The sys_mem_pool data structure is going away. And this test case
didn't actually do much. All it did was create a sys_mem_pool in the
app data section (I guess that's the "mem_protect" part?) and validate
that it was usable. We have tests for sys_heap to do that already
elsewhere anyway; no point in porting.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The kernel resource pool is now a k_heap. There is a compatibility
API still, but this is a core test that should be exercising the core
API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The k_mem_pool allocator is no more, and the z_mem_pool compatibility
API is going away. The internal allocator should be a k_heap always.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Mark all k_mem_pool APIs deprecated for future code. Remaining
internal usage now uses equivalent "z_mem_pool" symbols instead.
Fixes#24358
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When adding the new partition to a memory domain the system must
assert that it does not overlap with any other existing partitions
in the domain.
Test to add new partition which has same start address as an
existing one, after that must happen an assertion error indicating
that new partition overlaps existing one.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Adds a new CONFIG_MPU which is set if an MPU is enabled. This
is a menuconfig will some MPU-specific options moved
under it.
MEMORY_PROTECTION and SRAM_REGION_PERMISSIONS have been merged.
This configuration depends on an MMU or MPU. The protection
test is updated accordingly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test reads and writes outside the bounds of an array allocated on
the stack in check_input(). This commit disables the test on SPARC.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Some platforms may have multiple RAM regions which are
dis-continuous in the physical memory map. We really want
these to be in a continuous virtual region, and we need to
stop assuming that there is just one SRAM region that is
identity-mapped.
We no longer use CONFIG_SRAM_BASE_ADDRESS and CONFIG_SRAM_SIZE
as the bounds of kernel RAM, and no longer assume in the core
kernel that these are identity mapped at boot.
Two new Kconfigs, CONFIG_KERNEL_VM_BASE and
CONFIG_KERNEL_RAM_SIZE now indicate the bounds of this region
in virtual memory.
We are currently only memory-mapping physical device driver
MMIO regions so we do not need virtual-to-physical calculations
to re-map RAM yet. When the time comes an architecture interface
will be defined for this.
Platforms which just have one RAM region may continue to
identity-map it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Execute tests are disabled for RISC-V because is isn't able
to set an execution restriction. From RISC-V documentation:
"Instruction address-translation and protection are unaffected
by the setting of MPRV"
MPRV is used to apply memory protection restriction when CPU is
running in machine mode (kernel).
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
Add a memory region allocation for RISCV architecture.
Also fix an arbitraty value which can't work with
RISC-V granularity.
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
Add support for the following tests:
- test_write_control
- test_disable_mmu_mpu
- test_read_priv_stack
- test_write_priv_stack
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
We need to make sure that if we migrate a thread to another
memory domain, the migration process doesn't cause the target
thread to explode. This is mostly a concern on SMP systems;
the thread could be running on another CPU at the same time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There is a race condition between the child threads
exiting, and the child threads getting re-used in the
next scenario. This reproduces more often on SMP systems.
Close the race by joining on the child threads before
exiting any test scenario.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This suite now uses far less memory and is much simpler.
We still maintain coverage of all the memory domain APIs
and ensure that the maximum number of partitions can be
applied.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The tests test_mem_part_auto_determ_size and
test_mem_part_auto_determ_size_per_mpu are supposed to
just be checking the construction of automatic memory
partitions.
test_mem_part_auto_determ_size had a bunch of extraneous
stuff covered by other test cases and reserved three
different thread stacks.
These two tests have been drastically simplified and
combined.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
test_mem_part_inherity_by_child_thr duplicates logic already
present in test_permission_inheritance. That test puts a
buffer called 'inherit_buf' in 'inherit_memory_partition'
and shows that it is accessible by a child thread by
writing to it.
Delete this unnecessary test.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Tests are now grouped in the C file they occur in.
test_mark_thread_exit_uninitialized no longer occurs twice.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
put all globals only used in this C file in static scope, which
revealed that a few of them were not used at all.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now just use two memory domains; the default domain and an
'alternate_domain' used for tests that need to handle a memory
domain switch.
