Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Having two implementations of the same thing is bad,
especially when one can just call the other inline version.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All arguments comes from userspace has data type u32_t but
base.prio has data type of s8_t. Comparision between s8_t and u32_t
cannot be done. That's why typecast priority coming from userspace(prio)
to s8_t data type.
Signed-off-by: Punit Vara <punit.vara@intel.com>
On arches which have custom logic to do the initial swap into
the main thread, _current may be NULL. This happens when
instantiating the idle and main threads.
If this is the case, skip checks for memory domain and object
permission inheritance, in this case there is never anything to
inherit.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
For the dummy thread, contents in the mem_domain structure
is insignificant hence setting it to NULL.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Added arch specific calls to handle memory domain destroy
and removal of partition.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Additional arch specific interfaces to handle memory domain
destroy and single partition removal.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Kernel object metadata had an extra data field added recently to
store bounds for stack objects. Use this data field to assign
IDs to thread objects at build time. This has numerous advantages:
* Threads can be granted permissions on kernel objects before the
thread is initialized. Previously, it was necessary to call
k_thread_create() with a K_FOREVER delay, assign permissions, then
start the thread. Permissions are still completely cleared when
a thread exits.
* No need for runtime logic to manage thread IDs
* Build error if CONFIG_MAX_THREAD_BYTES is set too low
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Some "random" drivers are not drivers at all: they just implement the
function `sys_rand32_get()`. Move those to a random subsystem in
preparation for a reorganization.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Use-cases for these subsystems appear to be limited to board/SOC
code, network stacks, or other drivers, no need to expose to
userspace at this time. If we change our minds it's easy enough
to add them back.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Intention of CONFIG_BOOT_DELAY is to delay booting of system for certain
time. Currently it is only delaying start of _main thread as delay is
created using k_sleep. This leads to putting _main thread into timeout
queue and continue kernel boot. This is causing some of undesirable
effects in some of test Automation usecase.
This patch changes k_sleep to k_busy_wait which result in delay in OS
boot instead of delaying start of _main.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix init_group bit clearing in _k_thread_group_leave()
Fix _k_object_uninit calling order. Though the order won't
make much difference in this case it is always good to destroy
or uninitialize in the reverse order of the object creation or
initialization.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Added arch specific calls to handle memory domain destroy
and removal of partition.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Additional arch specific interfaces to handle memory domain
destroy and single partition removal.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Most calls to device_get_binding() will pass named constants generated
by Kconfig; these constants will all point to the same place, so
compare the pointer before attempting to match the whole string.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
When k_poll is being used k_queue_cancel_wait shall mark the state as
K_POLL_STATE_NOT_READY so other threads will get properly notified with
a NULL pointer return.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
In case _handle_obj_poll_events is called with K_POLL_STATE_NOT_READY
set -EINTR as return to the poller thread.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
k_queue_get shall never return NULL when timeout is K_FOREVER which can
happen when a higher priority thread cancel/take an item before the
waiting thread.
Fixes issue #4358
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This is a runtime counterpart to K_THREAD_ACCESS_GRANT().
This function takes a thread and a NULL-terminated list of kernel
objects and runs k_object_access_grant() on each of them.
This function doesn't require any special permissions and doesn't
need to become a system call.
__attribute__((sentinel)) added to warn users if they omit the
required NULL termination.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's possible to declare static threads that start up as K_USER,
but these threads can't do much since they start with permissions on
no kernel objects other than their own thread object.
Rather than do some run-time synchronization to have some other thread
grant the necessary permissions, we introduce macros
to conveniently assign object permissions to these threads when they
are brought up at boot by the kernel. The tables generated here
are constant and live in ROM when possible.
Example usage:
K_THREAD_DEFINE(my_thread, STACK_SIZE, my_thread_entry,
NULL, NULL, NULL, 0, K_USER, K_NO_WAIT);
K_THREAD_ACCESS_GRANT(my_thread, &my_sem, &my_mutex, &my_pipe);
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently this is defined as a k_thread_stack_t pointer.
