RT685 and RT494 ran out of mpu regions to do this test,
so add board overlays to disable the USB SRAM MPU
region definition because it is not needed for this test.
Signed-off-by: Declan Snyder <declan.snyder@nxp.com>
mem_protect and sprintf stacks both need to be slightly larger than
currently defined in order to avoid stack overflow when using picolibc.
Signed-off-by: Keith Packard <keithp@keithp.com>
This adds a test to make sure kernel only threads cannot go
into user mode: doing so would result in kernel panic.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Twister now supports using YAML lists for all fields that were written
as space-separated lists. Used twister_to_list.py script. Some artifacts
on string length are due to how ruamel dumps content.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
With picolibc moving to using the common malloc implementation, samples and
tests with picolibc-specific settings need to switch to using the common
malloc settings instead.
Signed-off-by: Keith Packard <keithp@keithp.com>
For some kernel tests, faults and exceptions are expected.
They are caught and the test would continue if the reasons
for faults are as expected. However, when the unexpected
reasons are encountered, the code simply prints a message
and calls k_fatal_halt(). When running under twister,
these messages are not the expected failed messages so
twister will spin till timeout although the execution
has already been halted. This adds another printk() before
halt to signal twister that the test has failed and bails
early.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
integration_platforms help us control what get built/executed in CI and
for each PR submitted. They do not filter out platforms, instead they
just minimize the amount of builds/testing for a particular
tests/sample.
Tests still run on all supported platforms when not in integration mode.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Use of pipes is now configurable. All tests that use pipes must enable
that feature. (Note: no sample projects currently use pipes.)
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Add a bunch of missing "zephyr/" prefixes to #include statements in
various test and test framework files.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
irq_lock() returns an unsigned integer key.
Generated by spatch using semantic patch
scripts/coccinelle/irq_lock.cocci
Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>
In order to bring consistency in-tree, migrate all tests to the new
prefix <zephyr/...>. Note that the conversion has been scripted, refer
to #45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Add the appropriate hooks effectively replacing the old implementation
with the new one.
Also the stackguard wasn't properly enforced especially with the
usermode combination. This is now fixed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
When a memory domain is initialized, the z_libc_partition must be
included so that critical libc-related data can be accessed.
On ARM processors without TPIDRURO when THREAD_LOCAL_STORAGE is enabled,
this includes the TLS base pointer, which is used for several
thread-local variables in the kernel.
Signed-off-by: Keith Packard <keithp@keithp.com>
When active, z_libc_partition consumes an MPU region which leaves too
few for some MPU tests. Free up one by disabling HW stack protection.
Signed-off-by: Keith Packard <keithp@keithp.com>
When using THREAD_LOCAL_STORAGE the thread_userspace_local_data stuff
isn't used, so these tests wouldn't build.
Signed-off-by: Keith Packard <keithp@keithp.com>
The warning below appears once -Waddress-of-packed-mem is enabled:
/__w/zephyr/zephyr/tests/kernel/mem_protect/userspace/src/main.c: In
function 'test_main':
/__w/zephyr/zephyr/tests/kernel/mem_protect/userspace/src/main.c:1024:17:
error: converting a packed 'k_thread_stack_t' {aka 'struct
z_thread_stack_element'} pointer (alignment 1) to a 'struct
z_x86_thread_stack_header' pointer (alignment 4096) may result in an
unaligned pointer value [-Werror=address-of-packed-member]
1024 | hdr = ((struct z_x86_thread_stack_header *)ztest_thread_stack);
To avoid the warning, use an intermediate void * variable.
More info in #16587.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This changes both k_mem_domain_add_partition() and
k_mem_domain_remove_partition() to return errors instead of
asserting when errors are encountered. This gives the application
chance to recover.
The arch_mem_domain_parition_add()/_remove() will be modified
later together with all the other arch_mem_domain_*() changes
since the architecture code for partition addition and removal
functions usually cannot be separately changed.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This changes k_mem_domain_init() to return error values
instead of asserting when errors are encountered.
This gives applications a chance to recover if needed.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each larger
areas in the linker script.
The symbols _image_rom_start and _image_rom_end corresponds to the group
ROMABLE_REGION defined in the ld linker scripts.
