Commit graph

3243 commits

Author SHA1 Message Date
Łukasz Stępnicki
6571f4e1bc kernel: work: work timeout handler uninitialized variables fix
work and handler pointers are local and not initialized.
Initialize them with NULL to avoid compiler error maybe-uninitialized.

Signed-off-by: Łukasz Stępnicki <lukasz.stepnicki@nordicsemi.no>
2025-10-10 12:55:06 -04:00
Andrzej Puzdrowski
eb931d425f kernel/Kconfig.init: update description of SOC_RESET_HOOK
Updated description on conditions and assumptions in which
the soc_reset_hook is executed.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2025-10-07 12:50:10 +02:00
Andrzej Puzdrowski
418eed0f90 arch/arm: introduce the pre-stack/RAM init hook
Introduce hook for customize reset.S code even before stack is
initialized or RAM is accessed. Hook can be enabled using
CONFIG_SOC_EARLY_RESET_HOOK=y.
Hook implementation is by soc_early_reset_hook() function which should
be provided by custom code.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2025-10-07 12:50:10 +02:00
Chris Friedt
6c01157fef kernel: dynamic: update storage size for pool of dynamic thread stacks
Commit 5c5e17f introduced a subtle regression when userspace was
configured on architectures requiring guard pages.

Prior to 5c5e17f, the assumption was that guard pages would be included in
`CONFIG_DYNAMIC_THREAD_STACK_SIZE`, and that was something that the caller
of `k_thread_stack_alloc()` would need to be aware of, although it was not
documented at all, unfortunately.

It seems that 5c5e17f intended to remove the need for that assumption, but
the necessary conditions for doing so had not been met.

Update pool storage size to account for guard pages, which ensures that
users can access every byte of `CONFIG_DYNAMIC_THREAD_STACK_SIZE` rather
than needing to be aware that guard pages would be included in the
requested size.

The compromise is a more intuitive API at the cost of more storage space
for the pool of thread stacks when userspace is enabled.

Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
2025-10-02 11:46:22 +03:00
TaiJu Wu
61bc4451f6 kernel: essential work queue should not stop
consider follow case
```
ZTEST(workqueue_api, test_k_work_queue_stop_sys_thread)
{
	size_t i;
	struct k_work work;
	struct k_work_q work_q = {0};
	struct k_work works[NUM_TEST_ITEMS];
	struct k_work_queue_config cfg = {
		.name = "test_work_q",
		.no_yield = true,
		.essential = true,
	};

	k_work_queue_start(&work_q, work_q_stack,
			   K_THREAD_STACK_SIZEOF(work_q_stack),
			   K_PRIO_PREEMPT(4), &cfg);

	zassert_true(k_work_queue_drain(&work_q, true) >= 0,
	    "Failed to drain & plug work queue");
	zassert_not_ok(k_work_queue_stop(&work_q, K_FOREVER),
	    "Failed to stop work queue");
}
```

If we allow stop essential work queue, system will panic.

Signed-off-by: TaiJu Wu <tjwu1217@gmail.com>
2025-10-01 08:21:56 +02:00
Declan Snyder
88c61d3668 include: hooks.h: Add mocks
Add mocks of platform hooks so that #ifdef are not needed around calls
to these functions.

Signed-off-by: Declan Snyder <declan.snyder@nxp.com>
2025-09-24 19:21:07 -04:00
TaiJu Wu
623d8fa540 kernel: cleanup thread state checks and nunecessary CONFIG check
The commit replaces negative thread state checks with a new,
 more descriptivepositive check.
The expression `!z_is_thread_prevented_from_running()`
is updated to `z_is_thread_ready()` where appropriate, making
the code's intent clearer.

 Removes a redundant `IS_ENABLED(CONFIG_SMP)`, they are included #ifdef.

Finally, this patch add the missing `#endif` directive.

Signed-off-by: TaiJu Wu <tjwu1217@gmail.com>
2025-09-24 09:43:30 +02:00
TaiJu Wu
e069ce242c kernel: Consolidate thread state checking functions
This patch moves `is_aborting()` and `is_halting()`
from `kernel/sched.c` to `kernel/include/kthread.h`
and renames them to `z_is_thread_aborting()` and `z_is_thread_halting()`,
for consistency with other internal kernel APIs.

