Add cpu_load support for Xtensa.
Fix an issue in Xtensa tracing where sys_trace_idle_exit
was not called, causing idle time to be collected incorrectly.
Signed-off-by: Frank Li <lgl88911@163.com>
Instead of relaying on the dynamic_get() callback initializing the whole
struct shell_static_entry *entry,
pre-initialize it to 0, so previous garbage in the stack does not cause
random behaviour.
The issue can be seen when running with valgrind, for example:
```
twister -p native_sim -T tests/drivers/comparator/shell/ --enable-valgrind
cmake -GNinja -DBOARD=native_sim ../tests/drivers/comparator/shell/
ninja
valgrind zephyr/zephyr.exe
```
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This performs a check of target code using it as index to
retrieve target string via the target code string array.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Problem:
When fs_open() is called with FS_O_TRUNC, the FS backend
opens the underlying file via mp->fs->open() before the
truncate is attempted. If mp->fs->truncate() then fails,
the previous code cleared zfp->mp and returned right away,
which causes two issues:
- the backend's close hook is never invoked, so the
resources allocated during open (file slab entries,
internal caches, backend-specific structures such as
lfs_file, etc.) stay permanently allocated;
- a follow-up fs_close(zfp) cannot recover them either,
because zfp->mp has already been NULL'd and fs_close()
returns early.
The leak is reproducible on every backend (LittleFS, FAT,
...) and accumulates one slot per failed call until the
file slab is exhausted.
Solution:
Close the backend file explicitly in the truncate failure
path, before clearing zfp->mp, so the FS-specific close
hook can release everything it allocated during open().
If close itself fails, log the secondary error but still
return the original truncate error code, since that is
the root cause callers diagnose against.
Signed-off-by: Shuai Ma <malin719426@gmail.com>
Remove the use of printk, and replace with bt_shell_print
Remove any excess `\n` that seem to have been leftovers
from a previous fix.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This reverts commit 9401406e6a.
This patch was reverted due to regressions reported in #109814 (cached
timeseries data loss).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Using Mbed TLS in the names wasn't accurate as it may be some other
PSA Crypto implementation.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Just as we have for Mbed TLS, provide the option for users that want
to bring their own TF-PSA-Crypto.
To that end, guard references to the tfpsacrypto CMake
library as well as the inclusion of zephyr_entropy.c
and zephyr_init.c behind CONFIG_TF_PSA_CRYPTO_BUILTIN.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add early exist to the suspend function if suspending client is
not the last one. It fixes the case where user calls put function
from the thread context and it gets interrupted by the device
interrupt where another asynchronous put is called. In that case,
in the interrupt context the call will return error as semaphore
cannot be taken and reference counting gets broken. By adding
an early exit if context is not the last one, we ensure that only
last client executes suspending procedure.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
3GPP TS 27.010 section 5.4.6.3.2 specifies a PSC frame exchange when
entering power save and section 5.4.7 specifies a flag-byte exchange
when exiting. modem_cmux blocks at T3 timeout on either half if the
peer does not implement the exchange, which is the case for modems
that manage sleep and wake out-of-band (hardware lines or
modem-control AT commands).
Add an opt-in DT property cmux-no-powersave-handshake (default off)
on the cellular-modem common binding. When set,
modem_cmux_runtime_pm_handler skips modem_cmux_send_psc and the T3
reschedule on entry and transitions directly to STATE_POWERSAVE;
powersave_wait_wakeup skips the wake-pattern transmission and the
STATE_RESYNC wait on exit and transitions directly to STATE_CONNECTED.
Signed-off-by: Paulo Santos <paulo.santos-ext@hexagon.com>
- Fix to_write calculation to account for already written bytes
- Advance offset in loop to fetch correct block on each iteration
Signed-off-by: DEVER Emiel <emiel.dever@psicontrol.com>
Add missing includes and sort where applicable.
This is to follow include-what-you-use.
Assisted-by: Claude:claude-sonnet-4.5
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Having an interface library named "mbedTLS" and the real library named
"mbedtls" (as provided by the Mbed TLS module) is misleading.
This commit replaces:
- mbedTLS -> mbedtls_iface for the CMake library. "mbedTLS" is still
available as alias to "mbedtls_iface" for backward
compatibility, but this should be removed in the future.
- mbedTLS -> Mbed TLS in comments and documentation.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Store `command->length.value` in a local `length` variable in
`modem_cmux_command_is_valid()` to reduce repetitive pointer
dereferencing and improve readability without changing behavior.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
`modem_cmux_command_encode()` cannot return NULL because it uses
internal static storage and validates inputs with assertions.
