In order to mitigate Spectre variant 2 (branch target injection), use
retpolines for indirect jumps and calls.
The newly-added hidden CONFIG_X86_NO_SPECTRE flag, which is disabled
by default, must be set by a x86 SoC if its CPU performs speculative
execution. Most targets supported by Zephyr do not, so this is
set to "y" by default.
A new setting, CONFIG_RETPOLINE, has been added to the "Security
Options" sections, and that will be enabled by default if
CONFIG_X86_NO_SPECTRE is disabled.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The POSIX layer had a simple ready_one_thread() utility. Move this to
the scheduler API (with a prepended underscore -- it's an internal
API) so that it can be synchronized along with the rest of the
scheduler.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Almost everywhere this was called, it was immediately followed by
_abort_thread_timeout(), for obvious reasons. The only exceptions
were in timeout and k_timer expiration (unifying these two would be
another good cleanup), which are peripheral parts of the scheduler and
can plausibly use a more "internal" API.
So make the common case the default, and expose the old behavior as
_unpend_thread_no_timeout(). (Along with identical changes for
_unpend_first_thread) Saves code bytes and simplifies scheduler
surface area for future synchronization work.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes to the scheduler API means we can simplify this
further: move the assignment to mutex->owner outside the if(), which
removes the need to have an else clause (which just set that field to
NULL when the new_owner was already NULL); and we can likewise move
the irq_unlock() outside the block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Originally, pthread_cond_signal() was written to yield even in
circumstances where the current thread is at a cooperative priority
and would not expect to be context-switched out until it blocks. This
makes sense, as in most cases you want the newly signaled thread to
get a chance to run as soon as possible.
On further reflection (and also because it complicates the scheduler),
I think that's wrong. The point to cooperative scheduling is that it
allows the cooperative code to make synchronization assumptions about
exactly when it might yield to other threads, and having arbitrary
APIs be "preemption points" like this complicates that analysis
significantly.
Use _reschedule() like other code does.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The only difference between this call and k_thread_abort() (beyond
some minor performance deltas) is that "cancel" will act as a noop in
cases where the thread has begun execution and will return an error.
"Abort" always succeeds, of course. That is inherently racy when used
as a "stop the thread" API: there's no way in general (or at all in
SMP situations) to know that you're calling this function "early
enough" to catch the thread before it starts.
Effectively, all k_thread_cancel() gives you that k_thread_abort()
doesn't is an indication about whether or not a thread has started.
There are many other ways to get that information that don't require
dangerous kernel APIs.
Deprecate this function. Zephyr's own code never used it except for
its own unit test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that other work has eliminated the two cases where we had to do a
reschedule "but yield even if we are cooperative", we can squash both
down to a single _reschedule() function which does almost exactly what
legacy _Swap() did, but wrapped as a proper scheduler API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes have eliminated most use of _Swap() in favor of higher
level scheduler abstractions. We can remove the header too.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Everywhere the current thread is pended, the code is going to have to
do a _Swap() soon afterward, yet the scheduler API exposed these as
separate steps. Unify this pattern everywhere it appears, which saves
some code bytes and gets _Swap() out of the general scheduler API at
zero cost.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a somewhat promiscuous pattern in the kernel where IPC
mechanisms would do something that might effect the current thread
choice, then check _must_switch_threads() (or occasionally
__must_switch_threads -- don't ask, the distinction is being replaced
by real English words), sometimes _is_in_isr() (but not always, even
in contexts where that looks like it would be a mistake), and then
call _Swap() if everything is OK, otherwise releasing the irq_lock().
Sometimes this was done directly, sometimes via the inverted test,
sometimes (poll, heh) by doing the test when the thread state was
modified and then needlessly passing the result up the call stack to
the point of the _Swap().
And some places were just calling _reschedule_threads(), which did all
this already.
Unify all this madness. The old _reschedule_threads() function has
split into two variants: _reschedule_yield() and
_reschedule_noyield(). The latter is the "normal" one that respects
the cooperative priority of the current thread (i.e. it won't switch
out even if there is a higher priority thread ready -- the current
thread has to pend itself first), the former is used in the handful of
places where code was doing a swap unconditionally, just to preserve
precise behavior across the refactor. I'm not at all convinced it
should exist...
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The mailbox code was written to use the _remove_thread_from_ready_q()
API directly, which would be good to get out of the scheduler internal
API. What it really wanted to do is to mark a thread "PENDING"
without actually adding it to a wait queue, which is sane enough (the
message stores the "thread to wake up on receipt" handle).
So allow that naturally in the _pend_thread() API by passing a NULL
wait_q. Really a wait_q needn't be the only way a thread can block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The documentation doesn't give the format for listing multiple files in
CONF_FILE (space-separated list).
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
The current application configuration documentation makes it a bit
unclear that configuration files are merged. Rewrite the documentation
to explicitly talk about merging, which I think is less confusing.
Remove the following section from the introduction as well, as I think
it might make people wonder how they can have an existing kernel
configuration when they haven't created one. The updated configuration
section (which the introduction now has a forward reference to)
clarifies the zephyr/.config bit anyway.