Along the way the test code was simplified.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ensure that both the main thread and any static threads are
properly assigned to the default memory domain.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test is generating build warnings as it is making
checks that can never be false.
This reverts commit a4f1a5f58f.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Found out that important requirements are not tested by current
kernel objects tests. Decided to fix that situation
New added tests:
1. test_kobj_assign_perms_on_alloc_obj()
Create kernel object semaphore, dynamically allocate it from the
calling thread's resource pool.
Check that object's address is in bounds of that memory pool.
Then check the requestor thread will implicitly be assigned
permission on the allocated object by using
semaphore API k_sem_init()
2. test_no_ref_dyn_kobj_release_mem()
Dynamically allocated kernel objects whose access is controlled by
the permission system will use object permission as a reference count
If no threads have access to an object, the object's memory released.
3. test_krnl_obj_static_alloc_build_time()
Take addresses of the kernel objects which are statically allocated
during the build time and verify that they are not null.
That kernel objects shouldn't require manual
registration by the end user.
4. Clean-up. Removed unused variable from userspace test.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
We don't need 3 different threads/stacks and the stack size
can be smaller, the threads don't do much.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Compiler may optimize away write to RO region and following
readback so we won't trigger fault (that actually happens with
arc MWDT toolchain).
Add volatile to avoid that.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Add new tests to improve of the Zephyr QA testing of the memory
protection for memory domains and partitions.
I created new tests for memory protection->memory partitions for
the requirements which I think necessary to be tested.
I added Doxygen tag for each test to make it clear to understand
what each test is doing and how.
New tests for memory domains and partitions:
-test_mem_domain_api_kernel_thread_only()
By creating that test I wanted to prove that access to memory
domain APIs must be restricted only to supervisor threads.
At the same time I wanted to prove that system can support the
definition of memory domains.
-test_mem_part_auto_determ_size()
By creating that test I want to prove that system can automatically
determine application memory partition base addresses and sizes
at build time, determined by its contents. Also system can support
definition of memory partitions. At the same time test proves that OS
supports adding and removing a thread from its memory domain
assignment.
-test_mem_part_auto_determ_size_per_mmu()
That test is very important and it proves that memory partitions are
automatically sized and aligned per the constraints of the platform's
memory management hardware.
-test_mem_part_inheirt_by_child_thr()
Prove that child thread inherits memory domain assignment of its
parent.
-test_macros_obtain_names_data_bss()
Test system provides tools to obtain the names of the data and BSS
sections related to a particular application memory partition at
build time.
-test_mem_part_assign_bss_vars_zero()
Test that global data and BSS values can be assigned to application
memory partitions using macros at build time. Test that BSS values
will be zeroed at the build time.
1. According to the reviews made changes.
2. Switched test_mem_part_assert_add_overmax
and test_create_new_invalid_prio_thread_from_user
That way I exposed problem (bug) with assertion
in L171 kernel/mem_protect.c
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
We try to invoke `ztest_test_pass()` from inside
a fatal exception in a child thread.
On SMP this can result in the next test case starting
on another CPU, re-using the child thread before it
has a chance to exit.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The implementations of the test cases had the wrong prototype.
The extern declarations (which were in a C file for some reason)
were correct.
I don't want to talk about the subtle code generation and stack
corruption issues that emerged from this which at one point made
me question my own sanity.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
em_starterkit_7d is not capable to generate error when access unmapped
address at kernel mode. So toggle off this part of test.
Signed-off-by: Yuguo Zou <yuguo.zou@synopsys.com>
- No longer call ztest_test_pass() out of a fatal exception,
as if this took place on some child thread, the next test
case could start on another CPU before the child has exited,
leading to issues if the child thread object is recycled
- Get rid of some unnecessary synchronization semaphores.
Use the scheduler and/or k_thread_join() instead.
- Simplify tests for read/write other threads not to spawn
a child thread and then take a fatal fault on the ztest
thread
- Add set_fault() clear_fault() as I do not enjoy typing.
