k_mutex_unlock will now perform error checking and return on failures.
If the current thread does not own the mutex, we will now return -EPERM.
In the unlikely situation where we own a lock and the lock count is
zero, we assert. This is considered an undefined bahviour and should not
happen.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Define there options for runtime error handling:
- assert on all errors (ASSERT_ON_ERRORS)
- no runtime checks (no asserts, no runtime error handling)
(NO_RUNTIME_CHECKS)
- full runtime error handling (the default) (RUNTIME_ERROR_CHECKS)
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add support for CANopen LED indicators according to the CAN in
Automation (CiA) 303-3 specification.
This fixes#15278.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Add support for storing the CANopen object dictionary to non-volatile
storage.
This fixes#15278.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
`TLS_PEER_VERIFY` and `TLS_DTLS_ROLE` options accept specific values,
yet no symbols were defined for them. In result, magic numbers were used
in several places, making the code less readable.
Fix this issue, by adding the missing symbols to the `socket.h` header,
and using them in places where related socket options are set.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add function that returns remaining time until next keep alive message
shall be sent. Such function could be used for instance as a source
for `poll` timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement a set of per-cpu trampoline stacks which all
interrupts and exceptions will initially land on, and also
as an intermediate stack for privilege changes as we need
some stack space to swap page tables.
Set up the special trampoline page which contains all the
trampoline stacks, TSS, and GDT. This page needs to be
present in the user page tables or interrupts don't work.
CPU exceptions, with KPTI turned on, are treated as interrupts
and not traps so that we have IRQs locked on exception entry.
Add some additional macros for defining IDT entries.
Add special handling of locore text/rodata sections when
creating user mode page tables on x86-64.
Restore qemu_x86_64 to use KPTI, and remove restrictions on
enabling user mode on x86-64.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These were unintentionally omitted. We don't expose callback
registration or callback response APIs for security reasons.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
generated_dts_board.h is pretty redundant and confusing as a name. Call
it devicetree.h instead.
dts.h would be another option, but DTS stands for "devicetree source"
and is the source code format, so it's a bit confusing too.
The replacement was done by grepping for 'generated_dts_board' and
'GENERATED_DTS_BOARD'.
Two build diagram and input-output SVG files were updated as well, along
with misc. documentation.
hal_ti, mcuboot, and ci-tools updates are included too, in the west.yml
update.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Zephyr crypto API currently does not allow IV to be treated as separate
entity. This is mostly due to fact that underlying libraries expect the
IV to be prefixed to the cipher/plain text for performance reasons. But
there are cases where the IV is derived from other sources and not
directly transmitted to the other end. In such cases, it must be treated
as a first class citizen.
This patch adds a new capability flag `CAP_NO_IV_PREFIX` to the crypto
API that allows operations without prefixing the IV to the cipher/plain
text. When `CAP_NO_IV_PREFIX` is active (and supported), the IV passed
to cipher_*_op() must not be modified.
As a side effect, the length of the cipher/plain texts are equal;
allowing for in-place encryption/decryption.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Allow models to skip a periodic publish interval by returning an error
from the publish update callback.
Previously, an error return from publish update would cancel periodic
publishing. This can't be recovered from, and as such, no valid model
implementation could return an error from this callback, and there was
no way to skip a periodic publish.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
I ran into a build failure trying to use Zephyr's MCUmgr. It was a
missing symbol at link time, and since I am using C++, I looked to see
if it was a name mangling issue. The mcuboot.h header file was missing
`extern "C"` guards, which was the root cause of the issue.
This commit adds C++ support to mcuboot.h by adding in `extern "C"`
guards. I validated this change by building and running my DFU
application with MCUmgr successfully.
Signed-off-by: Brooks Prumo <brooks@prumo.org>
The application may want to know the configured mode without inspecting
Kconfig macros; this is important for proper management of BASELINE
which is mode-dependent.
It also may need to know the version of the hardware and firmware, as
the behavior of application firmware 2.0 is significantly better than
version 1.1.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
This mode is documented as producing a raw result every 250 ms that the
application must convert to eCO2 and eTVOC readings. In practice
application firmware 2.0 appears to convert the readings as with all
other rates.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Expose the entire content of the ALG_RESULT_DATA block to the
application, primarily so the status and error flags can be seen. With
those available the application has the ability to detect that a stale
result has been provided so sensor_fetch_sample() can return -EAGAIN in
this case instead of -EIO, and it doesn't need to block which is
annoying.
This should also make the sensor usable on older Nordic Thingy:52
devices with outdated CCS811 application firmware that doesn't properly
implement the DATA_READY bit.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Accurate estimate of gas presence requires temperature and humidity
data. Add API to update these values.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Proper use of the CCS811 requires maintenance of the BASELINE
register value measured in clean air at various points in the sensor
life cycle. The sensor driver abstraction has no facility to support
this, so add an application header with functions to fetch and update
the register value.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Add documentation for why connection objects are still in use during the
disconnected callback and document error code when starting connectable
advertiser with no free connection object available.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
- In early boot, enable the syscall instruction and set up
necessary MSRs
- Add a hook to update page tables on context switch
- Properly initialize thread based on whether it will
start in user or supervisor mode
- Add landing function for system calls to execute the
desired handler
- Implement arch_user_string_nlen()
- Implement logic for dropping a thread down to user mode
- Reserve per-CPU storage space for user and privilege
elevation stack pointers, necessary for handling syscalls
when no free registers are available
- Proper handling of gs register considerations when
transitioning privilege levels
Kernel page table isolation (KPTI) is not yet implemented.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This code:
1) Doesn't work
2) Hasn't ever been enabled by default
3) We mitigate Spectre V2 via Extended IBRS anyway
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We use a fixed value of 32 as the way interrupts/exceptions
are setup in x86_64's locore.S do not lend themselves to
Kconfig configuration of the vector to use.
