When CONFIG_LOG_USE_TAGGED_ARGUMENTS is enabled, and
CONFIG_CBPRINTF_COMPLETE is also enabled, we should not be
blindly skipping tags when processing the tagged package
for output. The issue is that if there is a "%%" in
the format string, the specifier is considered invalid but
the code blindly skips ahead in the argument list as if
it is a valid specifier (think "%s"), which resulting in
the next valid specifier using incorrect argument in
the list. So fix it by skipping ahead if and only if
the specifier is not invalid.
Fixes#68271
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
In case the read index points to the end of the packet buffer and thus
wraps around, we must not invalidate the cache, otherwise we draw
outside of the lines and purge data outside of our responsibility.
Signed-off-by: Patrick Wildt <pwildt@google.com>
Export the minimal set of ztest_test_* symbols to llexts so that the
zassert_* macros can be used by the extension code to affect test
execution. Calling these also requires vprintk() to be exported.
Signed-off-by: Luca Burelli <l.burelli@arduino.cc>
When package contained RO string positions and flag indicates that
they shall not be kept, length was miscalculated which could lead
to failures (e.g. memory corruption).
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Move various utilities out of lib into own folder for better assignement
and management in the maintainer file. lib/os has become another dumping
ground for everything and it the Kconfig and contents in that folder
became difficult to manage, configure and test.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Export some symbols for loadable modules. Also add an
EXPORT_SYSCALL() helper macro for exporting system calls by their
official names.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Add a Kconfig option to tell whether or not using thread
local storage to store current thread.
The function using it can be called from ISR and using
TLS variables in this context may (should ???) not be
allowed
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Picolibc's 'minimal' printf mode reduces functionality and size even more
than the 'integer' mode. Use this where memory is at a premium and where
the application knows that it does not require exact printf semantics.
1.8.5 adds two more printf variants, 'long long' and 'minimal'. The 'long
long' variant is the same as the 'integer' variant but with long long
support enabled. The 'minimal' variant reduces functionality and size even
more than the 'integer' mode. Applications can use this where memory is at
a premium and where the application does not require exact printf
semantics.
With these two added variants, the SDK has enough options so that all of
the cbprintf modes can be supported with the pre-compiled bits:
1. CBPRINTF_NANO - picolibc's 'minimal' variant
2. CBPRINTF_REDUCED_INTEGRAL - picolibc's 'integer' variant
3. CBPRINTF_FULL_INTEGRAL - picolibc's 'long long' variant
4. CBPRINTF_FB_SUPPORT - picolibc's 'double' variant
This patch makes the cbprintf Kconfig values drive the default picolibc
variant, disables picolibc variants not capable of supporting the required
cbprintf level, but allows applications to select more functionality in
picolibc than cbprintf requires.
Note that this depends on the SDK including picolibc 1.8.5. Without that,
selecting the 'minimal' or 'long long' variant in Zephyr will end up with
the default variant from picolibc, which is the full version with floating
point support. When using the module things will work as specified.
Signed-off-by: Keith Packard <keithp@keithp.com>
CBPRINTF_FULL_INTEGRAL doesn't happen to explicitly conflict with
CBPRINTF_NANO, but when CBPRINTF_NANO is enabled, there's no long long I/O
support provided.
Allow picolibc long-long I/O support to also be elided when CBPRINTF_NANO
is enabled to save similar amounts of space.
Signed-off-by: Keith Packard <keithp@keithp.com>
* Picolibc doesn't provide the %a-only mode.
* On advice from security experts, who report numerous vulnerabilities
caused by %n in printf specifiers, picolibc never supports this
feature.
* Picolibc doesn't use cbprintf for C-library compatible functions,
instead it provides aliases for the *printfcb functions using stdio
names.
Signed-off-by: Keith Packard <keithp@keithp.com>
Move the syscall_handler.h header, used internally only to a dedicated
internal folder that should not be used outside of Zephyr.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add CONFIG_CBPRINTF_CONVERT_CHECK_PTR which enables support for
checking if string candidate pointer is not %p. It is by default
disabled when logging strings are removed from the binary. Option
is added to save code.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Ensure that stdin, stdout, and stderr are initialized statically.
