The existing __swap() mechanism is too high level for some
applications because of its scheduler-awareness. This introduces a
new _arch_switch() mechanism, which is a simpler primitive that looks
like:
void _arch_switch(void *handle, void **old_handle_out);
The new thread handle (typically just a stack pointer) is specified
explicitly instead of being picked up from the scheduler by
per-architecture code, and on return the "old" thread handle that got
switched out is returned through the pointer.
The new primitive (currently available only on xtensa) is selected
when CONFIG_USE_SWITCH is "y". A new C _Swap() implementation based
on this primitive is then added which operates compatibly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
K_NUM_PRIORITIES and K_NUM_PRIO_BITMAPS were defined in
nano_internal.h, but used in only a handful of places. Move to
kernel_structs.h (somewhat higher up in the hierarchy) to help with
include file cycle-breaking. Arguably they are a better fit there
anyway.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
_Swap() is defined in nano_internal.h. Everything calls _Swap().
Pretty much nothing that called _Swap() included nano_internal.h,
expecting it to be picked up automatically through other headers (as
it happened, from the kernel arch-specific include file). A new
_Swap() is going to need some other symbols in the inline definition,
so I needed to break that cycle. Now nothing sees _Swap() defined
anymore. Put nano_internal.h everywhere it's needed.
Our kernel includes remain a big awful yucky mess. This makes things
more correct but no less ugly. Needs cleanup.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fix Kconfig help sections and add spacing to be consistent across all
Kconfig file. In a previous run we missed a few.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split the search into two loops: in the common scenario, where device
names are stored in ROM (and are referenced by the user with CONFIG_*
macros), only cheap pointer comparisons will be performed.
Reserve string comparisons for a fallback second pass.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Instead of composing expressions with a logical AND, break down it into
multiple assertions. Smaller assertions are easier to read. While at
it, compare pointers against the NULL value, and numbers against 0
instead of relying on implicit conversion to boolean-ish values.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Without the parenthesis, the code was asserting this expression:
start + (size > start)
Where it should be this instead:
(start + size) > start
For a quick sanity check when adding these two unsigned values together.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
As discovered in https://github.com/zephyrproject-rtos/zephyr/issues/5952
...a duplicate call to k_delayed_work_submit_to_queue() on a work item
whose timeout had expired but which had not yet executed (i.e. it was
pending in the queue for the active work queue thread) would fail,
because the cancellation step wouldn't clear the PENDING bit, causing
the resubmission to see the object in an invalid state. Trivially
fixed by adding a bit clear.
It also turns out that the behavior of the code doesn't match the
docs, which state that a PENDING work item is not supposed to be
cancelled at all. Fix the docs to remove that.
And on yet further review, it turns out that there's no way to make a
test like the one in the linked bug threadsafe. The work queue does
no synchronization by design, so if the user code does no external
synchronization it might very well clobber the running handler. Added
a sentence to the docs to reflect this gotcha.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Remove unused _k_thread_single_start() as this logic is
now moved to _impl_k_thread_start().
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
As per current policy of requiring supervisor mode to register
callbacks, dma_config() is omitted.
A note added about checking the channel ID for start/stop, current
implementations already do this but best make it explicitly
documented.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename the nano_internal.h to kernel_internal.h and modify the
header file name accordingly wherever it is used.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This change proposes to handle the case where the handle_timeouts
function is called after a number of ticks greater than the first
timeout delta of the _timeout_q list. In the current implementation if
the case occurs, after subtracting the number of ticks the
delta_ticks_from_prev field becomes negative and the first timeout is
never processed. It is therefore necessary to treat this case and to
prevent delta_ticks_from_prev from becoming negative. Moreover, the lag
produced by the initial delay must also be applied to following timeouts
by browsing the list until it was entirely consumed.
Fixes#5401
Signed-off-by: Holman Greenhand <greenhandholman@gmail.com>
When CONFIG_THREAD_MONITOR is enabled, repeated thread abort
calls on a dead thread will cause the _thread_monitor_exit to
crash.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We don't need to store the full k_mem_block, rather just the
k_mem_block_id. In effect, this saves 4 bytes of memory per allocated
memory chunk. Also take advantage of the newly introduced
k_mem_pool_free_id API here.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The k_mem_pool_free API has no use for the full k_mem_block struct. In
particular, it only needs the k_mem_block_id. Introduce a new API
which takes only this essential struct. This paves the way to
simplify & improve the k_malloc/k_free implementation a bit.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Having posix headers in the default include path causes issues with the
posix port. Move to a sub-directory to avoid any conflicts.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
when a current thread is added to a memory domain the pages/sections
must be configured immediately.
A problem occurs when we add a thread to current and then drop
down to usermode. In such a case memory domain will become active
the next time a swap occurs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add an architecure specfic code for the memory domain
configuration. This is needed to support a memory domain API
k_mem_domain_add_thread.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Currently all posix APIs are put into single files (pthread.c).
This patch creates separate files for different API areas.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The linker was always picking a weak handler over the actual one.
The linker always searches for the first definition of any function
weak or otherwise. When it finds this function it just links and
skips traversing through the full list.
In the context of userspace, we create the _handlers_ for each system
call in the respective file. And these _handlers_ would get linked to
a table defined in syscalls_dispatch.c. If for instance that this
handler is not defined then we link to a default error handler.
In the build procedure we create a library file from the kernel folder.
When creating this library file, we need to make sure that the file
syscalls_dispatch.c is the last to get linked(i.e userspace.c).
Because the table inside syscalls_dispatch.c would need all the
correct _handler_ definitions. If this is not handled then the system
call layer will not function correctly because of the linker feature.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We have removed this features when we moved to the unified kernel. Those
functions existed to support migration from the old kernel and can go
now.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Having two implementations of the same thing is bad,
especially when one can just call the other inline version.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All arguments comes from userspace has data type u32_t but
base.prio has data type of s8_t. Comparision between s8_t and u32_t
cannot be done. That's why typecast priority coming from userspace(prio)
to s8_t data type.
Signed-off-by: Punit Vara <punit.vara@intel.com>
On arches which have custom logic to do the initial swap into
the main thread, _current may be NULL. This happens when
instantiating the idle and main threads.
If this is the case, skip checks for memory domain and object
permission inheritance, in this case there is never anything to
inherit.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
For the dummy thread, contents in the mem_domain structure
is insignificant hence setting it to NULL.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Added arch specific calls to handle memory domain destroy
and removal of partition.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Additional arch specific interfaces to handle memory domain
destroy and single partition removal.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Kernel object metadata had an extra data field added recently to
store bounds for stack objects. Use this data field to assign
IDs to thread objects at build time. This has numerous advantages:
* Threads can be granted permissions on kernel objects before the
thread is initialized. Previously, it was necessary to call
k_thread_create() with a K_FOREVER delay, assign permissions, then
start the thread. Permissions are still completely cleared when
a thread exits.
* No need for runtime logic to manage thread IDs
* Build error if CONFIG_MAX_THREAD_BYTES is set too low
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Some "random" drivers are not drivers at all: they just implement the
function `sys_rand32_get()`. Move those to a random subsystem in
preparation for a reorganization.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