HW-based kernel oops is now permanently on, there's no reason
to make it optional that I can see.
Default vectors for IPI and irq offload adjusted to not
collide.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nothing too fancy here, we try as much as possible to
use the same register layout as the C calling convention.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Includes linker script fragments for the kernel object
tables and automatic memory partitions. The data section
is moved to the end per the requirements of
include/linker/kobject.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
z_x86_thread_page_tables_get() now works for both user
and supervisor threads, returning the kernel page tables
in the latter case. This API has been up-leveled to
a common header.
The per-thread privilege elevation stack initial stack
pointer, and the per-thread page table locations are no
longer computed from other values, and instead are stored
in thread->arch.
A problem where the wrong page tables were dumped out
on certain kinds of page faults has been fixed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add two new non-static APIs for dumping out the
page table entries for a specified memory address,
and move to the main MMU code. Has debugging uses
when trying to figure out why memory domains are not
set up correctly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We don't need to set up GDT data descriptors for setting
%gs. Instead, we use the x86 MSRs to set GS_BASE and
KERNEL_GS_BASE.
We don't currently allow user mode to set %gs on its own,
but later on if we do, we have everything set up to issue
'swapgs' instructions on syscall or IRQ.
Unused entries in the GDT have been removed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Define MSR register addresses for various MSRs related to
SYSCALL/SYSRET. We also add MSRs for FS/GS base addresses
(for GS, both kernel and user mode) to support SWAPGS.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These were previously assumed to always be fatal.
We can't have the faulting thread's XMM registers
clobbered, so put the SIMD/FPU state onto the stack
as well. This is fairly large (512 bytes) and the
execption stack is already uncomfortably small, so
increase to 2K.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add helper define BT_BUF_SIZE which considers the BT_BUF_RESERVE when
declaring Bluetooth HCI buffers.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix typos, use punctuation and capitalization more consistently. In
a few cases, rewrite sentences for clarity.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Adds a way to register listeners for incoming scanner packets, in
addition to the callback passed in bt_le_scan_enable.
This allows application modules to add multiple scan packet listeners
without owning the scanner life cycle API, enabling use cases like
beacon scanning alongside Bluetooth Mesh.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Use option ASSERT_NO_FILE_INFO to control panic or oops location print.
The cause of the exception can be backtraced using the stackframe
instead, which would give the user a way to reduce the footprint of the
panic implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Completely remove the file info and condition expression from the
the print statement if they are not enabled. This saves a little code
space which adds up when there are many assert calls.
In bluetooth shell test this saves around 4.5k bytes.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Disable printing the line number in assertions when file name has been
disabled. Knowing the line number is not very useful when the name of
the file is unknown.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to disable the assertion message, this makes all __ASSERT
behave as __ASSERT_NO_MSG instead.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add verbose option which would control if the assertion mechanism prints
any information at all. With this disabled they application will have to
use the stack-frame to locate the assertion location.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move __ASSERT_LOC macro so that it can be used by other modules even
when CONFIG_ASSERT are disabled.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add Kconfig option to disable the conditional expression in the assert
that failed. This would save code space, and file and line provides
better information than the conditional expression in case where
the same expression would be asserted upon.
For example __ASSERT_NO_MSG(buf) wouldn't make much sense in
configuration where CONFIG_ASSERT_NO_FILE_INFO was enabled.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Replaces the Mesh model settings_commit callback with a start callback,
indicating that the mesh model behavior is ready to start. Everything
that was previously done in the settings_commit callback may be moved to
this callback, which gets called just after mesh settings are committed,
instead of in the middle of the process.
This resolves an issue where models had no context in which to start
their behavior, as the previous settings_commit call fired before the
mesh was declared valid, making access APIs inaccessible.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Current implementation of application's cfg_write callback only has the
possibility of returning boolean status, which in case of failure only
allows for one error code; BT_ATT_ERR_WRITE_NOT_PERMITTED.
This change makes the application able to add own security check on
characteristic subscription in the cfg_write callback and report a more
relevant error code (e.g. BT_ATT_ERR_AUTHORIZATION).
Signed-off-by: Kim Sekkelund <ksek@oticon.com>
This commit addresses the following issues:
1. Add a new Kconfig configuration for specifying Dual-redundant Core
Lock-step (DCLS) processor topology.
2. Register initialisation is only required when Dual-redundant Core
Lock-step (DCLS) is implemented in hardware. This initialisation is
required on DCLS only because the architectural registers are in an
indeterminate state after reset and therefore the initial register
state of the two parallel executing cores are not guaranteed to be
identical, which can lead to DCCM detecting it as a hardware fault.
A conditional compilation check for this hardware configuration
using the newly added CONFIG_CPU_HAS_DCLS flag has been added.
3. The existing CPU register initialisation code did not take into
account the banked registers for every execution mode. The new
implementation ensures that all architectural registers of every
mode are initialised.
4. Add VFP register initialisation for when floating-point support is
enabled and the core is configured in DCLS topology. This
initialisation sequence is required for the same reason given in
the first issue.
5. Add provision for platform-specific initialisation on Cortex-R
using PLATFORM_SPECIFIC_INIT config and z_platform_init function.
6. Remove seemingly pointless and inadequately defined STACK_MARGIN.
Not only does it violate the 8-byte stack alignment rule, it does
not provide any form of real stack protection.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This further reduce the overhead on each subscription at expense of
having a dedicated array to store subscriptions, the code now maintain
a separate list for each peer which should also scale better with large
number of subscriptions to different peers.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