Previously, the mutex and condition variable were uninitialized.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
rand32.h does not make much sense, since the random subsystem
provides more APIs than just getting a random 32 bits value.
Rename it to random.h and get consistently with other
subsystems.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Zephyr's code base uses MP_MAX_NUM_CPUS to
know how many cores exists in the target. It is
also expected that both symbols MP_MAX_NUM_CPUS
and MP_NUM_CPUS have the same value, so lets
just use MP_MAX_NUM_CPUS and simplify it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Integrates object core statistics framework into the following
kernel objects:
sys_mem_blocks, k_mem_slab
threads, _cpu, z_kernel
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Rearranges the sys_mem_blocks fields so that information that describes
how much of the memory block is used is co-located. This will allow
easier of its statistics into the object core statistics reporting
framework.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Adds the linkable loadable extensions (llext) subsystem which provides
functionality for reading, parsing, and linking ELF encoded executable
code into a managed extension to the running elf base image.
A loader interface, and default buffer loader implementation,
make available to the llext subsystem the elf data. A simple management
API provide the ability to load and unload extensions as needed. A shell
interface for extension loading and unloading makes it easy to try.
Adds initial support for armv7 thumb built elfs with very specific
compiler flags.
Signed-off-by: Tom Burdick <thomas.burdick@intel.com>
Co-authored-by: Chen Peng1 <peng1.chen@intel.com>
Co-authored-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
The original idea of z_current_get() was to be the counterpart
of k_current_get() when thread local variable for current has
not been initialized if TLS is enabled, otherwise they are
the same function. Now since z_current_get() is being used
outside of core kernel, rename it under kernel namespace so
other subsystem can conceptually use them too.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The intent of this patch is to leave all of the semantics of the macros
unchanged, only replacing the easy-to-read static inline conversion
function with a pile of ?: operators.
Ick. This is not a cleanup. However, what it does enable is using constant
results while initializing global variables, which cannot be done with
either static inline functions or even statement expressions, even when
those generate constant results.
Signed-off-by: Keith Packard <keithp@keithp.com>
This header does not expose any public APIs, so move it under
kernel/include and change files including it.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
add explicit boolean type to 'if' statement controlling expression, thus
improving code readability and maintainability, complying with required
[misra-c2012-14.4] rule which states; The controlling expression of an
if statement and the controlling expression of an iteration-statement
shall have essentially boolean type.
Found as a coding guideline violation (Rule 14.4) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
Add new option to use thread local storage for stack
canaries. This makes harder to find the canaries location
and value. This is made optional because there is
a performance and size penalty when using it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When aiming for the smallest build result, it is desirable to
use CONFIG_CBPRINTF_NANO together with CONFIG_MINIMAL_LIBC. However
that doesn't mean we need all the functions enabled by having
CONFIG_CBPRINTF_LIBC_SUBSTS=y which increases the binary size even if
those functions are not used and not linked in.
When CONFIG_CBPRINTF_LIBC_SUBSTS=n such functions are not defined
anyway so z_cbvprintf_impl() won't be invoked with missing
functionalities.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Add a new API to perform an immediate system power off:
`sys_poweroff()`.
Until now, this functionality has been implemented via the system power
management module, but in a clunky fashion. The way system PM works is
by defining some idle states in devicetree, that, given some properties
(e.g. minimal residency, exit latency, etc.) are automatically selected
when system goes to idle based on the expected next wake-up. However,
system off is a power state that one typically wants to control manually
from the application because it implies state loss, and in most cases,
configuring some sort of wake-up source. So in general, it is not
desired to let the system enter this state automatically. This led to
the following stuff in-tree:
from `boards/arm/mimxrt595_evk/mimxrt595_evk_cm33.dts`:
```c
/*
* Deep power-down mode is supported in this SoC through
* 'PM_STATE_SOFT_OFF' state. There is no entry for this in device tree,
* user can call pm_state_force to enter this state.
