Commit graph

3196 commits

Author SHA1 Message Date
Andrew Boie
a23c245a9a userspace: flesh out internal syscall interface
* Instead of a common system call entry function, we instead create a
table mapping system call ids to handler skeleton functions which are
invoked directly by the architecture code which receives the system
call.

* system call handler prototype specified. All but the most trivial
system calls will implement one of these. They validate all the
arguments, including verifying kernel/device object pointers, ensuring
that the calling thread has appropriate access to any memory buffers
passed in, and performing other parameter checks that the base system
call implementation does not check, or only checks with __ASSERT().

It's only possible to install a system call implementation directly
inside this table if the implementation has a return value and requires
no validation of any of its arguments.

A sample handler implementation for k_mutex_unlock() might look like:

u32_t _syscall_k_mutex_unlock(u32_t mutex_arg, u32_t arg2, u32_t arg3,
                              u32_t arg4, u32_t arg5, void *ssf)
{
        struct k_mutex *mutex = (struct k_mutex *)mutex_arg;
        _SYSCALL_ARG1;

        _SYSCALL_IS_OBJ(mutex, K_OBJ_MUTEX, 0,  ssf);
        _SYSCALL_VERIFY(mutex->lock_count > 0, ssf);
        _SYSCALL_VERIFY(mutex->owner == _current, ssf);

        k_mutex_unlock(mutex);

        return 0;
}

* the x86 port modified to work with the system call table instead of
calling a common handler function. fixed an issue where registers being
changed could confuse the compiler has been fixed; all registers, even
ones used for parameters, must be preserved across the system call.

* a new arch API for producing a kernel oops when validating system call
arguments added. The debug information reported will be from the system
call site and not inside the handler function.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-15 13:44:45 -07:00
Andrew Boie
be6740ea77 kernel: define arch interface for memory domains
Based on work by Chunlin Han <chunlin.han@linaro.org>.
This defines the interfaces that architectures will need to implement in
order to support memory domains in either MMU or MPU hardware.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-14 08:59:54 -07:00
Andrew Boie
3f091b5dd9 kernel: add common functions for user mode
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
2acfcd6b05 userspace: add thread-level permission tracking
Now creating a thread will assign it a unique, monotonically increasing
id which is used to reference the permission bitfield in the kernel
object metadata.

Stub functions in userspace.c now implemented.

_new_thread is now wrapped in a common function with pre- and post-
architecture thread initialization tasks.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
5cfa5dc8db kernel: add K_USER flag and _is_thread_user()
Indicates that the thread is configured to run in user mode.
Delete stub function in userspace.c

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
f564986d2f kernel: add _k_syscall_entry stub
This is the kernel-side landing site for system calls. It's currently
just a stub.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
1f32d09bd8 kernel: specify arch functions for userspace
Any arches that support userspace will need to implement these
functions.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
9f70c7b281 kernel: reorganize CONFIG_USERSPACE
This now depends on a capability Kconfig.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:46:36 -07:00
Andrew Boie
26d1eb38e6 stack_sentinel: remove check in _new_thread
We already check the stack sentinel for outgoing thread when we _Swap,
just leverage that.

The thread state check in _check_stack_sentinel now only exits if the
current thread is a dummy thread.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:32:00 -07:00
Andrew Boie
9a74a081e5 _thread_entry: don't use _current
Thread may be in user mode when it returns and can't look at
_current. Use k_current_get() which will be a system call.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 12:32:00 -07:00
Andrew Boie
f5adf534e8 kernel: declare interface for checking buffers
This will be used by system call handlers to ensure that any memory
regions passed in from userspace are actually accessible by the calling
thread.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-12 08:40:41 -07:00
Andrew Boie
1e06ffc815 zephyr: use k_thread_entry_t everywhere
In various places, a private _thread_entry_t, or the full prototype
were being used. Be consistent and use the same typedef everywhere.

Signen-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-11 11:18:22 -07:00
Anas Nashif
8920cf127a cleanup: Move #include directives
Move all #include directives at the very top of the file, before any
code.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-09-11 12:41:07 -04:00
Andrew Boie
f2c83acafc kernel: remove k_thread_spawn()
This API was deprecated in 1.8, we can remove for 1.10.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-11 12:30:51 -04:00
Andrew Boie
8eaff5d6d2 k_thread_abort(): assert if abort essential thread
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.

Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.

_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:35:16 -07:00
Andrew Boie
7d627c5971 k_thread_create(): allow K_FOREVER delay
It's now possible to instantiate a thread object, but delay its
execution indefinitely. This was already supported with K_THREAD_DEFINE.

