bounds when starting a new
thread and when changing the priority of a thread.
Change-Id: I007b3b249e4b80235b6439cbee44cad2f31973bb
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Since lower-numbered thread priorities are higher, the code can be
misleading when comparing priorities, and often require the same type of
comments. Instead, use utility inline functions that does the
comparisons.
_is_prio_higher already existed, but add comparisons for "lower than",
"higher than or equal to" and "lower than or equal to".
Change-Id: I8b58fe9a3dd0eb70e224e970fe851a2575ad468b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
- Add missing irq_lock() before invoking power management.
- Only yield if the idle thread is a coop thread (in coop-only
configurations).
Change-Id: I030795e782590b3023f1d7883bbd058da2c45f4f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Add an assertion against unlocking mutex that is not locked.
Change-Id: I1032fb904e364015b486502c035529c8fe31de7a
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
include/ will be cleaned up in a subsequent patch.
Change-Id: If3609f5fc8562ec4a6fec4592aefeec155599cfb
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Making a reference to the common work queue code should not necessarily
drag in the system workqueue, since it is possible to use a workqueue
that is not the system workqueue. This is done by moving the system
workqueue into its own code module.
Moving the system workqueue to its own code module allows removing the
NANO_WORKQUEUE and SYSTEM_WORKQUEUE kconfig options, and compiling the
common workqueue code and system workqueue all the time. They are only
linked in the final image if a reference to them exist, same as the
other kernel modules.
Change-Id: I6f48d2542bda24f4702e7c2e317818dd082b3c11
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It is now possible to specify the expiry and stop functions
of a statically-defined timer, just as can be done for a
dynamically-defined timer.
[Part of fix to ZEP-1186]
Change-Id: Ibb9096f3fdafdc6c904184587f86ecd52accdd66
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Adds standard prefix to symbolic option that flags a thread
as essential to system operation.
Change-Id: Ia904a81ce343fdd1cd44caaaeae641d822777f9b
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Port the power management test app to use unified kernel.
Change-Id: I2f10748be5ca7d9792f6e97c35f5f2aabab769e7
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
QMSI 1.3 natively supports restoring the SoC and peripherals
after sleep.
The Zephyr Power Management shim layer is updated
in order to support QMSI functions.
The following functions have been added:
void _sys_soc_set_power_state(enum power_state);
void _sys_soc_power_state_post_ops(void);
In order to fully support deep sleep, the function
_sys_soc_set_power_state now support saving and
restoring CPU context and returns to the application.
_sys_soc_set_power_state function also abstracts
QMSI cpu states and enable the application to choose
between C1/C2 or C2LP states.
The QMSI power states are mapped as follows:
SYS_SOC_POWER_STATE_CPU_LPS -> power_cpu_c2lp
SYS_SOC_POWER_STATE_CPU_LPS_1 -> power_cpu_c2
SYS_SOC_POWER_STATE_CPU_LPS_2 -> power_cpu_c1
SYS_SOC_POWER_STATE_DEEP_SLEEP -> power_soc_deep_sleep
SYS_SOC_POWER_STATE_DEEP_SLEEP_1 -> power_soc_sleep
The following functions have been removed:
void _sys_soc_set_power_policy(uint32_t pm_policy);
int _sys_soc_get_power_policy(void);
FUNC_NORETURN void _sys_soc_put_deep_sleep(void);
void _sys_soc_put_low_power_state(void);
void _sys_soc_deep_sleep_post_ops(void);
Those changes are propagated to the samples.
All calls to QMSI are removed.
Jira: ZEP-1045, ZEP-993, ZEP-1047
Change-Id: I26822727985b63be0a310cc3590a3e71b8e72c8c
Signed-off-by: Julien Delayen <julien.delayen@intel.com>
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Defines an object tracing list for each kernel object type
that supports object tracing, and ensures that both statically
and dynamically defined objects are added to the appropriate list.
Ensure that each static kernel object is grouped together with
the other static objects of the same type. Revise the initialization
function for each kernel type (or create it, if needed) so that
each static object is added to the object tracing list for its
associated type.
Note 1: Threads are handled a bit differently than other kernel
object types. A statically-defined thread is added to the thread
list when the thread is started, not when the kernel initializes.
Also, a thread is removed from the thread list when the thread
terminates or aborts, unlike other types of kernel objects which
are never removed from an object tracing list. (Such support would
require the creation of APIs to "uninitialize" the kernel object.)
Note 2: The list head variables for all kernel object types
are now explicitly defined. However, the list head variable for
the ring buffer type continues to be implicitly defined for the
time being, since it isn't considered to be an core kernel object
type.
Change-Id: Ie24d41023e05b3598dc6b344e6871a9692bba02d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Allows event objects to pend signals in a cumulative way using
the semaphore in a non-binary way.
Jira: ZEP-928
Change-Id: I3ce8a075ef89309118596ec5781c15d4f3289d34
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Enables boot time timestamps for unified kernel.
Also Splits the source code into microkernel and nanokernel versions
instead of having common code. Not only does this make the code for
each project easier to read, but it also easily allows the nanokernel
version to link against the correct version of main().
Change-Id: Ie0afa2272c3347ebdacc0e3daeebbfe9583fe596
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Before, the kernel would run the main() function twice; first
as an entry in k_task_list, and then again from _main(). The
_main() invocation would be using a potentially insufficient stack
size.
Now if an MDEF file declares a main() thread, invoke it from
_main(), but honor the desired priority and stack size.
Issue: ZEP-1145
Change-Id: I1abf38fc038e270059589b11d96fae1b3f265208
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Event is such an overloaded and generic term (event logger, *kernel*
event logger, "protocol" events in other subsystems, etc.), that it is
confusing for the name an object. Events are kinda like signals, but not
exactly, so we chose not to name them 'signals' to prevent further
confusion. "Alerts" felt like a good fit, since they are used to "alert"
an application that something of significance should be addressed and
because an "alert handler" can be proactively registered with an alert.
Change-Id: Ibfeb5eaf0e6e62702ac3fec281d17f8a63145fa1
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This better aligns with the actual functionality of the object.
Change-Id: I70abf54f994e92abd7367251089ea4f735d273fe
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Fix the error in thread rescheduling:
Fix Fast IRQ exit routine error when it reschedules threads if
(prio >= 0) || (sched_locked == 0) || (next_thread == _current),
while the correct condition for thread rescheduling is:
(prio >= 0) && (sched_locked == 0) && (next_thread != _current),
Fix regular IRQ error when the regular IRQ exit routine rescheduled
threads when (next_thread == _current) instead of
(next_thread != current).
Increased IDLE_STACK_SIZE for ARC architecture, to hold saved
registers.
Change-Id: I1d87a968e231e13822844b7564567e6ca310cde2
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
They were the same, standardize on the lowercase one.
Change-Id: I8bca080e45f3e0970697d4451e468b9081f96f5f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Some changes that went into k_idle.c were missing in idle.c
causing errors while building power management code for
unified kernel. Added the missing changes.
Tested with power_mgr app built for unified kernel.
Jira: ZEP-1139
Change-Id: I9fe005544f7ee69d3cb3ff10c649be28037fcf15
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Adapting to unified kernel naming of 'coop thread'.
Change-Id: I66cb766c2269acf0867e434bc21f633ea1111f89
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Needed by the kernel event logger when it records a context switch.
The kernel event logger releases a semaphore when a new event is
available in the log so that a thread can consume the event. However,
giving that semaphore cannot add a context switch event itself in the
log or the logger would be caught in an infinite loop.
Change-Id: I571a4aa0d302775e09cdc2d654a6b61f8b2e42c7
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Idle thread may need a bigger stack depending on extra work it has to
do, like power management or kernel event logging.
Change-Id: Iff691d7838036d602bad79799820b68ad55ad00f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Eliminates references to "fibers" and "tasks". Eliminates unnecessary
doxygen tags for internal routines. Miscellaneous other corrections
and improvements.
Change-Id: I0272fa477773c075799b67138bad5debcfd6b01e
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Existing code wasn't removing a thread from the kernel's list
of active threads if the thread terminated or aborted. (It did
remove it if the delayed starting of a thread was cancelled.)
Change-Id: Icc97917e33765696480d0e9bf31e882ef555d095
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
This is needed because some thread termination paths can be
invoked with no guarantee that thread preemption won't happen.
(It also aligns with the approach taken by the thread monitoring
initialization code.)
Change-Id: I28a384e051775390eb047498cb23fed22910e4df
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Renames _thread_exit() to _thread_monitoring_exit() to make
its purpose clearer. Revises the associated comments and
removes unnecessary doxygen tags.
Change-Id: I010a328d35d2d79d2a29b9d0b6c02097bb655989
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
The new kernel doesn't support the thread abort handler concept,
so only the legacy API for this capability is needed.
