System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
From the Jailhouse days, this has been a function call. That's silly.
We now inline the EOI in the ISR when in x2APIC mode. Also clean up
z_irq_controller_eoi(), so it now uses the inline macros.
Also, we now enable x2APIC on up_squared by default.
Fixes: #17133
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This appears to be leftover from the days when we generated
more memory protection data at build time.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
sys_dlist_insert_before and sys_dlist_insert_after have been deprecated
for at least 2 releases. We can now remove them.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We've had a number of API functions for I2C marked as deprecated for 2
releases. We can now remove them.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Utilize the multi-level irq infrastructure and replace custom handling
for PLIC on riscv-privilege SoCs. The old code offset IRQs in drivers
and various places with RISCV_MAX_GENERIC_IRQ. Instead utilize Zephyr's
encoded IRQ and replace offsets in drivers with the IRQ define from DTS.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Remove the handcoded multi-level IRQ values in device tree. We now are
able to generate the encoded multi-level IRQ value.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To work efficiently, SPI_NSS pins require pull-up configuration.
Fix this for whole STM32 series.
Fixes#17998
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Allow user to disable native IP stack and use offloaded IP
stack instead. It is also possible to enable both at the same
time if needed.
Fixes#18105
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The CC3235SF requires a debug header to be placed at the beginning of
internal flash, so that the bootloader does not automatically overwrite
the flash memory with the program saved in external flash.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
This commit adds an explicit inclusion of toolchain.h from ptp_time.h.
The endianness preprocessor definitions (__BYTE_ORDER__,
__ORDER_LITTLE_ENDIAN__, __ORDER_BIG_ENDIAN__) are used by ptp_time.h;
these being not defined can easily go unnoticed and cause unexpected
behaviours, as detailed in PR #18922.
toolchain.h ensures that these preprocessor definitions are defined and
*must* be included in a file that uses these definitions.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds an explicit inclusion of toolchain.h from byteorder.h.
The endianness preprocessor definitions (__BYTE_ORDER__,
__ORDER_LITTLE_ENDIAN__, __ORDER_BIG_ENDIAN__) are used by byteorder.h;
these being not defined can easily go unnoticed and cause unexpected
behaviours, as detailed in PR #18922.
toolchain.h ensures that these preprocessor definitions are defined and
*must* be included in a file that uses these definitions.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds an explicit inclusion of toolchain.h from kernel.h.
The endianness preprocessor definitions (__BYTE_ORDER__,
__ORDER_LITTLE_ENDIAN__, __ORDER_BIG_ENDIAN__) are used by kernel.h;
these being not defined can easily go unnoticed and cause unexpected
behaviours, as detailed in PR #18922.
toolchain.h ensures that these preprocessor definitions are defined
and *must* be included in a file that uses these definitions.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds a global check for __BYTE_ORDER__,
__ORDER_LITTLE_ENDIAN__ and __ORDER_BIG_ENDIAN__ preprocessor
definitions that are used throughout the Zephyr codebase.
These preprocessor definitions being not defined can easily
go unnoticed and cause unexpected behaviours, as detailed in
PR #18922.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This has been subsumed by the new implementation in drivers/pcie.
We remove the legacy subsystem, related tests, shell module, and
outdated documentation/config references.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This patch add tty runtime initialization check for console support
routines. Without it callers of routines API are not aware that
initialization of tty was failed. This patch basically checks
availability of console device and also its support for
interrupt driven transfers if routines are configured to use it.
Signed-off-by: Pavel Kral <pavel.kral@omsquare.com>
Switch form using privater FCB error codes to
errno codes. FCB private codes convention were compatible
with <errno.h> codes:
- 0 mean success
- negative values mean errors
- similar error types.
There was no sense to kept private FCB error codes.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
1) Dump time sinse last scheduler call
Could be handy for tickless kernel debug.
