Upon hard/soft irq or exception entry/exit, handle transitions
off or onto the trampoline stack, which is the only stack that
can be used on the kernel side when the shadow page table
is active. We swap page tables when on this stack.
Adjustments to page tables are now as follows:
- Any adjustments for stack memory access now are always done
to the user page tables
- Any adjustments for memory domains are now always done to
the user page tables
- With KPTI, resetting a page now clears the present bit
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test assumes that the last to IRQ number will be free, this isn't a
valid assumption and now that we detect multiple ISRs registering for
the some IRQ line, we see failures because of this assumption on some
platforms. Exclude those platforms from this test for the time being.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The SYS_POWER_LOW_POWER_STATE_SUPPORTED and SYS_POWER_LOW_POWER_STATE
suggests one low power state but these options control multiple
low power state. This commit uses plural in the names to indicate
that.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The new spinlock validation features combined with spinlockification
have increased stack usage a bit in CONFIG_ASSERT builds, but this is
a good feature we want to keep. This test was bumping into limits, so
increase the size from 512 to 640 bytes.
Unfortunately, this is also a huge test that creates a LOT of those
stacks across different test cases, so that minor bump blows us past
the 64k SRAM limit on a bunch of boards. So unify all those stacks
that are only ever used in one case at a time so the memory can be
shared. Now there's one fixed stack, named "tstack", and one array
"tstacks". Much smaller.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These functions, for good design reason, take a locking key to
atomically release along with the context swtich. But there's still a
common pattern in code to do a switch unconditionally by passing
irq_lock() directly. On SMP that's a little hurtful as it spams the
global lock. Provide an _unlocked() variant for
_Swap/_reschedule/_pend_curr for simplicity and efficiency.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The power management framework used two different abstractions
to describe power states. The SYS_PM_* given coarse information
what kind of power state (low power or deep sleep) was used,
while the SYS_POWER_STATE_* abstraction provided information
about particular power mode.
This commit removes the SYS_PM_* abstraction as the same
information is already carried in SYS_POWER_STATE_*.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
CONFIG_APPLICATION_MEMORY was a stopgap feature that is
being removed from the kernel. Convert tests and samples
to use the application shared memory feature instead,
in most cases using the domain set up by ztest.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some tests instantiate a lot of thread objects. These
were not tagged with __kernel, and
CONFIG_APPLICATION_MEMORY was enabled, so the kernel was
not adding them to the kernel object database.
However, with CONFIG_APPLICATION_MEMORY disabled, this
overflowed the default max number of thread objects (16).
Increase the max to 32 for these particular tests.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We want CONFIG_APPLICATION_MEMORY specifically disabled
for this test, but it was being transitively selected by
CONFIG_TEST_USERSPACE which defaults to on for CONFIG_TEST.
Turn it off so that disabling application memory in the
config actually has an effect.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test assumes that the last to IRQ numbers will be free, this isn't a
valid assumption and now that we detect multiple ISRs registering for
the some IRQ line, we see failures because of this assumption on some
platforms. Exclude those platforms from this test for the time being.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
PAE tables introduce the NX bit which is very desirable
from a security perspetive, back in 1995.
PAE tables are larger, but we are not targeting x86 memory
protection for RAM constrained devices.
Remove the old style 32-bit tables to make the x86 port
easier to maintain.
Renamed some verbosely named data structures, and fixed
incorrect number of entries for the page directory
pointer table.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit moves the definition of IRQ_LINE(..) macro from
interrupt.h into nested_irq.c, and adds some inline comments
documenting the use of it.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Very simple test for thread CPU masks. While this is a SMP feature,
the implementation doesn't actually depend on SMP so we can test it
right here in the thread_apis test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_dlist_insert_*() functions had a behavior where a NULL
argument for the insertion position to sys_dlist_insert_after/before()
was interpreted as "the end of the list". We never used that
convention (except in one spot internal to dlist.h which was not
itself used anywhere), and of course already have an API for appending
and prepending to a list.
In practice this was a performance disaster. The NULL check is
virtually never provable statically by the compiler, so that test and
branch is present always. And worse, the check and call to another
function was pushing this beyond the complexity limit for gcc to
inline a function (at -Os optimization anyway), forcing us to use
function calls for what should be a ~8 instruction sequence. The
upshot is that dlist insertions were 2-3x slower than they needed to
be.
Deprecate these older APIs and introduce a new sys_dlist_insert() call
which can be much better optimized.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This board is unmaintained and unsupported. It is not known to work and
has lots of conditional code across the tree that makes code
unmaintainable.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are no longer per-partition initialization functions.
Instead, we iterate over all of them at boot to set up the
derived k_mem_partitions properly.
Some ARC-specific hacks that should never have been applied
have been removed from the userspace test.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The public APIs for application shared memory are now
properly documented and conform to zephyr naming
conventions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The app shared memory macros for declaring domains provide
no value, despite the stated intentions.
Just declare memory domains using the standard APIs for it.
