This fixes https://github.com/zephyrproject-rtos/zephyr/issues/5186
The script that generates syscall_macros.h is moved from Configuration
time to build time. This allows us to express to the build system that
syscall_macros.h depends on the script that generates it.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The jailhouse board's build is currently broken.
It wants to depend on the qemu board's devicetree, but can no longer
do so since the board-level dts files were moved into individual board
directories.
To restore the build, insert the qemu_x86.dts contents into
x86_jailhouse.dts.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The core kernel is built with the --no-whole-archive linker option.
For all the individual .o files which make up the kernel, if there
are no external references to symbols within these object files,
everything in the object file is dropped.
This has a subtle interaction with system call handlers. If an object
file has system call handlers inside it, and nothing else in the
object file is referenced, then the linker will prefer the weak
version of the handler in the generated syscall_dispatch.c. The
user will get an "unimplemented system call" error if the associated
system call for that handler is made.
Fix this by making a fake reference to the handler function at the
system call site. The address gets stored inside a special section
"hndlr_ref". This is enough to prevent the handlers from being
dropped, and the hndlr_ref section is itself dropped from the binary
from gc-sections; these references will not consume space.
Handlers for system calls that are never invoked anywhere will still be
dropped if nothing else in their containing C files is used, which is
a good thing. A future enhancement could be to split out all handlers
into individual object files, such that we can guarantee that any system
call that is not made somewhere in the application will have its handler
dropped. This will need to be extended to driver subsystems as well.
This won't be pretty but will ensure the tightest binary size.
Fixes#5184.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some Transport Layer tests (MESH/NODE/TNPT/BV-13-C in particular)
require manual clearing of the RPL. Introduce an API for it as well as
a command to the mesh shell to call the API.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If we the stored RPL entry was for an old IV Index, and the received
PDU is for a new IV Index we should not be comparing the sequence
number (as it's by definition always greater than the old one).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Section 4.2.11 of the Mesh Profile Specification 1.0 states:
"Upon transition from GATT Proxy state 0x01 to GATT Proxy state 0x00
the GATT Bearer Server shall disconnect all GATT Bearer Clients."
This also makes test case MESH/SR/MPXS/BV-08-C pass.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The bt_mesh_proxy_identity_enable() function was missing a line to
properly initialize the start time for Node Identity advertising.
Without it this public function wouldn't work as intended.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Test case MESH/SR/MPXS/BV-04-C requires the Proxy Service CCC to have
read permissions in order to pass.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Section 4.2.11.1 of the Mesh Profile specification 1.0 states:
"When the GATT Proxy state is set to 0x00, the Node Identity state for
all subnets shall be set to 0x00 and shall not be changed."
When the proxy state has been changed we also need to wake up the
advertising module to make sure we do the right kind of advertising.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Section 3.4.5.2 in the Mesh Profile Specification (1.0) states:
"The output filter of the interface connected to advertising or GATT
bearers shall drop all messages with TTL value set to 1."
Also: https://www.bluetooth.org/errata/errata_view.cfm?errata_id=9811
Note that this is specifically 1 and not 0, since e.g. Friend PDUs
always go out with TTL 0.
Another noteworthy thing is that the way this has to be implemented is
slightly contrary to how it's presented in the specification (both in
the text as well as the Message processing flow diagram in section
3.11. If this was implemented following the spec to its word, then any
PDU received over GATT or Advertising with TTL 2 would never be
relayed (since the TTL would be 1 when the PDU gets rerouted back to
the bearer). This would be both counterintuitive to the intended
purpose of the TTL, and would also be contrary to the test
specification (see Test Procedure step 1 in MESH/NODE/RLY/BV-01-C).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Most places in bt_mesh_friend_req() used rx->sub (which is already
quite short in itself), so just remove the only remaining user and the
helper variable itself.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Support adding options without checking them with the compiler. In some
cases the simple check routine fails due to missing symbols.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This can be used by other handlers and is defined in the main Handler
class. Qemu is just an implementer.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The kernel timer frequency was incorrectly set to the system clock
frequency (528 MHz) instead of the core clock frequency (600 MHz).
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
According to yaml syntaxic rules, 'properties' described in dts
bindings yaml files could be seen as 'mapping'(key/value couple),
instead of 'series' (list of single elements).
yaml 'mappings' will then be converted by yaml python library as
python 'dict' which will ease treatment (instead of current list
as were before this commit).
Same treatment is applied to 'inherits'.
script extract_dts_inlcude is updated to take change of yaml_list
structre into account. This allows some code simplification. Largest
impact is yaml_collapse function which works now allow complete
overload method on all the attributes of a yaml nodes.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
The maximum data length that can be appended using net_pkt_append()
should be set to TCP send_mss only if it is smaller than allowed
payload length in net_pkt.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
For calculating amount of payload data that can be added in a packet,
we need to subtract IPv6 or IPv4 header lengths from MTU.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Define _image_rodata_start/end to match x86 and so that we can
refer to them in the userspace test among others.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This is still work-in-progress, but putting it up in case it is
helpful to people working in this area and for early comments.
Add a set of tests to validate the expected security properties
of threads created with K_USER when CONFIG_USERSPACE=y. This can
be used as a regression test for architectures that already implement
this support and as a validation test for others.
I considered incorporating these tests into the existing protection
test, but decided against it since protection does not enable or rely
upon CONFIG_USERSPACE for its existing tests and passes on everything
that provides MPU or MMU support, even without full userspace support.