Will indicate that no rtc irq is called
2) Dump current timeout of each thread
Could be used to find yout when thread will wake up
3) Dump human friendly thread state
4) Use shell_prin instead shell_fprintf
Signed-off-by: Pavlo Hamov <pavlo_hamov@jabil.com>
Add new RD Client API of lwm2m_rd_client_stop() for this
Fix issues of de-register and event reporting in RD Client
Signed-off-by: Jun Qing Zou <jun.qing.zou@nordicsemi.no>
This follows the z_arch_irq_en-/dis-able() so that the SoC
definitions are responsible for functions related to multi-level
interrupts.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There is an API to query if any IRQ is enabled but there is
none to query individual IRQ line. So add one.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add iterator function to iterate over all connection objects.
Make type a bitmap so that it can be used as a bitmask to select which
conns to receive foreach callback.
Use foreach function internally where possible.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allows the user to pass a provisioning input complete callback to the
provisioning module, letting the application stop displaying its output
OOB value when the other party finishes their OOB input.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
The current implementation does not return the low 32 bits of
k_uptime_get() as suggested by it's documentation; it returns the number
of milliseconds represented by the low 32-bits of the underlying system
clock. The truncation before translation results in discontinuities at
every point where the system clock increments bit 33.
Reimplement it using the full-precision value, and update the
documentation to note that this variant has little value for
long-running applications.
Closes#18739.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Make the capitalization consistent with that used in k_object_alloc(),
and fix a copy/paste error in k_object_access_revoke()'s docstring.
Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
Endianness bug fix in bt_uuid_create function.
Replaced bt_uuid_create_le with bt_uuid_create which
handles both UUID from air and internal varaiable.
Fixed bug with endianess in case of big endian targets.
Signed-off-by: Akshatha Harishchandra <akhr@oticon.com>
This commit adds basic userspace support to the logging subsystem.
With this change, the following API could be called from user mode:
- LOG_*()
- LOG_INST_*(),
- LOG_HEXDUMP_*(),
- LOG_HEXDUMP_INST_*(),
- LOG_PANIC(), LOG_PROCESS(),
- log_printk(), log_generic(), log_buffrered_cnt(),
- log_filter_set(NULL, ...)
With userspace disabled, the logger behavior and performance
is not affected. With userspace enabled, the calls from kernel
space have an additional overhead introduced by _is_user_context().
The logger behavior changes when it is called from the user context.
All strings logged using LOG_*() and LOG_INST_*() API from userspace
are rendered in place for security reasons and then placed in
log_strdup() memory pool, which should be large enough to hold bursts
of log messages.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit exports the _is_user_context() function regardless
of the CONFIG_USERSPACE setting. If userspace is enabled, the
value returned depends on the execution context. If userspace
is disabled, the _is_user_context() always returns false.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
poll() and related things are expected to be declared in this header
by POSIX applications.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Stop the pairing procedure in the request phase if no storage is
available for the keys. This avoids the pairing procedure from failing
during the key distribution phase.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
CONFIG_NUM_IRQS blindly assumes CONFIG_2ND_LEVEL_INTERRUPTS
and CONFIG_3RD_LEVEL_INTERRUPTS are always enabled together,
which is not always the case. So fix the #define.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Update the xtensa backend to work better with the new fatal error
architecture. Move the stack frame dump (xtensa uses a variable-size
frame becuase we don't spill unused register windows, so it doesn't
strictly have an ESF struct) into z_xtensa_fatal_error(). Unify the
older exception logging with the newer one (they'd been sort of glomed
together in the recent rework), mostly using the asm2 code but with
the exception cause stringification and the PS register field
extraction from the older one.
Note that one shortcoming is that the way the dispatch code works, we
don't have access to the spilled frame from within the spurious error
handler, so this can't log the interrupted CPU state. This isn't
fixable easily without adding overhead to every interrupt entry, so it
needs to stay the way it is for now. Longer term we could exract the
caller frame from the window state and figure it out with some
elaborate assembly, I guess.
Fixes#18140
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
