Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each larger
areas in the linker script.
The symbols _image_rom_start and _image_rom_end corresponds to the group
ROMABLE_REGION defined in the ld linker scripts.
The symbols _image_rodata_start and _image_rodata_end is not placed as
independent group but covers common-rom.ld, thread-local-storage.ld,
kobject-rom.ld and snippets-rodata.ld.
This commit align those names and prepares for generation of groups in
linker scripts.
The symbols describing the ROMABLE_REGION will be renamed to:
_image_rom_start -> __rom_region_start
_image_rom_end -> __rom_region_end
The rodata will also use the group symbol notation as:
_image_rodata_start -> __rodata_region_start
_image_rodata_end -> __rodata_region_end
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
If pinned section is enabled, _k_neg_eagain should be in pinned
rodata section. So add the check if pinned section is enabled.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This functions is being called across the tree, no reason why it should
not be a public API.
The current usage violates a few MISRA rules.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split ARM and ARM64 architectures.
Details:
- CONFIG_ARM64 is decoupled from CONFIG_ARM (not a subset anymore)
- Arch and include AArch64 files are in a dedicated directory
(arch/arm64 and include/arch/arm64)
- AArch64 boards and SoC are moved to soc/arm64 and boards/arm64
- AArch64-specific DTS files are moved to dts/arm64
- The A72 support for the bcm_vk/viper board is moved in the
boards/bcm_vk/viper directory
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
We are setting CONFIG_GEN_PRIV_STACKS when AArch64 actually uses a
statically allocated privileged stack.
This error was not captured by the tests because we only verify whether
a read/write to a privileged stack is failing, but it can fail for a lot
of reasons including when the pointer to the privileged stack is not
initialized at all, like in this case.
With this patch we deselect CONFIG_GEN_PRIV_STACKS and we fix the
mem_protect/userspace test to correctly probe the privileged stack.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Skip the test_disable_mmu_mpu test case for
Cortex-M non-secure builds, since the test
may enter a BusFault which is not banked
between security states and the system
may hang.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add support for the following tests:
- test_write_control
- test_disable_mmu_mpu
- test_read_priv_stack
- test_write_priv_stack
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
We now just use two memory domains; the default domain and an
'alternate_domain' used for tests that need to handle a memory
domain switch.
Along the way the test code was simplified.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test is generating build warnings as it is making
checks that can never be false.
This reverts commit a4f1a5f58f.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Found out that important requirements are not tested by current
kernel objects tests. Decided to fix that situation
New added tests:
1. test_kobj_assign_perms_on_alloc_obj()
Create kernel object semaphore, dynamically allocate it from the
calling thread's resource pool.
Check that object's address is in bounds of that memory pool.
Then check the requestor thread will implicitly be assigned
permission on the allocated object by using
semaphore API k_sem_init()
2. test_no_ref_dyn_kobj_release_mem()
Dynamically allocated kernel objects whose access is controlled by
the permission system will use object permission as a reference count
If no threads have access to an object, the object's memory released.
3. test_krnl_obj_static_alloc_build_time()
Take addresses of the kernel objects which are statically allocated
during the build time and verify that they are not null.
That kernel objects shouldn't require manual
registration by the end user.
4. Clean-up. Removed unused variable from userspace test.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
We don't need 3 different threads/stacks and the stack size
can be smaller, the threads don't do much.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- No longer call ztest_test_pass() out of a fatal exception,
as if this took place on some child thread, the next test
case could start on another CPU before the child has exited,
leading to issues if the child thread object is recycled
- Get rid of some unnecessary synchronization semaphores.
Use the scheduler and/or k_thread_join() instead.
- Simplify tests for read/write other threads not to spawn
a child thread and then take a fatal fault on the ztest
thread
- Add set_fault() clear_fault() as I do not enjoy typing.
Despite these variables being voliatile, a barrier is
needed to prevent re-ordering around non-volatile memory
access
- Don't call ztest_test_pass() from child thread in
test_user_mode_enter() due to possible races
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to exclude the .gap_filling test from running on
ARMv8-M platforms with 8 MPU regions available, since the
userspace test defines and uses a memory domain whose number
of partitions exceed the maximum number of permitted partitions
in ARMv8-m SoCs with MPU_GAP_FILLING=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Check that the base of every stack object is properly
defined. This can get messed up if K_THREAD_STACK_ARRAY_DEFINE
isn't specified properly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The core kernel computes the initial stack pointer
for a thread, properly aligning it and subtracting out
any random offsets or thread-local storage areas.
arch_new_thread() no longer needs to make any calculations,
an initial stack frame may be placed at the bounds of
the new 'stack_ptr' parameter passed in. This parameter
replaces 'stack_size'.
thread->stack_info is now set before arch_new_thread()
is invoked, z_new_thread_init() has been removed.
The values populated may need to be adjusted on arches
which carve-out MPU guard space from the actual stack
buffer.
thread->stack_info now has a new member 'delta' which
indicates any offset applied for TLS or random offset.
It's used so the calculations don't need to be repeated
if the thread later drops to user mode.
CONFIG_INIT_STACKS logic is now performed inside
z_setup_new_thread(), before arch_new_thread() is called.
thread->stack_info is now defined as the canonical
user-accessible area within the stack object, including
random offsets and TLS. It will never include any
carved-out memory for MPU guards and must be updated at
runtime if guards are removed.
Available stack space is now optimized. Some arches may
need to significantly round up the buffer size to account
for page-level granularity or MPU power-of-two requirements.
