This adds a DAI driver for USB Audio Offload Link (UAOL)
individual streams on Intel ACE2.0 and ACE3.0 platforms.
Signed-off-by: Tomasz Lissowski <tomasz.lissowski@intel.com>
Signed-off-by: Serhiy Katsyuba <serhiy.katsyuba@intel.com>
This adds a driver for USB Audio Offload Link (UAOL) IP
on Intel ACE2.0 and ACE3.0 platforms.
Signed-off-by: Tomasz Lissowski <tomasz.lissowski@intel.com>
Signed-off-by: Serhiy Katsyuba <serhiy.katsyuba@intel.com>
Currently the other of the ACL and CIS disconnect callbacks
depend on the order of the HCI events received. Since this
order is not specified by the core spec, it means that any
users/applications of ISO will need to wait for all CIS
disconnects callbacks and the ACL disconnect callback before
attempting to reuse any of them.
From an API perspective this is not ideal, and the API will
be much simpler if the order of ACL and ISO disconnect
callbacks were deterministic, regardless of the controller.
This change postpones the finalization of the ACL disconnect
until all the CIS associated with it has been disconnected.
This will also make the API more similar to e.g. the L2CAP
disconnect order.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add a new callback for when the broadcast source has been
created. This callback is useful for the application to
configure the periodic advertising with the BASE of the
broadcast source. Configuring and starting the
periodic advertising with the BASE at that point in time
may optimize how quickly the procedure can be completed.
A callback was chosen, rather than having the stack set
up the data itself, because that the application may
want to add additional data in the periodic advertising,
and thus the owner of the data should be the application,
and not the stack.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This commit cleans up the Doxygen documentation for the SiFli
pinctrl DT helpers by ensuring documentation is actually helpful and not
just exposing hundreds of otherwise self-describing macros.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Currently, the declaration of the function
pm_policy_device_is_disabling_state is located
within the CONFIG_PM block in policy.h, so the
function prototype is visible as long as PM is
enabled. However, the implementation only exists
in policy_device_lock.c, which is only compiled
when CONFIG_PM_POLICY_DEVICE_CONSTRAINTS=y.
This causes a situation where when CONFIG_PM=y
and CONFIG_PM_POLICY_DEVICE_CONSTRAINTS=n, the
function is "declared but not implemented" which
will result in a linker failure if the function
is called.
This commit moves pm_policy_device_is_disabling_state
into the same CONFIG_PM_POLICY_DEVICE_CONSTRAINTS macro
block as pm_policy_device_power_lock_get/put; and
provides a static inline stub that returns false in
the else branch (consistent with the existing
power_lock_get/put style).
Signed-off-by: Zhaoxiang Jin <Zhaoxiang.Jin_1@nxp.com>
Fix OBEX abort response handling when no active client exists by
tracking the last executing client and its previous opcode.
- Add _last_client pointer to track the most recent executing client
- Add _pre_opcode to store the opcode before clearing _opcode
- Save client state before clearing opcode in all operation handlers
- Implement obex_get_last_client() to recover client context for abort
- Handle abort responses even when _active_client is already cleared
- Clear last client tracking on transport connect/disconnect
This ensures abort responses are properly delivered to the correct
client callback even if the operation has already completed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
i3c_sec_bus_reset() iterates over the attached I3C and I2C device lists
using SYS_SLIST_FOR_EACH_CONTAINER while removing each node via
i3c_detach_i3c_device()/i3c_detach_i2c_device(). The non-safe iterator
reads the current node's next pointer to advance, but detaching
invalidates that pointer. This causes the loop to either stop early
(skipping devices) or access stale memory.
Add I3C_BUS_FOR_EACH_I3CDEV_SAFE and I3C_BUS_FOR_EACH_I2CDEV_SAFE
macros that wrap SYS_SLIST_FOR_EACH_CONTAINER_SAFE, which saves the
next pointer before executing the loop body. Use these in
i3c_sec_bus_reset() so nodes can be safely detached during iteration.
Also add the new macros to .clang-format ForEachMacros list.
Signed-off-by: Ryan McClelland <ryanmcclelland@meta.com>
1. Updated event-related API docs to fix wording and clarify
semantics ("earliest/soonest event", ticks vs cycles).
2. Improve the event implementation to prevent list corruption on misuse:
- pm_policy_event_register() is now idempotent: re-registering
the same evt updates its time instead of appending a duplicate node.
- pm_policy_event_update() / pm_policy_event_unregister() become clean
no-ops if evt is not currently registered.
