Commit graph

18335 commits

Author SHA1 Message Date
Sebastian Bøe
2ead15de8d cmake: Move syscall_macros.h generation into the build stage
This fixes https://github.com/zephyrproject-rtos/zephyr/issues/5186

The script that generates syscall_macros.h is moved from Configuration
time to build time. This allows us to express to the build system that
syscall_macros.h depends on the script that generates it.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2017-11-30 06:49:33 -05:00
Marti Bolivar
9116643290 arch: x86: fix jailhouse build
The jailhouse board's build is currently broken.

It wants to depend on the qemu board's devicetree, but can no longer
do so since the board-level dts files were moved into individual board
directories.

To restore the build, insert the qemu_x86.dts contents into
x86_jailhouse.dts.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
2017-11-29 21:55:14 -05:00
Andrew Boie
3ae644457e gen_syscall_header: create dummy handler refs
The core kernel is built with the --no-whole-archive linker option.
For all the individual .o files which make up the kernel, if there
are no external references to symbols within these object files,
everything in the object file is dropped.

This has a subtle interaction with system call handlers. If an object
file has system call handlers inside it, and nothing else in the
object file is referenced, then the linker will prefer the weak
version of the handler in the generated syscall_dispatch.c. The
user will get an "unimplemented system call" error if the associated
system call for that handler is made.

Fix this by making a fake reference to the handler function at the
system call site. The address gets stored inside a special section
"hndlr_ref".  This is enough to prevent the handlers from being
dropped, and the hndlr_ref section is itself dropped from the binary
from gc-sections; these references will not consume space.

Handlers for system calls that are never invoked anywhere will still be
dropped if nothing else in their containing C files is used, which is
a good thing. A future enhancement could be to split out all handlers
into individual object files, such that we can guarantee that any system
call that is not made somewhere in the application will have its handler
dropped. This will need to be extended to driver subsystems as well.
This won't be pretty but will ensure the tightest binary size.

Fixes #5184.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-11-29 14:18:20 -08:00
Johan Hedberg
aac375fafb doc: Add Bluetooth changes to 1.10 release notes
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 15:36:05 -05:00
Neil Armstrong
a8054d5936 boards: nucleo_f091rc: fix cmake build
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2017-11-29 10:03:53 -06:00
Sebastian Bøe
703dc59baa kernel: stack: add -fstack-protector-all without checks
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2017-11-29 09:51:55 -05:00
Sebastian Bøe
033fe7ed74 Revert "kernel: stack: add -fstack-protector-all without checks"
This reverts commit eb88bf2e62.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2017-11-29 09:51:55 -05:00
Sebastian Bøe
bc2404aa4d Revert "cmake: add zephyr_cc_option_nocheck"
This reverts commit a01f2de734.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2017-11-29 09:51:55 -05:00
Johan Hedberg
6078f8acc2 Bluetooth: Mesh: Introduce API for clearing the RPL
Some Transport Layer tests (MESH/NODE/TNPT/BV-13-C in particular)
require manual clearing of the RPL. Introduce an API for it as well as
a command to the mesh shell to call the API.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:49:45 +02:00
Johan Hedberg
3222662553 Bluetooth: Mesh: Fix Replay Protection List checking
If we the stored RPL entry was for an old IV Index, and the received
PDU is for a new IV Index we should not be comparing the sequence
number (as it's by definition always greater than the old one).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:49:45 +02:00
Johan Hedberg
859afbf39b Bluetooth: Mesh: Fix disconnecting clients when disabling GATT Proxy
Section 4.2.11 of the Mesh Profile Specification 1.0 states:

"Upon transition from GATT Proxy state 0x01 to GATT Proxy state 0x00
the GATT Bearer Server shall disconnect all GATT Bearer Clients."

This also makes test case MESH/SR/MPXS/BV-08-C pass.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Johan Hedberg
90ea44cc4b Bluetooth: Mesh: Fix initializing Node ID start time
The bt_mesh_proxy_identity_enable() function was missing a line to
properly initialize the start time for Node Identity advertising.
Without it this public function wouldn't work as intended.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Johan Hedberg
012e763311 Bluetooth: Mesh: Fix GATT Proxy Service CCC read permissions
Test case MESH/SR/MPXS/BV-04-C requires the Proxy Service CCC to have
read permissions in order to pass.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Johan Hedberg
ff7d5ca910 Bluetooth: Mesh: Fix GATT Proxy & Node Identity state binding
Section 4.2.11.1 of the Mesh Profile specification 1.0 states:

"When the GATT Proxy state is set to 0x00, the Node Identity state for
all subnets shall be set to 0x00 and shall not be changed."

