The table allows to wrap read/write (i.e. POSIX-compatible) semantics
of any I/O object in POSIX-compatible fd (file descriptor) handling.
Intended I/O objects include files, sockets, special devices, etc.
The table table itself consists of (underlying obj*, function table*)
pairs, where function table provides entries for read(), write, and
generalized ioctl(), where generalized ioctl handles all other
operations, up to and including closing of the underlying I/O object.
Fixes: #7405
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Macro is used to create contiguous bitmask between the
arguments passed to the macro.
BITS_PER_LONG is computed as the multiplication of predefined
macros `__CHAR_BIT__` and `__SIZEOF_LONG__`.
Both gcc and clang support these predefined macros.
With this change, replace the redundant defintions of
GENMASK with the new generic macro available.
Fixes#10843
Suggested-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
write() function is not supposed to change buffer passed to it, so
propagate const pointer param to all write-like functions used/defined
in this file.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit touches the C codebase and the python syscall generator.
The Z_GENLIST-macros expand to whole functions. Once expanded by the
preprocessor we notice a semicolon is put after the function body. But
ISO C99 does not allow extra ‘;’ outside of a function. Though this is
accepted by GCC with GNU extensions, it is not by Clang.
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Change APIs that essentially return a boolean expression - 0 for
false and 1 for true - to return a bool.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Several functions in dlist were returning a boolean expression,
just changing these functions to return a boolean.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The result of both printk and vprintk are not used in any place.
MISRA-C says that the return of every non void function must be
checked.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
comparing int i with size_t size generates a sign-compare warning.
This commit solves the issue by giving i the type needed.
As older c standards do not allow to declare i after stack += 4 I
inserted the variable checked_stack that gets the type we need in the
comparison.
Signed-off-by: Alexander Polleti <metapsycholo@gmail.com>
SYS_MEM_POOL_KERNEL and SYS_MEM_POOL_USER are used by k_mem_pool flags
and should be defined as a bit mask.
It was defined as zero failing in all places checking for this
bit. e.g pool_irq_lock and pool_irq_unlock were not working correctly
because the check for this flag was always returning false.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When a mempool is created with a large number of maximum-size blocks,
the logic for initializing max_inline_level (i.e. when to union the
bitmask with the pointer and when to use the pointer directly) was
wrong. The default state was "zero", which implies that level 0
should be inlined, but that's wrong with >32 base blocks.
Additionally, the type was unsigned, making the "level zero is a
pointer" situation impossible to represent.
Fixes#6727
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
__ASSERT macro will either exit the program (POSIX port) or infint
loop. In both cases printk's return is not necessary.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Bitwise operators should be used only with unsigned integer operands
because the result os bitwise operations on signed integers are
implementation-defined.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
1. Fixed error: space required after that close brace '}'
2. Fixed warnings: please, no space before tabs
3. Not fixed: do not add new typedefs
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
The read/write implementations call directly into the console drivers
using the hook mechanism, causing faults if invoked from user mode.
Add system calls for read() and write() such that we do a privilege
elevation first.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The stdout console implementations for minimal libc call directly into
the various console drivers (depending on what specifc hooks are
registered) causing faults when invoked from user mode. This happens,
for example, when using printf() which eventually ends up calling
fputc().
The proper solution is to ensure privileges have been elevated before
the _stdout_hook is called. This was already done for printk().
puts() and fputs() have now been re-defined in terms of the
fputc() and fwrite() functions, which are now system calls.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The errno "variable" is required to be thread-specific.
It gets defined to a macro which dereferences a pointer
returned by a kernel function.
In user mode, we cannot simply read/write the thread struct.
We do not have thread-local storage mechanism, so for now
use the lowest address of the thread stack to store this
value, since this is guaranteed to be read/writable by
a user thread.
The downside of this approach is potential stack corruption
if the stack pointer goes down this far but does not exceed
the location, since a fault won't be generated in this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adding new implementation of logging subsystem. New features
includes: support for multiple backends, improving performance
by deferring log processing to the known context, adding
timestamps and logs filtering options (compile time, runtime,
module level, instance level). Console backend added as the
example backend.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
The scheduler priq implementation was taking advantage of a subtle
behavior of the way the tree presents the order of its arguments (the
node being inserted is always first). But it turns out the tree got
that wrong in one spot.
As this was subtle voodoo to begin with, it should have been
documented first. Similarly add a little code to the test case to
guarantee this in the future.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Works mostly like the list enumeration macros. Implemented by fairly
clever alloca trickery and some subtle "next node" logic. More
convenient for many uses, can be early-exited, but has somewhat larger
code size than rb_walk().
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This slist variant allows flags to be stored in a node
without taking up any extra space by relying on 4-byte
pointer alignment; flags are stored in the two LSBs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The new APIs added are used behind the scenes by list_gen.h
to abstract away details on how lists and nodes work.