Remove NULL checks at all call sites and update the function
documentation to reflect the actual behavior.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Change log message from "On-Demand Policy" to "Pressure Policy"
and fix "pstate_out == NULL" order to match coding style.
Signed-off-by: Yu Yuan <yuanyu@whut.edu.cn>
Updates the 'src_id' check in z_vrfy_log_filter_check() so that
negative values are also excluded.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
If we are receiving more bytes than the buffer size, we return
early in gdb_get_packet(). There is no need to go through all
the checksum calculation as it is going to be wrong anyway.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Sleep events are not traced in the user tracing backend. In addition,
k_sleep() does not go through the pending state, so there is no pend
event either. This leaves a thread switch-out with no context in the
trace, which can be confusing when analyzing scheduler behavior.
Add the missing sleep hooks (k_sleep, k_usleep, k_msleep) to the user
tracing backend and update the sample to demonstrate their output.
Signed-off-by: Jinming Zhao <jinmzhao@qti.qualcomm.com>
The changes introduced in #67881 not support fonts whose heights are
not integer multiples of 8.
This commit removes the old restriction.
Signed-off-by: TOKITA Hiroshi <tokita.hiroshi@gmail.com>
POSIX_MULTI_PROCESS is currently enabled via POSIX_SIGNALS,
which prevents it from being disabled through configuration files.
This change removes POSIX_MULTI_PROCESS from POSIX_SIGNALS so that it
can be explicitly enabled or disabled via configuration when required.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
The cpu_load measurement window (cyc_start, ticks_idle) is only updated
inside cpu_load_get(reset=true), which the periodic timer calls on every
firing. When the periodic timer is started for the first time at
SYS_INIT, or later restarted via cpu_load_log_control(true), the window
inherits whatever stale values cyc_start and ticks_idle happened to
have. The first periodic firing after a (re)start therefore measures
load over an arbitrary, ill-defined interval and may report any value.
For the SYS_INIT path this just means the very first logged load reads
as ~100% (cyc_start is implicitly 0 while ticks_idle has only counted
idle since cpu_load_init). More importantly, for cpu_load_log_control
it makes the first measurement after re-enabling the timer depend on
whatever the caller happened to do between the previous stop and the
new start, defeating the point of stopping/restarting in the first
place.
Reset the window with cpu_load_get(true) before each k_timer_start so
the first firing measures a well-defined interval that begins exactly
at the (re)start point.
Update the callback tests to call cpu_load_log_control(true) at entry
and cpu_load_log_control(false) at exit, instead of free-riding on the
SYS_INIT-started timer. Combined with the window reset above, each
test now starts measuring from a known baseline, making
test_callback_load_low deterministic regardless of how busy the CPU was
at the end of the preceding test.
In test_periodic_report, add log_flush() before each log_cnt assertion.
log_cnt is incremented asynchronously by the deferred-mode log thread
when it dispatches messages to the dummy backend. Without flushing,
the assertion can read log_cnt while the 3 cpu_load LOG_INFs queued
during k_msleep(150) are still pending in the queue (the log thread
wakes only when the queue reaches 10 messages or after 1000 ms). The
test passes by accident on platforms where the log thread happens to
have been woken by other traffic during the test window, and fails
deterministically elsewhere. log_flush() blocks until the queue is
drained, so log_cnt becomes a deterministic count regardless of host
or scheduler timing.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The trace strings for socket bind/connect/getpeername/getsockname
were declared without initialization before being emitted.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Modify stack sizes to start at the fixed size of 4 and % with a
fixed size of 3. Percentages should never be more than 3 digits
in this case, and the majority of stack sizes should never exceed
9999, and if they do, then it just pads them.
The purpose of this is to just a slightly cleaner table where each
row has the same width.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix uninitialized variable use reported by Valgrind. Could be a false
positive, as those arrays are filled in lwm2m_engine_get_binding() and
lwm2m_engine_get_queue_mode(), but as binding and queue buffers are
small just initialize them with 0's to satisfy Valgrind.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
log_custom_timestamp_print() asserts that log_timestamp_format_func is
non-NULL before falling through to an if-guarded call of that same
pointer. The if-branch already handles the NULL case gracefully by
returning 0 (no timestamp emitted), so the assert serves no functional
purpose: it just converts a benign "callback not yet registered" state
into a kernel panic.
