This is a mostly-internal API to start a secondary system CPU, with an
implementation for the ESP-32 "APP" cpu. Exposed in kernel.h because
it's plausibly useful for asymmetric MP code managed by an app.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The xtensa arch code had this empty offsets.h header sitting around.
Its name collides with the autogenerated offsets.h, making it
dangerously dependent on include file path order. Seems to be benign,
but it's freaking me out. Remove.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing __swap() mechanism is too high level for some
applications because of its scheduler-awareness. This introduces a
new _arch_switch() mechanism, which is a simpler primitive that looks
like:
void _arch_switch(void *handle, void **old_handle_out);
The new thread handle (typically just a stack pointer) is specified
explicitly instead of being picked up from the scheduler by
per-architecture code, and on return the "old" thread handle that got
switched out is returned through the pointer.
The new primitive (currently available only on xtensa) is selected
when CONFIG_USE_SWITCH is "y". A new C _Swap() implementation based
on this primitive is then added which operates compatibly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The new thread stack layout is as follow:
|---------------------|
| user stack |
|---------------------|
| stack guard (opt.) |
|---------------------|
| privilege stack |
-----------------------
For MPUv2
* user stack is aligned to the power of 2 of user stack size
* the stack guard is 2048 bytes
* the default size of privileg stack is 256 bytes.
For user thread, the following MPU regions are needded
* one region for user stack, no need of stack guard for user stack
* one region for stack guard when stack guard is enbaled
* regions for memory domain.
For kernel thread, the stack guard region will be at the top, adn
The user stack and privilege stack will be merged.
MPUv3 is the same as V2's layout, except no need of power of 2
alignment.
* reimplement the user mode enter function. Now it's possible for
kernel thread to drop privileg to user thread.
* add a separate entry for user thread
* bug fixes in the cleanup of regs when go to user mode
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The application memory area has a requirement of address alignment,
especially when MPU requires power of 2.
Modify the linker tmemplate to apply application memory address
alignment generation
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Enable us bit to check user mode more efficienly.
US is read as zero in user mode. This will allow use mode sleep
instructions, and it enables a form of denial-of-service attack
by putting the processor in sleep mode, but since interrupt
level/mask can't be set from user space that's not worse than
executing a loop without yielding.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add the implementation of syscall
* based on 'trap_s' intruction, id = 3
* add the privilege stack
* the privilege stack is allocted with thread stack
* for the kernel thread, the privilege stack is also a
part of thread stack, the start of stack can be configured
as stack guard
* for the user thread, no stack guard, when the user stack is
overflow, it will fall into kernel memory area which requires
kernel privilege, privilege violation will be raised
* modify the linker template and add MPU_ADDR_ALIGN
* add user space corresponding codes in mpu
* the user sp aux reg will be part of thread context
* When user thread is interruptted for the 1st time, the context is
saved in user stack (U bit of IRQ_CTLR is set to 1). When nest
interrupt comes, the context is saved in thread's privilege stack
* the arc_mpu_regions.c is moved to board folder, as it's board
specific
* the above codes have been tested through tests/kernel/mem_protect/
userspace for MPU version 2
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Explicitly show representation peculiarities of the negative values.
Additionally mention that fractional part is in one-millionth parts.
Fixes: #5692
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This patch adjusts the default permissions on the bus master 3 (NET).
Recent changes restricted this to supervisor only, and this caused
issues with the network controllers access to memory.
Restrictions on access should really be enforced on the ARM core bus
master.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
When an __ASSERT() fails compiled for ARCH_POSIX,
instead of spinning forever (probably until sanitycheck times out)
it now terminates immediately and returns 1 to the shell
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Prior to this commit, `flash_area_layout()` was being passed a pointer
to the incorrect type (`uint32_t *` where `int *` was expected). This
caused the following warning to be reported:
```
[...]/subsys/storage/flash_map/flash_map.c: In
function 'flash_area_get_sectors':
[...]/subsys/storage/flash_map/flash_map.c:191:32:
warning: passing argument 2 of 'flash_area_layout' from incompatible
pointer type [-Wincompatible-pointer-types]
return flash_area_layout(idx, cnt, ret, get_sectors_cb, &data);
^~~
[...]/subsys/storage/flash_map/flash_map.c:136:12:
note: expected 'int *' but argument is of type 'uint32_t * {aka long
unsigned int *}'
static int flash_area_layout(int idx, int *cnt, void *ret,
^~~~~~~~~~~~~~~~~
```
This commit changes the argument type to `u32_t` for both functions.
