Created structures and unions needed to enable the software to
access these tables.
Also updated the helper macros to ease the usage of the MMU page
tables.
JIRA: ZEP-2511
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
arg6 is treated as a memory constraint. If that memory
address was expressed as an operand to 'mov' in the generated
code as an offset from the stack pointer, then the 'push'
instruction immediately before it could end up causing memory 4
bytes off from what was intended being passed in as the 6th
argument.
Add ESP register to the clobber list to fix this issue.
Fixes issues observed with k_thread_create() passing in a
NULL argument list with CONFIG_DEBUG=y.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to track permission on stack memory regions like we do
with other kernel objects. We want stacks to live in a memory
area that is outside the scope of memory domain permission
management. We need to be able track what stacks are in use,
and what stacks may be used by user threads trying to call
k_thread_create().
Some special handling is needed because thread stacks appear as
variously-sized arrays of struct _k_thread_stack_element which is
just a char. We need the entire array to be considered an object,
but also properly handle arrays of stacks.
Validation of stacks also requires that the bounds of the stack
are not exceeded. Various approaches were considered. Storing
the size in some header region of the stack itself would not allow
the stack to live in 'noinit'. Having a stack object be a data
structure that points to the stack buffer would confound our
current APIs for declaring stacks as arrays or struct members.
In the end, the struct _k_object was extended to store this size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These needed "memory" clobbers otherwise the compiler would do
unnecessary optimizations for parameters passed in as pointer
values.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The compiler was complaining about impossible constraints since register
constraint was provided, but there are no general purpose registers left
available.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A quick look at "man syscall" shows that in Linux, all architectures
support at least 6 argument system calls, with a few supporting 7. We
can at least do 6 in Zephyr.
x86 port modified to use EBP register to carry the 6th system call
argument.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Instead of a common system call entry function, we instead create a
table mapping system call ids to handler skeleton functions which are
invoked directly by the architecture code which receives the system
call.
* system call handler prototype specified. All but the most trivial
system calls will implement one of these. They validate all the
arguments, including verifying kernel/device object pointers, ensuring
that the calling thread has appropriate access to any memory buffers
passed in, and performing other parameter checks that the base system
call implementation does not check, or only checks with __ASSERT().
It's only possible to install a system call implementation directly
inside this table if the implementation has a return value and requires
no validation of any of its arguments.
A sample handler implementation for k_mutex_unlock() might look like:
u32_t _syscall_k_mutex_unlock(u32_t mutex_arg, u32_t arg2, u32_t arg3,
u32_t arg4, u32_t arg5, void *ssf)
{
struct k_mutex *mutex = (struct k_mutex *)mutex_arg;
_SYSCALL_ARG1;
_SYSCALL_IS_OBJ(mutex, K_OBJ_MUTEX, 0, ssf);
_SYSCALL_VERIFY(mutex->lock_count > 0, ssf);
_SYSCALL_VERIFY(mutex->owner == _current, ssf);
k_mutex_unlock(mutex);
return 0;
}
* the x86 port modified to work with the system call table instead of
calling a common handler function. fixed an issue where registers being
changed could confuse the compiler has been fixed; all registers, even
ones used for parameters, must be preserved across the system call.
* a new arch API for producing a kernel oops when validating system call
arguments added. The debug information reported will be from the system
call site and not inside the handler function.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- _arch_user_mode_enter() implemented
- _arch_is_user_context() implemented
- _new_thread() will honor K_USER option if passed in
- System call triggering macros implemented
- _thread_entry_wrapper moved and now looks for the next function to
call in EDI
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- There's no point in building up "validity" (declared volatile for some
strange reason), just exit with false return value if any of the page
directory or page table checks don't come out as expected
- The function was returning the opposite value as its documentation
(0 on success, -EPERM on failure). Documentation updated.
- This function will only be used to verify buffers from user-space.
There's no need for a flags parameter, the only option that needs to
be passed in is whether the buffer has write permissions or not.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This was felt to be necessary at one point but actually isn't.
- When a thread is initialized to use a particular stack, calls will be
made to the MMU/MPU to restrict access to that stack to only that
thread. Once a stack is in use, it will not be generally readable even
if the buffer exists in application memory space.
- If a user thread wants to create a thread, we will need to have some
way to ensure that whatever stack buffer passed in is unused and
appropriate. Since unused stacks in application memory will be generally
accessible, we can just check that the calling thread to
k_thread_create() has access to the stack buffer passed in, it won't if
the stack is in use.
On ARM we had a linker definition for .stacks, but currently stacks are
just tagged with __noinit (which is fine).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fix misspellings in .h files missed during code reviews
and affecting generated API documentation
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Page faults will additionally dump out some interesting
page directory and page table flags for the faulting
memory address.
Intended to help determine whether the page tables have been
configured incorrectly as we enable memory protection features.