That panic is reachable through a perfectly legitimate SMP race. When
CONFIG_LOG_OUTPUT_FORMAT_CUSTOM_TIMESTAMP=y, every log message routed
through log_output_process() goes through log_custom_timestamp_print()
for timestamp formatting. On SMP, the deferred log processing thread
can be scheduled on a secondary CPU and dispatch a queued boot-time
log message before the application thread (on CPU 0) has had a chance
to call log_custom_timestamp_set() - any user that registers the
callback after boot, rather than at sys-init time, can hit this.
Concrete repro on fvp_base_revc_2xaem/v9a/smp running
tests/subsys/logging/log_timestamp/ with
CONFIG_LOG_OUTPUT_FORMAT_CUSTOM_TIMESTAMP=y: arch/arm64/core/mmu.c
emits a boot-time LOG_WRN ("xlat tables low: 7 of 8 in use") which
the log thread dispatches on CPU 1 just as the test starts on CPU 0,
hitting the assert and panicking the kernel before the test sets its
callback.
Dropping the assert lets log_custom_timestamp_print() degrade
gracefully: a user who genuinely forgot to call
log_custom_timestamp_set() sees missing timestamps rather than a
system-wide panic.
Fixes#109536
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
When ADR is enabled the network controls the datarate through LinkADRReq
so a user-issued lorawan_set_datarate() at that point should not have any
effect.
Applications that want to manually control the datarate must call
lorawan_enable_adr(false) first.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Make Engine Great Again (MEGA), that is route synchronous native LoRaWAN
API work through the engine thread so the engine remains the single writer
of runtime MAC state.
Replace the shared join/send result queues with caller-owned completion
state carried by each engine request. The API caller posts a request and
waits on its own semaphore, while the MAC handler stores the result and
signals that specific request. This removes result matching from shared
queues and lets join/send wait without holding api_mutex.
Move also runtime configuration updates onto the engine thread allowing us
to drop api_mutex once runtime mutations are engine-owned.
Update the public API documentation, migration guide, and native backend
version to reflect a new stricter functions ordering.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Commit 68c95f8e8f ("lorawan: native: reject unsupported downlink
FOpts") rejects any downlink that carries FOpts bytes, ahead of MIC
verification, by returning -ENOTSUP from mac_parse_downlink().
Real networks (TTN, ChirpStack, ...) typically issue a LinkADRReq within
the first downlinks after join, so the very first confirmed uplink response
carries FOpts and gets dropped.
Keep instead a non-fatal LOG_WRN after MIC verification so an operator
still sees that the network is issuing commands the stack does not yet
act on. Moving the warning past MIC also avoids spamming on spoofed or
corrupted frames.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Correcting the HPACKED glyph addressing used by the CFB renderer.
HPACKED font data stores 8 horizontal pixels per byte,
so glyph stride must be based on the rounded-up byte width and
bit extraction must use the glyph x coordinate.
Also make generated tofu glyph bytes follow the selected font packing,
so missing glyph rendering uses the same layout as normal glyph data.
Signed-off-by: TOKITA Hiroshi <tokita.hiroshi@gmail.com>
Fixes a hard to hit race condition allowing the write lock to be
obtained while the read lock is held.
Addresses: #104908
Signed-off-by: Michael Feist <maxxus220@gmail.com>
The check stacksize < PTHREAD_STACK_MIN was flagged by Coverity as
always false (CWE-570) on architectures where PTHREAD_STACK_MIN is 0.
Additionally, removing the stacksize == 0 check caused 48 test
failures because POSIX requires EINVAL for a zero stack size even if
the minimum allowed stack size is 0.
Fix both issues by:
1. Restoring the explicit stacksize == 0 check for POSIX compliance.
2. Guarding the PTHREAD_STACK_MIN comparison with a > 0 check to
satisfy Coverity.
Fixes: #99978
Signed-off-by: Bhavin Umatiya <umatiyabhavin@gmail.com>
With CONFIG_BT_MAX_CONN=1, restarting connectable advertising from
the bt_conn_cb.disconnected callback fails with -ENOMEM because the
BLE host still holds a connection reference at that point. The
connection slot is only guaranteed free when bt_conn_cb.recycled fires.