However this isn't correct, stacks are defined as arrays. Extern
references to k_thread_stack_t doesn't work properly as the compiler
treats it as a pointer to the stack array and not the array itself.
Declaring as an unsized array of k_thread_stack_t doesn't work
well either. The least amount of confusion is to leave out the
pointer/array status completely, use pointers for function prototypes,
and define K_THREAD_STACK_EXTERN() to properly create an extern
reference.
The definitions for all functions and struct that use
k_thread_stack_t need to be updated, but code that uses them should
be unchanged.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All sys_slist_*() functions aren't threadsafe and calls to them
must be protected with irq_lock. This is usually done in a wider
caller context, but k_queue_poll() is called with irq_lock already
relinquished, and is thus subject to hard to detect and explain
race conditions, as e.g. was tracked in #4022.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
User threads can only create other nonessential user threads
of equal or lower priority and must have access to the entire
stack area.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to track permission on stack memory regions like we do
with other kernel objects. We want stacks to live in a memory
area that is outside the scope of memory domain permission
management. We need to be able track what stacks are in use,
and what stacks may be used by user threads trying to call
k_thread_create().
Some special handling is needed because thread stacks appear as
variously-sized arrays of struct _k_thread_stack_element which is
just a char. We need the entire array to be considered an object,
but also properly handle arrays of stacks.
Validation of stacks also requires that the bounds of the stack
are not exceeded. Various approaches were considered. Storing
the size in some header region of the stack itself would not allow
the stack to live in 'noinit'. Having a stack object be a data
structure that points to the stack buffer would confound our
current APIs for declaring stacks as arrays or struct members.
In the end, the struct _k_object was extended to store this size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We also need macros to assert that an object must be in an
uninitialized state. This will be used for validating thread
and stack objects to k_thread_create(), which must not be already
in use.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is too powerful for user mode, the other access APIs
require explicit permissions on the threads that are being
granted access.
The API is no longer exposed as a system call and hence will
only be usable by supervisor threads.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It's currently too easy to run out of thread IDs as they
are never re-used on thread exit.
Now the kernel maintains a bitfield of in-use thread IDs,
updated on thread creation and termination. When a thread
exits, the permission bitfield for all kernel objects is
updated to revoke access for that retired thread ID, so that
a new thread re-using that ID will not gain access to objects
that it should not have.
Because of these runtime updates, setting the permission
bitmap for an object to all ones for a "public" object doesn't
work properly any more; a flag is now set for this instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We got rid of letting uninitialized objects being a free-for-all
and permission to do stuff on an object is now done explicitly.
If a user thread is initializing an object, they will already have
permission on it.
If a supervisor thread is initializing an object, that supervisor
thread may or may not want that object added to its set of object
permissions for purposes of permission inheritance or dropping to
user mode.
Resetting all permissions on initialization makes objects much
harder to share and re-use; for example other threads will lose
access if some thread re-inits a shared semaphore.
For all these reasons, just keep the permissions as they are when
an object is initialized.
We will need some policy for permission reset when objects are
requested and released from pools, but the pool implementation
should take care of that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will allow these thread objects to be re-used.
_mark_thread_as_dead() removed, it was only being called in one
place.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
API to assist with re-using objects, such as terminated threads or
kernel objects returned to a pool.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Use some preprocessor trickery to automatically deduce the amount of
arguments for the various _SYSCALL_HANDLERn() macros. Makes the grunt
work of converting a bunch of kernel APIs to system calls slightly
easier.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Does the opposite of k_object_access_grant(); the provided thread will
lose access to that kernel object.
If invoked from userspace the caller must hace sufficient access
to that object and permission on the thread being revoked access.
Fix documentation for k_object_access_grant() API to reflect that
permission on the thread parameter is needed as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