When the proxy state has been changed we also need to wake up the
advertising module to make sure we do the right kind of advertising.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Johan Hedberg
84409d0161 Bluetooth: Mesh: Deliver TTL=1 PDUs only to the local net interface
Section 3.4.5.2 in the Mesh Profile Specification (1.0) states:

"The output filter of the interface connected to advertising or GATT
bearers shall drop all messages with TTL value set to 1."

Also: https://www.bluetooth.org/errata/errata_view.cfm?errata_id=9811

Note that this is specifically 1 and not 0, since e.g. Friend PDUs
always go out with TTL 0.

Another noteworthy thing is that the way this has to be implemented is
slightly contrary to how it's presented in the specification (both in
the text as well as the Message processing flow diagram in section
3.11. If this was implemented following the spec to its word, then any
PDU received over GATT or Advertising with TTL 2 would never be
relayed (since the TTL would be 1 when the PDU gets rerouted back to
the bearer). This would be both counterintuitive to the intended
purpose of the TTL, and would also be contrary to the test
specification (see Test Procedure step 1 in MESH/NODE/RLY/BV-01-C).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Johan Hedberg
bed5472cab Bluetooth: Mesh: Remove unnecessary variable
Most places in bt_mesh_friend_req() used rx->sub (which is already
quite short in itself), so just remove the only remaining user and the
helper variable itself.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-29 13:05:34 +02:00
Anas Nashif
eb88bf2e62 kernel: stack: add -fstack-protector-all without checks
Fixes #5019

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 16:48:41 -05:00
Anas Nashif
a01f2de734 cmake: add zephyr_cc_option_nocheck
Support adding options without checking them with the compiler. In some
cases the simple check routine fails due to missing symbols.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 16:48:41 -05:00
Kumar Gala
faf9599b30 release: move version to 1.10.0-rc2
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-11-28 15:20:23 -06:00
Anas Nashif
5fd499b3c6 sanitycheck: remove obsolete DISABLE_TRYRUN
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 15:31:27 -05:00
Anas Nashif
66bdb3223e sanitycheck: fix documentation and remove mention of kbuild
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 15:31:27 -05:00
Anas Nashif
c8390f1b49 sanitycheck: rename qemu_time to handler time
This can be used by other handlers and is defined in the main Handler
class. Qemu is just an implementer.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 15:31:27 -05:00
Anas Nashif
8b11a1f207 sanitycheck: use glob to find board yaml file
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 15:31:27 -05:00
Kumar Gala
a2caf36103 kernel: Remove deprecated k_mem_pool_defrag code
Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-11-28 15:23:22 -05:00
Maureen Helm
5e9c13afe6 mimxrt1050_evk: Fix kernel timer frequency
The kernel timer frequency was incorrectly set to the system clock
frequency (528 MHz) instead of the core clock frequency (600 MHz).

Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
2017-11-28 11:43:14 -06:00
Erwan Gouriou
104553d93f yaml: fix properties syntax to 'mapping' instead of 'series'
According to yaml syntaxic rules, 'properties' described in dts
bindings yaml files could be seen as 'mapping'(key/value couple),
instead of 'series' (list of single elements).
yaml 'mappings' will then be converted by yaml python library as
python 'dict' which will ease treatment (instead of current list
as were before this commit).
Same treatment is applied to 'inherits'.

script extract_dts_inlcude is updated to take change of yaml_list
structre into account. This allows some code simplification. Largest
impact is yaml_collapse function which works now allow complete
overload method on all the attributes of a yaml nodes.

Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
2017-11-28 11:42:59 -06:00
Vakul Garg
26f43950f2 net: pkt: Corrected data length appended in net_pkt_append()
The maximum data length that can be appended using net_pkt_append()
should be set to TCP send_mss only if it is smaller than allowed
payload length in net_pkt.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
2017-11-28 12:30:01 -05:00
Vakul Garg
687bd0d710 net: pkt: Account for IP header length for allowable payload data
For calculating amount of payload data that can be added in a packet,
we need to subtract IPv6 or IPv4 header lengths from MTU.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
2017-11-28 12:30:01 -05:00
Stephen Smalley
24076abc6d tests/kernel/mem_protect/userspace: test that _k_neg_eagain is in rodata
Explicitly test that _k_neg_eagain is in rodata.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-11-28 12:29:13 -05:00
Stephen Smalley
106b1c2050 arm: define _image_rodata_start/end
Define _image_rodata_start/end to match x86 and so that we can
refer to them in the userspace test among others.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-11-28 12:29:13 -05:00
Stephen Smalley
2055d7545e tests/kernel/mem_protect/userspace: Add userspace protection tests
This is still work-in-progress, but putting it up in case it is
helpful to people working in this area and for early comments.