A new API, k_thread_start(), now exists to start threads that are in
this state.

The intended use-case is to initialize a thread with K_USER, then grant
it various access permissions, and only then start it.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:35:04 -07:00
Andrew Boie
8e51f36bbf kernel: version: no need to store version in RAM
This is a build-time constant, just return it.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:34:50 -07:00
Andrew Boie
0a85eaad05 init: initialize dummy thread stack info
Garbage values here could wreak havoc on the initial switch to main
depending on how arch-specific _Swap() manages memory permissions when
switching threads.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:34:41 -07:00
Andrew Boie
945af95f42 kernel: introduce object validation mechanism
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.

The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.

- CONFIG_USERSPACE introduced. We are somewhat far away from having an
  end-to-end implementation, but at least need a Kconfig symbol to
  guard the incoming code with. Formal documentation doesn't exist yet
  either, but will appear later down the road once the implementation is
  mostly finalized.

- In the memory region for RAM, the data section has been moved last,
  past bss and noinit. This ensures that inserting generated tables
  with addresses of kernel objects does not change the addresses of
  those objects (which would make the table invalid)

- The DWARF debug information in the generated ELF binary is parsed to
  fetch the locations of all kernel objects and pass this to gperf to
  create a perfect hash table of their memory addresses.

- The generated gperf code doesn't know that we are exclusively working
  with memory addresses and uses memory inefficently. A post-processing
  script process_gperf.py adjusts the generated code before it is
  compiled to work with pointer values directly and not strings
  containing them.

- _k_object_init() calls inserted into the init functions for the set of
  kernel object types we are going to support so far

Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-07 16:33:33 -07:00
Inaky Perez-Gonzalez
1abd064ce7 boot: move boot banner and delay before SYS_INIT_LEVEL_APPLICATION
Fixes https://github.com/zephyrproject-rtos/zephyr/issues/1280, but
also many other failures, where output was garbled due to this. Other
similarly affected issues are missing first benchmark (context) in
latency benchmark and some net tests.

Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
2017-09-07 18:29:05 -05:00
Youvedeep Singh
d787e3c554 timer: k_timer_start should accept 0 as duration parameter.
k_timer_start(timer, duration, period) is API used to
start a timer. Currently duration parameters accepts
only positive number.
But a user may require to do some periodic activity
ASAP and start timer with 0 value. So this patch
allows 0 as minimum value of duration.
In this patch, when duration value is set as 0 then
timer expiration handler is called instead of submiting
this into timeout queue.

Jira: ZEP-2497

Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
2017-09-06 10:18:39 -07:00
Youvedeep Singh
76b577e180 tests: benchmark: timing_info: Change API/variable Name.
The API/Variable names in timing_info looks very speicific to
platform (like systick etc), whereas these variabled are used
across platforms (nrf/arm/quark).
So this patch :-
1. changing API/Variable names to generic one.
2. Creating some of Macros whose implimentation is platform
depenent.

Jira: ZEP-2314

Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
2017-08-31 14:25:31 -04:00
Luiz Augusto von Dentz
87aa621915 kernel: Use SYS_DLIST_FOR_EACH_CONTAINER whenever possible
SYS_DLIST_FOR_EACH_CONTAINER is preferable over using
SYS_DLIST_FOR_EACH_NODE as that avoid casting directly which assumes the
node field is always at the beginning.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2017-08-25 09:08:50 -04:00
Luiz Augusto von Dentz
7d01c5ecb7 poll: Enable multiple threads to use k_poll in the same object
This is necessary in order for k_queue_get to work properly since that
is used with buffer pools which might be used by multiple threads asking
for buffers.

Jira: ZEP-2553

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2017-08-25 09:00:46 -04:00
Anas Nashif
83088a235c kernel: init: print boot banner before static threads
The boot banner is being printed after static threads have started, for
example this is visible with tests using ztest.
This puts the banner message before starting any threads.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-24 10:51:04 -04:00
Andy Ross
53c859998d kernel: POSIX thread IPC support
Partial implementation of the IEEE 1003.1 pthread API, including
mutexes and condition variables in their default behaviors, and
pthread barrier objects.  The rwlock and spinlocks abstractions are
not supported in this commit (both only make sense in the presence of
multiple SMP processors).

