We need to enforce that if the implementation function is inlined,
and we are using a syscall declaration macro where a runtime check
is performed, that all memory access in the inlined implementation
function is done after the user context check is performed.
Fixes bad memory access issues observed due to the compiler fetching
member data from a kernel object when the calling context was in
user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is too powerful for user mode, the other access APIs
require explicit permissions on the threads that are being
granted access.
The API is no longer exposed as a system call and hence will
only be usable by supervisor threads.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's currently too easy to run out of thread IDs as they
are never re-used on thread exit.
Now the kernel maintains a bitfield of in-use thread IDs,
updated on thread creation and termination. When a thread
exits, the permission bitfield for all kernel objects is
updated to revoke access for that retired thread ID, so that
a new thread re-using that ID will not gain access to objects
that it should not have.
Because of these runtime updates, setting the permission
bitmap for an object to all ones for a "public" object doesn't
work properly any more; a flag is now set for this instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We got rid of letting uninitialized objects being a free-for-all
and permission to do stuff on an object is now done explicitly.
If a user thread is initializing an object, they will already have
permission on it.
If a supervisor thread is initializing an object, that supervisor
thread may or may not want that object added to its set of object
permissions for purposes of permission inheritance or dropping to
user mode.
Resetting all permissions on initialization makes objects much
harder to share and re-use; for example other threads will lose
access if some thread re-inits a shared semaphore.
For all these reasons, just keep the permissions as they are when
an object is initialized.
We will need some policy for permission reset when objects are
requested and released from pools, but the pool implementation
should take care of that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will allow these thread objects to be re-used.
_mark_thread_as_dead() removed, it was only being called in one
place.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
API to assist with re-using objects, such as terminated threads or
kernel objects returned to a pool.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
At very low optimization levels, the call to
K_THREAD_STACK_BUFFER doesn't get inlined, overflowing the
tiny stack.
Replace with _ARCH_THREAD_STACK_BUFFER() which on x86 is
just a macro.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fixes issues where these were getting sign-extended when
dumped out, resulting in (for example) "ffffffff" being
printed when it ought to be "ff".
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Use some preprocessor trickery to automatically deduce the amount of
arguments for the various _SYSCALL_HANDLERn() macros. Makes the grunt
work of converting a bunch of kernel APIs to system calls slightly
easier.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Previously, there was boolean CONFIG_SLIP_DEBUG, which effectively
switched between "logging off" and "debug-level logging". Instead,
switch to CONFIG_SYS_LOG_SLIP_LEVEL (the naming of the option follows
existing conventions) which allows to select any of the standard 5
logging levels.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The current prescaler calculation incorrectly fails to configure the
desired frequency when it is possible to match it exactly. Fix this.
Without this patch, if the user requests frequency N Hz, and there is
a SPI prescaler that can match this frequency exactly, the actual
frequency chosen by spi_stm32_configure() will be N/2 Hz.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Clean up & rework JTAG documentation for ESP-32 boards to provide full
commands and clarify gotchas.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Explicitly call net_pkt_ref()/net_pkt_unref() to avoid packet being
freed after calling net_context_sendto() at retransmit_request().
Also, do not return when net_context_sendto() returns error. Instead,
we should keep retrying.
Signed-off-by: Robert Chou <robert.ch.chou@acer.com>
Original coap_client implementation does not setup "appdatalen" of
net_pkt correctly and does not strip the IP + UDP headers when doing
the retransmit. This will result in malformed coap packet. Fix it by
adding a strip_headers() function to set appdatalen and get rid of
IP + UDP headers.
Signed-off-by: Robert Chou <robert.ch.chou@acer.com>
This helps to debug issues with mass connection handling (e.g. when
issues happen at ~500th connection).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It's possible to get number of free pkts/buffers with just
CONFIG_NET_BUF_POOL_USAGE, whereas CONFIG_NET_DEBUG_NET_PKT
depends on CONFIG_NET_LOG and adds quite a bunch of other
overhead. Also, give a hint that this option should be enabled
to get free buffer numbers.