Add a set of tests to validate the expected security properties
of threads created with K_USER when CONFIG_USERSPACE=y.  This can
be used as a regression test for architectures that already implement
this support and as a validation test for others.

I considered incorporating these tests into the existing protection
test, but decided against it since protection does not enable or rely
upon CONFIG_USERSPACE for its existing tests and passes on everything
that provides MPU or MMU support, even without full userspace support.

I also considered incorporating these tests into the existing
obj_validation test, but decided against it since obj_validation only
tests the object validation/permission logic, does not run any user
mode threads (or strictly depend on that support), and passes
on both x86 and arm today, unlike these tests.  That said, I have no
strong objections if it would be preferable to fold these into it
(and perhaps rename it to be more general).

The current tests implemented in this test program verify the following
for a thread created with K_USER:

is_usermode: is running in usermode
priv_insn: cannot invoke privileged insns directly
write_control: cannot write to control registers
disable_mmu_mpu: cannot disable memory protections (MMU/MPU)
read_kernram: cannot read from kernel RAM
write_kernram: cannot write to kernel RAM
write_kernro: cannot write to kernel rodata
write_kerntext: cannot write to kernel text
read_kernel_data: cannot read __kernel-marked data
write_kernel_data: cannot write __kernel-marked data
read_kernel_stack: cannot read the kernel/privileged stack
write_kernel_stack: cannot write the kernel/privileged stack
pass_user_object: cannot pass a non-kernel object to a syscall
pass_noperms_object: cannot pass an object to a syscall without a grant
start_kernel_thread: cannot start a kernel (non-user) thread

Some of the tests overlap and could possibly be dropped, but it
seems harmless to retain them.  The particular targets of read/write
tests are arbitrary other than meeting the test criteria and can be
changed (e.g. in data, rodata, or text) if desired to avoid coupling
to kernel implementation details that may change in the future.

On qemu_x86, all of the tests pass.  And, if you replace all
occurrences of ztest_user_unit_test() with ztest_unit_test(), then
all of the tests fail (i.e. when the tests are run in kernel mode,
they all fail as expected).  On frdm_k64f presently (w/o the arm
userspace patches), all of the tests fail except for write_kernro and
write_kerntext, as expected.

ToDo:
- Verify that a user thread cannot access data in another memory domain.
- Verify that a user thread cannot access another thread's stack.
- Verify that a user thread cannot access another thread's kobject.
- Verify that k_thread_user_mode_enter() transitions correctly.
- Verify that k_object_access_revoke() is enforced.
- Verify that syscalls return to user mode upon completion.
- Verify that a user thread cannot abuse other svc calls (ARM-specific).
- Other suggested properties we should be testing?

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-11-28 12:29:13 -05:00
Ding Tao
6caf6964cd net: pkt: Fix possible division by zero
When net debugging is enabled, the count variable is initialized to -1.
This may cause division by zero if there is only one fragment in pkt.
Solve this by setting the count to 0 and checking the value before the
print at the end of the function.

Successfully tested on STM32F407 SoC.

Signed-off-by: Ding Tao <miyatsu@qq.com>
2017-11-28 12:28:10 -05:00
21b94bacd9 flash: minor documentation improvements.
This patch makes minor improvements to the flash documentation:

* spi -> SPI
* Capitialise the first word in a sentance
* Adding the, and, all, etc where appropriate.

Signed-off-by: Michael Hope <mlhx@google.com>
2017-11-28 12:25:19 -05:00
Anas Nashif
b005a7f3c4 boards: galileo and minnowboard require zephyr.strip
Restore creation of those binaries for galileo and minnowboard.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-11-28 12:24:43 -05:00
Daniel Wagenknecht
02a46e7197 drivers: i2c_ll_stm32_v2: don't use while loops in interrupt mode
Waiting for transfer complete and stop condition uses while loops
even when interrupt mode is enabled.
Implement use of TC, TCR and STOP interrupt for interrupt mode.
msg_done is not needed in interrupt mode anymore, so move it
to non-interrupt section
Tested with stm32f3_disco board.

Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
2017-11-28 11:21:06 -06:00
Daniel Wagenknecht
5380bc597f drivers: i2c_ll_stm32_v2: reorder to remove duplication
Disabling of Interrupts is duplicated. Move it to a position
that is common to messages that end with and without errors.

Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
2017-11-28 11:21:06 -06:00
Johan Hedberg
c393bfd8e3 Bluetooth: Mesh: Fix Friend messaging state tracking
There were several issues with the code:

 - queue_size wasn't properly kept up to date, leading to erroneous
   buffer discarding logic.

 - Poll timeout when there were buffers in the Friend Queue didn't
   work because we didn't track if there'd been a preceding request
   for messages or not (hence the added pending_req variable).

 - We would overwrite the recv_delay timer if there was another
   request while the previous one was still sending (a likely scenario
   if we send out multiple advertising events per packet).

 - We weren't canceling the sending of a buffer if the Friendship was
   suddenly cleared.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
49c5e5546a Bluetooth: Mesh: Log information about the on-behalf-of flag
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
b123799ebe Bluetooth: Mesh: Reduce logging clutter for LPN lookups
The logs for looking up LPNs were spamming the console a bit too much.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
c65d04655d Bluetooth: Mesh: Fix looking up existing friendship contexts
When receiving Friend Offers we should also consider unestablished
contexts, and simply start from the beginning if that happens.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
a9a18cec7b Bluetooth: Mesh: Fix clearing Friend state upon reset
Not clearing the Friend state could risk invalid timers staying
active, etc.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
2d63f5e480 Bluetooth: Mesh: Fix & clean up Friendship Credential handling
Pass the subnet to some friend_cred_* APIs since it contains all
necessary information for choosing the right keys to generate them
from. Also shorten the API names to avoid awkward line splitting -
these are internal APIs so it's an acceptable compromise. One bug that
this fixes as part of the cleanup is using the right NetKey Index when
clearing Friendship: previously the code was always using the index of
the first subnet, regardless of which subnet the Friendship was based
on.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
e7199060c6 Bluetooth: Mesh: Remove unnecessary logic for key selection
Key Refresh Phase 2 is analogous to the Key Refresh flag being set.
This means that the flag can directly be used as the index to the
new/old key two-element array.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
46f8c7fb44 Bluetooth: Mesh: Fix clearing network message cache
Since the stack supports runtime reset and reprovisioning, we need to
clear the network message cache whenever creating a new mesh network.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
48e6bfaaa7 Bluetooth: Mesh: Fix proxy advertising handling
Remove inconsistent and sometimes unreliable tracking of what
advertising parameters should be used and when the Node Identity
advertising started. The main change that facilitates this is to have
the Node ID start timestamp as part of the mesh subnet context.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
bdcf8c3692 Bluetooth: Mesh: Use 32-bit math for Node ID duration
The Node Identity duration is at most 60 seconds, so it's safe to use
32-bit timestamps.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
7909c3d3fa Bluetooth: Mesh: Introduce option for Node ID timeout
Some PTS test cases only work when we're advertising using Network
Identity. Using the default timeout of 60 seconds for Node Identity
will cause this test cases to fail (i.e. the PTS gives up before
Zephyr transitions to advertising from Node Identity to Network
Identity).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
699a7c9e85 Bluetooth: Mesh: shell: Fix parsing "boolean" parameters
The shell was being inconsistent in its parsing of boolean parameters.
Some commands were documented as accepting "on" but were actually
parsing the parameter with strtoul() which would result in 0.
Introduce a new helper to convert a string to a u8_t which still
accepts "on" or "enable". This gives us full flexibility of having a
simple interface to the user, but still allowing non-boolean values to
be tested (since on-air the value is a full octet).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
f81b23a624 Bluetooth: Mesh: shell: Add command for setting the UUID
Instead of having a hard-coded UUID, introduce a command to change it.
This is particularly useful if there are many unprovisioned nodes
around.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00
Johan Hedberg
4c180d6fbf Bluetooth: Mesh: shell: Make Static OOB optional
Having the Static OOB value set up-front can be confusing to the user
since they will not know what the value is. Start off by having it
unset, but introduce a new command using which the user can either set
or clear it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2017-11-28 17:17:48 +02:00