Change-Id: Ie809092e73b784504c3d298911d216bed8dd8993
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Fleshes out the prototype heap memory pool support
to make it fully operational. Noteworthy changes are
listed below:
Tweaks arguments to k_malloc() and k_free() to be more like
malloc() and free(). Similarly, modifies k_free() to take
no action when passed a NULL pointer.
Now stores the complete block descriptor at the start
of any block allocated from the heap memory pool. This
increases memory overhead by 4 bytes per block, but
streamlines the allocation and freeing algorithms. It also
ensures that the routines will work if the block descriptor
internals are changed in the future.
Now allows the heap memory pool to be defined using the
HEAP_MEM_POOL_SIZE configuration option. This will be the
official configuration approach in the unified kernel.
Also allows the heap memory pool to be defined using the
(undocumented) HEAP_SIZE entry in the MDEF. This is provided
for legacy reasons only.
Co-locates memory pool initialization code to keep the line
that causes memory pool initialization to be done during booting
right next to the routine that does the initialization.
Change-Id: Ifea9d88142fb434d4bea38bb1fcc4856a3853d8d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Reworks k_work_q_start() so that it accepts its 3 configuration
settings directly, rather than forcing the caller to pass in a
configuration data structure.
Change-Id: Ic0bd1b94f1a1c8e0f8a84b3bd3677d59d0708734
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
PM control function is used only by the PM subsystem. Update
documentations to make it clear and name the relevant structures and
functions with _pm_ in the name.
Jira: ZEP-1044
Change-Id: I29e5b7690db34a228ed30a24a2e912e1360a0090
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Needed to resolve various undeclared symbols when SYS_POWER_MANAGEMENT
is enabled.
Jira: ZEP-1073
Change-Id: I21db2580efb15c80d84d9163fe9e8245d6dc0391
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Moves the source code for ring buffers to the 'misc' area, since
it isn't really a central component of the kernel. (This also
aligns the ring buffer source code with its include file, which
is already under 'include/misc'.)
Change-Id: I765a383a05f51fa67d154446f412496e689f9702
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Add 'legacy_' prefix, as per the revised naming convention.
Change-Id: I0eaff33a561523ad11621b3104862c574930556e
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Since the unified kernel's build system doesn't properly handle
a file in the 'legacy' directory if it contains an initialization
function, some legacy code can't be located there. To avoid confusion,
the revised convention for legacy code is to keep any file that
contains only legacy code in the main kernel directory, and to give
it a "legacy_" prefix.
Change-Id: I019adc8f36611d4481bdcf31dde66597d4cf54ae
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Ensures that all APIs which accept a timeout value wait for at least
the specified amount of time, and do not time out prematurely.
* The kernel now waits for the next system clock tick to occur before
the timeout interval is considered to have started. (That is, the only
way to ensure a delay of N tick intervals is to wait for N+1 ticks
to occur.)
* Gets rid of ticks -> milliseconds -> ticks conversion in task_sleep()
and fiber_sleep() legacy APIs, since this introduces rounding that
-- coupled with the previous change -- can alter the number of ticks
being requested during the sleep operation.
* Corrects work queue API that was incorrectly shown to use a delay
measured in ticks, rather than milliseconds.
Change-Id: I8b04467237b24fb0364c8f344d872457418c18da
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Provides users with a more compact and intuitive API for kernel
timers.
Provides legacy support for microkernel timers and nanokernel
timers by building on the new kernel timer infrastructure.
Each timer type requires only a small amount of additional
wrapper code, as well as the addition of a single pointer
field to the underlying timer structure, all of which will be
easily removed when support for the legacy APIs is discontinued.
Change-Id: I282dfaf1ed08681703baabf21e4dbc3516ee7463
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
- Reorders parameters where necessary
- Adds alignment parameter to K_MSGQ_DEFINE() for buffer alignment
- Renames parameters where necessary so they are more intuitive
Change-Id: I0b53105c04109127897bf4790e6908082f82da4e
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Now invokes any microkernel-level init functions used by
legacy applications.
Change-Id: I8f68ddba764f13d037a679b74121713983f4aaba
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
K_THREAD_DEFINE() can no longer specify a thread group. However, it now
accepts a 'delay' parameter just as k_thread_spawn() does.
To create a statically defined thread that may belong to one or more thread
groups the new internal _MDEF_THREAD_DEFINE() macro is used. It is only used
for legacy purposes.
Threads can not both have a delayed start AND belong to a thread group.
Jira: ZEP-916
Change-Id: Ia6e59ddcb4fc68f1f60f9c6b0f4f227f161ad1bb
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Tweak mailbox API parameters so that not only are their descriptions
correct, but their names match across header file and C file.
Change-Id: Ieeb3a40fb7c535a5eac2e06533d01d13aaf69181
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
- Reorders parameters where necessary
- Adds alignment parameter to K_PIPE_DEFINE()
- Renames parameters where necessary so they are sync'd
between header and source files
Change-Id: I4f2367abc28aff646cc90beb9f08bb266e143b0c
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Reverts a change that was made to the defragmentation routine
when memory pool support was ported from the microkernel to the
unified kernel.
The change was intended to improve the readability of the algorithm,
but introduced a subtle change in behavior. For example, when
k and i are zero and the number of block set entries is one
the original algorithm did not execute the while loop, while the
revised algorithm executed the loop once.
Change-Id: I2b0263a8d7b80846013c459847817d314f803457
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Build breaks when enabling CONFIG_NEWLIB_LIBC because it has its own
sched.h file.
This is a bad symptom of a greater issue: the build system passes many
'-I<path>' options to the compiler, and that allows including header
files by simply specifying their names (when located somewhere else than
<zephyr>/include/) and can cause clashes when several files in different
locations have the same name, like in this case.
Fixes ZEP-1062.
Change-Id: I81d1d69ee6669a609cd0c420b1b8f870d17dcb67
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Gets rid of official support for dynamic timer allocation
in the unified kernel, since users can easily define and
initialize timers at any time. Legacy support for dynamic
timers is maintained for backwards compatibility reasons
for the time being ...
Change-Id: I12b3e25914fe11e3886065bee4e96fb96f59b299
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Folds this API into k_stack_init() to provide a single API
that requires the caller to pass in the stack buffer, just
as is done for other kernel objects initialization APIs
involving the use of a buffer.
Change-Id: Icad5fd6e5387d634738d1574f8dfbc5421cd642d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
* Gets rid of k_current_priority_get(). Users can just call
k_thread_priority_get(k_current_get()) instead.
* Declares k_thread_priority_get() in kernel.h, where it
really belongs.
* Removes duplicate declaration of k_thread_priority_set().
Change-Id: I616ae6f2e06c95ecba3b92324186b3fa29162fd1
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Do not include timeout_q.h when !SYS_CLOCK_EXIST, this allows removing
_unpend_thread_timing_out() in that case.
Have _abort_thread_timeout() return 0 (success) when !SYS_CLOCK_EXIST.
With this change, the minimal footprint nanokernel project compiles for
the unified kernel.
Change-Id: Ifbf9167a82fb3ebcf6941bf3f85c105c23c9060c
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It is always needed by the kernel, since the return codes are now
errnos. CONFIG_ERRNO is the mechanism for having a per-thread errno, not
using errno values.
Change-Id: I4ed14896a342f4122793d91b13c41b4a6a74716d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Timers are based off timeouts now, which can only be enabled when the
system clock is enabled. So the three are really just one setting now.
Keep the NANO_TIMERS and NANO_TIMEOUTS around for now until all
middleware that rely on them is updated. They are always enabled when
SYS_CLOCK_EXISTS is enabled.
Change-Id: Iaef1302ef9ad8fc5640542ab6d7304d67aafcfdc
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
- ensure dummy thread's stack is aligned
- rename nano_init() to prepare_multithreading
- move _Swap() to main thread into its own function
Change-Id: I6c8dbe2a4e034f3db90b55d1a5e30bc73bac3d50
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rename remaining functions to fit with kernel naming convention for
internal interfaces. Use struct k_thread instead of struct tcs.
Change-Id: I28cd7f6f4d7ddaeb825c8d2999242d8d2dd93f31
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Integrate _timeout_remove_tcs_from_wait_q() into
_unpend_thread_timing_out().
Change-Id: Id57d9fd8f9e877e580460091172aaabf451f3d4b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rename _do_timeout_add to _add_timeout, rename _TIMEOUT_ADD to
_add_thread_timeout to better reflect their functionalities. Have the
latter call the former, remove _do_timeout_add and
_nano_timer_timeout_add.
Change-Id: Ica86bea10d99d72bf78379598a942d277e7002d0
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rename _do_timeout_abort to _abort_timeout, rename _timeout_abort to
_abort_thread_timeout to better reflect their functionalities. Have the
latter call the former, remove _do_timeout_abort and
_nano_timer_timeout_abort.
