Add a new test for unlocking nested scheduler lock. Make sure that
k_sched_unlock() isn't unconditionally a preemption point.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
Previously, context switching on x86 with memory protection
enabled involved walking the page tables, de-configuring all
the partitions in the outgoing thread's memory domain, and
then configuring all the partitions in the incoming thread's
domain, on a global set of page tables.
We now have a much faster design. Each thread has reserved in
its stack object a number of pages to store page directories
and page tables pertaining to the system RAM area. Each
thread also has a toplevel PDPT which is configured to use
the per-thread tables for system RAM, and the global tables
for the rest of the address space.
The result of this is on context switch, at most we just have
to update the CR3 register to the incoming thread's PDPT.
The x86_mmu_api test was making too many assumptions and has
been adjusted to work with the new design.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This commit is a hotfix. It makes sanitycheck happy by fixing
the way we can temporarily exclude some tests in the userspace
test suite for the ARC architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This board and SoC was discontinued some time ago and is currently not
maintained in the zephyr tree.
Remove all associated configurations and variants from the tree.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This board and SoC was discontinued some time ago and is currently not
maintained in the zephyr tree.
Remove all associated configurations and variants from the tree.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
User mode should be able to successfully induce a kernel
oops, or stack check fail fatal error. The latter is
required by compiler stack canaries.
User mode should not be able to induce a kernel panic, or
fake some other kind of exception.
Currently supported on ARM and x86 platforms.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is now called z_arch_esf_t, conforming to our naming
convention.
This needs to remain a typedef due to how our offset generation
header mechanism works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* z_NanoFatalErrorHandler() is now moved to common kernel code
and renamed z_fatal_error(). Arches dump arch-specific info
before calling.
* z_SysFatalErrorHandler() is now moved to common kernel code
and renamed k_sys_fatal_error_handler(). It is now much simpler;
the default policy is simply to lock interrupts and halt the system.
If an implementation of this function returns, then the currently
running thread is aborted.
* New arch-specific APIs introduced:
- z_arch_system_halt() simply powers off or halts the system.
* We now have a standard set of fatal exception reason codes,
namespaced under K_ERR_*
* CONFIG_SIMPLE_FATAL_ERROR_HANDLER deleted
* LOG_PANIC() calls moved to k_sys_fatal_error_handler()
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Existing test checking value returned by k_delayed_work_remaining_get()
verified two cases:
1) The k_delayed_work_remaining_get() should return 0 for non-submitted
work.
2) The k_delayed_work_remaining_get() should return value greater or
equal to the timeout value of just submitted work.
Unfortunately, the second check is not correct. The value returned
by the k_delayed_work_remaining_get() just after submitting delayed
work should be:
- Equal to timeout of the submitted work if no timer interrupt was
executed between submitting work and checking remaining time.
OR
- Less than timeout of the submitted work if a timer interrupt was
executed between submitting work and checking remaining time.
This commit changes the test accordingly taking under account the
error caused by back and forth conversion between ms and ticks.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit make the float_disable test suite more robust
for fast CPUs, by replacing k_sleep(1) with k_yield(), as
the mechanism to trigger thread swap-out during the test
execution. In the wake of using k_yield(), the test, now,
fixes the priorities of all testing threads to 0, making
the test behavior more deterministic with respect to
thread scheduling. The patch doesn't change the functional
behavior of the test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Stack canaries require that the z_libc_partition be added to
the memory domain, otherwise user thread access to the
stack canary value will result in an MPU/MMU fault.
These tests define their own domains to test specific userspace
features. Adding another partition to them would be invasive,
would potentially break some platforms with a limited number
of MPU regions, and these tests are not designed to validate
stack canaries anyway, we have other tests for that.
Fixes: #17595
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The size_t type is either compatible with an int on 32-bit target, or
a long on 64-bit targets. It could even be a long even on some 32-bit
targets. Let's use the z qualifier in the printf format to be compatible
with whatever flavor in use.