Signed-off-by: Christopher Collins <ccollins@apache.org>
Static variables that don't strictly need to be initialized at
boottime should be declared with __noinit. This makes a considerable
difference especially for large buffers.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
As discovered in https://github.com/zephyrproject-rtos/zephyr/issues/5952
...a duplicate call to k_delayed_work_submit_to_queue() on a work item
whose timeout had expired but which had not yet executed (i.e. it was
pending in the queue for the active work queue thread) would fail,
because the cancellation step wouldn't clear the PENDING bit, causing
the resubmission to see the object in an invalid state. Trivially
fixed by adding a bit clear.
It also turns out that the behavior of the code doesn't match the
docs, which state that a PENDING work item is not supposed to be
cancelled at all. Fix the docs to remove that.
And on yet further review, it turns out that there's no way to make a
test like the one in the linked bug threadsafe. The work queue does
no synchronization by design, so if the user code does no external
synchronization it might very well clobber the running handler. Added
a sentence to the docs to reflect this gotcha.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds a configure_mpu_user_context API and implements
the required function placeholders in the NXP and ARM MPU files.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The STM32 has special Core Coupled Memory, ccm for short, that can
only be accessed through the CPU and can not be use for DMA.
The following 3 sections have been added.
- ccm_bss for zero initialized data
- ccm_data for initialized data
- ccm_noinit for uninitialized data
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
When we added system call support to dma_start/dma_stop we forgot to
include <syscalls/dma.h> to get the full proper magic implemented.
Adding the header in fixes builds when system call support is not
enabled and using dma support.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Difference being that the data is not, then, allocated from the pool.
Only the net_buf is.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Convert the mesh code to use the new net_buf_siple APIs. This has the
benefit of saving 4 bytes off the stack due to the not needed pointer.
Also update the publication context helpers to map to the new
net_buf_simple API in an intuitive way.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Application should normally declare a bt_uuid with proper type and then
use bt_uuid_cmp.
Fixes#5162
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
As per current policy of requiring supervisor mode to register
callbacks, dma_config() is omitted.
A note added about checking the channel ID for start/stop, current
implementations already do this but best make it explicitly
documented.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This feature is X86 only and is not used or being tested. It is legacy
feature and no one can prove it actually works. Remove it until we have
proper documentation and samples and multi architecture support.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Make it safe to call net_buf_simple_init() even if the buffer was
created using the new macros. This is possible to detect since with
the new macros buf->__buf will be non-NULL and with the old
NET_BUF_SIMPLE() macro it will be NULL.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Added guards to the toolchain/gcc.h and toolchain/common.h
Those files should never be included directly, but a guard is useful
regardless.
Fixes#5130
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Introduce two new "standard" data allocators to net_buf. There are now
three in total:
NET_BUF_POOL_FIXED_DEFINE: This is the closes to the old
implementation, i.e. fixed size chunks. It's also what the old
NET_BUF_POOL_DEFINE macro maps to.
NET_BUF_POOL_HEAP_DEFINE: uses the OS heap
NET_BUF_POOL_VAR_DEFINE: defines a variable sized allocator using
k_mem_pool (this is all that there was in my first draft of this
feature)
Currently the variable length allocators (HEAP & VAR) support
reference counted data payloads, i.e. cheap cloning. The FIXED
allocator does not currentlty support this to allow for the simplest
possible implementation, but the support can be added later if
desired.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Redesign of the net_buf_simple and net_buf structs, where the data
payload portion is split to a separately allocated chunk of memory. In
practice this means that buf->__buf becomes a pointer from having just
been a marker (empty array) for where the payload begins right after
the meta-data.
Fixes#3283
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Added a new API to get net pkt based on dst address. Destination
address will be used to find correct net_context.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
This commit defines the Kconfig options for
ARM Cortex-M23 and Cortex-M33 CPUs. It also
udpates the generic memory map for M23 and M33
implementations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The existing version of crc16_ccitt() is actually CRC-16/AUG-CCITT and
gives different results to Linux, Contiki, and the CRC unit in the
SAM0 SOC. This version matches Linux.