Name them with z_ prefix as they are not intended for use
by applications.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Singly-linked lists work in a specific way, but this will allow
slist semantics to be defined for any data structure that can store
a "next" pointer in any way at all, possibly something not even
a pointer value, but a table index.
The immediate need for this patch is to allow the easy definition
of an slist variant which stores flags in the low-order bits of the
node pointer.
The compiler does not need them, but the function prototypes have
been left in slist.h to make the header easier to understand by
the end user and not confuse Doxygen.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Returns true if the specified node is in the tree. Allows the tree to
be used for "set" style semantics along with a lessthan_fn that simply
compares the nodes by their address.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A balanced tree implementation for Zephyr as we grow into bigger
regimes where simpler data structures aren't appropriate.
This implements an intrusive balanced tree that guarantees O(log2(N))
runtime for all operations and amortized O(1) behavior for creation
and destruction of whole trees. The algorithms and naming are
conventional per existing academic and didactic implementations, c.f.:
https://en.wikipedia.org/wiki/Red%E2%80%93black_tree
The implementation is size-optimized to prioritize runtime memory
usage. The data structure is intrusive, which is to say the struct
rbnode handle is intended to be placed in a separate struct the same
way other such structures (e.g. Zephyr's dlist list) and requires no
data pointer to be stored in the node. The color bit is unioned with
a pointer (fairly common for such libraries). Most notably, there is
no "parent" pointer stored in the node, the upper structure of the
tree being generated dynamically via a stack as the tree is recursed.
So the overall memory overhead of a node is just two pointers,
identical with a doubly-linked list.
Code size above dlist is about 2-2.5k on most architectures, which is
significant by Zephyr standards but probably still worthwhile in many
situations.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch lets a C++ application use more of Zephyr by adding guards
and changeing some constructs to the C++11 equivalent.
Changes include:
- Adding guards
- Switching to static_assert
- Switching to a template for ARRAY_SIZE as g++ doesn't have the
builtin.
- Re-ordering designated initialisers to match the struct field order
as G++ only supports simple designated initialisers.
Signed-off-by: Michael Hope <mlhx@google.com>
We would like to offer the capability to have memory pool heap data
structures that are usable from user mode threads. The current
k_mem_pool implementation uses IRQ locking and system-wide membership
lists that make it incompatible with user mode constraints.
However, much of the existing memory pool code can be abstracted to some
common functions that are used by both k_mem_pool and the new
sys_mem_pool implementations.
The sys_mem_pool implementation has the following differences:
* The alloc/free APIs work directly with pointers, no internal memory
block structures are exposed to the end user. A pointer to the source
pool is provided for allocation, but freeing memory just requires the
pointer and nothing else.
* k_mem_pool uses IRQ locks and required very fine-grained locking in
order to not affect system latency. sys_mem_pools just use a semaphore
to protect the pool data structures at the API level, since there aren't
implications for system responsiveness with this kind of concurrency
control.
* sys_mem_pools do not support the notion of timeouts for requesting
memory.
* sys_mem_pools are specified at compile time with macros, just like
kernel memory pools. Alternative forms of specification at runtime
will be a later enhancement.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Avoid listing internal function in the public API documentation. After
enabling those doxygen configs, we go lots of errors and bad refs that
were fixed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This was previously just a #define in one header file, but we need
this expressed in Kconfig space in case some feature only works
properly with downward-growing stacks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The mbedtls test is hitting a compiler bug where two subtests will
soft fail on qemu_xtensa when assertions are enabled. This is despite
the fact that:
+ The failure is entirely internal to the mbedtls suite.
+ The mbedtls code does not use zephyr asserts
+ The mbedtls code does not call into zephyr code that might assert.
+ The behavior persists even when an irq_lock() is held across the
entire test, ruling out any asserts in interrupt/exception context.
+ And EVEN WHEN the mbedtls library blobs are bytewise identical
between assert and non-assert cases.
The bug seems to be a layout thing where the mbedtls code behavior
differently based on code address and/or link-time optimizations
(xtensa has a few).
Unfortunately sanitycheck enables assertions by setting CFLAGS
directly and not via kconfig, so we can't fix this by turning the
feature off in an app right now. This patch adds a simple "override"
flag that can be set by apps like this that hit bugs.
Again, note that zephyr assertions are not used nor needed by this one
test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When an __ASSERT() fails compiled for ARCH_POSIX,
instead of spinning forever (probably until sanitycheck times out)
it now terminates immediately and returns 1 to the shell
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Be consistent with the style of always having braces even if a compound
statement isn't required. Avoids some warnings from static analysis
tools.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This function wasn't working on systems that enabled the stack
sentinel as the first 4 bytes of the stack buffer contain the
sentinel value for thread stacks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