Change-Id: I0fea9474b19a2eb47a37489eb06c0d1d56886c9c
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
When adding a thread to the ready queue, it is often known at that time
if the thread added will be the next one to run or not. So, instead of
simply updating the ready queues and the bitmask, also cache what that
thread is, so that when the scheduler is invoked, it can simply fetch it
from there. This is only done if there is a thread in the cache, since
the way the cache is updated is by comparing the priorities of the
thread being added and the cached thread.
When a thread is removed from the ready queue, if it is currently the
cached thread, it is also removed from the cache. The cache is not
updated at this time, since this would be a preemptive fetching that
could be overriden before the newly cached thread would even be
scheduled in.
Finally, when a thread is scheduled in, it now becomes the cached thread
since the fact that it is running means that by definition it was the
next one to run.
Doing this can speed up considerably some context switch times,
especially when a thread is preempted by an interrupt and the same
thread is scheduled when the interrupt exits.
Change-Id: I6dc8391cfca566699bb9b217eafe6bc6a063c8bb
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
When fetching the next thread to run, we know at least one thread is
available.
Change-Id: I568c33a61b6a0a6d6a7f79c337caecffd5ef70b6
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
As the unified kernel should replace the nanokernel and microkernel
lets go ahead and move code shared between the nanonkernel and unified
kernel into the unified kernel.
Change-Id: I8931efa5d67025381d5d0d9563e7c6632cece87f
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If you select the BOOT_BANNER on its own, nothing happens and
you are left to wonder what is going, it happens very early in
the boot process and requires very early console initialisation.
Change-Id: Id548491f7e3f7f399ddc572199ce39e6fc268ed4
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Make sure that kernel/unified, that is included in libs-y does not
built recursively through building kernel/ directory.
Make sure that any lib.a library is not included into libzephyr.a
and thus object modules from those lib.a files are linked only if a
function from that object module is referenced from the application.
Jira: ZEP-1025
Change-Id: Id3a3e96ca0b8abc9aedde0ffb9baa0164e380464
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Simplified some documentation, removing inconsistencies and making
it easier to understand by separating PM infrastructure areas and
soc specific components that implement the hooks.
Removed the DEVICE_SUSPEND_ONLY policy as it is redundant and
causes high complexity in the flow. It is also not practical
to use it because it was meant to be used without doing CPU or SOC
low power state operations. This means it would do device PM
operations in the ISR of the system timer used by the scheduler.
This can disrupt the scheduler time.
Added a check of a flag around the notification sent from the ISR
of the wake event and created APIs to set/clear it. This will
allow disabling the notification when not needed from
_sys_soc_suspend().
Jira: ZEP-972
Change-Id: Id7aa7d2683384eabed518d4efac446ecc84c3498
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Simplifies k_msgq_purge() at the expense of making the case of an
already empty message queue a little slower.
Change-Id: I8fafd6d49233efbf23b95d171f81bf795e828454
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
This adds k_work_pending which can be use to check if a k_work is
pending execution.
Change-Id: Ifd56e8d65d555c7e9722c547fe83e13e886d63cd
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds nano_work_pending which can be use to check if a nano_work
is pending execution.
Change-Id: Iae0492a750de93fcd7e89e3a2e74509ffce4983b
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Obtained from device.h, which includes microkernel.h when building for a
microkernel system.
Caught by LLVM.
Change-Id: I98a00269b2b6cb38c851b176323de1228d65603d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Replaces it with a pointer as there is no need for an opaque memory
pool type.
Jira: ZEP-916
Change-Id: I5493eed25c9c34e1b850dc3b20699864edb22d28
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Moves the following internal thread group APIs from the public
kernel.h header file to the more private thread.c source file as
they do not need to be public APIs.
_k_task_list_start[];
_k_task_list_end[];
_FOREACH_STATIC_THREAD()
is_in_any_group()
Change-Id: I0b731fb0c20a5574cb1b3c1397803af82918d69d
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Currently passing a constant string (other than a string
literal) to device_get_binding() generates a spurious warning.
The warning is spurious because device_get_binding() does not,
nor is it ever likely to, modify its argument. To fix the
warning we modify the prototype to make clear name will never
be modified.
Change-Id: I2df22de61eb2580b2086a685549900d7ed4a322d
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Building kernel objects as a static library allows not
to include the initialization function for an object
type if this type is not used by the application.
It reduces memory footprint
Change-Id: I2b3c79cb2591fdd1ce15d27684c4a874e759c559
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
The separate initialization priority provides more
flexibility when it's needed to arrange the initialization
sequence.
Change-Id: Ie1b7b48d282618f6d641320bf3b24f63716a7342
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Simple conversion from ticks for now.
Change-Id: Ib81fc738d45641a6a3a88d2adec1f3eb861f3f97
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
There is no reason to check if the idle thread is a cooperative thread
before invoking k_yield(); it is safe to unconditionally invoke it every
iteration.
Rationale: If the idle thread is cooperative, k_yield() must be invoked
to allow a new thread to get scheduled to run. If the idle thread is
preemptive, then k_yield() effectively becomes a no-op.
Change-Id: Ide3204c92381640b5d12b39ca0f258d56d8cc3d0
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
The routine _nano_get_earliest_deadline() is still used by both
the microkernel and nanokernel.
Change-Id: I14501e6d41ca5faac27dead5873ef897e79831aa
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Removes the following wait_q.h macros
_NANO_OBJECT_WAIT()
_TIMEOUT_UPDATE()
_TIMEOUT_TICK_GET()
Change-Id: I7cb78728aaad74acf7f121c79f03d32fa6af5aac
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Replaces _nano_get_earlist_deadline() with the more streamlined
routine _timeout_get_next_expiry().
Change-Id: Iee7ec727f0500cb28e37a364036fd40a483b40c3
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
For unified kernel the routine is implemented through
a wait queue.
Change-Id: Iceab7b821e3b55e0773ad780f4b9b0a1dfc21f5d
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
The routine _reschedule_threads() does not need to check that the
scheduler is locked as this is done as part of _must_switch_threads().
Change-Id: I701b811512836eef591b2adcd708991ec9324b3d
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Most apps run fine with static k_timer objects. Don't pay the cost
for the timer pool if no one asks for it.
Also turn off the allocate/free API in the header if it can't possibly
work at runtime as it's an obviously-detectable error that would
otherwise be visible only at runtime.
Change-Id: I492e6e01c4213e3544f707247eea6e4bc601fefd
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The K_<obj>_DEFINE macros in the unified kernel create objects of name
'name', and not a pointer named 'name' to an object. Some macros
contained the code from early prototyping.
Change-Id: I7262570fbe0b267012874eac0185b4e0cd7f523d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Have one function that can be used for all possible device
purposes using a control code instead of the suspend
resume functions, makes it generic for device control.
Added device power states.
The older replaced APIs will be deprecated in a future patch
Jira: ZEP-954
Change-Id: I6dd3ebfd0fde3546b2d8397f19842f5758fda0c4
Signed-off-by: Amir Kaplan <amir.kaplan@intel.com>
Due to the memory pool structure only static declaration of
memory pool is possible.
Change-Id: I4797ed88fd2ac3b7812ff26e552e1745611c4575
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Semaphore groups are enabled by default. Disabling them will both
decrease the footprint as well as improve the performance of the
k_sem_give() routine.
Change-Id: If6c1b0e2e1f71afd43e620f05f17068039d12b05
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
The routine _is_next_thread_current() checks if the current thread
is still the highest priority thread that is ready to run.
It is useful for determining if a thread must be swapped out when
timeslicing is in effect.
Change-Id: Ide7b89742a64f6082ca4c679a4b2fbd60792e30f
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Added needed kconfig options. KERNEL_V2 selects MICROKERNEL to allow
middleware and application that differentiate between NANOKERNEL and
MICROKERNEL to run unmodified.
Build the unified/ kernel directory: do not touch the
nanokernel/microkernel directories.
Invoke sysgen for both microkernel and unified kernel. Only have sysgen
reference include/microkernel if building an original microkernel.
Change-Id: If74779146143434f7ee274bbef32d6c894b9f1a1
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Summary of what this includes:
initialization:
Copy from nano_init.c, with the following changes:
- the main thread is the continuation of the init thread, but an idle
thread is created as well
- _main() initializes threads in groups and starts the EXE group
- the ready queues are initialized
- the main thread is marked as non-essential once the system init is
done
- a weak main() symbol is provided if the application does not provide a
main() function
scheduler:
Not an exhaustive list, but basically provide primitives for:
- adding/removing a thread to/from a wait queue
- adding/removing a thread to/from the ready queue
- marking thread as ready
- locking/unlocking the scheduler
- instead of locking interrupts
- getting/setting thread priority
- checking what state (coop/preempt) a thread is currenlty running in
- rescheduling threads
- finding what thread is the next to run
- yielding/sleeping/aborting sleep
- finding the current thread
threads:
- Add operationns on threads, such as creating and starting them.
standardized handling of kernel object return codes:
- Kernel objects now cause _Swap() to return the following values:
0 => operation successful
-EAGAIN => operation timed out
-Exxxxx => operation failed for another reason
- The thread's swap_data field can be used to return any additional
information required to complete the operation, such as the actual
result of a successful operation.
timeouts:
- same as nano timeouts, renamed to simply 'timeouts'
- the kernel is still tick-based, but objects take timeout values in
ms for forward compatibility with a tickless kernel.
semaphores:
- Port of the nanokernel semaphores, which have the same basic behaviour
as the microkernel ones. Semaphore groups are not yet implemented.