To support this, symbols declared for app shared memory
partitions now are struct k_mem_partition, which can be
passed to the k_mem_domain APIs as normal, instead of the
app_region structs which are of no interest to the end
user.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Several places in the code have constructions like this:
if (bool_variable) {
atomic_set_bit(flags, FLAG);
} else {
atomic_clear_bit(flags, FLAG);
}
To reduce the amount of code for such situations, introduce a new
atomic_set_bit_to() helper which lets you condense the above five
lines to a single one:
atomic_set_bit_to(flags, FLAG, bool_variable);
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The original implementation allows a list to be corrupted by list
operations on the removed node. Existing code attempts to avoid this by
using external state to determine whether a node is in a list, but this
is fragile and fails when the state that holds the flag value is changed
after the node is removed, e.g. in preparation for re-using the node.
Follow Linux in invalidating the link pointers in a removed node. Add
API so that detection of particpation in a list is available at the node
abstraction.
This solution relies on the following steady-state invariants:
* A node (as opposed to a list) will never be adjacent to itself in a
list;
* The next and prev pointers of a node are always either both null or
both non-null.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Minor adjustments are done to the nRF clock_control and rtc_timer
drivers to make them usable on nRF9160 as well.
The arm_irq_vector_table test code is modified only because it uses
the function that has been renamed in the nrf_rtc_timer driver.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
printk is supposed to be very lean, but should at least not
print garbage values. Now when a 64-bit integral value is
passed in to be printed, 'ERR' will be reported if it doesn't
fit in 32-bits instead of truncating it.
The printk documentation was slightly out of date, this has been
updated.
Fixes: #7179
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These were being truncated to 32-bits, and only 8
hex digits were supported.
An extraneous printk() at the beginning of the test
which was not being tested in any way has been removed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Disabled the CONFIG_COVERAGE for benchmarks and other tests.
This is needed because it interferes with normal behavior of the
test case.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
These tests need to use stack size as a function of
CONFIG_TEST_EXTRA_STACKSIZE. These test will fail when
CONFIG_COVERAGE is enabled.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This builds with a host compiler, not one from the SDK, and so no
newlib library is available. There is work to enable newlib detection
at and above the cmake level. This patch can be reverted when that
lands.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There is actually nothing wrong with this test code idiom. But it's
tickling a qemu emulator bug with the hpet driver and x86_64[1]. The
rapidly spinning calls to k_uptime_get_32() need to disable
interrupts, read timer hardware state and enable them. Something goes
wrong in qemu with this process and the timer interrupt gets lost.
The counter blows right past the comparator without delivering its
interrupt, and thus the interrupt won't be delivered until the counter
is next reset in idle after exit from the busy loop, which is
obviously too late to interrupt the timeslicing thread.
Just replace the loops with a single call to k_busy_wait(). The
resulting code ends up being much simpler anyway. An added bonus is
that we can remove the special case handling for native_posix (which
was an entirely unrelated thing, but with a similar symptom).
[1] But oddly not the same emulated hardware running with the same
driver under the same qemu binary when used with a 32 bit kernel.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This architecture doesn't support stack canaries. In fact the gcc
-fstack-protect features don't seem to be working at all. I'm
guessing it's an x32 ABI mismatch?
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These files were relying on _thread_essential_set() from
kernel_internal.h, but not including it directly. New architectures
won't transitively include things the same way.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
With the new implementation we do not need a NULL terminated list
of kobjects. Therefore the list will only contain valid entries
of kobjects.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The test_timer_periodicity test is racy and subject to initial state
bugs. The operation of that test is to:
1. Start a timer with a known period
2. Take the current time with k_uptime_get()
3. Wait for the timer to fire with k_timer_status_sync()
4. Check that the current time minus start time is the period
But that's wrong, because a tick expiring between any of the first
three steps is going to skew the math (i.e. the timer will have
started on a different tick than the "start time").
And taking an interrupt lock around the process can't fix the issue,
because in the tickless world we live in k_uptime_get() is actually a
realtime quanity based on a hardware counter and doesn't rely on
interrupt delivery.
Instead, use another timer object to synchronize the test start to a
driver tick, ensuring that even if the race is unfixable the initial
conditions are always correct.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Move to latest cmake version with many bug fixes and enhancements.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Keeping IRQ0 priority as 1 and IRQ1 priority as 0
so that system timer which of priority 0 in ARC
will be interrupted by IRQ1 of same priority.
In ARM, system timer is of priority 1, hence
making ISR0 priority as 2 and ISR1 priority as 1.
Thus system timer will always be interrupted by
ISR1 in both the architectures.
Fixes: #12147
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
k_busy_wait() call used in test expects time in us, but the test
is specifying wait in ms.
Also the test fails on NRF5 platform as the test hardcodes the
interrupts priority to 0 and 1 and assumes system timer to be of
priority 0 which is not the case in NRF5 platforms as per
@pizi-nordic where system timer is at priority 1. Hence changing
test interrupts to 1 and 2.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
In the wake of dfa7a354ff2a31fea8614b3876b051aadc30b242, where
the inclusions for MPU APIs were clean-up, we need to directly
include arm_core_mpu_dev.h in the userspace test suite, which
invokes arm_core_mpu_enable/disable(), directly. The same is
already done for ARC MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>