The symbols _image_rodata_start and _image_rodata_end is not placed as
independent group but covers common-rom.ld, thread-local-storage.ld,
kobject-rom.ld and snippets-rodata.ld.
This commit align those names and prepares for generation of groups in
linker scripts.
The symbols describing the ROMABLE_REGION will be renamed to:
_image_rom_start -> __rom_region_start
_image_rom_end -> __rom_region_end
The rodata will also use the group symbol notation as:
_image_rodata_start -> __rodata_region_start
_image_rodata_end -> __rodata_region_end
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
If pinned section is enabled, _k_neg_eagain should be in pinned
rodata section. So add the check if pinned section is enabled.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This functions is being called across the tree, no reason why it should
not be a public API.
The current usage violates a few MISRA rules.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split ARM and ARM64 architectures.
Details:
- CONFIG_ARM64 is decoupled from CONFIG_ARM (not a subset anymore)
- Arch and include AArch64 files are in a dedicated directory
(arch/arm64 and include/arch/arm64)
- AArch64 boards and SoC are moved to soc/arm64 and boards/arm64
- AArch64-specific DTS files are moved to dts/arm64
- The A72 support for the bcm_vk/viper board is moved in the
boards/bcm_vk/viper directory
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
We are setting CONFIG_GEN_PRIV_STACKS when AArch64 actually uses a
statically allocated privileged stack.
This error was not captured by the tests because we only verify whether
a read/write to a privileged stack is failing, but it can fail for a lot
of reasons including when the pointer to the privileged stack is not
initialized at all, like in this case.
With this patch we deselect CONFIG_GEN_PRIV_STACKS and we fix the
mem_protect/userspace test to correctly probe the privileged stack.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Skip the test_disable_mmu_mpu test case for
Cortex-M non-secure builds, since the test
may enter a BusFault which is not banked
between security states and the system
may hang.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add support for the following tests:
- test_write_control
- test_disable_mmu_mpu
- test_read_priv_stack
- test_write_priv_stack
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
We now just use two memory domains; the default domain and an
'alternate_domain' used for tests that need to handle a memory
domain switch.
Along the way the test code was simplified.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test is generating build warnings as it is making
checks that can never be false.
This reverts commit a4f1a5f58f.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Found out that important requirements are not tested by current
kernel objects tests. Decided to fix that situation
New added tests:
1. test_kobj_assign_perms_on_alloc_obj()
Create kernel object semaphore, dynamically allocate it from the
calling thread's resource pool.
Check that object's address is in bounds of that memory pool.
Then check the requestor thread will implicitly be assigned
permission on the allocated object by using
semaphore API k_sem_init()
2. test_no_ref_dyn_kobj_release_mem()
Dynamically allocated kernel objects whose access is controlled by
the permission system will use object permission as a reference count
If no threads have access to an object, the object's memory released.
3. test_krnl_obj_static_alloc_build_time()
Take addresses of the kernel objects which are statically allocated
during the build time and verify that they are not null.
That kernel objects shouldn't require manual
registration by the end user.
4. Clean-up. Removed unused variable from userspace test.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
We don't need 3 different threads/stacks and the stack size
can be smaller, the threads don't do much.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- No longer call ztest_test_pass() out of a fatal exception,
as if this took place on some child thread, the next test
case could start on another CPU before the child has exited,
leading to issues if the child thread object is recycled
- Get rid of some unnecessary synchronization semaphores.
Use the scheduler and/or k_thread_join() instead.
- Simplify tests for read/write other threads not to spawn
a child thread and then take a fatal fault on the ztest
thread
- Add set_fault() clear_fault() as I do not enjoy typing.
Despite these variables being voliatile, a barrier is
needed to prevent re-ordering around non-volatile memory
access
- Don't call ztest_test_pass() from child thread in
test_user_mode_enter() due to possible races
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to exclude the .gap_filling test from running on
ARMv8-M platforms with 8 MPU regions available, since the
userspace test defines and uses a memory domain whose number
of partitions exceed the maximum number of permitted partitions
in ARMv8-m SoCs with MPU_GAP_FILLING=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