- These semaphores are enhanced in that they accept an initial count and a
count limit. This allows configuring them as binary semaphores, and also
provisioning them without having to "give" the semaphore multiple times
before using them.
mutexes:
- Straight port of the microkernel mutexes. An init function is added to
allow defining them at runtime.
pipes:
- straight port
timers:
- amalgamation of nano and micro timers, with all functionalities
intact.
events:
- re-implementation, using semaphores and workqueues.
mailboxes:
- straight port
message queues:
- straight port of microkernel FIFOs
memory maps:
- straight port
workqueues:
- Basically, have all APIs follow the k_ naming rule, and use the _timeout
subsystem from the unified kernel directory, and not the _nano_timeout
one.
stacks:
- Port of the nanokernel stacks. They can now have multiple threads
pending on them and threads can wait with a timeout.
LIFOs:
- Straight port of the nanokernel LIFOs.
FIFOs:
- Straight port of the nanokernel FIFOs.
Work by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Peter Mitsis <peter.mitsis@windriver.com>
Allan Stephens <allan.stephens@windriver.com>
Benjamin Walsh <benjamin.walsh@windriver.com>
Change-Id: Id3cadb3694484ab2ca467889cfb029be3cd3a7d6
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Easier to build logic for when an MDEF file is to be parsed since
unified kernel needs to do it as well. Can also be useful for testing,
when toggling between static and dynamic objects in the same test case.
Change-Id: I51eb8919e18443516ade13caab04698d37d91803
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
These impede debugging and we have CONFIG_OMIT_FRAME_POINTER
now which does this globally for the entire kernel.
Change-Id: I46939223e27dd298ca3ed162ff5790cb2e9ed2a2
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Initialization code in nano_init.c gated by the config parameter
CONFIG_CUSTOM_RANDOM_GENERATOR is out of step with the rest of the
tree where support for this config parameter was removed by
commit 27bcb431cb ("Random number generator driver unification")
Change-Id: If6086fd85e61579c646d09029ef129e8a3b464b8
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Completing the terminology change started with change 4008
by updating the Kconfig files processed to produce the
online documentation, plus header files processed by
doxygen. References to 'platform' are change to 'board'
Change-Id: Id0ed3dc1439a0ea0a4bd19d4904889cf79bec33e
Jira: ZEP-534
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This reverts commit d73a9bb9c6.
The patch was intended for 1.6.0 release.
Change-Id: Id42058b746a3d2a54e4b1a2983eb58bd10b1ed40
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
An updated version of ARC GCC reports this error:
nano_init.c:340: Error: inappropriate arguments for opcode 'mov'
The offending in-line assembly code tried to move register value into a
memory location.
Use store "st" instruction instead of "mov" istruction to store
a value in memory.
Change-Id: I91ebd20495612da4d5639a3ef848379705f6dedd
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
If the delayed work FIFO never goes empty (e.g. because the work
callback keeps resubmitting or there's a very active ISR feeding items
there) then the fiber would never yield, causing all sorts of problems
for the system. Adding an explicit fiber_yield() call at the end of
the while-loop solves the issue.
Change-Id: I233b9fc18fc9db9172daf8689bd22d09952089cb
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Eliminates assert check that complains about an attempt to allocate
a memory pool block larger than the largest possible block size.
In such cases the allocation code now just returns a NULL pointer
indicating that it was unable to allocate the requested block, just
as it does when a block smaller than the maximum size cannot be
allocated because none is currently available.
Note: One scenario in which it isn't unreasonable for an application
writer to request a block that is too big is the case where a receiving
task using a mailbox first receives an excessively large message without
its data and then tries to retrieve the data into a memory pool block
allocated by the mailbox. Rather than forcing the application writer
to check to see if the size of the received message is too big for the
memory pool, or adding code to the mailbox subsystem to do such a check,
it's easier to pass on the request to the memory pool and simply have it
return NULL, which causes the mailbox to report that data retrieval
failed. The application can then perform a single check that catches
both the case where the memory pool simply ran out of blocks and the case
where it didn't have any block big enough to handle the message.
Change-Id: Ifd2cdd8a5927b93d3e9c5df301544e522131d2c6
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
The interrupt stack pointer is now aligned, and we error out if
the sizes of the interrupt and main task stacks aren't a multiple
of the stack alignment.
Change-Id: I2a70c82fc94e25cc6c7a9d5ec165bf2370b8a166
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Arches now select whether they want to use the GCC built-ins,
their own assembly implementation, or the generic C code.
At the moment, the SDK compilers only support builtins for ARM
and X86. ZEP-557 opened to investigate further.
Change-Id: I53e411b4967d87f737338379bd482bd653f19422
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Jira ZEP-68,zephyr.elf shows duplicate routines which increases the foot print.
Current fix removes duplicate routines and reduces foot print of the image
Change-Id: I01a2e5a8a02481ab33a2bb09e9c545d6879c1b81
Signed-off-by: tulasinagraj <tulasi.r@tcs.com>
Improves a handful of comments, and removes some unneeded blank lines.
Change-Id: Ia2b951d23131b0080104c18c06324342de3359ef
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises two fields of the memory pool structure to better reflect
that block sets are involved.
Change-Id: I44a751e7457270391fbe99705010345448df2ff4
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises the memory pool block set field that points to its array
of quad-blocks to better reflect that quad-blocks are involved.
Change-Id: I159805ce8eee9091221cb1f494a4ab082e3736e5
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises the names of 2 types to make them better reflect the
data structures they represent, namely:
- block set: a collection of memory pool blocks of a given size
- quad-block: four contiguous memory pool blocks of a given size
Change-Id: I3e424586e97157eea185fba6836e2e89d10d9cd6
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Eliminates the memory pool field indicating the size of the
pool's memory buffer, since it isn't used anywhere.
(Anyway, it could be computed by multiplying the maximum
block size by the number of maximum-sized blocks.)
Change-Id: Ia11554bdc2b246a1ba0ea33f05c5e6ce6a32ca13
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Alters the use of the field so that a 1 bit indicates that the
associated block is available (i.e. can be allocated from the pool),
and a 0 bit indicates the block is unavailable (i.e. it is already
allocated or does not exist).
The revised definition of this field is more intuitive, since it follows
the conventional "1 = thing is present, 0 = this is not present" model.
Change-Id: Id133d1940aca0dd1c3c1672f989d0c0bb083ebc5
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
No longer initializes the quad-block descriptors for block sets,
except for the one containing the largest size blocks. The descriptors
for the other block sets don't need initialization since sysgen already
ensures the block pointer field is NULL, and the block status field can
be anything (since it is ignored if the pointer is NULL).
Change-Id: I72cdf772329ef3e6d1babd9da11706d11611e61a
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Adds missing check to prevent defragmentation algorithm from
going past the end of a block set's array of quad-blocks.
Optimizes quad-block deletion algorithm so that it simply moves
the final array entry into the slot for the deleted entry,
rather than shifting all of the entries in between them.
Also enhances comments to make it easier to understand
what is going on.
Change-Id: Ic281c6f3c6dd5df9ec532a302b4103f3d929665b
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Now use a standard routine for identifying which block set to use,
rather than duplicating the identification code in multiple places.
Change-Id: I2f6577879c23183f3f91e4418d1ea0b2f6eec184
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises algorithm to call an existing routine to free an allocated
block, rather than duplicating the logic to do the freeing.
Also enhances comments to make it easier to understand what is
going on.
Change-Id: Ie7a83a8a2e978e8a685c27e07acb5b70aea37afa
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises algorithm for deallocating an existing block to make it
more compact (and efficient). Address calculation is simplified
and unnecessary error checking is removed (& replaced by asserts).
Also enhances routine name and comments to make it easier to
understand what is going on.
Change-Id: If1803ee09c8f4f73693c0cff9e433a7938f14398
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Enhances comments to make it easier to understand what is going on.
(Doesn't change actual defragmentation algorithm.)
Change-Id: I294f55b8f233d88c01ce30ba9ccff88000dc7936
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Enhances routine name and comments to make it easier to understand
what is going on. (Doesn't change actual allocation algorithm.)
Change-Id: I7d982ed8eeda3a2edd4602c5a10003aa8532457d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Revises algorithm for allocating an existing free block to make it
more compact (and efficient) by using the same logic to handle the
allocation of any block within a quad-block.