Two code paths in gatt_disconnected() called bt_mesh_adv_gatt_update()
indirectly, triggering bt_le_ext_adv_start() before the connection
slot was freed:
pb_gatt_srv: on the provisioned path, bt_mesh_pb_gatt_srv_disable()
was called, which internally triggers bt_mesh_adv_gatt_update().
proxy_srv: when the proxy service was not yet registered upon
disconnect, bt_mesh_proxy_gatt_enable() was called, which also
triggers bt_mesh_adv_gatt_update().
Extract prov_gatt_service_unregister() and proxy_gatt_service_register()
as private helpers that perform only the GATT service operation without
triggering advertising. Have gatt_disconnected() call these helpers
and set adv_restart_pending = true in all branches, so conn_recycled()
safely handles the advertising restart after the connection is freed.
Assisted-by: GitHub Copilot:Claude Sonnet 4.6
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
When a PB-GATT or GATT Proxy connection disconnects on a device with
CONFIG_BT_MAX_CONN=1, the mesh stack attempts to restart connectable
advertising from the disconnected callback. This fails with -ENOMEM
because the BLE host still holds a reference to the connection object
at that point, and bt_le_ext_adv_start() cannot pre-allocate a new
connection slot.
Fix this by using the bt_conn_cb.recycled callback to trigger
advertising restart. The recycled callback fires only after the
connection object is fully released, guaranteeing a free slot is
available for connectable advertising.
Remove bt_mesh_adv_gatt_update() from bt_mesh_proxy_role_cleanup()
and instead set an adv_restart_pending flag in the disconnected
handler. The recycled callback checks this flag to avoid unnecessary
advertising restart attempts from unrelated disconnections.
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
In `l2cap_br_conf_req()` and `l2cap_br_conf_rsp()`, `buf->len` is used
to validate the minimum packet size. However, `buf->len` may exceed the
actual command data length (the `len` parameter from the L2CAP
signaling header), as the buffer can contain data beyond the current
command.
When the command data length `len` is smaller than the minimum packet
size, but `buf->len` is not less than the minimum packet size, the
validation passes incorrectly. Subsequently, when calculating `opt_len`
(`len - sizeof(*req)`), an underflow occurs duw to the value of type
`uint16_t`, resulting in an out-of-bounds buffer access issue.
Fix by validating against the `len` parameter instead of `buf->len` in
both `l2cap_br_conf_req()` and `l2cap_br_conf_rsp()`, since `len`
reflects the actual command data length.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
New option CONFIG_THREAD_ANALYZER_PRINT_THREAD_PRIORITY that includes
each thread's priority to the print output of thread analyzer.
Signed-off-by: Jonathan Karlsson <karlsson_jonathan@hotmail.com>
The result of `mctp_pktbuf_alloc` wasn't being checked on both
controller and target. While a simple check is enough for the
controller, the target fix is a bit more involved.
As the target was allocating the buffer when it received the length
of the message on its pseudoregister, a buggy controller could write
this more than once, making previous allocations leak. This is solved by
only noting the size of the message written to the pseudoregister, and
doing the allocation when the first byte of the message was received.
This flow also ensures that a buggy controller can't skip sending the
length of the message, as this will result in a zero-sized MCTP packet,
which will be handled by libmctp.
Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
Add optional DHCP option 114 (Captive-Portal Identity, RFC 8910) to the
Zephyr DHCPv4 server. When enabled, the server includes the option in
Offer and Acknowledgment messages when the client requests it via DHCP
option 55 (Parameter Request List), so clients can discover a captive
portal URI on isolated networks (e.g. SoftAP provisioning).
Introduce CONFIG_NET_DHCPV4_SERVER_OPTION_CAPTIVE_PORTAL to gate the
feature and CONFIG_NET_DHCPV4_SERVER_OPTION_CAPTIVE_PORTAL_URI for an
optional URI override. If the override string is empty, the server
builds http://<IPv4-on-DHCP-interface>/generate_204 from the address
stored in the server context when the server starts (ctx->server_addr).
Tested by building an application with
CONFIG_NET_DHCPV4_SERVER_OPTION_CAPTIVE_PORTAL=y and confirming DHCP
Offer/ACK include option 114 when listed in the client's parameter
request list on a SoftAP network.
Signed-off-by: Ricardo Tafas <ricardo.tafas@espressif.com>
Neither sys_heap nor sys_multi_heap provide thread safety, so
concurrent calls to mem_attr_heap_alloc/free can corrupt the
underlying heap structures.
When MULTITHREADING is enabled protect the alloc and free
mem_attr_heap functions with a spinlock.
Signed-off-by: Graham Roff <grahamr@qti.qualcomm.com>
