Linkable loadable extensions can only use syscalls if they are exported
via EXPORT_SYSCALL (or EXPORT_SYMBOL). Instead of enabling used syscalls
one by one, this patch exports all of them automatically via
`gen_syscalls.py`. If CONFIG_LLEXT=n, the section where the exported
symbols live is discarded, so it should be a non-op when llext is not
enabled.
This patch also removes the now redundant EXPORT_SYSCALL macro. Note
that EXPORT_SYMBOL is still useful on different situations (and is
indeed used by the code generated by `gen_syscalls.py`).
Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
The generated stubs use retval for function return value.
However, this is too generic and is going to collide with
other code. So rename those to be more specific. Note
that the double underscore is intentional to minimize
chance of being shadow variables.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The syscall generation phase parses all header files to look
for potential syscalls, and emits all the relevant files to
enable syscalls. However, this results in all the syscall
marshalling functions being included in the final binary.
This is due to these functions being referred to inside
the dispatch list, resulting in ineffective garbage
collection during linking. Previous commits allows each
drivers and subsystems to specify which header files
containing syscalls are relevant. So this commit changes
the syscall generation to only include the syscalls needed
for the build in the syscall dispatch list and removing
various bits related to that. This allows the linker to
garbage collect unused syscall related function, and thus
reducing final binary size.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There is no need to generate all the *_mrsh.c files for
marshalling syscall arguments when userspace is not enabled.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Disables allowing the python argparse library from automatically
shortening command line arguments, this prevents issues whereby
a new command is added and code that wrongly uses the shortened
command of an existing argument which is the same as the new
command being added will silently change script behaviour.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
prevent `Wundef` warnings from occurring due to
missing CONFIG_ symbols and __cplusplus.
Signed-off-by: Christoph A Schnetzler <Christoph.Schnetzler@husqvarnagroup.com>
Move scripts needed by the build system and not designed to be run
individually or standalone into the build subfolder.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Update the script so that it handles generates files using the
<zephyr/...> include prefix.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Let's consider this (simplified) compilation result of a debug build
using -O0 for riscv64:
|__pinned_func
|static inline int k_sem_init(struct k_sem * sem,
| unsigned int initial_count,
| unsigned int limit)
|{
| 80000ad0: 6105 addi sp,sp,32
| 80000ad2: ec06 sd ra,24(sp)
| 80000ad4: e42a sd a0,8(sp)
| 80000ad6: c22e sw a1,4(sp)
| 80000ad8: c032 sw a2,0(sp)
| ret = arch_is_user_context();
| 80000ada: b39ff0ef jal ra,80000612
| if (z_syscall_trap()) {
| 80000ade: c911 beqz a0,80000af2
| return (int) arch_syscall_invoke3(*(uintptr_t *)&sem,
| *(uintptr_t *)&initial_count,
| *(uintptr_t *)&limit,
| K_SYSCALL_K_SEM_INIT);
| 80000ae0: 6522 ld a0,8(sp)
| 80000ae2: 00413583 ld a1,4(sp)
| 80000ae6: 6602 ld a2,0(sp)
| 80000ae8: 0b700693 li a3,183
| [...]
We clearly see the 32-bit values `initial_count` (a1) and `limit` (a2)
being stored in memory with the `sw` (store word) instruction. Then,
according to the source code, the address of those values is casted
as a pointer to uintptr_t values, and that pointer is dereferenced to
get back those values with the `ld` (load double) instruction this time.
In other words, the assembly does exactly what the C code indicates.
This is wrong for 2 reasons:
- The top half of a1 and a2 will contain garbage due to the `ld` used
to retrieve them. Whether or not the top bits will be cleared
eventually depends on the architecture and compiler.
- Regardless of the above, a1 and a2 would be plain wrong on a big
endian system.
- The load of a1 will cause a misaligned trap as it is 4-byte aligned
while `ld` expects a 8-byte alignment.
The above code happens to work properly when compiling with
optimizations enabled as the compiler simplifies the cast and
dereference away, and register content is used as is in that case.
That doesn't make the code any more "correct" though.
The reason for taking the address of an argument and dereference it as an
uintptr_t pointer is most likely done to work around the fact that the
compiler refuses to cast an aggregate value to an integer, even if that
aggregate value is in fact a simple structure wrapping an integer.
