patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 7 Packages Projects Releases Wiki Activity
zephyr/scripts/gen_kobject_list.py

307 lines
8.7 KiB
Python
Raw Normal View History

kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
#!/usr/bin/env python3
#
# Copyright (c) 2017 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
import sys
import argparse
kernel: threads: assign index no. to dynamically created threads Kernel threads created at build time have unique indexes to map them into various bitarrays. This patch extends these indexes to dynamically created threads where the associated kernel objects are allocated at runtime. Fixes: #9081 Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2018-08-08 20:23:16 +02:00
import math
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
import os
import struct
scripts: generalize kobject -> enum naming This was done inconsistently in a few place, centralize it. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-23 19:57:39 +02:00
from elf_helper import ElfHelper, kobject_to_enum
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
# Keys in this dictionary are structs which should be recognized as kernel
# objects. Values should either be None, or the name of a Kconfig that
# indicates the presence of this object's definition in case it is not
# available in all configurations.
kobjects = {
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
"k_alert": None,
"k_msgq": None,
"k_mutex": None,
"k_pipe": None,
"k_queue": None,
"k_poll_signal": None,
"k_sem": None,
"k_stack": None,
"k_thread": None,
"k_timer": None,
"_k_thread_stack_element": None,
"net_context": "CONFIG_NETWORKING",
"device": None
}
gen_kobject_list.py: device driver support Device drivers need to be treated like other kernel objects, with thread-level permissions and validation of struct device pointers passed in from userspace when making API calls. However it's not sufficient to identify an object as a driver, we need to know what subsystem it belongs to (if any) so that userspace cannot, for example, make Ethernet driver API calls using a UART driver object. Upon encountering a variable representing a device struct, we look at the value of its driver_api member. If that corresponds to an instance of a driver API struct belonging to a known subsystem, the proper K_OBJ_DRIVER_* enumeration type will be associated with this device in the generated gperf table. If there is no API struct or it doesn't correspond to a known subsystem, the device is omitted from the table; it's presumably used internally by the kernel or is a singleton with specific APIs for it that do not take a struct device parameter. The list of kobjects and subsystems in the script is simplified since the enumeration type name is strongly derived from the name of the data structure. A device object is marked as initialized after its init function has been run at boot. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-27 21:59:28 +02:00
subsystems = [
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
"adc_driver_api",
"aio_cmp_driver_api",
"counter_driver_api",
"crypto_driver_api",
dma: add system calls for dma_start/dma_stop As per current policy of requiring supervisor mode to register callbacks, dma_config() is omitted. A note added about checking the channel ID for start/stop, current implementations already do this but best make it explicitly documented. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-02-09 22:58:37 +01:00
"dma_driver_api",
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
"flash_driver_api",
"gpio_driver_api",
"i2c_driver_api",
"i2s_driver_api",
"ipm_driver_api",
drivers: led: Add system call handler support Add system call handler support to LED subsystem. No buffers are involved in any of the API's and hence the syscall support is straightforward. Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
2018-05-03 20:16:58 +02:00
"led_driver_api",
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
"pinmux_driver_api",
"pwm_driver_api",
"entropy_driver_api",
"rtc_driver_api",
"sensor_driver_api",
"spi_driver_api",
"uart_driver_api",
]
gen_kobject_list.py: device driver support Device drivers need to be treated like other kernel objects, with thread-level permissions and validation of struct device pointers passed in from userspace when making API calls. However it's not sufficient to identify an object as a driver, we need to know what subsystem it belongs to (if any) so that userspace cannot, for example, make Ethernet driver API calls using a UART driver object. Upon encountering a variable representing a device struct, we look at the value of its driver_api member. If that corresponds to an instance of a driver API struct belonging to a known subsystem, the proper K_OBJ_DRIVER_* enumeration type will be associated with this device in the generated gperf table. If there is no API struct or it doesn't correspond to a known subsystem, the device is omitted from the table; it's presumably used internally by the kernel or is a singleton with specific APIs for it that do not take a struct device parameter. The list of kobjects and subsystems in the script is simplified since the enumeration type name is strongly derived from the name of the data structure. A device object is marked as initialized after its init function has been run at boot. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-09-27 21:59:28 +02:00
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
header = """%compare-lengths
%define lookup-function-name _k_object_lookup
%language=ANSI-C
kernel: add K_INHERIT_PERMS flag By default, threads are created only having access to their own thread object and nothing else. This new flag to k_thread_create() gives the thread access to all objects that the parent had at the time it was created, with the exception of the parent thread itself. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-10-05 20:11:02 +02:00
%global-table
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
%struct-type
%{
#include <kernel.h>
userspace: add support for dynamic kernel objects A red-black tree is maintained containing the metadata for all dynamically created kernel objects, which are allocated out of the system heap. Currently, k_object_alloc() and k_object_free() are supervisor-only. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-11-09 01:38:03 +01:00
#include <toolchain.h>
kernel: add K_INHERIT_PERMS flag By default, threads are created only having access to their own thread object and nothing else. This new flag to k_thread_create() gives the thread access to all objects that the parent had at the time it was created, with the exception of the parent thread itself. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-10-05 20:11:02 +02:00
#include <syscall_handler.h>
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
#include <string.h>
%}
struct _k_object;
%%
"""
scripts: Covert scripts to use elf_helper.py This patch converts over the current ELF processing scripts to use the new elf helper python library. Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-01-22 21:26:49 +01:00