Despite these variables being voliatile, a barrier is
needed to prevent re-ordering around non-volatile memory
access
- Don't call ztest_test_pass() from child thread in
test_user_mode_enter() due to possible races
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Memory mapping, for now, will be a private kernel API
and is not intended to be application-facing at this time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We no longer plan to support a split address space with
the kernel in high memory and per-process address spaces.
Because of this, we can simplify some things. System RAM
is now always identity mapped at boot.
We no longer require any virtual-to-physical translation
for page tables, and can remove the dual-mapping logic
from the page table generation script since we won't need
to transition the instruction point off of physical
addresses.
CONFIG_KERNEL_VM_BASE and CONFIG_KERNEL_VM_LIMIT
have been removed. The kernel's address space always
starts at CONFIG_SRAM_BASE_ADDRESS, of a fixed size
specified by CONFIG_KERNEL_VM_SIZE.
Driver MMIOs and other uses of k_mem_map() are still
virtually mapped, and the later introduction of demand
paging will result in only a subset of system RAM being
a fixed identity mapping instead of all of it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some ARMv8-M platforms may come with only 8 (instead of 16)
MPU regions. In these platforms, by design, a memory domain
may contain up to 2 application memory partitions, when we
build with MPU_GAP_FILLING support. To be able to test this
valid configuration we slightly modify the test code in the
mem_protect suite, and add-remove the second partition (with
index-1) instead of the third (index-2).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We need to exclude the .gap_filling test from running on
ARMv8-M platforms with 8 MPU regions available, since the
userspace test defines and uses a memory domain whose number
of partitions exceed the maximum number of permitted partitions
in ARMv8-m SoCs with MPU_GAP_FILLING=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adding the first list item in the same line as @details, creates a list
with a single item inside a paragraph, and another list with the
remaining items. What is wanted here is to have a single list with all
items, so the first item needs to be in a new line.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
We don't have use-cases and it introduces complexities with
allocating page tables on MMU systems.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ancient 2-level IA32 page tables don't support "eXecute Disable".
Skip the test scenarios for them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When thread is initialized and running z_object_validate
will return 0 for thread object and its thread stack object.
When thread exit, z_object_validate
will return -1 for thread object and its thread stack object.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Instead of replacing of copyright year with the new one,
necessary to add new to the existing one
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Updated current tests tags to make them more informative.
1. test_mslab updated Doxygen tag
2. test_create_alt_thread updated Doxygen tag
3. test_sys_heap_mem_pool_assign updated Doxygen tag
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Check that the base of every stack object is properly
defined. This can get messed up if K_THREAD_STACK_ARRAY_DEFINE
isn't specified properly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The core kernel computes the initial stack pointer
for a thread, properly aligning it and subtracting out
any random offsets or thread-local storage areas.
arch_new_thread() no longer needs to make any calculations,
an initial stack frame may be placed at the bounds of
the new 'stack_ptr' parameter passed in. This parameter
replaces 'stack_size'.
thread->stack_info is now set before arch_new_thread()
is invoked, z_new_thread_init() has been removed.
The values populated may need to be adjusted on arches
which carve-out MPU guard space from the actual stack
buffer.
thread->stack_info now has a new member 'delta' which
indicates any offset applied for TLS or random offset.
It's used so the calculations don't need to be repeated
if the thread later drops to user mode.
CONFIG_INIT_STACKS logic is now performed inside
z_setup_new_thread(), before arch_new_thread() is called.
thread->stack_info is now defined as the canonical
user-accessible area within the stack object, including
random offsets and TLS. It will never include any
carved-out memory for MPU guards and must be updated at
runtime if guards are removed.
Available stack space is now optimized. Some arches may
need to significantly round up the buffer size to account
for page-level granularity or MPU power-of-two requirements.
This space is now accounted for and used by virtue of
the Z_THREAD_STACK_SIZE_ADJUST() call in z_setup_new_thread.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
1. Found out that thread tests doesn't test next ideas of requirements,
which I think necessary to be tested and verified:
-the kernel need to prevent user threads creating new threads from
using thread or thread stack objects which are in an initialized state
-Upon thread exit, the kernel need to mark the exiting thread
and thread stack objects as uninitialized
Add new tests to test requirements above, that way we can cover more
features to be tested:
- test_new_user_thread_with_in_use_stack_obj()
- test_mark_thread_exit_uninitialized()
2. Modified test test_create_new_thread_from_user() to verify that
kernel provides new user threads access to their own thread object.