Note that this is an incompatible API change.
Signed-off-by: Michael Hope <mlhx@google.com>
It is faster to operate directly on flash_area pointer instead
of fetch it all the time using the fcb flash area id.
Also as f_area_id was needed only for get appropriate flash_area
pointer, so it is better to pass it only while initialization
the fcb and not store it in fcb instance data at all.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Previously flash_area structure was the parameter for the callback
function for transferring sector location info.
Now flash_sector is used so relevant flash_area is missing for
the callback.
This patch introduces structure fcb_entry_ctx which incorporates
entries' location and relevant flash area. It is used to pass complete
information to the callback. Additional pointer to the flash_area fcb
speeds up operations.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Prior to this commit: `struct fcb` contained a pointer to an array of
`struct flash_area`. Each entry in the array represented a flash sector
that the fcb comprised.
After commit: `struct fcb` contains a pointer to an array of `struct
flash_sector`, not `struct flash_area`.
Rationale: The FCB needs to know which sectors it occupies for its
rotate operation. However, the `flash_area` type is meant to represent
a collection of sectors, not a single sector. `struct flash_area`
contains information that the fcb does not need (e.g., area ID and
device ID). Furthermore, the flash_map API provides a means of
converting a flash area ID to an array of sectors
(`flash_area_get_sectors()`), but no way to convert to an array of
areas.
Signed-off-by: Christopher Collins <ccollins@apache.org>
This patch adds the generation and incorporation of privileged stack
regions that are used by ARM user mode threads. This patch adds the
infrastructure for privileged stacks. Later patches will utilize the
generated stacks and helper functions.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds application data section alignment constraints
to match the region definition requirements for ARM MPUs. Most MPUs
require a minimum of 32 bytes of alignment for any regions, but some
require power of two alignment to the size of a region.
This requires that the linker align the application data section to
the size of the section. This requires a linker pass to determine the
size. Once this is accomplished the correct value is added to a linker
include file that is utilized in subsequent linker operations.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
CCS811 digital gas sensor supports the following channels:
1. Co2 Channel
2. VOC Channel
3. Voltage Channel
4. Current Channel
Add support for the those in API.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Most of sensor channels defined by Zephyr use the main, unscaled
SI unit. We also have SENSOR_CHAN_ALTITUDE which is defined in
meters. So, it only makes sense to define distance in meters too
The only driver supporting SENSOR_CHAN_DISTANCE as of now is
vl53l0x.c, which was updated accordingly. Also, update doc links
in the driver based on the review comment.
Fixes: #5693
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is an accessor function for the MCUboot image header of an image
bank. The interface may seem a little cumbersome, but it is
future-proof against MCUboot feature and incompatible header version
changes.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Applications chainloaded by MCUboot may want to change their behavior
based on whether or not they are confirmed.
Here are some examples:
- performing a built-in self test (BIST) if the image is not yet
confirmed, and marking it OK if it passes (this enables reverting
to an older working image if the BIST fails, and allows future
resets to skip the BIST if it passes to improve boot time)
- interacting with persistent metadata related to image state on
other flash partitions during test upgrades (these are required in
cases when the update source provides runtime metadata, such as
monotonic counters, related to an upgrade attempt which must be
used to report results)
To enable these use cases, add boot_is_img_confirmed(), which reads
the "image OK" field for the current firmware image and returns true
if and only if it is set.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
This patch does several things, most notably it changes the semantics
of CONFIG_DEBUG. CONFIG_DEBUG continues to behave as a vaguely defined
"debug mode" that enables printf's, -Og, etc. but now the user may
choose to be in "debug mode" while using a different optimization
level than -Og.
Tp support this a new config is defined to enable -Og;
CONFIG_DEBUG_OPTIMIZATIONS.
Additionally CONFIG_SIZE_OPTIMIZATIONS is introduced to allow the user
to explicitly request optimizing for size instead of relying on
defaulting to it.
The three config's {NO,SIZE,DEBUG}_OPTIMIZATIONS are now organized in
a Kconfig choice to ensure that at most one can be enabled at a time.
Finally, selected users of CONFIG_DEBUG have been ported to use one of
the optimizations configs when it was clear from usage that the
intention was to behave differently when using a different
optimization level and not when in "debug mode".
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