It replaces the previous inline function definitions in `sched.c`
with calls to the new header functions. Additionally, direct bitwise
checks like `(thread->base.thread_state & _THREAD_DEAD) != 0U`
are updated to use the new `z_is_thread_dead()` helper function.
This enhances code readability and maintainability.

Signed-off-by: TaiJu Wu <tjwu1217@gmail.com>
2025-09-24 09:43:30 +02:00
Aaron Wisner
202ba136a0 include: Fix C headers such that they can be included in C++ context.
ksched.h: Add missing extern "C" for C++.
kernel_arch_func.h: Rename reserved "new" C++ keyword.

No functional change.

Signed-off-by: Aaron Wisner <aaronwisner@gmail.com>
2025-09-19 17:47:34 -04:00
Mohamed Moawad
ccfe64627e kernel: events: add conditional guards for timeout operations
Add conditional compilation guards around timeout operations in
kernel/events.c to ensure compatibility with timer-less configurations.

Signed-off-by: Mohamed Moawad <moawad@synopsys.com>
2025-09-18 09:46:29 +01:00
Adrian Warecki
5c5e17f0f3 kernel: dynamic: Optimize stack pool usage
Add the flags parameter to the z_thread_stack_alloc_pool function.
Determine the maximum possible stack size based on the size of the reserved
memory for stack and the thread type (flags).

The stack size that can be used by a thread depend on its type
(kerner/user). For the same stack size, the macros K_KERNEL_STACK_DECLARE
and K_THREAD_STACK_DEFINE may reserve different amount of memory.

Signed-off-by: Adrian Warecki <adrian.warecki@intel.com>
2025-09-16 16:07:05 -04:00
TaiJu Wu
d361ec9692 kernel: message does not execute correct put front behavior
When the buffer is full, Thread A gets pended (blocked).
If Thread B later calls the get function, it will unpend Thread A,
allowing it to resume and put the message into the queue.
In this situation, we need to know whether Thread A should
continue with put to front or put to end.

In order to resolve this issue, we don't allow set timeout
parameter for `k_msgq_put_front` and this parameter is always
`K_NO_WAIT`.

Signed-off-by: TaiJu Wu <tjwu1217@gmail.com>
2025-09-13 21:22:52 -04:00
Al Semjonovs
911b3da139 kernel: Clean-up lingering code coverage exclusion flag
Remove LCOV_EXCL_STOP flag as LCOV_EXCL_START was removed in a previous
commit.  This causes a gcov compilation error.

Signed-off-by: Al Semjonovs <asemjonovs@google.com>
2025-09-12 08:21:21 +01:00
Marcin Szkudlinski
91d17f6931 kernel: add k_thread_absolute_deadline_set call
k_thread_absolute_deadline_set is simiar to existing
k_thread_deadline_set. Diffrence is that k_thread_deadline_set
takes a deadline as a time delta from the current time,
k_thread_absolute_deadline_set is expecting a timestamp
in the same units used by k_cycle_get_32().

This allows to calculate deadlines for several thread and
set them in deterministic way, using a common timestamp as
a "now" time base.

Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
2025-09-11 14:18:16 +01:00
Anas Nashif
f5d7081710 kernel: do not include ksched.h in subsys/soc code
Do not directly include and use APIs from ksched.h outside of the
kernel. For now do this using more suitable (ipi.h and
kernel_internal.h) internal APIs until more cleanup is done.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-09 11:45:06 +02:00
Anas Nashif
6b46c826aa arch: init: z_bss_zero -> arch_bss_zero
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
d98184c8cb arch: boot: rename z_early_memcpy -> arch_early_memcpy
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
06b179233e kernel: use cmake macro for adding kernel files
simplify cmake file and use macros for adding files that are part of the
kernel based on the configuration.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
e39de0e257 device: move device syscalls to device.c
Move device model syscalls to device.c and decouple kernel header from
device related routines. Cleanup init to have only what is needed.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
7aa3269a3f kernel: boot args kconfig cleanup
Cleanup kconfig of bootargs and put everything in one menuconfig.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
c9269b9b85 kernel: init: move boot arg handling to own file
No reason for this to be part of already packed init.c.
Moved to own file and build only when BOOTARGS are enabled.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
53a51b9287 kernel/arch: Move early init/boot code out of init/kernel headers
Cleanup init.c code and move early boot code into arch/ and make it
accessible outside of the boot process/kernel.