3. Also I added detailed Doxygen tags for each new test and existing
modified test.
4. Added Doxygen tag to the existing test test_stack_buffer, it
covers requirement:
-The kernel need to provide all threads read and write access to their
own stack memory buffer.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Inside function futex_wake() result of k_futex_wait() is not checked.
Coverity-CID: 211508
Fixes: #27149
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Add new standalone futex test that verifies next requirements:
-Futex can be placed in user memory using ZTEST_BMEM
-User thread can write to futex value
-User threads can make wait/wake syscalls on it
Added detailed Doxygen tag with information about the test
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
1. Add code change to the test_permission_inheritance() to let it
test that child thread can't access parent thread object. Now that test
tests one more related to it feature.
2. Add new Doxygen tags with informative descriptions about the kernel
objects tests. That will make reading and understanding kernel object
tests code easier.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Instead of replacing of copyright year with the new one,
necessary to add new to the existing one
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
To improve Zephyr tests, I think that it will necessary to have test,
that verifies a child thread inherits resource pool assignment
of their parent.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
1. Doxygen tags updates of the existing tests.
2. Fixed use of API K_MSEC in test_syscall_torture
3. Removed misprints
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Added new doxygen tags for tests:
1. test_mem_domain_destroy
2. test_domain_add_part_drop_to_user
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Reason is that some threads tests have poor description Doxygen
tags. I decided to fix that situation in some tests which understand.
Update Doxygen tags for the next tests:
test_create_new_supervisor_thread_from_user()
test_user_mode_enter()
test_create_new_higher_prio_thread_from_user()
test_create_new_thread_from_user_huge_stacksize()
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Added separator (e.g. comma or semicolon) parameter to FOR_EACH_ family.
Separator is added between macro execution for each argument and not at
the end.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Remove all ram restrictions in kernel tests and revisit all tests and
try to make them pass on all platforms.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Reason is that some tests have poor description in Doxygen tags,
decided to fix that situation in some tests which I understand.
Also remove small misprints from some parts of code.
Update Doxygen tags for the next tests:
test_access_kobject_without_init_access
test_thread_without_kobject_permission
test_bad_syscall
test_syscall_invalid_kobject
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Certain types of system call validation may need to be pushed
deeper in the implementation and not performed in the verification
function. If such checks are only pertinent when the caller was
from user mode, we need an API to detect this situation.
This is implemented by having thread->syscall_frame be non-NULL
only while a user system call is in progress. The template for the
system call marshalling functions is changed to clear this value
on exit.
A test is added to prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
... because it is (required).
This makes a difference when building with CMake and forgetting
ZEPHYR_BASE or not registering Zephyr in the CMake package registry.
In this particular case, REQUIRED turns this harmless looking log
statement:
-- Could NOT find Zephyr (missing: Zephyr_DIR)
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
-- Check for working C compiler: /usr/bin/cc
-- ...
-- ...
-- ...
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Error at CMakeLists.txt:8 (target_sources):
Cannot specify sources for target "app" which is not built by
this project.
... into this louder, clearer, faster and (last but not least) final
error:
CMake Error at CMakeLists.txt:5 (find_package):
Could not find a package configuration file provided by "Zephyr" with
any of the following names:
ZephyrConfig.cmake
zephyr-config.cmake
Add the installation prefix of "Zephyr" to CMAKE_PREFIX_PATH or set
"Zephyr_DIR" to a directory containing one of the above files. If
"Zephyr" provides a separate development package or SDK, be sure it
has been installed.
-- Configuring incomplete, errors occurred!
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Increase the main thread stack size for this test
to 2048; this increase prevents stacking errors in
the main thread, in several Cortex-M platforms.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
On nucleo_f429zi and nucleo_f207zg boards,
0xFFFFFFF0 is not a faulty address.
Instead we can use 0x0FFFFFFFF.