Note that this is the IPC mechanisms only.  The thread creation API
itself is unsupported: Zephyr threads work differently from pthreads
and don't port cleanly in all cases.  Likewise the "_INITIALIZER"
macros from pthreads don't work cleanly here, and _DECLARE macros have
been provided to statically initialize pthread primitives in a manner
more native to Zephyr

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2017-08-15 19:42:07 -04:00
Luiz Augusto von Dentz
c1fa82b3c6 work_q: Make k_delayed_work_cancel cancel work already pending
This has been a limitation caused by k_fifo which could only remove
items from the beggining, but with the change to use k_queue in
k_work_q it is now possible to remove items from any position with
use of k_queue_remove.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2017-08-15 08:49:09 -04:00
Luiz Augusto von Dentz
adb581be8e work: Convert usage of k_fifo to k_queue
Make use of k_queue directly since it has a more flexible API.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2017-08-15 08:49:09 -04:00
Luiz Augusto von Dentz
84db641de6 queue: Use k_poll if enabled
This makes use of POLL_EVENT in case k_poll is enabled which is
preferable over wait_q as that allows objects to be removed for the
data_q at any time.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2017-08-15 08:49:09 -04:00
Kumar Gala
bd9a1548ac ztest: reduce MAIN_STACK_SIZE stack to 512 bytes
Save some memory for small memory systems when running ztests.  We have
our own stack in ztest so we should be able to get away reducing down
the main stack.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-08-10 18:24:16 -04:00
Wayne Ren
f8d061faf7 arch: arc: add nested interrupt support
* add nested interrupt support for interrupts
   + use a varibale exc_nest_count to trace nest interrupt and exception
   + regular interrupts can be nested by regular interrupts and fast
interrupts
   + fast interrupt's priority is the highest, cannot be nested
* remove the firq stack and exception stack
   + remove the coressponding kconfig option
   + all interrupts (normal and fast) and exceptions will be handled
     in the same stack (_interrupt stack)
   + the pros are, smaller memory footprint (no firq stack), simpler
     stack management, simpler codes, etc.. The cons are, possible
     10-15 instructions overhead for the case where fast irq nests
     regular irq
* add the case of ARC in test/kernel/gen_isr_table

Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-10 12:47:15 -04:00
Youvedeep Singh
f807d4db7e Scheduler: Same priority Preemptive threads should get equal time slice
If there are multiple preemptive threads with same priority, and any
one thread preempts before its time slice expires (due to yields/
semaphore take/queue etc), then next schedules thread is getting
lower time slide than expected.
This patch fixes this issue by accounting time expired when a thread
releases CPU before its time slide expires.

Jira: ZEP-2217/ZEP-2218

Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
2017-08-08 08:51:24 -04:00
Anas Nashif
c6ba67fe3f kconfig: move dts Kconfigs to dts/
Those were placed under kernel/ for no good reason.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-03 07:19:29 -05:00
Anas Nashif
11acc391dc kconfig: remove empty and unused kernel.config
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-03 07:19:29 -05:00
Andrew Boie
507852a4ad kernel: introduce opaque data type for stacks
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.

This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.

We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.

To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.

This should catch a bunch of programming mistakes at build time:

- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
  passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
  which is not actually the memory desired and may trigger a CPU
  exception

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-01 16:43:15 -07:00
Andy Ross
4c63af8434 mem_pool: Don't check level_empty() before breaking a block
This test was just wrong.  If the current thread did not race with any
others during the allocation process, then the result will be false
because it was detected so earlier in the function.  If we did race,
then sure: it might be true now if someone snuck in and freed a block.
But so what?  We already have the block we want to break.  The
behavior in the code as written was to early-exit from the break loop,
returning a buffer that was larger than the one requested (though
otherwise benign -- we wouldn't leak, just waste memory).  No idea
what I was thinking.

Thanks to Du Quanwen for the diagnosis.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2017-07-31 09:14:59 -07:00
Andrew Boie
0fab8a6dc5 x86: page-aligned stacks with guard page
Subsequent patches will set this guard page as unmapped,
triggering a page fault on access. If this is due to
stack overflow, a double fault will be triggered,
which we are now capable of handling with a switch to
a know good stack.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-07-25 11:32:36 -04:00
Maureen Helm
7bf0df3aec dts: Generate Kinetis adc settings from device tree
Adds common and Kinetis-specific adc device tree properties, and updates
all Kinetis SoC and board dts files to include adc nodes.

Jira: ZEP-1396

Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
2017-07-19 14:28:08 -05:00
Paul Sokolovsky
b1e7481763 kernel: boot: Fix double prompt definition for CONFIG_BOOT_DELAY
This fixes Kconfig warning:

scripts/kconfig/conf --silentoldconfig Kconfig
zephyr/kernel/Kconfig:209:warning: prompt redefined

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
2017-07-19 09:26:17 +03:00
Inaky Perez-Gonzalez
c51f73f77f boot: add CONFIG_BOOT_DELAY option
Introduce a configurable boot delay option (defaulting to none) that
happens right after printing a boot delay banner, #before calling
main() in kernel/init.c:_main(), before taking timestamps for _main()
and once all the infrastructure is in place. Move also the boot banner
to happen after this delay.