Additionally, use unambiguous "Total" wording to represend the
maximum capacity of data structures, instead of previous "Count".
"Count" (or at least counter) is intuitively something which can
change, so not seeing any other numbers, it's very easy to assume
that it's actually number of free buffers (because that's the
information a user may be interested in in many cases).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There are 3 cases of possible allocation failures, only 1 of them
was logged. Now, all the cases are logged: 1) failure to allocate
net_pkt; 2) failure to allocate very first net_buf for it; 3)
failure to allocate additional net_buf for it (this latter was
the only one logged previously).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There have been situations where the remote stacks cannot responds
within a second, so increases it to 2 seconds. The timeout has to be
relatively short as the channel cannot be reused while disconnecting.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
MPS shall never be bigger than MTU + 2 as the remaining bytes cannot
be used since the SDU is limited to length + MTU.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add implementation to support Coded PHY update procedure
with packet transmit time restrictions.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use S8 coding Rx chain delay timings to calculate the PA
pin assertions when in Coded PHY.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Always use S8 Rx Chain Delay instead of the actual Rx-ed
packet coding. I believe, as the packet always start with
S8, hence S8 timings when used the tIFS is near correct
value.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When calculating and setting up the header compelte timeout
use S8 coding Rx chain delay.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
In the commit dd52b8ea02 ("Bluetooth: controller: Fix
first connection interval timing"), instead of using just a
tick unit as workaround, microseconds corresponding to a
tick unit was used while calculating the window offset to be
used at the connection update instant. This introduced an
error in scheduling the first event with new connection
parameters, causing supervision timeout of connection update
procedure.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Mesh Profile Specification v1.0, 4.4.1.2.8:
"When an element receives a Config Model Subscription Add message
or a Config Model Subscription Virtual Address Add message that
is not successfully processed (i.e., it results in an error condition
listed in Table 4.113), it shall respond with the Config Model
Subscription Status message, setting its fields to the values
of the corresponding fields (i.e., the identically named fields)
of the incoming message and setting the Status field to a status code
(defined in Table 4.113), and setting all other fields to 0."
The same applies to other Model Subscription messages.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
It's possible that tx_notify still contains items when a Disconnect
Complete happens. Since the normal path for processing tx_notify is
not taken when the connection is not in CONNECTED state, we must make
sure to process the list latest in conn_cleanup() that's called as one
last thing before the connection object is freed up.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If the caller has passed net_pkt to prepare_segment(), then
it is caller responsibility to unref it in a case of error.
Fixes#4292
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Does the opposite of k_object_access_grant(); the provided thread will
lose access to that kernel object.
If invoked from userspace the caller must hace sufficient access
to that object and permission on the thread being revoked access.
Fix documentation for k_object_access_grant() API to reflect that
permission on the thread parameter is needed as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Indicate to users that this feature isn't fully baked yet.
This will be reverted for 1.11 release.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A space-constrained device wouldn't enable this feature.
Fixes build errors since these tests constrain the size of
the IDT.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This has extra stack overhead, no need to impose this on the caller
unless it's needed to avoid doing a system call for every
character.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We add macros to define test cases that should be run with the CPU
in user mode, if the CPU supports it.
ztest_test_suite() declarations are now static as they can't go on
the main thread stack; the data gets shared between multiple threads.
It's better here anyway as a large test suite could fill up the main
stack, which is by default reduced to 512 bytes.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
By default, threads are created only having access to their own thread
object and nothing else. This new flag to k_thread_create() gives the
thread access to all objects that the parent had at the time it was
created, with the exception of the parent thread itself.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This requires openocd version 0.10 or later.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@linaro.org>
- When flashing with dfu-util while alt is not a number, the name must
be quoted.
- Add missing commas in self.list_pattern
- Always call dfu-util with the VID/PID
Fixes: 257fa4af9 ("scripts: zephyr_flash_debug: flash like dfuutil.sh")
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
All commands need to have quotation marks stripped.
Fixes: bee6f9e73 ("scripts: zephyr_flash_debug: flash like openocd.sh")
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