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Tests should always start with test_, otherwise detection of subtests
will not work through sanitycheck.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This suite was fairly messy and very unstable on how it re-used
kernel objects.
* Unnecessary ztest_test_pass() or self-aborts removed
* k_thread_join() now used to wait for child thread completion,
instead of a strange use of a semaphore which was effectively
a 10ms sleep
* Barriers simplified
* the number of thread objects in kobject.c is now drastically reduced
* test case function names are now descriptive and made static if
only used in local scope in kobject.c
* SMP no longer disabled
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a k_timeout_t type, and use it everywhere that kernel API
functions were accepting a millisecond timeout argument. Instead of
forcing milliseconds everywhere (which are often not integrally
representable as system ticks), do the conversion to ticks at the
point where the timeout is created. This avoids an extra unit
conversion in some application code, and allows us to express the
timeout in units other than milliseconds to achieve greater precision.
The existing K_MSEC() et. al. macros now return initializers for a
k_timeout_t.
The K_NO_WAIT and K_FOREVER constants have now become k_timeout_t
values, which means they cannot be operated on as integers.
Applications which have their own APIs that need to inspect these
vs. user-provided timeouts can now use a K_TIMEOUT_EQ() predicate to
test for equality.
Timer drivers, which receive an integer tick count in ther
z_clock_set_timeout() functions, now use the integer-valued
K_TICKS_FOREVER constant instead of K_FOREVER.
For the initial release, to preserve source compatibility, a
CONFIG_LEGACY_TIMEOUT_API kconfig is provided. When true, the
k_timeout_t will remain a compatible 32 bit value that will work with
any legacy Zephyr application.
Some subsystems present timeout (or timeout-like) values to their own
users as APIs that would re-use the kernel's own constants and
conventions. These will require some minor design work to adapt to
the new scheme (in most cases just using k_timeout_t directly in their
own API), and they have not been changed in this patch, instead
selecting CONFIG_LEGACY_TIMEOUT_API via kconfig. These subsystems
include: CAN Bus, the Microbit display driver, I2S, LoRa modem
drivers, the UART Async API, Video hardware drivers, the console
subsystem, and the network buffer abstraction.
k_sleep() now takes a k_timeout_t argument, with a k_msleep() variant
provided that works identically to the original API.
Most of the changes here are just type/configuration management and
documentation, but there are logic changes in mempool, where a loop
that used a timeout numerically has been reworked using a new
z_timeout_end_calc() predicate. Also in queue.c, a (when POLL was
enabled) a similar loop was needlessly used to try to retry the
k_poll() call after a spurious failure. But k_poll() does not fail
spuriously, so the loop was removed.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Kernel timeouts have always been a 32 bit integer despite the
existence of generation macros, and existing code has been
inconsistent about using them. Upcoming commits are going to make the
timeout arguments opaque, so fix things up to be rigorously correct.
Changes include:
+ Adding a K_TIMEOUT_EQ() macro for code that needs to compare timeout
values for equality (e.g. with K_FOREVER or K_NO_WAIT).
+ Adding a k_msleep() synonym for k_sleep() which can continue to take
integral arguments as k_sleep() moves away to timeout arguments.
+ Pervasively using the K_MSEC(), K_SECONDS(), et. al. macros to
generate timeout arguments.
+ Removing the usage of K_NO_WAIT as the final argument to
K_THREAD_DEFINE(). This is just a count of milliseconds and we need
to use a zero.
This patch include no logic changes and should not affect generated
code at all.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Private type, internal to the kernel, not directly associated
with any k_object_* APIs. Is the return value of z_object_find().
Rename to struct z_object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
I've been seeing these cause errors on the more recent versions of
Doxygen which come with Arch Linux for a while now. Fix these:
error: Illegal format for option TCL_SUBST, no equal sign ('=') specified for item 'YES'
$ZEPHYR_BASE/tests/kernel/mem_protect/futex/src/main.c:461: warning: end of file with unbalanced grouping commands
Just trying to get them out of my local output and as preparation for
whenever they start showing up for Ubuntu.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
* arc supports mpu gap filling now.