The rationale for this is some boards will boot really fast and print
out some test case output in the serial port before the system that is
monitoring the serial port is able to read from the serial port.

This happens in MCUs whose serial port is embedded in a USB connection
which also is used to power the MCU board. When powering it on by
powering the USB port, there is a time it takes the host system to
detect the USB connection, enumerate the serial port, configure it and
load, start and read from the serial port. At this time, it might have
printed the output of the serial port.

While manually it is possible to press a reset button, on automation
setups this adds a lot of overhead and cabling or modifications to the
MCU that are easier (and cheaper) to overcome with this delay. Other
options (like using a separate serial line) might not be possible or
add a lot of cabling and cost, plus it'd also add extra build
configuration.

Change-Id: I2f4d1ba356de6cefa19b4ef5c9f19f87885d4dfd
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
2017-07-18 08:31:45 +03:00
Marti Bolivar
4995820acf dts: i2c: fix build issue by defaulting HAS_DTS_I2C to n
Commit 1bc2fdc70 ("dts: arm: STM32 boards use DT to configure I2C")
added a new Kconfig option, HAS_DTS_I2C, which should be set when the
target supports configuration of I2C peripherals via Device Tree.

Currently, STM32 targets select this. However, the fact that
HAS_DTS_I2C has no default is causing prompting when building Zephyr
on other targets with DTS. To avoid this and allow builds to complete
as usual, have HAS_DTS_I2C default to n.

Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
2017-07-12 10:40:28 -05:00
Andrew Boie
65a9d2a94a kernel: make K_.*_INITIALIZER private to kernel
Upcoming memory protection features will be placing some additional
constraints on kernel objects:

- They need to reside in memory owned by the kernel and not the
application
- Certain kernel object validation schemes will require some run-time
initialization of all kernel objects before they can be used.

Per Ben these initializer macros were never intended to be public. It is
not forbidden to use them, but doing so requires care: the memory being
initialized must reside in kernel space, and extra runtime
initialization steps may need to be peformed before they are fully
usable as kernel objects. In particular, kernel subsystems or drivers
whose objects are already in kernel memory may still need to use these
macros if they define kernel objects as members of a larger data
structure.

It is intended that application developers instead use the
K_<object>_DEFINE macros, which will automatically put the object in the
right memory and add them to a section which can be iterated over at
boot to complete initiailization.

There was no K_WORK_DEFINE() macro for creating struct k_work objects,
this is now added.

k_poll_event and k_poll_signal are intended to be instatiated from
application memory and have not been changed.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-07-10 11:44:56 -07:00
Yannis Damigos
1bc2fdc704 dts: arm: STM32 boards use DT to configure I2C
Configure I2C using DT for the following STM32 boards:

disco_l475_iot1
nucleo_f401re
96b_carbon
olimexino_stm32

Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
2017-07-07 10:31:34 -05:00
Andrew Boie
bf5228ea56 kernel: add early init routines for app RAM
Applications will have their own BSS and data sections which
will need to be additionally copied.

This covers the common C implementation of these functions.
Arches which implement their own optimized versions will need
to be updated.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-06-29 07:46:58 -04:00
Andrew Boie
2dc207c987 kernel: add config for app/kernel split
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-06-29 07:46:58 -04:00
Anas Nashif
397d29db42 linker: move all linker headers to include/linker
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-06-18 09:24:04 -05:00
Adithya Baglody
be1cb961ad tests: benchmark: boot_time: Reading time stamps made arch agnostic
1. Changed _tsc_read() to k_cycles_get_32(). Thus reading the
time stamp will be agnostic of the architecutre used.
2. Changed the variable names from *_tsc to *_time_stamp.

JIRA: ZEP-1426

Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
2017-06-16 07:37:37 -05:00
David B. Kinder
9faa5f2033 doc: spelling fixes in Kconfig files
regular spelling check on Kconfig.* files

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2017-06-12 19:40:51 -04:00
Andrew Boie
dc5d935d12 kernel: introduce stack definition macros
The existing __stack decorator is not flexible enough for upcoming
thread stack memory protection scenarios. Wrap the entire thing in
a declaration macro abstraction instead, which can be implemented
on a per-arch or per-SOC basis.

Issue: ZEP-2185
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-06-09 18:53:28 -04:00
Andrew Boie
ae1a75b82e stack_sentinel: change cooperative check
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).

This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.

This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.

The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.

Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-06-08 13:49:36 -05:00