I also considered incorporating these tests into the existing
obj_validation test, but decided against it since obj_validation only
tests the object validation/permission logic, does not run any user
mode threads (or strictly depend on that support), and passes
on both x86 and arm today, unlike these tests. That said, I have no
strong objections if it would be preferable to fold these into it
(and perhaps rename it to be more general).
The current tests implemented in this test program verify the following
for a thread created with K_USER:
is_usermode: is running in usermode
priv_insn: cannot invoke privileged insns directly
write_control: cannot write to control registers
disable_mmu_mpu: cannot disable memory protections (MMU/MPU)
read_kernram: cannot read from kernel RAM
write_kernram: cannot write to kernel RAM
write_kernro: cannot write to kernel rodata
write_kerntext: cannot write to kernel text
read_kernel_data: cannot read __kernel-marked data
write_kernel_data: cannot write __kernel-marked data
read_kernel_stack: cannot read the kernel/privileged stack
write_kernel_stack: cannot write the kernel/privileged stack
pass_user_object: cannot pass a non-kernel object to a syscall
pass_noperms_object: cannot pass an object to a syscall without a grant
start_kernel_thread: cannot start a kernel (non-user) thread
Some of the tests overlap and could possibly be dropped, but it
seems harmless to retain them. The particular targets of read/write
tests are arbitrary other than meeting the test criteria and can be
changed (e.g. in data, rodata, or text) if desired to avoid coupling
to kernel implementation details that may change in the future.
On qemu_x86, all of the tests pass. And, if you replace all
occurrences of ztest_user_unit_test() with ztest_unit_test(), then
all of the tests fail (i.e. when the tests are run in kernel mode,
they all fail as expected). On frdm_k64f presently (w/o the arm
userspace patches), all of the tests fail except for write_kernro and
write_kerntext, as expected.
ToDo:
- Verify that a user thread cannot access data in another memory domain.
- Verify that a user thread cannot access another thread's stack.
- Verify that a user thread cannot access another thread's kobject.
- Verify that k_thread_user_mode_enter() transitions correctly.
- Verify that k_object_access_revoke() is enforced.
- Verify that syscalls return to user mode upon completion.
- Verify that a user thread cannot abuse other svc calls (ARM-specific).
- Other suggested properties we should be testing?
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When net debugging is enabled, the count variable is initialized to -1.
This may cause division by zero if there is only one fragment in pkt.
Solve this by setting the count to 0 and checking the value before the
print at the end of the function.
Successfully tested on STM32F407 SoC.
Signed-off-by: Ding Tao <miyatsu@qq.com>
This patch makes minor improvements to the flash documentation:
* spi -> SPI
* Capitialise the first word in a sentance
* Adding the, and, all, etc where appropriate.
Signed-off-by: Michael Hope <mlhx@google.com>
Waiting for transfer complete and stop condition uses while loops
even when interrupt mode is enabled.
Implement use of TC, TCR and STOP interrupt for interrupt mode.
msg_done is not needed in interrupt mode anymore, so move it
to non-interrupt section
Tested with stm32f3_disco board.
Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
Disabling of Interrupts is duplicated. Move it to a position
that is common to messages that end with and without errors.
Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
There were several issues with the code:
- queue_size wasn't properly kept up to date, leading to erroneous
buffer discarding logic.
- Poll timeout when there were buffers in the Friend Queue didn't
work because we didn't track if there'd been a preceding request
for messages or not (hence the added pending_req variable).
- We would overwrite the recv_delay timer if there was another
request while the previous one was still sending (a likely scenario
if we send out multiple advertising events per packet).
- We weren't canceling the sending of a buffer if the Friendship was
suddenly cleared.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When receiving Friend Offers we should also consider unestablished
contexts, and simply start from the beginning if that happens.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Pass the subnet to some friend_cred_* APIs since it contains all
necessary information for choosing the right keys to generate them
from. Also shorten the API names to avoid awkward line splitting -
these are internal APIs so it's an acceptable compromise. One bug that
this fixes as part of the cleanup is using the right NetKey Index when
clearing Friendship: previously the code was always using the index of
the first subnet, regardless of which subnet the Friendship was based
on.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Key Refresh Phase 2 is analogous to the Key Refresh flag being set.
This means that the flag can directly be used as the index to the
new/old key two-element array.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Since the stack supports runtime reset and reprovisioning, we need to
clear the network message cache whenever creating a new mesh network.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Remove inconsistent and sometimes unreliable tracking of what
advertising parameters should be used and when the Node Identity
advertising started. The main change that facilitates this is to have
the Node ID start timestamp as part of the mesh subnet context.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Some PTS test cases only work when we're advertising using Network
Identity. Using the default timeout of 60 seconds for Node Identity
will cause this test cases to fail (i.e. the PTS gives up before
Zephyr transitions to advertising from Node Identity to Network
Identity).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The shell was being inconsistent in its parsing of boolean parameters.
Some commands were documented as accepting "on" but were actually
parsing the parameter with strtoul() which would result in 0.
Introduce a new helper to convert a string to a u8_t which still
accepts "on" or "enable". This gives us full flexibility of having a
simple interface to the user, but still allowing non-boolean values to
be tested (since on-air the value is a full octet).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Instead of having a hard-coded UUID, introduce a command to change it.
This is particularly useful if there are many unprovisioned nodes
around.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Having the Static OOB value set up-front can be confusing to the user
since they will not know what the value is. Start off by having it
unset, but introduce a new command using which the user can either set
or clear it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>