Also enhances routine name and comments to make it easier to
understand what is going on.
Change-Id: I55ca513e6f85df2b548502262e4dbe6bb272596b
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Converts check for a request for an impossibly large block
from a run-time check to an assertion. (The run-time check logic
was faulty anyway, since an excessive request would result
in a negative value for "offset", which would then get used
as an array index!)
Also enhances comments to make it easier to understand what is
going on.
Change-Id: I3faa86be177dcbc76912e23fabc2d24724fcba18
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Makes a couple of minor optimizations to initialization algorithm:
- Now initializes block status array for largest size blocks once,
rather than twice.
- Doesn't initialize "count" field of block size descriptors to zero,
since sysgen ensures that this happens automatically.
Also enhances comments for initialization routine to make it easier
to understand what is going on.
Change-Id: I00d907c0f2a86f5b6ea8a63475b40074fe89357c
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Eliminates memory pool field associated with a capability that was
never implemented. (This field was initialized, but never subsequently
referenced.)
Change-Id: I58cf8c4bb846a66b4c8754654ffc3ff55abcff7f
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Used by ARC, ARM, Nios II. x86 has alternate code done in assembly.
Linker scripts had some alarming comments about data/BSS overlap,
but the beginning of BSS is aligned so this can't happen even if
the end of data isn't.
The common code doesn't use fake pointer values for the number of
words in these sections, don't compute or export them.
Change-Id: I4291c2a6d0222d0a3e95c140deae7539ebab3cc3
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now allow use of -mgpopt=global and -mgpopt=data. The 'global'
option is now the default instead of compiler-default local, expanding
global pointer usage to all small data in the system.
For systems where all RAM is less than 64K, the 'data' option may be
appropriate.
Some fixes had to be made to the system in order to get around some
issues:
* prep_c.c no longer uses fake linker variables to figure out the size
of data or BSS, as these gave the linker fits as it tried to compute
relative addresses to them.
* _k_task_ptr_idle is create by sysgen and placed in a special section.
Any small data in a special section needs to be declared extern
with __attribute__((section)) else the compiler will assume it's in
.sdata.
* same situation with extern references to k_pipe_t (fixed pipe_priv
test)
For legacy applications being ported to Nios II which do things that
freak out global pointer calculation, it can be disabled entirely.
Change-Id: I5eb86ee8aefb8e2fac49c5cdd104ee19cea23f6f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Introduce the family of nano_fifo_put_list and nano_fifo_put_slist APIs,
which allow queuing a list of elements on a nanokernel fifo in one
shot. When called from an ISR or a fiber, the behaviour is not really
different than calling nano_fifo_put for each element to enqueue.
However, when called from a task, it allows the task to enqueue the full
list without yielding to fibers that were waiting on the fifo.
All fibers currently waiting on the fifo will be awakened and given an
element from the list in their order of priority. When some elements are
not matched with a receiver, they are queued normally.
There are two ways of passing a list: with either an ad-hoc queue, by
passing the head and the tail elements, or with a sys_slist_t object.
For the latter, the object must be reinitialized afterwards.
Change-Id: I6ac077f556dc39995191e9149c4a047a3433826f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It is now safe to introduce the callback since nano_timer_init now
calls _nano_timeout_init which does takes care of initializing all
the fields properly.
Change-Id: I5735eeebef233a0a541ec8b2a354b65da98082fc
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
With the introduction of _nano_timeout_init it prefered to call it
to initialize the _nano_timeout fields properly.
Change-Id: I83e9c63f9bb2903c508264d1199d2c687c330ec8
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This will allow initializing a nano timeout that is not associated with
a thread.
Change-Id: Ic71175b0059396b19a0e3616f4fab570071c3d48
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds a delayed version of nano_work API which is useful when
handling timeouts since the same stack/workqueue can be shared.
Change-Id: Iac43796fe96deb0a9c8976c91a65104b57779b00
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Convert leading whitespace into tabs in Kconfig files. Also replaced
double spaces between config and <prompt>.
Change-Id: I341c718ecf4143529b477c239bbde88e18f37062
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
By default, kernel event logger is using the system timer. But on
some platforms where the timer driver maintains the system timer
cycle accumulator in software, such as ones using the LOAPIC timer,
the system timer behavior leads to timestamp errors. For example,
the timer interrupt is logged with a wrong timestamp since the HW
timer value has been reset (periodic mode) but accumulated value not
updated yet (done later in the ISR).
This patch is adding the possibility to register a timer callback
function that will be used by the kernel event logger. For example,
on Quark SE, this allows using RTC or AON counter which accuracy is
sufficient and behavior more straight forward compared to system
timer.
Change-Id: I754c7557350ef29fc10701e62a35a5425e035f11
Signed-off-by: Fabrice Olivero <fabrice.olivero@intel.com>
This adds a callback to struct _nano_timeout which is called in ISR
context allowing more flexible handling of timeouts.
Change-Id: If837b0b51b24dfffebac6f99f4d66fdf01c164f0
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Overflowing the k_server command stack will now trigger an __ASSERT()
when CONFIG_ASSERT=y.
Change-Id: Icf6f4242ab8a9897918769415a0f7485602d7630
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Add a generic API for drivers to start workqueues and submit work
items. This is needed by drivers which need to schedule code that might
sleep from an ISR to run in fiber context.
Also add the option to start a system-wide workqueue.
Both additions are optional. They can be deactivated for systems that
do not need them.
Change-Id: Ia843568fde5daf6d4279ef7bf241c26c1e3dcfb7
Signed-off-by: Vlad Dogaru <vlad.dogaru@intel.com>
Moved comments from code to header.
Jira: ZEP-160
Change-Id: Ifd0f3c930289256e682b5941d77433aca3d3f941
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Added CONFIG_KERNEL_EVENT_PROFILER_DYNAMIC flag for enabling that
capability. When set, nothing will be logged by default
Change-Id: I03552483e5a6bfd9e2505eda56908f0d0ae98618
Signed-off-by: Fabrice Olivero <fabrice.olivero@intel.com>
OS tick period (usually 10 ms) is not sufficiently precise for task
execution analysis (like processing CPU load per context)
With that modification, the timestamp used by the kernel event logger
is 32-bit LSB of platform HW timer (for example Lakemont APIC timer
for Quark SE).
This timer period is very small and leads to timestamp wraparound
happening quite often (e.g. every 134s for Quark SE).
This wraparound must be considered when analyzing kernel event logger
data and care must be taken when tickless idle is enabled and sleep
duration can exceed maximum HW timer value.
Change-Id: Idc545da8f828a7357a69d83ff25c9afd09dab3c4
Signed-off-by: Fabrice Olivero <fabrice.olivero@intel.com>
Add a way of finding if a microkernel task is the idle task instead of
of duplicating:
task_priority_get() == (CONFIG_NUM_TASK_PRIORITIES - 1)
which could be subject to change.
Only available for microkernel, since there is no such concept in the
nanokernel.
Change-Id: Ie8930981f1a2ac5ff16f905f4eb4e333c8b59c5d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
In order to build test/kernel/test_stackprot/microkernel for the ARC,
the _MOVE_INSTR needs to define what the move instruction is for this
target.
Change-Id: I087cc5baa4c41297ce52323556e94aab424aa891
Signed-off-by: Chuck Jordan <cjordan@synopsys.com>
Locks interrupts in the microkernel routines _k_state_bit_reset() and
_k_state_bit_set(). This is a necessary pre-requisite for allowing
microkernel objects to pend on nanokernel objects since that feature
will require the manipulation of the microkernel queues in the context
of an ISR as well as the kernel server fiber.
Change-Id: I2d263707e0d3aed75bba971df878daa3d7ae1d11
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds support that allows fibers and ISRs to invoke the microkernel
no-op kernel service request. This is useful for cases when the
nanokernel needs to invoke the microkernel task scheduler.
Change-Id: I1f4b2a39ac6b5e44bb1b6c6b3cd6034262bbada8
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Fixes the timeout recalculation in the following routines:
nano_task_fifo_get()
nano_task_lifo_get()
nano_task_sem_take()
_nano_task_sleep()
Without this fix, a task that called one of the previously listed
routines could in theory sleep/wait up to almost twice the requested
timeout.
Change-Id: I53196be84e65874e94a62d5b0be1b7aaaaeda91f
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds the nanokernel infrastructure to permit microkernel tasks
to block/unblock on nanokernel objects. Multiple tasks may wait
on a nanokernel object's dedicated task wait queue.
It is important to note that when data is posted to the object
all the tasks on that object's dedicated task wait queue may be
woken up but the data is not immediately given to any of the tasks.
This is done to maintain consistent behavior with the nanokernel
as in a nanokernel system, fibers are given preference in both
waiting on and getting data from a nanokernel object.