# Different versions of gperf have different prototypes for the lookup
# function, best to implement the wrapper here. The pointer value itself is
# turned into a string, we told gperf to expect binary strings that are not
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
# NULL-terminated.
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
footer = """%%
userspace: add support for dynamic kernel objects A red-black tree is maintained containing the metadata for all dynamically created kernel objects, which are allocated out of the system heap. Currently, k_object_alloc() and k_object_free() are supervisor-only. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-11-09 01:38:03 +01:00
struct _k_object *_k_object_gperf_find(void *obj)
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
{
return _k_object_lookup((const char *)obj, sizeof(void *));
}
kernel: add K_INHERIT_PERMS flag By default, threads are created only having access to their own thread object and nothing else. This new flag to k_thread_create() gives the thread access to all objects that the parent had at the time it was created, with the exception of the parent thread itself. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-10-05 20:11:02 +02:00
userspace: add support for dynamic kernel objects A red-black tree is maintained containing the metadata for all dynamically created kernel objects, which are allocated out of the system heap. Currently, k_object_alloc() and k_object_free() are supervisor-only. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-11-09 01:38:03 +01:00
void _k_object_gperf_wordlist_foreach(_wordlist_cb_func_t func, void *context)
kernel: add K_INHERIT_PERMS flag By default, threads are created only having access to their own thread object and nothing else. This new flag to k_thread_create() gives the thread access to all objects that the parent had at the time it was created, with the exception of the parent thread itself. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-10-05 20:11:02 +02:00
{
int i;
for (i = MIN_HASH_VALUE; i <= MAX_HASH_VALUE; i++) {
if (wordlist[i].name) {
func(&wordlist[i], context);
}
}
}
userspace: add support for dynamic kernel objects A red-black tree is maintained containing the metadata for all dynamically created kernel objects, which are allocated out of the system heap. Currently, k_object_alloc() and k_object_free() are supervisor-only. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-11-09 01:38:03 +01:00
#ifndef CONFIG_DYNAMIC_OBJECTS
struct _k_object *_k_object_find(void *obj)
ALIAS_OF(_k_object_gperf_find);
void _k_object_wordlist_foreach(_wordlist_cb_func_t func, void *context)
ALIAS_OF(_k_object_gperf_wordlist_foreach);
#endif
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
"""
scripts: Covert scripts to use elf_helper.py This patch converts over the current ELF processing scripts to use the new elf helper python library. Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-01-22 21:26:49 +01:00
def write_gperf_table(fp, eh, objs, static_begin, static_end):
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
fp.write(header)
kernel: threads: assign index no. to dynamically created threads Kernel threads created at build time have unique indexes to map them into various bitarrays. This patch extends these indexes to dynamically created threads where the associated kernel objects are allocated at runtime. Fixes: #9081 Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2018-08-08 20:23:16 +02:00
# Setup variables for mapping thread indexes
syms = eh.get_symbols()
thread_max_bytes = syms["CONFIG_MAX_THREAD_BYTES"]
thread_idx_map = {}
for i in range(0, thread_max_bytes):
thread_idx_map[i] = 0xFF
userspace: treat thread stacks as kernel objects We need to track permission on stack memory regions like we do with other kernel objects. We want stacks to live in a memory area that is outside the scope of memory domain permission management. We need to be able track what stacks are in use, and what stacks may be used by user threads trying to call k_thread_create(). Some special handling is needed because thread stacks appear as variously-sized arrays of struct _k_thread_stack_element which is just a char. We need the entire array to be considered an object, but also properly handle arrays of stacks. Validation of stacks also requires that the bounds of the stack are not exceeded. Various approaches were considered. Storing the size in some header region of the stack itself would not allow the stack to live in 'noinit'. Having a stack object be a data structure that points to the stack buffer would confound our current APIs for declaring stacks as arrays or struct members. In the end, the struct _k_object was extended to store this size. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-10-15 23:17:48 +02:00
for obj_addr, ko in objs.items():
obj_type = ko.type_name
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