In case of pointers, let's just use %p with pointers directly and
avoid casts altogether.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
In SAM SoCs Watchdog is selected by default and runs
with some default configuration, unless the build sets
CONFIG_WDT_DISABLE_AT_BOOT. As the tests/kernel/critical
takes relatively large amount of time to complete, the
watchdog (that is never fed in the test) will eventually
trigger a reset. As a result the test keeps restarting
continuously and never completes. We want to run the
test on SAM SoCs, so we do the following:
- filter our the SAM SoCs with the SAM WDT from the
default build
- introduce an alternative test-case for these SoCs
with the additional CONFIG_WDT_DISABLE_AT_BOOT
option set.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the basic testing for
k_float_disable() API, for ARM and x86 ARCHes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Make fp_sharing a 'parent' test suite directory, and
rename the original fp_sharing test into
tests/kernel/fp_sharing/generic. In this
way more FP-related tests can be grouped
together in the same test directory.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This is testing size_mul_overflow() in z_impl_k_msgq_alloc_init() so
make sure OVERFLOW_SIZE_MSG is large enough even on 64-bit targets.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Over time, this has been reduced to a few functions dealing solely
with floating-point support, referenced only from core/ia32/float.c.
Thus they are moved into that file and the header is eliminated.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The accounting data stored at the beginning of a memory block used by
malloc must push the returned memory address to a word boundary. This
is already the case on 32-bit systems, but not on 64-bit systems where
e.g. struct k_mem_block_id still has a size of 4.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This was dumping coverage before the test code even ran.
Ideally, this gets re-written to use ztest, but meanwhile
place a dummy main thread which sleeps forever, and dump
coverage once the test succeeds.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test was written to properly align its millisecond-measured wait
time and assumed that there would be no other overhead. In fact on
fast tick rate systems (or even ones where the alignment computation
doesn't provide the needed padding as "slop") that's not quite enough
time to complete the full test. There are cycles between the sleep
calls that need to be accounted for, and aren't.
Just give it one extra work item of time before failing. We aren't
testing work queue timing precision here, just evaluation semantics.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
"50" ticks is fine with 100 Hz timer precision but way too short to
survive the conversion to milliseconds on fast, non-decimal tick
rates. Make it half a second, which was the original intent.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This test was written to assume ~100 Hz ticks in ways that are
difficult to fix. It wants to sleep for periods on the order of the
TICKLESS_IDLE_THRESH kconfig, which is extremely small on high tick
rate systems and (on nRF in particular) does not have a cleanly
divisible representation in milliseconds.
Fixing precision issues by cranking the idle threshold up on a
per-system basis seems like an abuse, as that is what we want to be
testing in the first place. Just let the test run at the tick rate it
has always expected.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The logic about minimal sleep sizes due to "tick" aliasing was
correct, but drivers also have similar behavior with "cycle" aliasing
too. When cycles are 3-4 orders of magnitude faster than ticks, it's
undetectable noise. But now on nRF they're exactly the same and we
need to correct for that, essentially doubling the number of ticks a
usleep() might wait for.
The logic here was simply too strict, basically. Fast tick rates
can't guarantee what the test promised.
Note that this relaxes the test bounds on the other side of the
equation too: it's no longer an error to usleep() for only one tick
(i.e. an improved sleep/timeout implementation no longer gets detected
as a test failure).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sleep test was checking that the sleep took no longer than "2
ticks" longer than requested. But "2 ticks" for fast tick rate
configurations can be "zero ms", and for aliasing reasons it's always
possible to delay for 1 unit more than requested (becuase you can
cross a millisecond/tick/whatever boundary in your own code on either
side of the sleep). So that "slop" value needs to be no less than
1ms.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The test for the k_uptime_delta utilities was calling it in a loop and
waiting for the uptime to advance. But the code was specifically
wanting it to advance 5ms or more at one go, which clearly isn't going
to work for a tick rate above 200 Hz.
The weird thing is that the test knew this and even commented about
the limitation. Which seems silly: it's perfectly fine for the clock
to advance just a single millisecond. That's correct behavior too.