*/
```
That is, state not being defined in devicetree so that PM subsystem
doesn't pick it automatically, but still implemented in in the PM hooks:
from `soc/arm/nxp_imx/rt5xx/power.c`, `pm_state_set()`:
```c
case PM_STATE_SOFT_OFF:
set_deepsleep_pin_config();
POWER_EnterDeepPowerDown(EXCLUDE_FROM_DEEP_POWERDOWN);
break;
```
And to actually make use of this state, users had to do this kind of
abominations:
```c
pm_state_force(0u, &(struct pm_state_info){ PM_STATE_SOFT_OFF, 0, 0 });
/* Now we need to go sleep. This will let the idle thread runs and
* the pm subsystem will use the forced state. To confirm that the
* forced state is used, lets set the same timeout used previously.
*/
k_sleep(K_SECONDS(SLEEP_S));
printk("ERROR: System off failed\n");
while (true) {
/* spin to avoid fall-off behavior */
}
```
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
1. change explicit type cast of essential character type, complying with
required [misra-c2012-10.2] rule which states; Expressions of
essentially character type shall not be used inappropriately in addition
and subtraction operations, and
2. add explicit boolean type to 'if' statement controlling expression,
consolidating it with 'buflen' type, thus improving code readability and
maintainability , complying with required [misra-c2012-14.4] rule which
states; ; The controlling expression of an if statement and the
controlling expression of an iteration-statement shall have essentially
boolean type, and
3. add enclosing parentheses enforcing and clarifying precedence of
operators, improving code readability and maintainability, complying
with *advisory* [misra-c2012-12.1] rule which states; The precedence of
operators within expressions should be made explicit.
Found as a coding guideline violation (Rules 10.2, 14.4), and coding
guideline recommendation (Rule 12.1) by static code scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
change explicit type cast of essential character type, complying with
required [misra-c2012-10.2] rule which states; Expressions of
essentially character type shall not be used inappropriately in addition
and subtraction operations.
Found as a coding guideline violation (Rule 10.2) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
add explicit unsigned suffices to various immediate numbers, matching
them to size_t, complying with required [misra-c2012-10.4] rule which
states; Both operands of an operator in which the usual arithmetic
conversions are performed shall have the same essential type category.
Found as a coding guideline violation (Rule 10.4) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
Skip child objects and arrays that are not specified in the given object
descriptor when parsing a JSON input string.
This patch adds support for extra child arrays which previously were not
supported by the parser as opposed to additional child objects.
Fixes#47988
Signed-off-by: Markus Fuchs <markus.fuchs@ch.sauter-bc.com>
This patch fixes support for encoding and decoding multidimensional arrays
as described by the JSON_OBJ_DESCR_ARRAY_ARRAY() macro.
Currently, the JSON array encoding and decoding functions, arr_encode()
and arr_parse(), expect array elements to be of object or primitive type.
However, arrays may be nested and so an array's elements may also be
arrays.
In order to support nested arrays, two special cases must be considered:
1. The array of objects/arrays sub-descriptor is described by two
`json_obj_descr` structs and so two instead of one `json_obj_descr`
structs must be skipped when iterating over the JSON descriptor to get to
an array's elements.
2. The implicit array item count field has to be considered for the
parent itself and all its child array items when calculating an element's
size.
Fixes#50801
Signed-off-by: Markus Fuchs <markus.fuchs@ch.sauter-bc.com>
This adds a few line use zephyr_syscall_header() to include
headers containing syscall function prototypes.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Complement the `struct k_mutex` in each fdtable entry
with a `struct k_condvar`. The reasoning for this should be
self-evident.
For a bit of history, `fdtable` was introduced in
commit 06eb489c45 ("kernel: add condition variables")
which predates `struct k_condvar`, introduced in
commit f484bbaa26 ("lib: posix: Implement generic file descriptor table")
by almost 2 years.
Additionally, provide a new accessor function,
`z_get_obj_lock_and_cond()`, that (optionally) gets the mutex
and condition variable associated with the provided object and
vtable.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Coverity does not like that we are passing a pointer to a location
just beyond fixed array. Inside the function access is done through
negative indexes so there was no memory corruption but to satisfy
Coverity pointer to the last element of the array is passed and
we start from index 0 instead of -1.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
