Add documentation for why connection objects are still in use during the
disconnected callback and document error code when starting connectable
advertiser with no free connection object available.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove re-using connection objects in disconnected state when creating
directed advertiser or establishing a connection as a central using
direct connection procedure.
This makes the API mores consistent it terms of which connection roles
can be started from the disconnected callback.
This also avoids a central connection object being re-used for a
connection as a peripheral instead and vice versa.
When attempting to create a new connection the API would returning
a valid connection object if there is already an existing connection
object.
This existing connection object could be either in the process of
establishing the connection or already connected.
Returning the connection object in this would give the false impression
that the stack has initiated connection procedure, when in fact it just
returned an existing connection object.
The application has the ability to check for existing connection objects
using the bt_conn_lookup_addr_le API.
Add warning plus comment possible scenarios why the a valid connection
object might exists. Most important is to explain why a valid connection
object exists during the disconnected callback.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reserve conn object for undirected connectable advertiser. This means we
won't have a situation where we start a connectable advertise but will
fail to allocate a connection object for it in the connection complete
event.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reserve a connection object when starting the auto-initiator using the
controller whitelist.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix bt_conn_create_aute_le returning the wrong error code when bt_init
has not been called yet. This is inconsistent with the rest of the API
functions.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor stopping directed advertiser to disconnect the state object
when calling advertise stop. This follows the same pattern as
bt_conn_disconnect.
Remove returning conn objects in BT_CONN_CONNECT state, this state could
only be an initiator starting a connection in the central role.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that the auto-conn state is cleared correctly when we might
fail to allocate a new connection object.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix conn object assigned to the wrong controller connection in the
connection complete handler. This could happen when running a
directed advertiser and establishing a connection at the same time to
the same peer.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
BT_DEBUG is a promptless helper symbol, defined in
subsys/bluetooth/common/Kconfig. It is selected by BT_DEBUG_LOG, which
these configuration files also enable.
Flagged by https://github.com/zephyrproject-rtos/zephyr/pull/20742.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Segger offers J-Link firmware for the debug MCU on the BBC micro:bit.
If this firmware is installed, it allows programming via nrfjprog and
JLink. Add support for this in the board.cmake.
Leave the default at pyocd, to support the factory-programmed
firmware.
With this patch, users who have installed the JLink firmware can flash
this board with nrfjprog using:
$ west flash -r nrfjprog
And can flash or debug with jlink using:
$ west flash -r jlink
$ west debug -r jlink
As usual with runner overrides, you can omit the '-r {nrfjprog,jlink}'
if BOARD_FLASH_RUNNER as a CMake variable is set to nrfjprog or
BOARD_DEBUG_RUNNER is set to jlink.
For more details on this Segger firmware, see:
https://www.segger.com/products/debug-probes/j-link/models/other-j-links/bbc-microbit-j-link-upgrade/
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
KPTI is still work-in-progress on x86_64. Don't allow
user mode to be enabled unless the SOC/board configuration
indicates that the CPU in use is invulnerable to meltdown
attacks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
See CVE-2019-1125. We mitigate this by adding an 'lfence'
upon interrupt/exception entry after the decision has been
made whether it's necessary to invoke 'swapgs' or not.
Only applies to x86_64, 32-bit doesn't use swapgs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- In early boot, enable the syscall instruction and set up
necessary MSRs
- Add a hook to update page tables on context switch
- Properly initialize thread based on whether it will
start in user or supervisor mode
- Add landing function for system calls to execute the
desired handler
- Implement arch_user_string_nlen()
- Implement logic for dropping a thread down to user mode
- Reserve per-CPU storage space for user and privilege
elevation stack pointers, necessary for handling syscalls
when no free registers are available
- Proper handling of gs register considerations when
transitioning privilege levels
Kernel page table isolation (KPTI) is not yet implemented.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This code:
1) Doesn't work
2) Hasn't ever been enabled by default
3) We mitigate Spectre V2 via Extended IBRS anyway
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We use a fixed value of 32 as the way interrupts/exceptions
are setup in x86_64's locore.S do not lend themselves to
Kconfig configuration of the vector to use.