Change-Id: Ia5c7f21ae59a367d9fec23dafc3a918d9e767db5
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds the microkernel infrastructure to permit a microkernel task
to [un]block on a nanokernel object. Unlike tasks that [un]block
on microkernel objects, the work for [un]blocking tasks on nanokernel
objects will not always be done in the kernel service fiber. One of
the repercussions of this is that in many cases the microkernel task
scheduler must be explicitly invoked (by issuing a no-op kernel
service call).
Origin: Original
Change-Id: I2b145668cef142a7a4034e191116fcb344a9b8b3
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Fibers initialize this back pointer to NULL as they are (by definition)
not microkernel tasks. Microkernel tasks initialize it to their
corresponding 'ktask_t'.
However for nanokernel systems, the back pointer is always NULL. This
is because there is only one task in a nanokernel system (the background
task) and it can not pend on a nanokernel object--it must poll.
Change-Id: I9840fecc44224bef63d09d587d703720cf33ad57
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds the TF_NANO wait flag reason to indicate that a task is pending
on a nanokernel object.
Change-Id: Ic20ef79398da7d9118bdf775e22b8f8a31501f7f
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
We really should have more faith in the compiler, it generates
code to implement this exactly like the arch-specific assembly
versions, and on ARM is actually 4 bytes shorter.
FUNC_NO_FP used to disable the usual C preamble to update the
frame/stack pointers, which is how the sizes are still the same
or less. It's debatable how useful the occasional use of
FUNC_NO_FP is in practice since it hinders debugging and in a
production build frame pointers should be globally disabled, but
we can address that later.
Change-Id: I6c4b64ab3e3a9b6f91d52fa8c92e6e79a986fc77
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Of the 3 related functions;
_thread_essential_set()
_thread_essential_clear()
_is_thread_essential()
The first two are parameter-less and always operate on
"_nanokernel.current". The last one takes a 'thread' parameter but will
operate on _nanokernel.current if the parameter is NULL. All calls to
_is_thread_essential() pass NULL!
This change makes the 3 functions consistent by removing the parameter
to the 3rd function. This should also be marginally more efficient,
though consistency was the motivation. This change corrects the doc
preamble to all 3 functions.
(These functions would probably be better as inlines. Also, the choice
of when to use wrappers seems a bit arbitrary. E.g. there's nothing
for setting/testing the "FIBER" flag.)
Change-Id: Ie3589f8a28b227c6d7a3a31b664d3b3e6e9c6d17
Signed-off-by: Geoff Thorpe <geoff.thorpe@nxp.com>
This wrapper exists so that the ESSENTIAL bit doesn't have to be set
explicitly in _nanokernel.current. (And a note is added to nano_init to
avoid a nasty gotcha there.)
Change-Id: I4026ac0cfeace60e36abdbccf15554759f2dbf7a
Signed-off-by: Geoff Thorpe <geoff.thorpe@nxp.com>
These C variants of atomic operations can work on any arch,
have platforms select them if they don't have ASM equivalents.
Change-Id: I38eb03bb58beff865681ee56ef7bc0fcded1e906
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The file device.c uses errno codes so it should include errno.h.
Change-Id: I93e806a9b20b2c9bcb245ac5e86fba70486c9591
Signed-off-by: Andre Guedes <andre.guedes@intel.com>
Certain Low power SOC states (e.g. deep sleep) will result in device
IP blocks losing state. In such a scenario it can be useful to have
a mechanism for devices (driver code) to signal the power manager /
policy that they are in the middle of a transaction.
We expect the device driver code to make a call to
device_busy_set(device *) before initiating a transaction and
device_busy_clear(device *) on completion. It is expected that device
driver developers will add this as necessary in their drivers.
Further an API is provided for power manager application / policy to
check this. Based on this the power manager / policy can decide
whether or not to go into a particular power state.
Change-Id: I0fedd90b98e182cd41b53c7f9e08655532822faa
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
This changes the behavior of device_get_binding() so that
it returns NULL if driver_api is not set. This provides
a way for driver to state that it has not been initialized
properly, and prevents app from using it since no reference
to the device struct will be returned.
This implements the idea specified in [1]. The idea is to
reuse an existing resource by piggy-backing onto driver_api,
thus avoiding an extra "device state" variable in the device
struct. This differs from the code specified in the mailing
list by checking driver_api for NULL first. This avoids
the unnecessary strcmp() if driver_api is NULL.
[1] https://lists.zephyrproject.org/archives/list/devel@lists.zephyrproject.org/message/MZB5PYBSRHV3NIEHJYXYQVLTPFIIHPB3/
Change-Id: I978b1a6683cd56c8a72532d6368c47e67515c82d
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Fixes a problem where the nanokernel FIFO state information could get
out of sync due to a timeout.
The nanokernel FIFO structure nano_fifo now maintains two separate
queues: one for waiting fibers and the other for posted data. This
permits the safe and independent querying of the queues as needed
when getting and/or putting data from/on the nanokernel FIFO.
Change-Id: Ifbcb5004558b06fc55cad2a955f5be20e716b392
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Device drivers may use task_sleep() routine during the initialization.
As device driver initialization is carried by idle task, it can not
be sheduled out as any other task. Idle task goes into a wait loop
instead.
In order to invoke task_sleep() device drivers must enable
CONFIG_NANO_TIMEOUTS option.
Change-Id: Ib73a2ad1f3c0bda44c24f2417e102bfaa3a13a15
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Most of the SoC and board Kconfig use the same values for
driver initialization priorities. So refactor them, and
discard duplicate ones.
The shared IRQ init priority was changed so that the kernel
default init and device init priorities can be standardized
across all SoC/boards. Same goes for DesignWare SPI driver.
This also changes the UART_CONSOLE_PRIORITY and
IPM_CONSOLE_PRIORITY to UART_CONSOLE_INIT_PRIORITY and
IPM_CONSOLE_INIT_PRIORITY, to standardize across all drivers.
Note that this does not take away the ability to override
those values. This just provides reasonable defaults such
that there is virtually no need to override.
Change-Id: Ibbd95d802c637df06f9a2fd48763ee1e6f4ff627
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There are two major issues with the kconfig:
() Some of the config options have incorrect dependencies inside help
under menuconfig. For example, CONFIG_GPIO depends on BOARD_GALILEO.
() Since the SoC and board specific kconfig files are parsed first,
the help screen would say, for example, CONFIG_SPI is defined at
arch/arm/soc/fsl_frdm_k64f/Kconfig. This is incorrect because
the actual config is defined in drivers/spi/Kconfig.
These cause great confusion to users of menuconfig/xconfig.
To fix these, the SoC and board defaults are now to be parsed last.
Note that the position swapping of defaults in this patch is due to
the fact the the default parsed last will be used.
And, spi_test is broken due to the fact that it requires
CONFIG_SPI_INTEL_PORT_1, but never enables it anywhere. This is
bypassed for now.
Origin: refactored and edited from existing files
Change-Id: I2a4b1ae5be4d27e68c960aa47d91ef350f2d500f
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Added device power management hook infrastructure. Added
DEVICE_INIT_PM and SYS_INIT_PM macros that creates device
structures with the supplied device_ops structure containing
the hooks.
Added example support in gpio_dw driver. Updated the sample
app and tested using LPS and Device Suspend Only policies.
Change-Id: I2fe347f8d8fd1041d8318e02738990deb8c5d68e
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Changed names of Kconfig flags, variables, functions, files and
return codes consistent with names used in the RFC. Updated
relevant comments to match the changes.
Origin: Original
Change-Id: Ie7941032d7ad7af61fc02928f74538745e7966e8
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add support for task_sleep() and fiber_sleep() during the
system initialization. When CONFIG_NANO_TIMEOUTS defined,
before the k_server() starts, kernel uses nanokernel
system clock announce and task sleep functionality.
To give device drivers early sleep functionality, the system
clock has to start on SECONDARY initialization level, same
as most of the drivers.
Change-Id: Ie1d391945cd1cfb9a5dc199783c2d224eb1b0ef3
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
have micro and nano kernel next to eachother.
JIRA: ZEP-107
Change-Id: I8d6e4354cf6a8cdf1193c641b112a078cd7ec460
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
KERNEL_EVENT_LOGGER selects EVENT_LOGGER which is then used to
enabling building. Skip EVENT_LOGGER and use KERNEL_EVENT_LOGGER
directly.
Change-Id: Ib9cf3a58b12bf4e78f264d8e8ac48a8104120c3b
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add missing option for adding time stamp to boot banner.
Change-Id: Idda61feeef4a89c1aa8bb7e81b52272babeb1efe
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Microkernel timers are defined at compile time as a static list
but they are allocated dynamically in kernel execution.
The object tracing list will only list those timers that are
currently allocated at debug time. For this reason, timers
can be removed from the tracing list at any time.
A very simple double linked list was implemented to reduce the
complexity of the action to remove an item from the list from O(n)
to O(1) and simplify the remove implementation.