Let's test for that, and it will work everywhere.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When ticks are sub-millisecond, the math produces minimum and maximum
values for the slice duration test that are equal. But because of
aliasing across tick boundaries, it's always possible (for any time
period, nothing specific to time slicing here) to measure one tick
more than an intended duration. So make sure there's always at least
a range of 1ms.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Tick rate is becoming a platform tunable in the tickless world. Some
apps were setting it due to requirements of drivers or subsystems (or
sometimes for reasons that don't make much sense), but the dependency
goes the other way around now: board/soc/arch level code is
responsible for setting tick rates that work with their devices.
A few tests still use hard-configured tick rates, as they have
baked-in assumptions (like e.g. "a tick will be longer than a
millisecond") that need to be addressed first.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This code was clearly written to assume that the timeout argument to
k_mem_pool_alloc() was in ticks and not ms. Adjust to what appears to
have been the intent. It was working as intended (i.e waiting one or
1/10th of a second) only on systems where the default tick rate was
100 Hz.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
If maxsize is smaller than _MPOOL_MINBLK, then Z_MPOOL_LVLS() will be 0.
That means the loop in z_sys_mem_pool_base_init() that initializes the
block free list for the nonexistent level 0 will corrupt whatever memory
at the location the zero-sized struct sys_mem_pool_lvl array was
located. And the corruption happens to be done with a perfectly legit
memory pool block address which makes for really nasty bugs to solve.
This is more likely on 64-bit systems due to _MPOOL_MINBLK being twice
the size of 32-bit systems.
Let's prevent that with a build-time assertion on maxsize when defining
a memory pool, and adjust the affected test accordingly.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This header is currently IA32-specific, so move it into the subarch
directory and update references to it.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Making room for the Intel64 subarch in this tree. This header is
32-bit specific and so it's relocated, and references rewritten
to find it in its new location.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file is 32-bit specific, so it is moved into the ia32/ directory
and references to it are updated accordingly.
Also, SP_ARG* definitions are no longer used, so they are removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This mechanism had multiple problems:
- Missing parameter documentation strings.
- Multiple calls to k_thread_name_set() from user
mode would leak memory, since the copied string was never
freed
- k_thread_name_get() returns memory to user mode
with no guarantees on whether user mode can actually
read it; in the case where the string was in thread
resource pool memory (which happens when k_thread_name_set()
is called from user mode) it would never be readable.
- There was no test case coverage for these functions
from user mode.
To properly fix this, thread objects now have a buffer region
reserved specifically for the thread name. Setting the thread
name copies the string into the buffer. Getting the thread name
with k_thread_name_get() still returns a pointer, but the
system call has been removed. A new API k_thread_name_copy()
is introduced to copy the thread name into a destination buffer,
and a system call has been provided for that instead.
We now have full test case coverge for these APIs in both user
and supervisor mode.
Some of the code has been cleaned up to place system call
handler functions in proximity with their implementations.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
HW stack protection in ARMv8-M is implemented by default
with the built-in stack guard mechanism. Therefore, by
default all tests for ARMv8-M will use the built-in stack
overflow mechanism (CONFIG_BUILTIN_STACK_GUARD is set in
tests). However, we would like have some coverage on the
MPU stack guard mechanism for ARMv8-M. The added test case
manually disables BUILTIN_STACK_GUARD and enables the
MPU_STACK_GUARD option, to provide that test coverage.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
CONFIG_TEST_HW_STACK_PROTECTION is set by default in tests,
and that one selects HW_STACK_PROTECTION option. Therefore,
we do not need to set that one explicitly in the test project
configuration files. We clean up some redundant occurrences of
CONFIG_HW_STACK_PROTECTION=y from the tree.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
sflists have a couple APIs related to sfnodes that aren't
present for slists. There were uncovered, write some tests
for them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We were testing all the slist APIs, but not the sflist
variant. Make a copy of the slist tests for sflist,
with the names properly changed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some of the slist APIs were only being indirectly exercised;
add to the slist test case to cover everything explicitly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There's no need for a system call for this; futexes live in
user memory and the initialization bit is ignored.
It's sufficient to just do an atomic_set().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