- Kept a basic evt != NULL assertion.
Signed-off-by: Zhaoxiang Jin <Zhaoxiang.Jin_1@nxp.com>
Add driver for the AC057TC1 5.7-inch 7-color electrophoretic (e-ink)
display. The driver supports MIPI DBI 4-wire SPI mode and includes:
- GPIO interrupt-driven busy signal handling with semaphore-based waiting
- Deep sleep and PM device support for power management
- 4-bit per pixel (2 pixels per byte) color format with 7 color palette
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Adds a PIXEL_FORMAT_PRIV_START value to the display header. This allows
displays with unusual color format to still report sensible information in
their display_capabilites via extension of the enumeration.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Align the net_if_ipv6_router_add() behavior with its IPv4 counterpart,
where it is possible to specify whether the router is a default one
instead of making assumptions based on the lifetime value.
The current behavior was likely inspired by the Neighbor Discovery RFC,
where the lifetime parameter of 0 received in the Router Advertisement
message indicates that the router should not be treated as a default
router, however this is an implementation detail of the Neighbor
Discovery protocol and does not need to be enforced at the router API
level, as this can be used outside of this protocol (for example when
router is added manually from the application).
Therefore, allow to specify the "is_default" parameter separately just
like in the IPv4 case.The Router Advertisement handling routine will
just specify the "is_default" value based on the received lifetime
value.
Also, clarify in the function documentation what does it mean to specify
lifetime to 0 (which means the router never expires according to current
implementation).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
At FULL hardening, trailer canaries on used chunks implicitly guard
adjacent free chunk headers: a sequential buffer overflow must corrupt
the used chunk's trailer before reaching the next header. However,
when a free neighbor's metadata is needed for merging during free(),
the neighbor's header could already have been corrupted by an overflow
from its left used chunk that hasn't been freed yet. For example:
[hdr_U1] [data_U1] [trailer_U1] [hdr_F] [...] [hdr_U2] [trailer_U2]
If data_U1 overflows past trailer_U1 and corrupts hdr_F, freeing U2
would use hdr_F's corrupted size and free-list pointers for merging,
potentially leading to heap structure corruption or arbitrary writes.
Additionally, a corrupted LEFT_SIZE in a used chunk being freed can
point to a fake header crafted inside the left neighbor's data area:
[hdr_U1] [data_U1 ..fake_hdr.. trailer_U1'] [hdr_U2'] [data_U2] ...
| corrupted LEFT_SIZE points
| by overflow to fake_hdr
+<--------------------------+
A determined attacker can make fake_hdr's size field self-consistent
with the corrupted LEFT_SIZE so that the structural round-trip checks
pass. If fake_hdr is marked "used", free_chunk() skips the left
merge and the corruption goes undetected. If marked "free", it
triggers a bogus merge with attacker-controlled free-list pointers.
Both cases are caught by verifying the left used neighbor's canary:
any overflow from the left must pass through trailer_U1 to reach
hdr_U2's LEFT_SIZE field, so the corrupted canary acts as a tripwire
regardless of whether the resulting fake header is marked used or free.
Address this by introducing free_chunk_check() which validates a free
chunk's structural integrity before trusting its header fields. It
consolidates the existing MODERATE-level structural checks (chunk
linkage, used-bit consistency) with a new FULL-level canary
verification of the left used neighbor. Factoring these checks into
a dedicated function lets callers specify @left_trusted according to
context (e.g. the chunk being freed is the left neighbor of the right
merge candidate, so its canary need not be rechecked).
In inplace_realloc()'s shrink path, the freed suffix's left neighbor
is always the chunk being reallocated (used, just validated). This
path inlines only the right merge to avoid the unnecessary left canary
check.
The check is called before every free list removal: in free_chunk()
for left/right merge candidates, in alloc_chunk() when pulling from
a bucket, and in inplace_realloc() before consuming the right
neighbor.
Also give chunk0 a canary trailer so that the left-neighbor canary
check works uniformly for the first free chunk in the heap.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Add optional canary values at the end of each heap allocation to detect
memory corruption. The canary is validated when memory is freed, catching
buffer overflows (writing past allocation) and double-free errors.
The canary is computed from the chunk address and size, XORed with a
magic value. On free, it is checked and then poisoned to detect
double-free attempts.
The canary is stored as trailer data at the end of the chunk rather than
in the header to avoid complicating aligned allocation processing, and
because buffer overflows are most likely to overwrite past the buffer end
anyway.