Change-Id: Ib7ea718b52e7c719a32b3fa4ff1d7e6b00482c28
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@intel.com>
The thread monitor allows to iterate over the thread context
structures for each existing thread (fiber/task) in the system.
Thread context structures do not expose thread entry information
directly. Although all the information can be scavenged from memory
stacks. Besides, accessing the information depends on the stack
implementation for each architecture.
By extending the tcs we allow a direct access to the thread
entry point and its parameters, only when thread monitor is
enabled.
It also allows a task to access its kernel task structure
through the first parameter of the thread.
This allows a debugger application to access the information directly
from the thread context structures list.
Change-Id: I0a435942b80eddffdf405016ac4056eb7aa1239c
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@intel.com>
This reverts commit 0d50329105.
This breaks sanitychecks in CI. The early_sleep kernel test case is failing
randomly.
Change-Id: I015f20699c052b4089076699fc0180945c4d3d16
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Exposes the CONFIG_THREAD_MONITOR functionality as part of the
object tracing header.
Change-Id: I2022a580df2cf33e543b980dc9c33b9adca3d3bf
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@intel.com>
Restructure the kernel's object tracing implementation
to provide a public API that allows debug tools to use
the debug hooks easier and allows kernel developers
to extend the kernel's object tracing scope and include
new kernel objects easier.
The API provides the trace list abstraction to keep track
of different types of kernel objects. The API contains
a simple single-linked list implementation that allows
to save space and simplifies the access to the data for
debug tools such as gdb.
Change-Id: Ic4d393d584576f67f2c5b706e61bae08869debba
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@intel.com>
Moves some code from pool_alloc into a helper function,
to avoid code duplication when implementing a pool based heap.
Change-Id: I29b9bc1b8ba166a2187df5ea037aad4d4a522f69
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
Specifying HEAP_SIZE keyword in an app's MDEF file, results in
creating a new memory pool, which can be accessed using the
task_malloc() and task_free() APIs, which have the usual malloc/free
like semantics.
Expected format in MDEF file
HEAP_SIZE <value>
Change-Id: I0569cffeecf8a2c23c20c7b359256123ece91982
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
Add support for task_sleep() and fiber_sleep() during the
system initialization. When CONFIG_NANO_TIMEOUTS defined,
before the k_server() starts, kernel uses nanokernel
system clock announce and task sleep functionality.
To give device drivers early sleep functionality, the system
clock has to start on SECONDARY initialization level, same
as most of the drivers.
Change-Id: I5b3cf3da4c8d8398a966e901ab211f2fcee18dd6
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
This patch updates some help sections to remove the "ERROR:
Unexpected indentation" messages during hmtl documentation
generation.
Change-Id: Idcdc17727b921b6145f9eb28d85975ceca273ce2
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
Like for the other context-specific APIs, also provide a
context-agnostic wrapper.
Change-Id: Icf0a62f4c06aec42f0febc298edbd8bdeec63749
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
A call to xxx_fiber_wakeup() if the timeout had expired would put the
fiber on the fiber ready queue _again_, corrupting it, or could remove
the fiber from a nanokernel object wait queue, prematurely un-pending
it.
We now verify the fiber is indeed still on the timeout queue and also
not on a wait queue, meaning the fiber is indeed sleeping.
Change-Id: Iba454d79ab50db01632b0591fb7b589221b5110b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Until now, this was not needed since the checks for being on a wait
queue were only performed if a fiber was known to be on a timeout queue
as well. However, an upcoming fix for _fiber_wakeup() needs to verify if
a fiber is on a wait queue even if it is not timing out, because said
fix needs to check if the fiber is timing out as well.
Change-Id: If1694ceb551f2029d6a145963e81d3826956fd1d
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
An upcoming fix for _fiber_wakeup() will need to know if the fiber was
dequeued from a timeout queue.
Change-Id: I09ca039098c09a997db73f4719261352f0af07c1
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Adds the following routines for waking a fiber that was previously
put to sleep using fiber_sleep().
isr_fiber_wakeup()
fiber_fiber_wakeup()
task_fiber_wakeup()
Change-Id: I7d78ee6997163d71b92f388a7b4c484f2e97862b
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
The fiber_start() family of routines now return a nanokernel
thread id (nano_thread_id_t). This is a pre-requisite step for
allowing fiber_sleep() operations to be cancelled.
Change-Id: I74a3885eda3252c158f4a48e90244569633469c3
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Instead of returning a 'void *', the nanokernel fiber_delayed_start()
family of routines now return a handle of type nano_thread_id_t.
Consequently, the nanokernel fiber_delayed_start_cancel() family of
routines now accept a parameter of type nano_thread_id_t instead of
'void *'.
The complete list of affected nanokernel routines is:
fiber_delayed_start() fiber_delayed_start_cancel()
fiber_fiber_delayed_start() fiber_fiber_delayed_start_cancel()
task_fiber_delayed_start() task_fiber_delayed_start_cancel()
Change-Id: Ibd4658df3ef07e79a81b7643a8be9ea5ffe08ba0
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
This is part of an ongoing development of power management
support in zephyr. This implementation builds upon an existing
hook interface and adds more enhancements. This was tested
with reference implementations on quark_d2000 and quark_se.
Change-Id: I28092b7ec90ce1f1cc661cf99ca88708910c8eb2
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Renamed functions and labels used in power management code
according to coding convention. Only doing this to relevant
functions and not touching functions that will be removed in
future patches.
The stack used during resume would be necessary so
renamed that too.
Change-Id: I2f09a349b0f0fd6520c11b4cd73f4c8e1a13f100
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
This is a prologue to reverting:
commit 3c66686
Author: Benjamin Walsh <benjamin.walsh@windriver.com>
Date: Tue Feb 9 17:34:02 2016 -0500
sys_clock: start the microkernel ticker in the MICROKERNEL init level
to allow the devices initializing in pre-MICROKERNEL init levels to poll
the hi-res clock (sys_cycle_get_32()), which relies on the system clock
having been started.
This change allows starting the system clock in the NANOKERNEL init
level by delaying announcing the ticks until the MICROKERNEL init level.
Change-Id: I43d54bb5e2f182d4edd880da0124a0817f911943
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The file is already guarded with
obj-$(CONFIG_STACK_CANARIES) += compiler_stack_protect.o
So no need to check for CONFIG_STACK_CANARIES again in the file itself.
Change-Id: I09cf274679a1678f02478fca799a3f6507e77211
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
It is now safe to enable sys_thread_busy_wait() for ARM as an earlier
patch has fixed the build system to link against the correct intrinsics
library.
Change-Id: Ib5ed036d996461b91f372b2b3e8f597a925d3292
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Moving comments back to the 70 character limit. Also moving some of the
comments up to be included in the doxygen headers instead of inline.
Change-Id: I56a6015e5fd6da81e9a06701217e62e899b6aa62
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Zephyr includes a Task Monitor feature that allows to
track events on the microkernel server scheduler.
Task monitor is integrated as a profiler point for the
Kernel Event Logger feature.
Change-Id: I7b8be5872439a333f976eada1aa3511d93b46388
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@linux.intel.com>
Task monitor is being tracked as a profiler point of the kernel
event logger. Now, the capacity to register task monitor events
is dictated by KERNEL_EVENT_LOGGER_BUFFER_SIZE symbol.
Change-Id: Ia4fe04c7d46fe41524c53447ad51af2e03ea5a15
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@linux.intel.com>
Kernel event logger keeps track of task monitor events.
Old structures are not needed anymore.
Change-Id: I2267bdb3c2f27ea87d8675c4ecf0646ea62761ae
Signed-off-by: Juan Manuel Cruz <juan.m.cruz.alcaraz@linux.intel.com>
Interrupts must be locked when processing announced ticks in
_nano_sys_clock_tick_announce(). This prevents higher priority
interrupts from interrupting the tick announcement and possibly
corrupting the timeout and/or timer queues.
Change-Id: I4e87fc5b3ad36161e0accb50b2691f975f5877e5
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Mostly SoC initialization and some kernel subsystems, but also some
device drivers like the interrupt controllers.
Change-Id: I8dc1844c33acd877c075b6b03558fdca6f87500b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
They have been replaced by DEVICE_INIT().
Change-Id: I06551f37593a3debb7eb221badd267bb5c7040c0
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This is the last step before obsoleting DEVICE_DEFINE() and
DEVICE_INIT_CONFIG_DEFINE().
Change-Id: Ica4257662969048083ab9839872b4b437b8b351b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rename it to DEVICE_DEFINE() so that it fits in the 'device' namespace.
Change-Id: I3af3a39cf9154359b31d22729d0db9f710cd202b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Rename it to DEVICE_INIT_CONFIG_DEFINE(), because (a) it was not fitting
in any namespace and (b) it is not used to declare, but rather define a
object.
Change-Id: I1da5822f06b85a9fb024b5b184afd0ccc01012ec
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Fix an issue where, if a task is pending on a nano timeout, the duration
it wants to wait is not taken into account by the tickless idle code.