# pre-initialized objects fall within this memory range, they are
# either completely initialized at build time, or done automatically
# at boot during some PRE_KERNEL_* phase
initialized = obj_addr >= static_begin and obj_addr < static_end
scripts: Covert scripts to use elf_helper.py This patch converts over the current ELF processing scripts to use the new elf helper python library. Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-01-22 21:26:49 +01:00
byte_str = struct.pack("<I" if eh.little_endian else ">I", obj_addr)
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
fp.write("\"")
for byte in byte_str:
val = "\\x%02x" % byte
fp.write(val)
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
fp.write(
"\",{},%s,%s,%d\n" %
(obj_type,
"K_OBJ_FLAG_INITIALIZED" if initialized else "0",
ko.data))
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
kernel: threads: assign index no. to dynamically created threads Kernel threads created at build time have unique indexes to map them into various bitarrays. This patch extends these indexes to dynamically created threads where the associated kernel objects are allocated at runtime. Fixes: #9081 Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2018-08-08 20:23:16 +02:00
if obj_type == "K_OBJ_THREAD":
idx = math.floor(ko.data / 8)
bit = ko.data % 8
thread_idx_map[idx] = thread_idx_map[idx] & ~(2**bit)
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
fp.write(footer)
kernel: threads: assign index no. to dynamically created threads Kernel threads created at build time have unique indexes to map them into various bitarrays. This patch extends these indexes to dynamically created threads where the associated kernel objects are allocated at runtime. Fixes: #9081 Signed-off-by: Daniel Leung <daniel.leung@intel.com>
2018-08-08 20:23:16 +02:00
# Generate the array of already mapped thread indexes
fp.write('\n')
fp.write('u8_t _thread_idx_map[%d] = {' % (thread_max_bytes))
for i in range(0, thread_max_bytes):
fp.write(' 0x%x, ' % (thread_idx_map[i]))
fp.write('};\n')
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
driver_macro_tpl = """
syscalls: remove policy from handler checks The various macros to do checks in system call handlers all implictly would generate a kernel oops if a check failed. This is undesirable for a few reasons: * System call handlers that acquire resources in the handler have no good recourse for cleanup if a check fails. * In some cases we may want to propagate a return value back to the caller instead of just killing the calling thread, even though the base API doesn't do these checks. These macros now all return a value, if nonzero is returned the check failed. K_OOPS() now wraps these calls to generate a kernel oops. At the moment, the policy for all APIs has not changed. They still all oops upon a failed check/ The macros now use the Z_ notation for private APIs. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-05 00:57:57 +02:00
#define Z_SYSCALL_DRIVER_%(driver_upper)s(ptr, op) Z_SYSCALL_DRIVER_GEN(ptr, op, %(driver_lower)s, %(driver_upper)s)
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
"""
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
def write_validation_output(fp):
fp.write("#ifndef __DRIVER_VALIDATION_GEN_H__\n")
fp.write("#define __DRIVER_VALIDATION_GEN_H__\n")
syscalls: remove policy from handler checks The various macros to do checks in system call handlers all implictly would generate a kernel oops if a check failed. This is undesirable for a few reasons: * System call handlers that acquire resources in the handler have no good recourse for cleanup if a check fails. * In some cases we may want to propagate a return value back to the caller instead of just killing the calling thread, even though the base API doesn't do these checks. These macros now all return a value, if nonzero is returned the check failed. K_OOPS() now wraps these calls to generate a kernel oops. At the moment, the policy for all APIs has not changed. They still all oops upon a failed check/ The macros now use the Z_ notation for private APIs. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-05 00:57:57 +02:00
fp.write("""#define Z_SYSCALL_DRIVER_GEN(ptr, op, driver_lower_case, driver_upper_case) \\
(Z_SYSCALL_OBJ(ptr, K_OBJ_DRIVER_##driver_upper_case) || \\
Z_SYSCALL_DRIVER_OP(ptr, driver_lower_case##_driver_api, op))
""")
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
for subsystem in subsystems:
subsystem = subsystem.replace("_driver_api", "")
fp.write(driver_macro_tpl % {
"driver_lower": subsystem.lower(),
"driver_upper": subsystem.upper(),
})
fp.write("#endif /* __DRIVER_VALIDATION_GEN_H__ */\n")
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
def write_kobj_types_output(fp):
fp.write("/* Core kernel objects */\n")
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
for kobj, dep in kobjects.items():
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
if kobj == "device":
continue
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#ifdef %s\n" % dep)