This adds 8 bytes of memory overhead per allocation and a canary
computation on alloc and validation on free. It is useful for hardening
against memory corruption as well as for chasing bugs during
development. The trailer structure can be readily extended to carry
additional per-allocation metadata if so desired.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Z_HEAP_MIN_SIZE and Z_HEAP_MIN_SIZE_FOR were defined in kernel.h as
hardcoded magic numbers gated by a growing tower of #ifdefs — one
per Kconfig option that happened to affect the heap struct layout.
Every internal change required manually recomputing the constants,
duplicating layout knowledge across files, and praying nobody forgot
to update the #ifdef matrix. This is fragile and unscalable: adding
a single new heap feature (e.g. a chunk canary trailer) would add yet
another dimension to the combinatorial explosion.
Replace this with build-time computation from the actual C structures.
A new lib/heap/heap_constants.c is compiled as part of the offsets
library and uses GEN_ABSOLUTE_SYM to emit the correct values into the
generated offsets.h. Z_HEAP_MIN_SIZE is derived through an iterative
fixed-point expansion (3 rounds, always convergent) that mirrors the
runtime logic in sys_heap_init(). Z_HEAP_MIN_SIZE_FOR overhead and
bucket sizes are also generated, keeping all internal heap layout
knowledge in one place.
Big vs small heap determination uses CONFIG_SYS_HEAP_SMALL_ONLY,
CONFIG_SYS_HEAP_BIG_ONLY, and sizeof(void *), mirroring the
big_heap_chunks() logic in heap.h.
kernel.h picks up the generated values via
__has_include(<zephyr/offsets.h>) so there is no circular dependency
with the offsets compilation itself. The old _Z_HEAP_SIZE manual
sizeof and BUILD_ASSERT scaffolding in heap.c are removed.
gen_offset_header.py is updated to accept multiple input object files
so that the heap constants object can coexist with the per-arch offsets
object in the same offsets library. COMMAND_EXPAND_LISTS is added to
the offsets generation custom command so that CMake correctly expands
the $<TARGET_OBJECTS:> generator expression into separate arguments
when the offsets library contains more than one object file.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Introduce the macro ZTESTABLE_STATIC, which can be used to define
private (static) symbols which otherwise need to be accessible from
ztests.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
- Add a hidden symbol to indicate variable cleanup attribute support.
- Add a symbol to enable cleanup helper macros.
- Provide a macro for the cleanup attribute in the GCC toolchain.
- Disable IAR toolchain support.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Remove the anonymous union/struct which wasn't satisfying the C++
requirement that requires structures to have non-zero length.
Signed-off-by: Keith Short <keithshort@google.com>
Add support for CS IPT (Channel Sounding Inline PCT Transfer)
in the Bluetooth host stack.
Changes include:
* definition of new CS IPT HCI opcodes;
* handling of CS IPT control procedures;
* integration with existing CS infrastructure;
* necessary updates to public headers.
Signed-off-by: Aleksandr Mirlenko <aleksandr.mirlenko@nordicsemi.no>
This commit cleans up the Doxygen documentation for the Silicon Labs
pinctrl DT helpers by ensuring documentation is actually helpful and not
just exposing hundreds of otherwise self-describing macros.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
To allow cellular modems to be declared outside of modem_cellular.c
file, move all structure definitions and macros into internal header
zephyr/drivers/cellular_internal.h
This allows out-of-tree modem to be defined with
MODEM_CELLULAR_DEFINE_INSTANCE() macro.
Remove Devicetree dependency from CONFIG_MODEM_CELLULAR
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Some SoCs or architectures may lack the __sync_synchronize
intrinsic, or not implement the instruction emitted by it,
so wrap this behind the new barrier_sync_synchronize.
Signed-off-by: Pete Johanson <pete.johanson@analog.com>
`last_nl` is 8 bits long, put it at the beginning of the packed struct, so
it can be read and written with one intruction, as it is now aligned.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
zms_mount_force() behaves like zms_mount() but automatically wipes and
reinitializes the partition if the initial mount attempt fails.
A corresponding Kconfig option SETTINGS_ZMS_FORCE_MOUNT is added to the
settings subsystem to enable this behavior when using ZMS as the
settings backend.
Signed-off-by: Andreas Anderberg <andreas.anderberg@u-blox.com>
This ensures public Doxygen documentation clearly indicate what Kconfig
options need to be enabled for the documented functions to be available.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Rename it to USB buffers so we can use it in host support without
confusion. Keep the UDC_* macros for now, we can deprecate and remove
them later.
Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>