This could cause a system to wait forever, or to the limit of the timer
hardware (which is forever, for all intents and purposes).
This fix is to add one field in the nanokernel data structure for one
task to record the amount of ticks it will wait on a nano timeout. Only
one task has to be able to record this information, since, these waits
being looping busy waits, the task of highest priority is the only task
that can be actively waiting with a nano timeout. If a task of lower
priority was previously waiting, and a new task is now waiting, it means
that the wait of the original task has been interrupted, which will
cause said task to run the busy loop on the object again when it gets
scheduled, and the number of ticks it wants to wait has to be recomputed
and recorded again.
Change-Id: Ibcf0f288fc42d96897642cfee00ab7359716703f
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Adds C++ support to the build system.
Change-Id: Ice1e57a13598e7a48b0bf3298fc318f4ce012ee6
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds extern "C" { } blocks to header files so that they can be
safely used by C++ source files.
Change-Id: Ia4db0c36a5dac5d3de351184a297d2af0df64532
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
This is being removed for a few reasons:
- AFAICT this is the only API in Zephyr that follows an allocate/free
model.
- There are no public APIs in the interrupt subsystem for releasing
or reconfiguring an interrupt. This code was relying on arch-specific
private APIs. If we really want to keep this capability we should
make these APIs public and consistent across arches.
- The use-case for this API is not clear, as Zephyr is not intended
for hot-pluggable peripherals. Built-in hardware tends to need its
interrupt for its entire life cycle.
- The current implementation of dynamic interrupts on x86 does not
support freeing a dynamic IRQ that was reserved with
irq_connect_dynamic(), causing this code not to work. To add this
would require reimplementing _get_dynamic_stub() to use a bitfield
or set of bitfields to track unused stubs rather than the simple
counter it uses now.
Change-Id: I7a03c134fb3498b91a1816318a88b293e26b846c
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The interrupt API has been redesigned:
- irq_connect() for dynamic interrupts renamed to irq_connect_dynamic().
It will be used in situations where the new static irq_connect()
won't work, i.e. the value of arguments can't be computed at build time
- a new API for static interrupts replaces irq_connect(). it is used
exactly the same way as its dynamic counterpart. The old static irq
macros will be removed
- Separate stub assembly files are no longer needed as the stubs are now
generated inline with irq_connect()
ReST documentation updated for the changed API. Some detail about the
IDT in ROM added, and an oblique reference to the internal-only
_irq_handler_set() API removed; we don't talk about internal APIs in
the official documentation.
Change-Id: I280519993da0e0fe671eb537a876f67de33d3cd4
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Simplifies the nanokernel timer API so that the timeout parameter must be
specified when invoking nano_isr_timer_test(), nano_fiber_timer_test(),
nano_task_timer_test() and nano_timer_test().
This obsoletes the following APIs:
nano_fiber_timer_wait()
nano_task_timer_wait()
nano_timer_wait()
Note that even the though the new API requires that the timeout parameter
be specified, there are currentl only two acceptable values:
TICKS_NONE and TICKS_UNLIMITED
Theoretically, the current implementation would allow one to supply a
finite positive value for the timeout and the system would wait up to
that many ticks for the timer to expire. However, it is thought that
that unnecessarily complicates the nanokernel timer model and so it is
left as an unsupported option. Should that change, then that feature
could be enabled by updating the documentation.
Change-Id: I8835c5342ab5025d6f70fdfbed54a50add7568d7
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Changes the nanokernel stack API so that the timeout parameter must be
specified when invoking nano_isr_stack_pop(), nano_fiber_stack_pop(),
nano_task_stack_pop() and nano_stack_pop().
This obsoletes the following APIs:
nano_fiber_stack_pop_wait()
nano_task_stack_pop_wait()
nano_stack_pop_wait()
Note that even though the new API requires that the timeout parameter
be specified, there are currently only two acceptable values:
TICKS_NONE and TICKS_UNLIMITED
This nanokernel option does not support CONFIG_NANO_TIMEOUTS.
Change-Id: Ic7f16ee30c3534115ceffa19ef8591ecc5a79080
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Changes the nanokernel LIFO API so that the timeout parameter must be
specified when invoking nano_isr_lifo_get(), nano_fiber_lifo_get(),
nano_task_lifo_get() and nano_lifo_get().
This obsoletes the following APIs:
nano_fiber_lifo_get_wait()
nano_fiber_lifo_get_wait_timeout()
nano_task_lifo_get_wait()
nano_task_lifo_get_wait_timeout()
nano_lifo_get_wait()
nano_lifo_get_wait_timeout()
Change-Id: Ie9f93e46da42ea33c32544c02ab1d70b893cc198
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Changes the nanokernel semaphore API so that the timeout parameter must be
specified when invoking nano_isr_sem_take(), nano_fiber_sem_take(),
nano_task_sem_take() and nano_sem_take().
This obsoletes the following APIs:
nano_fiber_sem_take_wait()
nano_fiber_sem_take_wait_timeout()
nano_task_sem_take_wait()
nano_task_sem_take_wait_timeout()
nano_sem_take_wait()
nano_sem_take_wait_timeout()
Change-Id: If7a4bce1bd8ec8d6410d04f3c16ff1922ff0910e
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Changes the nanokernel FIFO API so that the timeout parameter must be
specified when invoking nano_isr_fifo_get(), nano_fiber_fifo_get(),
nano_task_fifo_get() and nano_fifo_get().
This obsoletes the following APIs:
nano_fiber_fifo_get_wait()
nano_fiber_fifo_get_wait_timeout()
nano_task_fifo_get_wait()
nano_task_fifo_get_wait_timeout()
nano_fifo_get_wait()
nano_fifo_get_wait_timeout()
Change-Id: Icbd2909292f1ced0bad8a70a075478536a141ef2
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
The macros _NANO_TIMEOUT_TICK_GET() and _NANO_TIMEOUT_ADD() will be
used in later commits to help simplify the nanokernel APIs.
Change-Id: I668af85d775eab112953d064d9c91de607f60a59
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Fixes the routine names referenced in the INT_LATENCY_BENCHMARK
kconfig option description.
Change-Id: I74c67a8f54cfc3b0ce75fc390d7ab6bd39561d6f
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
The routines _int_latency_start() and _int_latency_stop() have been
replaced by macros that evaluate to nothing when the kernel config
option INT_LATENCY_BENCHMARK is not enabled thereby giving a performance
boost to the x86 versions of irq_lock() and and irq_unlock().
Change-Id: Iabfa7bf001f5b8396e7bcf5eebd6b1aa342bac46
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
An architecture that supports tickless idle in the nanokernel can allow
selecting TICKLESS_IDLE by forcing NANOKERNEL_TICKLESS_IDLE_SUPPORTED to
be enabled.
Change-Id: I4e45b619c599913d40b7bc19902094fb361b1e3b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Re-applying this patch, which was lost when moving to kbuild:
commit 64c0f13f9380 ("kconfig: remove useless tickless idle dependency")
Author: Benjamin Walsh <benjamin.walsh@windriver.com>
Date: Mon May 11 15:13:46 2015 -0400
kconfig: remove useless tickless idle dependency
TICKLESS_IDLE_THRESH depends on TICKLESS_IDLE, which depends on
ADVANCED_POWER_MANAGEMENT, which itself already depends on
MICROKERNEL. There is thus no point in having TICKLESS_IDLE_THRESH
depend on MICROKERNEL.
Change-Id: I95edcc7b927dd122b80f376c96233decdcc9afab
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
The architectures need to add support for it in their nano_cpu_idle()
and nano_cpu_atomic_idle() implementations, as well as in their
interrupt entry and exit code.
Change-Id: I44a241c56e624dc8e32e08db29a84489314cd7a4
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Note that the A->Comm is a pointer to the microkernel functions,
and thus is highly probable that the high 8-bit is occupied.
Therefore adds a new field in the monitor struct to store the pointer.
Change-Id: I7bcb34108c89a97cc38b2ac411ae4139b62786f3
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Move SECONDARY init level from essential pseudo-fiber
to the idle task, so the device initialization routines
may use interrupts and wait for interrupts.
Change-Id: I5afa92d8b304de5b295450f0a8a761385b7c2566
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Changes the FIFO API so that the timeout parameter must be specified
when invoking task_fifo_get() thereby making the following APIs obsolete:
task_fifo_get_wait()
task_fifo_get_wait_timeout()
_task_fifo_get()
Change-Id: Iac626d9d6d4836033e06ffd5a2ca415ab2630b1a
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Changes the FIFO API so that the timeout parameter must be specified
when invoking task_fifo_put() thereby making the following APIs obsolete:
task_fifo_put_wait()
task_fifo_put_wait_timeout()
_task_fifo_put()
Change-Id: Ifbbfb7018fd9a71551ccba648fda6d2d59d589a6
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