So let's fix this code by:
- Removing the pointer dereference roundtrip and associated casts. This
gets rid of all the issues listed above.
- Using a union to perform the type transition which deals with
aggregates perfectly well. The compiler does optimize things to the
same assembly output in the end.
This also makes the compiler happier as those pragmas to shut up warnings
are no longer needed. It should be the same about coverity.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Added check to respect the TRACING_SYSCALL tracing option
when generating syscall tracing overrides in
gen_syscalls.py.
Signed-off-by: Torbjörn Leksell <torbjorn.leksell@percepio.com>
When generating syscall wrappers, call a tracing macro with the id,
name, and all parameters of the syscall as params when entering and
leaving the syscall. This can be disabled in certain call sites
by defining DISABLE_SYSCALL_TRACING which is useful for certain
tracing implementations which require syscalls themselves to work.
Notably some syscalls *cannot* be automatically traced this way and
headers where exclusions are set are in the gen_syscall.py as notracing.
Includes a systemview and test format implementation.
Tested with systemview, usb, and uart backends with the string
formatter using the tracing sample app.
Debugging the trace wrapper can be aided by setting the TRACE_DIAGNOSTIC
env var and rebuilding from scratch, a warning is issued for every
instance a syscall is traced.
Automatically generating a name mapping for SYSVIEW_Zephyr.txt is a
future item as is documenting how to capture and use the tracing data
generated.
Signed-off-by: Tom Burdick <thomas.burdick@intel.com>
Although they are marked as an inline functions, the compiler
may decide not to inline them which would result in them being
outside the pinned text section. Since these functions are
required for userspace to work correctly, pin them in physical
memory. This also applies to k_is_user_context().
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
XCC doesn't recognize GCC pragma to ignore -Warray-bounds. So #if
it out, or else XCC would complain about unknown option for all
syscall generated header files.
Fixes#36661
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Compilers and static code analyzers do not understand Zephyr's
syscall mechanism so they always complain about out of bound
array access inside the generated syscall header functions.
So add a flag for GCC to ignore this type of warning for these
functions.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Coverity does not understand syscall mechanism and will already
complain when any function argument is not of exact size as
uintptr_t. So tell Coverity to ignore this particular rule here.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
In C, `void foo(void);` and `void foo();` mean subtly different things.
The former means "foo takes zero arguments"; the latter means
"foo takes an unspecified number of arguments". This can result in
calling convention mismatches in exceptional cases.
Change to emitting `(void)` instead of `()` for a syscall with
zero arguments.
Signed-off-by: James Harris <james.harris@intel.com>
Certain types of system call validation may need to be pushed
deeper in the implementation and not performed in the verification
function. If such checks are only pertinent when the caller was
from user mode, we need an API to detect this situation.
This is implemented by having thread->syscall_frame be non-NULL
only while a user system call is in progress. The template for the
system call marshalling functions is changed to clear this value
on exit.
A test is added to prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The syscall exception frame was stored on the CPU struct during
syscall execution, but that's not right. System calls might "feel
like" exceptions, but they're actually perfectly normal kernel mode
code and can be preempted and migrated between CPUs at any time.
Put the field on the thread struct.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
gen_syscall_header.py is not longer necessary, it was just creating a
file including syscall.h. This header is now included directly by
gen_syscalls.py.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
None of the splitting logic is needed if 64-bit return
values or parameters fit inside a register.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to pass system call args using a register-width
data type and not hard-code this to u32_t.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit addresses the following portability issues:
1. gen_syscalls incorrectly assumes that the compiler is always GCC.
2. pragma GCC diagnostic push and pop are not supported in GCC < 4.6.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Python's Sets are not deterministic. This causes the following lines to
be emitted in random order in generated/syscall_dispatch.c
extern u32_t z_mrsh_k_object_release(u32_t arg1, ...
extern u32_t z_mrsh_k_object_access_grant(u32_t arg1, ...
extern u32_t z_mrsh_k_object_alloc(u32_t arg1, ...
Change noweak to a basic list.
Reproducibility regression introduced by commit 6564974bae
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We have several scripts used by the build system related
to generating code for system calls, privileged mode stacks,
kernel object metadata, and application shared memory
partitions. Add some overview documentation for each.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
According C99 the first 31 characters of an identifier must be unique.
Shortening the namespace of the generated objects to achieve it.