All of this code is not related to the 'kernel' and is mostly used
within the architecture boot / setup process.

The way it was done, some soc code was including kernel_internal.h
directly, which shouldn't be done.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Anas Nashif
cf6db903e1 kernel: move xip into arch/common
Not really a kernel feature, more for architecture, which is reflected
in how XIP is enabled and tested. Move it to architecture code to keep
which much of the 'implementation' and usage is.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-08 15:51:07 -04:00
Charles Hardin
81283c678a kernel: event api extensions to clear events and avoid phantom events
This is variation of the PR to handle phantom events and hopefully
this get merged into the PR to land.

See-also: https://github.com/zephyrproject-rtos/zephyr/pull/89624
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
2025-09-05 16:50:28 -04:00
Anas Nashif
0c84cc5bc6 kernel: drop deprecated pipe API
This API was deprecated in 4.1, so drop it for the 4.3 release. Use new
PIPE API instead.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-09-05 17:13:05 +02:00
Loic Domaigne
6b61ec9d9b kernel: fix error propagation for device deferred initialization
This fix makes sure that do_device_init() returns a negative value if
the device's initialization failed. Previously, it mistakely returned
+errno instead of -errno.

This oversight happened during the refactoring of z_sys_init_run_level()
to support deferred initialization, from which most of do_device_init()
code derives. The rc value computed and stored in dev->state->init_res
is the POSITIVE value of the resulting errno. Returning rc therefore
breaks the convention of a negative value to signal failure.

Signed-off-by: Loic Domaigne <tech@domaigne.com>
2025-09-04 21:03:01 +02:00
Ederson de Souza
cdaca274a5 kernel: Automatically set up HW shadow stack for thread stacks
This patch modifies thread stack macros (such as K_KERNEL_STACK_DECLARE
or K_KERNEL_STACK_ARRAY_DECLARE) to also create a HW shadow stack (when
CONFIG_HW_SHADOW_STACK=y), as well as define a pairing between the
thread stack (or thread stack array) and the shadow stack (or shadow
stack array).

This pairing, which currently is simply an array of pairs (stack,
shadow_stack) is searched during thread setup to find the corresponding
shadow stack and attach it to the thread. If linear search on this array
proves to be a performance issue, the actual structure can be revisited.

To define the size of the shadow stack for a given stack, the stack size
is used. A new Kconfig, CONFIG_HW_SHADOW_STACK_PERCENTAGE_SIZE is used
to define how big the shadow stack is compared to the stack. Note that
this size is in *addition* to the stack size. To avoid some shadow
stacks becoming too small, CONFIG_HW_SHADOW_STACK_MIN_SIZE is used to
define a minimum size. Note that after this size is defined, platform
restrictions on the size of the shadow stack are still applied.

Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
2025-09-02 07:56:48 +02:00
Ederson de Souza
10d6ef0ea5 kernel: Option to allow shadow stack to be reused
It seems that, at least on tests, it's common to call k_thread_create()
on a thread multiple times. This trips a check for the CET shadow stack
- namely, set a shadow stack on a thread which already has a shadow
stack.

This patch adds a Kconfig option to allow that, iff the base address and
size of the new shadow stack are the same as before. This will trigger a
reset of the shadow stack, so it can be reused.

It may be the case that this behaviour (reusing threads) is more common
than only for tests, in which case it could make sense to change the
default - in this patch, is only true if ZTEST.

Even if being enabled by default becomes the reality, it would still
make sense to keep this option - more conscious apps could avoid the
need for the shadow stack reset code altogether.

Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
2025-09-02 07:56:48 +02:00
Ederson de Souza
016eaf2959 kernel: Add interface for hardware shadow stack usage
In order to allow kernel created threads (such as main and idle threads)
to make use of hardware shadow stack implementation, add an interface
for them.

This patch basically provides an infra that architectures need to
implement to provide hardware shadow stack.

Also, main and idle threads are updated to make use of this interface
(if hardware shadow stacks are enabled).

Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
2025-09-02 07:56:48 +02:00
Pieter De Gendt
294f7e52c5 linker: Split nocache memory sections into loadable and non-loadable
Commit f9168ae464 made all non-cached memory
loadable by default.

However as nocache memory is typically used for reserving larger buffers to
be shared between peripherals, this comes at fairly large cost towards ROM
usage.

This commit creates two distinct sections for both loadable and
non-loadable nocache memory sections.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
2025-09-01 23:28:28 +02:00
Peter Mitsis
0111cc9030 kernel: Execute function on another CPU
Adds infrastructure to allow the execution of a function on
a different CPU. The function to be executed on another CPU
runs within the IPI handler at ISR level (and is thus subject
to those constraints).

Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
2025-08-25 09:12:31 +02:00
Jamie McCrae
db8f991c77 kconfig: Use $(...) instead of ${...} for getting variables
Updates this to comply with the Zephyr Kconfig recommendations

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2025-08-20 12:05:41 +02:00
Mahesh Mahadevan
ac7451e6af drivers: timer: Move MAX_WAIT to header file
Move MAX_WAIT define to the system timer header file
so system timer drivers can use this define.

Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
2025-08-19 23:35:32 +02:00
Alexander Paschoaletto
8c03410af0 tracing: msgq: adding dedicated tracing for k_msgq_put_front
This commit adds the tracing macros and functions related
specifically to the k_msgq_put_front API.

Signed-off-by: Alexander Paschoaletto <axelpinheiro@gmail.com>
2025-07-25 08:16:58 -04:00
Alexander Paschoaletto
16986849d5 kernel: msgq: adding support to k_msgq_put_front
This commit introduces the k_msgq_put_front API for sending
messages to a queue in a LIFO scheme.

Signed-off-by: Alexander Paschoaletto <axelpinheiro@gmail.com>
2025-07-25 08:16:58 -04:00
Mathieu Choplain
5183fc5693 kernel: assert no spinlock is held on swap when !USE_SWITCH
The do_swap() routine used when CONFIG_USE_SWITCH=y asserts that caller
thread does not hold any spinlock when CONFIG_SPIN_VALIDATE is enabled.
However, there is no similar check in place when CONFIG_USE_SWITCH=n.

Copy this assertion in the USE_SWITCH=n implementation of z_swap_irqlock().

Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
2025-07-24 02:47:21 -04:00
Peter Mitsis
e50851d476 arch: xtensa: Add support for lazy HiFi ctx switching
When lazy HiFi context switching is enabled, the system starts with
the HiFi coprocessor disabled. Should the thread use that coprocessor,
it will generate an exception which in turn will enable the coprocessor
and save/restore the HiFi registers as appropriate. When switching
to a new thread, the HiFi coprocessor is again disabled.

For simplicity, there are no restrictions as to which thread is allowed
to use the coprocessor.

Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
2025-07-20 12:25:17 -04:00
Peter Mitsis
d397a91c62 kernel: Add arch_coprocessors_disable()
The intent of arch_coprocessors_disable() is to replace
arch_float_disable() in halt_thread() for the FPU will not
always be the only coprocessor that will need to be disabled.

Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
2025-07-20 12:25:17 -04:00
Mirai SHINJO
e6ea5644b3 kernel: mmu: fix memory leak in virt_region_alloc()
The error path for an invalid destination address in virt_region_alloc()
frees the allocation using the originally requested 'size' instead of
the 'num_bits' that were actually allocated from the bitmap.
This leaks the virtual address space.

Pass 'num_bits' instead of 'size' to sys_bitarray_free() to ensure the
allocated region is correctly freed.

Signed-off-by: Mirai SHINJO <oss@mshinjo.com>
2025-07-19 15:47:35 -04:00
Nicolas Pitre
8140680e6b k_heap_aligned_alloc: validate the alignment argument
There is a special internal understanding between `z_alloc_helper()`
and `sys_heap_aligned_alloc()` for the meaning of non-power-of-two
alignment values. There was a time when `z_alloc_helper()` was expressed
in terms of `k_heap_aligned_alloc()` so the later had to accept special
alignment values from the former. This is no longer the case and
`k_heap_aligned_alloc()` should enforce proper alignment values now.

Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
2025-07-19 13:45:56 -04:00
Anas Nashif
1a7ce3f45e Revert "init: Make entry init-function less and introduce service objects"
This reverts commit 175da6bdb0.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-07-16 16:39:36 -05:00
Anas Nashif
ce119f5d07 tracing: do not mark thread as switched_out in case of no reschedule
If z_get_next_switch_handle determines no reschdule is needed, do not
mark thread as switched_out in set_curent() where new and old thread are
the same.

See zephyrproject-rtos/zephyr#88596 for more details.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-07-08 18:34:11 -05:00
Daniel Leung
1984236c1d kernel: move z_sched_lock inside k_sched_lock
z_sched_lock() has exactly one user in tree which is
k_sched_lock(). So combine them to make it easier to
follow (or not, since there is no jumping to another
file anymore).

Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2025-07-08 13:38:48 -05:00
Chaitanya Tata
4bd1d39c67 wifi: nrf70: Fix system work queue stack size override
Defaults cannot be overidden (even with configdefault extension), they
only work if the original symbol is defined after the override e.g.,
"drivers and then subsys/net" but for kernel symbols,the default value
overrides don't work due "kernel and drivers" order, the kernel defines
the original symbol with the default and then it cannot be overridden.

Move the kernel symbol override to the original definition to make it
affect. Else any sample that uses nRF70 but doesn't enable WPA
supplicant ends up with 1024 and crashes.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
2025-07-01 19:04:00 -05:00
Pisit Sawangvonganan
a163f9db61 kconfig: fix typo in (arch, boards, kernel, modules, samples, share)
Utilize a code spell-checking tool to scan for and correct spelling errors
in `Kconfig` files within the `arch`, `boards`, `kernel`, `modules`,
`samples`, and `share` directory.
Additionally, incorporates a fix recommended by the reviewer.

Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
2025-07-01 10:58:54 -10:00
Tomasz Bursztyka
175da6bdb0 init: Make entry init-function less and introduce service objects
Since the addition of deinit operation in device, init and deinit have
been within each device, rendering their init entry's init function
useless.

In order to save ROM space, let's remove the init function from
init entry altogether, and introduce a new object called "service"
which owns an init function to go along with SYS_INIT/SYS_INIT_NAMED.

Signed-off-by: Tomasz Bursztyka <tobu@bang-olufsen.dk>
2025-06-27 14:13:58 +02:00
Duy Nguyen
8b0871c5e5 kernel: memslab: Prevent pointer underflow in free list init
The "p -= slab->info.block_size;" is causing the "p" pointer
to be underflow in RX architecture case, where the RAM address
start from 0x0, in some case p minus block size make it underflow
This change implementation uses an index-based reverse loop to
safely iterate over each block from last to first.

Signed-off-by: Duy Nguyen <duy.nguyen.xa@renesas.com>
2025-06-26 14:07:03 +02:00
Anas Nashif
72a8393aac kernel: kswap: removes unused arch_swap function declaration
Eliminates the external declaration of the `arch_swap` function.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2025-06-18 17:48:03 -04:00
Jordan Yates
117b452b50 kernel: add k_heap_array_get
Add `k_heap_array_get` as an alternative to `sys_heap_array_get`, which
only returns statically defined heaps (those defined with
`K_HEAP_DEFINE` or `K_HEAP_DEFINE_NOCACHE`), but doesn't depend on the
application guessing a value for `CONFIG_SYS_HEAP_ARRAY_SIZE`.

Signed-off-by: Jordan Yates <jordan@embeint.com>
2025-06-18 07:40:55 +02:00
Carles Cufi
61cdcb3383 kernel: Guard SYS_CLOCK_HW_CYCLES_PER_SEC to avoid spurious empty macro
If SYS_CLOCK_EXISTS is not enabled, then the SYS_CLOCK_HW_CYCLES_PER_SEC
still gets created, but with no value. This causes the code generation
in misc/generated/CMakeLists.txt to create an empty assembly macro:

`.equ  CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC,`

which then causes a build error.

Disable SYS_CLOCK_HW_CYCLES_PER_SEC entirely when SYS_CLOCK_EXISTS is
disabled to fix this.

This is a follow-up to 03f46db859.

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2025-06-06 15:01:34 +01:00