This only happens if CONFIG_EXCEPTION_DEBUG is turned on.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Subsequent patches will set this guard page as unmapped,
triggering a page fault on access. If this is due to
stack overflow, a double fault will be triggered,
which we are now capable of handling with a switch to
a know good stack.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now create a special IA hardware task for handling
double faults. This has a known good stack so that if
the kernel tries to push stack data onto an unmapped page,
we don't triple-fault and reset the system.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This has one use-case: configuring the double-fault #DF
exception handler to do an IA task switch to a special
IA task with a known good stack, such that we can dump
diagnostic information and then panic.
Will be used for stack overflow detection in kernel mode,
as otherwise the CPU will triple-fault and reset.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A user space buffer must be validated before required operation
can proceed. This API will check the current MMU
configuration to determine if the buffer held by the user is valid.
Jira: ZEP-2326
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Implements CONFIG_APPLICATION_MEMORY for x86. Working in
XIP and non-XIP configurations.
This patch does *not* implement any alignment constraints
imposed by the x86 MMU, such enabling will be done later.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
patch adds necessary files and does the modification to the existing
files to add device support for x86 based intel quark microcontroller
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Historically, space for struct k_thread was always carved out of the
thread's stack region. However, we want more control on where this data
will reside; in memory protection scenarios the stack may only be used
for actual stack data and nothing else.
On some platforms (particularly ARM), including kernel_arch_data.h from
the toplevel kernel.h exposes intractable circular dependency issues.
We create a new per-arch header "kernel_arch_thread.h" with very limited
scope; it only defines the three data structures necessary to instantiate
the arch-specific bits of a struct k_thread.
Change-Id: I3a55b4ed4270512e58cf671f327bb033ad7f4a4f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We reserve a specific vector in the IDT to trigger when we want to
enter a fatal exception state from software.
Disabled for drivers/build_all tests as we were up to the ROM limit
on Quark D2000.
Issue: ZEP-843
Change-Id: I4de7f025fba0691d07bcc3b3f0925973834496a0
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unlike assertions, these APIs are active at all times. The kernel will
treat these errors in the same way as fatal CPU exceptions. Ultimately,
the policy of what to do with these errors is implemented in
_SysFatalErrorHandler.
If the archtecture supports it, a real CPU exception can be triggered
which will provide a complete register dump and PC value when the
problem occurs. This will provide more helpful information than a fake
exception stack frame (_default_esf) passed to the arch-specific exception
handling code.
Issue: ZEP-843
Change-Id: I8f136905c05bb84772e1c5ed53b8e920d24eb6fd
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. This handles the remaining includes and kernel, plus
touching up various points that we skipped because of include
dependancies. We also convert the PRI printf formatters in the arch
code over to normal formatters.
Jira: ZEP-2051
Change-Id: Iecbb12601a3ee4ea936fd7ddea37788a645b08b0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
It's not entirely clear where the '%P' came from, but the proper,
documented operand modifier for inserting an immediate value without
punctuation is '%c'.
Change-Id: I17346a6c70183ce79e91faa2fbe61e7761dfd513
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some arches may want to define this as an inline function, or
define in core arch code instead of timer driver code.
Unfortunately, this means we need to remove from the footprint
tests, but this is not typically a large function.
Issue: ZEP-1546
Change-Id: Ic0d7a33507da855995838f4703d872cd613a2ca2
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
nano_cpu_idle/nano_cpu_atomic_idle were not ported to the unified
kernel, and only the old APIs were available. There was no real impact
since, in the unified kernel, only the idle thread should really be
doing power management. However, with a single-threaded kernel, these
functions can be useful again.
The kernel internals now make use of these APIs instead of the legacy
ones.
Change-Id: Ie8a6396ba378d3ddda27b8dd32fa4711bf53eb36
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Most kernel APIs are now ready for inclusion in the API guide.
The APIs largely follow a standard template to provide users
of the API guide with a consistent look-and-feel.
Change-Id: Ib682c31f912e19f5f6d8545d74c5f675b1741058
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Updates x86 floating point support to reflect changes that have
been made in recent months.
* Many, many, many cosmetic changes (mostly revisions to comments).
* Elimination of unnecessary function aliases that were needed
to support the task and fiber versions of certain APIs.
* Elimination of run-time code to enable a thread's "FP regs"
option bit if the "SSE regs" option bit was set. The kernel
now recognizes that the thread is using the FPU as long as
either option bit is set. (If the thread has both option bits
enabled this is the same as if only the "SSE regs" bit is set.)
Change-Id: Ic12abc54b6fa78921749b546d8debf23e7ad232d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
C++ support moved from nanokernel.h to kernel.h.
Change-Id: I5e1631941e26f4ab3f311b680267b743bab15e40
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Symbols now use the K_ prefix which is now standard for the
unified kernel. Legacy support for these symbols is retained
to allow existing applications to build successfully.
Change-Id: I3ff12c96f729b535eecc940502892cbaa52526b6
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Interrupt stubs now just push the ISR and parameter onto the stack
and jump to the common interrupt code, never to return.