scripts: generalize kobject -> enum naming This was done inconsistently in a few place, centralize it. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-23 19:57:39 +02:00
fp.write("%s,\n" % kobject_to_enum(kobj))
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#endif\n")
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
fp.write("/* Driver subsystems */\n")
for subsystem in subsystems:
subsystem = subsystem.replace("_driver_api", "").upper()
fp.write("K_OBJ_DRIVER_%s,\n" % subsystem)
def write_kobj_otype_output(fp):
fp.write("/* Core kernel objects */\n")
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
for kobj, dep in kobjects.items():
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
if kobj == "device":
continue
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#ifdef %s\n" % dep)
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
fp.write('case %s: ret = "%s"; break;\n' %
(kobject_to_enum(kobj), kobj))
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#endif\n")
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
fp.write("/* Driver subsystems */\n")
for subsystem in subsystems:
subsystem = subsystem.replace("_driver_api", "")
kernel: userspace: Sanitize switch usage MISRA-C requires that every switch clause has a break instruction. Changing gen_kobject_list script to generates compliance code. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2018-09-11 22:14:21 +02:00
fp.write('case K_OBJ_DRIVER_%s: ret = "%s driver"; break;\n' % (
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
subsystem.upper(),
subsystem
))
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
userspace: generate list of kernel object sizes This used to be done by hand but can easily be generated like we do other switch statements based on object type. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-16 19:11:17 +02:00
def write_kobj_size_output(fp):
fp.write("/* Non device/stack objects */\n")
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
for kobj, dep in kobjects.items():
userspace: generate list of kernel object sizes This used to be done by hand but can easily be generated like we do other switch statements based on object type. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-16 19:11:17 +02:00
# device handled by default case. Stacks are not currently handled,
# if they eventually are it will be a special case.
if kobj == "device" or kobj == "_k_thread_stack_element":
continue
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#ifdef %s\n" % dep)
kernel: userspace: Sanitize switch usage MISRA-C requires that every switch clause has a break instruction. Changing gen_kobject_list script to generates compliance code. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2018-09-11 22:14:21 +02:00
fp.write('case %s: ret = sizeof(struct %s); break;\n' %
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
(kobject_to_enum(kobj), kobj))
userspace: add net_context as a kernel object Socket APIs pass pointers to these disguised as file descriptors. This lets us effectively validate them. Kernel objects now can have Kconfig dependencies specified, in case certain structs are not available in all configurations. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-06-27 19:25:45 +02:00
if dep:
fp.write("#endif\n")
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
def parse_args():
global args
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
parser = argparse.ArgumentParser(
description=__doc__,
formatter_class=argparse.RawDescriptionHelpFormatter)
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
parser.add_argument("-k", "--kernel", required=False,
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
help="Input zephyr ELF binary")
parser.add_argument(
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
"-g", "--gperf-output", required=False,
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
help="Output list of kernel object addresses for gperf use")
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
parser.add_argument(
"-V", "--validation-output", required=False,
help="Output driver validation macros")
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
parser.add_argument(
"-K", "--kobj-types-output", required=False,
help="Output k_object enum values")
parser.add_argument(
"-S", "--kobj-otype-output", required=False,
help="Output case statements for otype_to_str()")
userspace: generate list of kernel object sizes This used to be done by hand but can easily be generated like we do other switch statements based on object type. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-16 19:11:17 +02:00
parser.add_argument(
"-Z", "--kobj-size-output", required=False,
help="Output case statements for obj_size_get()")
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
parser.add_argument("-v", "--verbose", action="store_true",
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
help="Print extra debugging information")
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
args = parser.parse_args()