This space is now accounted for and used by virtue of
the Z_THREAD_STACK_SIZE_ADJUST() call in z_setup_new_thread.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
1. Found out that thread tests doesn't test next ideas of requirements,
which I think necessary to be tested and verified:
-the kernel need to prevent user threads creating new threads from
using thread or thread stack objects which are in an initialized state
-Upon thread exit, the kernel need to mark the exiting thread
and thread stack objects as uninitialized
Add new tests to test requirements above, that way we can cover more
features to be tested:
- test_new_user_thread_with_in_use_stack_obj()
- test_mark_thread_exit_uninitialized()
2. Modified test test_create_new_thread_from_user() to verify that
kernel provides new user threads access to their own thread object.
3. Also I added detailed Doxygen tags for each new test and existing
modified test.
4. Added Doxygen tag to the existing test test_stack_buffer, it
covers requirement:
-The kernel need to provide all threads read and write access to their
own stack memory buffer.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
1. Add code change to the test_permission_inheritance() to let it
test that child thread can't access parent thread object. Now that test
tests one more related to it feature.
2. Add new Doxygen tags with informative descriptions about the kernel
objects tests. That will make reading and understanding kernel object
tests code easier.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
1. Doxygen tags updates of the existing tests.
2. Fixed use of API K_MSEC in test_syscall_torture
3. Removed misprints
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Added new doxygen tags for tests:
1. test_mem_domain_destroy
2. test_domain_add_part_drop_to_user
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Reason is that some threads tests have poor description Doxygen
tags. I decided to fix that situation in some tests which understand.
Update Doxygen tags for the next tests:
test_create_new_supervisor_thread_from_user()
test_user_mode_enter()
test_create_new_higher_prio_thread_from_user()
test_create_new_thread_from_user_huge_stacksize()
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Added separator (e.g. comma or semicolon) parameter to FOR_EACH_ family.
Separator is added between macro execution for each argument and not at
the end.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Remove all ram restrictions in kernel tests and revisit all tests and
try to make them pass on all platforms.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Reason is that some tests have poor description in Doxygen tags,
decided to fix that situation in some tests which I understand.
Also remove small misprints from some parts of code.
Update Doxygen tags for the next tests:
test_access_kobject_without_init_access
test_thread_without_kobject_permission
test_bad_syscall
test_syscall_invalid_kobject
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
... because it is (required).
This makes a difference when building with CMake and forgetting
ZEPHYR_BASE or not registering Zephyr in the CMake package registry.
In this particular case, REQUIRED turns this harmless looking log
statement:
-- Could NOT find Zephyr (missing: Zephyr_DIR)
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
-- Check for working C compiler: /usr/bin/cc
-- ...
-- ...
-- ...
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Error at CMakeLists.txt:8 (target_sources):
Cannot specify sources for target "app" which is not built by
this project.
... into this louder, clearer, faster and (last but not least) final
error:
CMake Error at CMakeLists.txt:5 (find_package):
Could not find a package configuration file provided by "Zephyr" with
any of the following names:
ZephyrConfig.cmake
zephyr-config.cmake
Add the installation prefix of "Zephyr" to CMAKE_PREFIX_PATH or set
"Zephyr_DIR" to a directory containing one of the above files. If
"Zephyr" provides a separate development package or SDK, be sure it
has been installed.
-- Configuring incomplete, errors occurred!
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Tests should always start with test_, otherwise detection of subtests
will not work through sanitycheck.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Private type, internal to the kernel, not directly associated
with any k_object_* APIs. Is the return value of z_object_find().
Rename to struct z_object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* arc supports mpu gap filling now.
* these tests can be used for any arch which supports mpu gap
filling.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Extend the bad syscall-ID test case to cover
erroneously supplied larged unsiged syscall-ID
values.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The existing stack_analyze APIs had some problems:
1. Not properly namespaced
2. Accepted the stack object as a parameter, yet the stack object
does not contain the necessary information to get the associated
buffer region, the thread object is needed for this
3. Caused a crash on certain platforms that do not allow inspection
of unused stack space for the currently running thread
4. No user mode access
5. Separately passed in thread name
We deprecate these functions and add a new API
k_thread_stack_space_get() which addresses all of these issues.
A helper API log_stack_usage() also added which resembles
STACK_ANALYZE() in functionality.
Fixes: #17852
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Interrupts should not be locked when servicing a system call,
and the kernel should not think we are in an interrupt handler
either.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Exceptions on x86_64 are incorrectly implemented, and if
a preemptible thread faults, and in its overridden
k_sys_fatal_error_handler() does something which invokes
a scheduling point (such as here where we give semaphores),
the thread will be swapped out on the per-CPU exception stack
and probably explode when it is switched back in.
For now, change the faulting thread priority to co-op so this
doesn't happen.
Workaround for #21462
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test spawns a child thread and expects it to complete.
Use one CPU for it. Get rid of the useless k_thread_abort()
call and add a k_yield() to ensure the child does its
thing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
This symbol should already be getting enabled if CONFIG_USERSPACE is
enabled, because CONFIG_ERRNO is default y and has
select THREAD_USERSPACE_LOCAL_DATA if USERSPACE
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
In addition to not assuming all pointers fit in a u32_t,
logic is added to find the privilege mode stack on x86_64
and several error messages now contain more information.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We add a new test-case for the mem_protect and userspace tests,
to test the ARMv8-M MPU driver without the skipping of full SRAM
partitioning (i.e. gap filling).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We replace an inline assembly block of code with CMSIS
functions, to make it portable to ARMv6-M architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Re-run with updated script to convert integer literal delay arguments to
k_sleep to use the standard timeout macros.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