Change-Id: I82543d8148b5c7dfe116c43f41791f852614bb28
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The x86 architecture port is fitted with support for the unified kernel,
namely:
- the interrupt exit code now calls _Swap() if the current
thread is not a coop thread and if the scheduler is not locked
- there is no 'task' fields in the _nanokernel anymore: _Swap()
now calls _get_next_ready_thread instead
- the _nanokernel.fiber field is replaced by a more sophisticated
ready_q, based on the microkernel's priority-bitmap-based one
- nano_private includes nano_internal.h from the unified directory
- the FIBER, TASK and PREEMPTIBLE flags do not exist anymore: the thread
priority drives the behaviour
- the tcs uses a dlist for queuing in both ready and wait queues instead
of a custom singly-linked list
- other new fields in the tcs include a schedule-lock count, a
back-pointer to init data (when the task is static) and a pointer to
swap data, needed when a thread pending on _Swap() must be passed more
then just one value (e.g. k_stack_pop() needs an error code and data)
- fiberRtnValueSet() is aliased to _set_thread_return_value since it
also operates on preempt threads now
- _set_thread_return_value_with_data() sets the swap_data field in
addition to a return value from _Swap()
- convenience aliases are created for shorter names:
- _current is defined as _nanokernel.current
- _ready_q is defined as _nanokernel.ready_q
- _Swap() sets the threads's return code to -EAGAIN before swapping out
to prevent timeouts to have to set it (solves hard issues in some
kernel objects).
- Floating point support.
Note that, in _Swap(), the register holding the thread to be swapped in has
been changed from %ecx to %eax in both the legacy kernel and the unified kernel
to take advantage of the fact that the return value of _get_next_ready_thread()
is stored in %eax, and this avoids moving it to %ecx.
Work by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Allan Stephens <allan.stephens@windriver.com>
Benjamin Walsh <benjamin.walsh@windriver.com>
Change-Id: I4ce2bd47bcdc62034c669b5e889fc0f29480c43b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Originally, x86 just supported APIC. Then later support
for the Mint Valley Interrupt Controller was added. This
controller is mostly similar to the APIC with some differences,
but was integrated in a somewhat hacked-up fashion.
Now we define irq_controller.h, which is a layer of abstraction
between the core arch code and the interrupt controller
implementation.
Contents of the API:
- Controllers with a fixed irq-to-vector mapping define
_IRQ_CONTROLLER_VECTOR_MAPPING(irq) to obtain a compile-time
map between the two.
- _irq_controller_program() notifies the interrupt controller
what vector will be used for a particular IRQ along with triggering
flags
- _irq_controller_isr_vector_get() reports the vector number of
the IRQ currently being serviced
- In assembly language domain, _irq_controller_eoi implements
EOI handling.
- Since triggering options can vary, some common defines for
triggering IRQ_TRIGGER_EDGE, IRQ_TRIGGER_LEVEL, IRQ_POLARITY_HIGH,
IRQ_POLARITY_LOW introduced.
Specific changes made:
- New Kconfig X86_FIXED_IRQ_MAPPING for those interrupt controllers
that have a fixed relationship between IRQ lines and IDT vectors.
- MVIC driver rewritten per the HAS instead of the tortuous methods
used to get it to behave like LOAPIC. We are no longer writing values
to reserved registers. Additional assertions added.
- Some cleanup in the loapic_timer driver to make the MVIC differences
clearer.
- Unused APIs removed, or folded into calling code when used just once.
- MVIC doesn't bother to write a -1 to the intList priority field since
it gets ignored anyway
Issue: ZEP-48
Change-Id: I071a477ea68c36e00c3d0653ce74b3583454154d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This reverts commit d73a9bb9c6.
The patch was intended for 1.6.0 release.
Change-Id: Id42058b746a3d2a54e4b1a2983eb58bd10b1ed40
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rather than embedding the ISR stub directly inside the function that
invokes IRQ_CONNECT(), stick all the generated stubs in the
.text.irqstubs section.
In this way, we make things easier to debug since the stub code isn't
mixed in with the "calling" function's assembly, and we no longer
need an instruction to jump over it.
Since these are now in their own section and not embedded inside an
unrelated init function, we unconditionally generate descriptive
symbol names for each stub based on the name of the handler and the
IRQ line.
Example for HPET timer on IRQ #2:
00100440 T _timer_int_handler <-- driver ISR
00100590 T _timer_int_handler_irq2_stub <-- generated stub
Change-Id: I49425aef7775edbca8ad7f61d2d4f9c41cb0d39d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Having two parallel implementations is a maintenance issue, especially
when some strategically placed #ifdefs will suffice.
We prefer the ASM versions for SYS V, as we need complete control of
the emitted assembly for interrupt handling and context switching.
The SYS V code is far more mature. IAMCU C code has known issues with
-fomit-frame-pointer.
The only difference between the two calling conventions is that the
first three function arguments are provided in eax, edx, ecx instead
of on the stack.
Issue: ZEP-49
Change-Id: I9245e4b0ffbeb6d890a4f08bc8a3a49faa6d8e7b
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