HW-based kernel oops is now permanently on, there's no reason
to make it optional that I can see.
Default vectors for IPI and irq offload adjusted to not
collide.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is causing problems, as if we create a thread in
a system call we will *not* be using the kernel page
tables if CONFIG_KPTI=n.
Just don't fiddle with this page's permissions; we don't
need it as a guard area anyway since we have a stack
guard placed immediately before it, and this page
is unused if user mode isn't active.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nothing too fancy here, we try as much as possible to
use the same register layout as the C calling convention.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Includes linker script fragments for the kernel object
tables and automatic memory partitions. The data section
is moved to the end per the requirements of
include/linker/kobject.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These are now common code, all are related to user mode
threads. The rat's nest of ifdefs in ia32's arch_new_thread
has been greatly simplified, there is now just one hook
if user mode is turned on.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
z_x86_thread_page_tables_get() now works for both user
and supervisor threads, returning the kernel page tables
in the latter case. This API has been up-leveled to
a common header.
The per-thread privilege elevation stack initial stack
pointer, and the per-thread page table locations are no
longer computed from other values, and instead are stored
in thread->arch.
A problem where the wrong page tables were dumped out
on certain kinds of page faults has been fixed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add two new non-static APIs for dumping out the
page table entries for a specified memory address,
and move to the main MMU code. Has debugging uses
when trying to figure out why memory domains are not
set up correctly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We don't need to set up GDT data descriptors for setting
%gs. Instead, we use the x86 MSRs to set GS_BASE and
KERNEL_GS_BASE.
We don't currently allow user mode to set %gs on its own,
but later on if we do, we have everything set up to issue
'swapgs' instructions on syscall or IRQ.
Unused entries in the GDT have been removed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Define MSR register addresses for various MSRs related to
SYSCALL/SYSRET. We also add MSRs for FS/GS base addresses
(for GS, both kernel and user mode) to support SWAPGS.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These were previously assumed to always be fatal.
We can't have the faulting thread's XMM registers
clobbered, so put the SIMD/FPU state onto the stack
as well. This is fairly large (512 bytes) and the
execption stack is already uncomfortably small, so
increase to 2K.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Exceptions on x86_64 are incorrectly implemented, and if
a preemptible thread faults, and in its overridden
k_sys_fatal_error_handler() does something which invokes
a scheduling point (such as here where we give semaphores),
the thread will be swapped out on the per-CPU exception stack
and probably explode when it is switched back in.
For now, change the faulting thread priority to co-op so this
doesn't happen.
Workaround for #21462
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The regular expressions used by this test to determine
success or failure get confounded if the log subsystem
drops the wrong messages due to buffers being full.
Just use minimal logging which synchronously logs
everything.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This doesn't work properly on x86 unless the dynamic thread
struct allocated gets lucky and is aligned to 16 bytes.
Disabling for now until #17893 is fixed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Most of the scenarios in this test case spawn child threads
and expect them to complete before execution proceeds.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nearly all of these cases create a child thread that needs
to complete before the main test proceeds further. If the
child thread runs simultaneously on another CPU, this gets
messed up.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test spawns a child thread and expects it to complete.
Use one CPU for it. Get rid of the useless k_thread_abort()
call and add a k_yield() to ensure the child does its
thing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
This symbol is enabled through being select'ed.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
(There doesn't seem to be any way to enable this symbol, because it's
not being select'ed either.)
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
This symbol should already be getting enabled if CONFIG_USERSPACE is
enabled, because CONFIG_ERRNO is default y and has
select THREAD_USERSPACE_LOCAL_DATA if USERSPACE
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Assignments have no effect on promptless symbols. This symbol is enabled
through being select'ed. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Assignments have no effect on promptless symbols. This symbol is enabled
through being select'ed. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Add option to set the size of the discardable buffer pool. This saves
memory for the MESH use case where we expect a large number of advertise
reports.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add helper define BT_BUF_SIZE which considers the BT_BUF_RESERVE when
declaring Bluetooth HCI buffers.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