* these tests can be used for any arch which supports mpu gap
filling.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Extend the bad syscall-ID test case to cover
erroneously supplied larged unsiged syscall-ID
values.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Hammer all CPUs with multiple threads all making system calls
that do memory allocations and buffer validation, in the hopes
that it will help smoke out concurrency issues.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This works around an issue with this emulator's configuration where
there is no memory address that can be poked to generate a fault,
it is simulating memory for the entire address space.
Fixes: #22561
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The existing stack_analyze APIs had some problems:
1. Not properly namespaced
2. Accepted the stack object as a parameter, yet the stack object
does not contain the necessary information to get the associated
buffer region, the thread object is needed for this
3. Caused a crash on certain platforms that do not allow inspection
of unused stack space for the currently running thread
4. No user mode access
5. Separately passed in thread name
We deprecate these functions and add a new API
k_thread_stack_space_get() which addresses all of these issues.
A helper API log_stack_usage() also added which resembles
STACK_ANALYZE() in functionality.
Fixes: #17852
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The "alternate thread" test would spawn a thread and then exit the
test, but on SMP that other thread runs asynchronously and it was
possible for the main thread to exit the test entirely before the test
thread had a chance to run (and overflow its stack), leading to
spurious test case failures.
Obviously we can't exactly synchronize to an async crash, so put a
short delay in after spawning the thread.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Interrupts should not be locked when servicing a system call,
and the kernel should not think we are in an interrupt handler
either.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Exceptions on x86_64 are incorrectly implemented, and if
a preemptible thread faults, and in its overridden
k_sys_fatal_error_handler() does something which invokes
a scheduling point (such as here where we give semaphores),
the thread will be swapped out on the per-CPU exception stack
and probably explode when it is switched back in.
For now, change the faulting thread priority to co-op so this
doesn't happen.
Workaround for #21462
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Most of the scenarios in this test case spawn child threads
and expect them to complete before execution proceeds.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Nearly all of these cases create a child thread that needs
to complete before the main test proceeds further. If the
child thread runs simultaneously on another CPU, this gets
messed up.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test spawns a child thread and expects it to complete.
Use one CPU for it. Get rid of the useless k_thread_abort()
call and add a k_yield() to ensure the child does its
thing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Assignments have no effect on promptless symbols. Flagged by
https://github.com/zephyrproject-rtos/zephyr/pull/20742.
This symbol should already be getting enabled if CONFIG_USERSPACE is
enabled, because CONFIG_ERRNO is default y and has
select THREAD_USERSPACE_LOCAL_DATA if USERSPACE
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Before introducing the code for ARM64 (AArch64) we need to relocate the
current ARM code to a new AArch32 sub-directory. For now we can assume
that no code is shared between ARM and ARM64.
There are no functional changes. The code is moved to the new location
and the file paths are fixed to reflect this change.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
tc_number is passed to a child thread as a parameter, which is
void *. We want to treat it as an integer, but a direct cast
to int causes a warning on 64-bit platforms; cast to uintptr_t
first to suppress it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In addition to not assuming all pointers fit in a u32_t,
logic is added to find the privilege mode stack on x86_64
and several error messages now contain more information.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test has a problem, specifically in the scenario for
test_mem_domain_remove_partitions. A low priority thread (10)
is created which is expected to produce an exception. Then
the following happens:
- The thread indeed crashes and ends up in the custom fatal
error handler, on the stack used for exceptions
- The call to ztest_test_pass() is made
- ztest_test_pass() gives the test_end_signal semaphore
- We then context switch to the ztest main thread which is
higher priority, leaving the thread that crashed context
switched out *on the exception stack*
- More tests are run, and some of them also produce exceptions
- Eventually we do a sleep and the original crashed thread is
swapped in again
- Since several other exceptions have taken place on the
exception stack since then, resuming context results in
an unexpected error, causing the test to fail
Only seems to affect arches that have a dedicated stack for
exceptions, like x86_64. For now, increase the priority of
the child thread so it's cleaned up immediately. Longer-term,
this all needs to be re-thought in the test case to make this
less fragile.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