If omitted, the application's existing kernel configuration option
values are used; if no existing values are provided, the kernel's
default configuration values are used.
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Pressing Y/N to configure boolean configuration symbols probably won't
be supported in the upcoming Python menuconfig implementation, and Space
is much smoother anyway. '?' is smoother than tabbing to '< Help >' too.
Also remove this part, which I couldn't make sense of:
When a non-default entry is selected for options that are
non-numerical, an asterisk :kbd:`*` appears between the square
brackets in the display. There is nothing added added the display
when you select the option's default.
[*] just means the current symbol value is 'y'.
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
This macro has been deprecated in favor of K_DECLARE_STACK; should have
been removed by 1.11.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Fixes#7137
Enables the i2c drivers for these boards.
Required to enable i2c with these boards.
Tested samples/bluetooth/beacon for nrf52_pca10040
with i2c enabled.
Parameters used for enabling i2c:
CONFIG_I2C=y
CONFIG_I2C_0=y
CONFIG_I2C_NRF5=y
CONFIG_I2C_NRF5_0_GPIO_SCL_PIN=6
CONFIG_I2C_NRF5_0_GPIO_SDA_PIN=7
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.com>
Contrary to ARMv7-M, in ARMv8-M MCUs with the Main Extension,
BusFault Status Register bits are sticky and must be cleared.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add zassert's to check results of intermediate operations like
socket/bind/connect. Also, use symbolic expressions instead of
constants like 4 (for data length).
Coverity-Id: 182765, 182767
Fixes: #6104, #6106
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A priority value cannot be simultaneously higher than the maximum
possible value and smaller than the minimum value. Rewrite the
_VALID_PRIO() macro as a function so that this if either of these
invariants are invalid, the priority is considered invalid.
Coverity-CID: 182584
Coverity-CID: 182585
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
include/uart.h says that an interrupt may be an edge or a level.
Re-work the uart_pipe interrupt handler to support both. This makes
uart_pipe work with the USB CDC ACM driver.
Signed-off-by: Michael Hope <mlhx@google.com>
Expand information about the ModemManager issues (spurious AT commands)
and instructions on adding Segger USB devices to the ModemManager
blacklist.
Signed-off-by: Iván Sánchez Ortega <ivan@sanchezortega.es>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Some buggy system may be pass a larger wLength when it try read
HID report descriptor, although we had already tell it the right
descriptor size.
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Following tests were failing on a microcontroller with 32KB flash:
test-mbedtls
kernel.common
The min_flash option has been added in the test case yaml files.
Signed-off-by: Diego Sueiro <diego.sueiro@gmail.com>
The compiler can remove the NULL check since the dereference happens
before it (and assume that the pointer is always valid).
Coverity-Id: 185281
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
A recent LF change to the Zephyr mailing list hosting software changed
the mailing list names and links to the message archives.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The search result from Sphinx displays raw ReST file snippets showing
the context of the search hit. While we could generate text versions of
the ReST files just for the search results, it would potentially double
the time to generate docs (run once to generate txt files, run again to
generate HTML).
Instead, this patch does a poor man's cleanup of the ReST markup on the
fly when the search summary snippets are written out. Not perfect, but
looks much better.
It does expose a problem that some of our ReST content is not actually
written out into a .rst file. Content that's dynamically generated by
extensions, such as the sample code from zephyr-app-commands, can
yield a search result hit, but there's no hits in the .rst file content
itself.
Line 552-558 are the modified lines from the Sphinx-provided
searchtools.js that does the pattern match/replace.
Addresses: #7032
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This updates mbedTLS to 2.8.0, which fixes CVEs 2018-0488 and
2048-0487, that affects 2.7.0.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
It has been observed that users might "default" to Python2 and pip
will therefore install packages for the wrong Python. pip3 appears to
always be installed when Python3 is installed, so we invoke pip3
instead of pip2 to be safe.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is a simple cosmetic change. Each field in the BOS (Binary
Object Store) descriptor has a comment, to understand it better.
Signed-off-by: Iván Sánchez Ortega <ivan@sanchezortega.es>
Implement Bluetooth over USB functionality through Bluetooth raw
access to the Bluetooth controller. Most devices with Bluetooth and
USB controllers supported by Zephyr can export themselves as USB
Bluetooth dongles.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Because of incorrectly set MPS we always got 0 returned for WRITE
transfers and ZLP were always generated for every packet.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Adds led and button dts nodes to all kinetis boards and removes the
now unused preprocessor macros from board.h.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds gpio labels to all kinetis socs in preparation for refactoring the
mcux gpio driver to dts. The kl25z was missing gpio nodes altogether, so
they are added.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
In Zephyr this has no effect because getaddrinfo() returns a pointer
to a static array, but Coverity scan checks for this pattern.
Coverity-CID: 185273
Coverity-CID: 185279
Fixes#7085Fixes#7091
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Previously, some fields like sin6_scope_id weren't explicitly
initialized. Such aren't really used, but to keep Coverity
happy, let's zero out the entire address structure.
Coverity-Id: 182763
Fixes: #6108
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