cmake: Fix "make VERBOSE=1" It is desired behaviour that when 'make VERBOSE=1' is invoked, the underlying scripts will be invoked in 'verbose mode', e.g. they have the flag --verbose passed to them. This patch modifies all the underlying scripts in the build system to inject --verbose into the command line when the environment variable VERBOSE is set. The environment variable VERBOSE is a CMake concept. CMake will generate Makefile's that read this environment variable and try to behave accordingly. Unfortunately, the generated ninja build systems behave differently and will have to be invoked like this: VERBOSE=1 ninja -v This fixes #4851 Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2017-12-28 17:34:50 +01:00
if "VERBOSE" in os.environ:
args.verbose = 1
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
def main():
parse_args()
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
if args.gperf_output:
eh = ElfHelper(args.kernel, args.verbose, kobjects, subsystems)
syms = eh.get_symbols()
max_threads = syms["CONFIG_MAX_THREAD_BYTES"] * 8
objs = eh.find_kobjects(syms)
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
thread_counter = eh.get_thread_counter()
if thread_counter > max_threads:
drivers: Perform a runtime check if a driver is capable of an operation Driver APIs might not implement all operations, making it possible for a user thread to get the kernel to execute a function at 0x00000000. Perform runtime checks in all the driver handlers, checking if they're capable of performing the requested operation. Fixes #6907. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-04 22:50:32 +02:00
sys.stderr.write("Too many thread objects (%d)\n" % thread_counter)
sys.stderr.write("Increase CONFIG_MAX_THREAD_BYTES to %d\n",
-(-thread_counter // 8))
sys.exit(1)
with open(args.gperf_output, "w") as fp:
write_gperf_table(fp, eh, objs,
syms["_static_kernel_objects_begin"],
syms["_static_kernel_objects_end"])
if args.validation_output:
with open(args.validation_output, "w") as fp:
write_validation_output(fp)
scripts: python: cleanup script and fix PEP8 issues Ran scripts through flake8 and fixed issues. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-12 14:19:25 +01:00
scripts: gen_kobject_list: Generate enums and case statements Adding a new kernel object type or driver subsystem requires changes in various different places. This patch makes it easier to create those devices by generating as much as possible in compile time. No behavior change. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2018-04-05 22:59:33 +02:00
if args.kobj_types_output:
with open(args.kobj_types_output, "w") as fp:
write_kobj_types_output(fp)
if args.kobj_otype_output:
with open(args.kobj_otype_output, "w") as fp:
write_kobj_otype_output(fp)
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
userspace: generate list of kernel object sizes This used to be done by hand but can easily be generated like we do other switch statements based on object type. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2018-05-16 19:11:17 +02:00
if args.kobj_size_output:
with open(args.kobj_size_output, "w") as fp:
write_kobj_size_output(fp)
scripts: gen_kobject_list.py: run through flake8 Follow pep8 style based on flake8 script. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-09-16 21:54:44 +02:00
kernel: introduce object validation mechanism All system calls made from userspace which involve pointers to kernel objects (including device drivers) will need to have those pointers validated; userspace should never be able to crash the kernel by passing it garbage. The actual validation with _k_object_validate() will be in the system call receiver code, which doesn't exist yet. - CONFIG_USERSPACE introduced. We are somewhat far away from having an end-to-end implementation, but at least need a Kconfig symbol to guard the incoming code with. Formal documentation doesn't exist yet either, but will appear later down the road once the implementation is mostly finalized. - In the memory region for RAM, the data section has been moved last, past bss and noinit. This ensures that inserting generated tables with addresses of kernel objects does not change the addresses of those objects (which would make the table invalid) - The DWARF debug information in the generated ELF binary is parsed to fetch the locations of all kernel objects and pass this to gperf to create a perfect hash table of their memory addresses. - The generated gperf code doesn't know that we are exclusively working with memory addresses and uses memory inefficently. A post-processing script process_gperf.py adjusts the generated code before it is compiled to work with pointer values directly and not strings containing them. - _k_object_init() calls inserted into the init functions for the set of kernel object types we are going to support so far Issue: ZEP-2187 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-08-22 22:15:23 +02:00
if __name__ == "__main__":
main()
Reference in a new issue Copy permalink