C99 - 5.2.4.1
MISRA-C rule 5.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit touches the C codebase and the python syscall generator.
The Z_GENLIST-macros expand to whole functions. Once expanded by the
preprocessor we notice a semicolon is put after the function body. But
ISO C99 does not allow extra ‘;’ outside of a function. Though this is
accepted by GCC with GNU extensions, it is not by Clang.
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
With have *many* violations on Zephyr's code, this commit is tackling
only the violations caused by headers guards. It also takes the
opportunity to normalize them using the filename in uppercase and
replacing dot with underscore. e.g file.h -> FILE_H
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We use the code generator 'gen_syscalls.py' to assign numeric
id's to each syscall. These id's have been defined using an enum
like this:
enum {
K_SYSCALL_ADC_DISABLE,
K_SYSCALL_ADC_ENABLE,
K_SYSCALL_LIMIT
};
but enums can not be included by assembly files. So we have been
compiling the enum values and then extracting them into #define's when
needed.
In this situation there happen to not be any benefits of using
'enum' over #define's so we can simplify by initially defining
them with #define instead.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
There's no particularly good reason to have one kind of
output from this script to be sent to stdout instead of
a filename specified by parameter, and it makes it
annoying to add debug print() statements.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
parse_syscalls.py was doing too much and was generating
derived and partial string output information that was
completed later by gen_syscalls.py.
Now parse_syscalls.py just breaks up system call information into
non-derived data which is fully processed by gen_syscalls.py.
The goal is to ease maintenance of system call generation with
all the mechanism on what to do with system call information in
one script location rather than two of them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The generated header uses Zephyr's custom integer type
definitions but wasn't including the proper header.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Names that begin with an underscore are reserved by the C standard.
This patch does not change names of functions defined and implemented
in header files.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This commit fixes
https://github.com/zephyrproject-rtos/zephyr/issues/5008.
It does so by splitting up gen_syscalls.py into two scripts with a
json metadata file to communicate syscall metadata between them. The
parsing script parses header files from include/ and writes syscall
metadata to a file if the contents changed. The generation script
reads from the json file and generates syscall code.
The build system DAG now looks like this:
always_rebuild -> json -> syscalls -> offset.o
The script for generating json will do so only if the content changes,
this ensures that the entire DAG does not always do a full rebuild.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is subject to the constraint that such system calls must have a
return value which is "u64_t" or "s64_t".
So far all the relevant kernel calls just have zero or one arguments,
we can later add more _syscall_ret64_invokeN() APIs as needed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This used to exist because in earlier versions of the system call
interfaces, an "extern" declaration of the system call implementation
function would precede the real inline version of the implementation.
The compiler would not like this and would throw "static declaration
of ‘foo’ follows non-static declaration". So alternate macros were
needed which declare the implementation function as 'static inline'
instead of extern.
However, currently the inline version of these system call
implementations appear first, the K_SYSCALL_DECLARE() macros appear in
the header generated by gen_syscalls.py, which is always included at the
end of the header file. The compiler does not complain if a
static inline function is succeeded by an extern prototype of the
same function. This lets us simplify the generated system call
macros and just use __syscall everywhere.
The disassembly of this was checked on x86 to ensure that for
kernel-only or CONFIG_USERSPACE=n scenarios, everything is still being
inlined as expected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In Python, if open() doesn't specify "encoding" parameter,
locale.getpreferredencoding(False) will be used as the default,
as explained in
https://docs.python.org/3/library/functions.html#open ,
which may differ from system to system. So, explicitly specify
"encoding" param in open() call.
Also, fix a typo in a comment.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
To define a system call, it's now sufficient to simply tag the inline
prototype with "__syscall" or "__syscall_inline" and include a special
generated header at the end of the header file.
The system call dispatch table and enumeration of system call IDs is now
automatically generated.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ederson de Souza
Anas Nashif
Daniel Leung
Christopher Friedt
Jamie McCrae
Christoph A Schnetzler
Gerard Marull-Paretas
Nazar Kazakov
Nicolas Pitre
Torbjörn Leksell
Tom Burdick
James Harris
Ruslan Mstoi
Kumar Gala
Andrew Boie
Andy Ross
Flavio Ceolin
Stephanos Ioannidis
Marc Herbert
Ulf Magnusson
Mark Ruvald Pedersen
Sebastian Bøe
Leandro Pereira
Paul Sokolovsky