Age | Commit message (Collapse) | Author |
|
Implement `Mutex` by wrapping the C `mutex_t` API.
`Mutex` is modeled on `std::sync::Mutex`'s API.
Test: build.py generic-x86_64-test
Bug: 298705967
Change-Id: I2443da0757796f7859bc6ff38d99b104d40e8da0
|
|
vmm_alloc_physical_etc does not modify this array, so it should be const
so the caller does not have to have a writable array.
Bug: 298705967
Change-Id: Ieed94570c33763565e67a170382b3d1e10f120f2
|
|
Bug: 302723053
Test: build trusty in its own repo
Change-Id: I8cbd2daea4d414fc3de95fd52f87226ee3261f2b
|
|
Bug: 119111590
Change-Id: I879130874cf1b9512bf7f44a4c4e2e33f240bdac
|
|
Will be used by x86 user-copy functions which needs to check permissions
separately from the copy
Bug: 304625515
Change-Id: Ibb34bed675f3e561a8072268bed400f3ffdcfc56
|
|
Change-Id: I90fd811c2435bdb74126e6d51f87748a9710e369
Bug: 286029819
Test: trusty.hwaes.test
|
|
Bug: 261566834
Test: build.py, tested on device
Change-Id: Ica3ba9ecb55768c5510361ec4aa1be9dc0c61e28
|
|
Once a thread cookie has been corrupted, we cannot use the existing
test facility to exit a thread on panics without resetting its cookie
such that it can exit without triggering additional panics. We only
do so for test threads that have the exit-on-panic flag set. If this
flag is set, we are also more lenient w.r.t. the thread state.
In thread_resched, the call to get_top_thread is moved past the first
call to thread_cookie_check. This is necessary to cleanly exit a test
thread with a corrupted cookie because thread_preempt might have put
said thread at the head of its run queue.
Bug: 215740695
Change-Id: I68a95cff523f323370c5fc55851679e146214684
Signed-off-by: Per Larsen <perlarsen@google.com>
|
|
This change adds a 64-bit random value (cookie) which is expected
to be identical across all threads. We use rand_get_bytes as our
source of randomness. Threads are checked in thread_resched,
thread_resume, and other functions that put threads on the run
queues.
Bug: 215740695
Change-Id: I1b91059bc3bbf53071c55175c2690b833b9728c0
Signed-off-by: Per Larsen <perlarsen@google.com>
|
|
Bug: 261566834
Test: build.py
Change-Id: I087ba3f8c7b78f579d30b82cca7f73eee97a3d1d
|
|
Change-Id: I810ea890a6eb58723d6a2b303838454b41738e0b
Test: prepare_plat_dma alignment test
Bug: 286027554
|
|
Print the name of the region that an address belongs to in crash dumps.
Bug: none
Test: scudotest
Change-Id: I888ec03a386df4b4a4ea3eb8b26322564f57b083
|
|
Utilities to help enable/disable SVE or check if it is supported.
Bug: 270942549
Change-Id: Iebbee43ce886d6d41b025a17d41d0f3ee18e2f99
|
|
Add FUNCTION() asm macro override capability, and add bti pads for
arm64.
Bug: 260397427
Test: build.py (all targets)
Test: boot to Android home
Change-Id: I929adc9e6d3a9fe0ebee4fcb2e4421d43eb25079
|
|
Add support for ARM-A v8.5 Branch Target Identification. This is a mandatory Aarch64 feature that checks the BR and BLR instructions land on a BTI instruction. If this happens in a 'guarded' memory page (a new GP bit in the PTE is set), an exception is raised and execution can be halted (panic). This resists Jump Oriented Programming (JOP) attacks by reducing available code 'gadgets'
Bug: 260397427
Test: build.py qemu-generic-arm64-test-debug
Test: build.py qemu-generic-arm32-test-debug
Test: build.py qemu-generic-arm64-test-debug, Qemu 7 with cpu=max (BTI
supported)
Change-Id: I682cb40be61b4819caa199e65338beeb452da766
|
|
Check whether tags can be set and get, and move the existing mte
feature checks out of trusty lib (and into lk)
Bug: 231693178
Test: boot with and without MTE
Change-Id: Iff02d7a3c001e734ed71e5be02089279402ac3f9
|
|
This commit ensures the 4 bytes inserted for the symbol size
by INCBIN_ALIGNED are always aligned to 4 bytes. This
prevents unaligned accesses in the case that the alignment
parameter is less than 4. It also simplifies how offsets are
computed when using this macro for multiple embedded device
tree blobs.
Bug: 231151995
Change-Id: I812fe5a87914b7693fe5231e0bec117bb86f434f
|
|
Add platform_cpu_priority_set() calls whenever the current or
targeted CPU changes. This will be used by trusty to set a 'shadow'
priority shared with the host operating system.
Bug: 251903627
Test: <TBD>
Change-Id: I52a8431e3d674a3756ccdb4c9eb4eb42f80836cf
|
|
Bug: 231155845
Test: boot, scudotest
Change-Id: Ic5e70a88405cb5f4e952b283c7c4c1ae7b0dbaf2
|
|
This CL adds new pmm_add_arena_late_etc() routine that
is very similar to an existing pmm_add_arena_late() but
optionally reserve memory regions at the beginning and/or
at the end of arena.
Bug: 261907557
Change-Id: I5b74e662793805d5545b3368fabf9db8a802f6e2
Signed-off-by: Michael Ryleev <gmar@google.com>
|
|
Add the ability to reserve address space for future
allocations without mapping physical memory.
Bug: 231152307
Change-Id: If628e58206e903195d47d3276dbe5e292e0e7757
|
|
This change allows passing an optional `size` parameter
when creating an address space. If set, the address space
will fail allocations that go over this size
Bug: 231152307
Change-Id: I7c2765f0600ce634ad0726f4b3a79b4094b82155
|
|
Bug: 231155845
Test: build, boot, mmutest
Change-Id: I09278bf1e4f7566fd2a74c6a1ff39607f5ccf7d3
|
|
Add an optional argument to PMM allocations which will
track created `pmm_vmm_obj`s memory usage against the
provided `res_group`.
Bug: 231152307
Change-Id: I37ae553a725a7b31e502b8f9719f94d546ad5bb9
|
|
Currently, the heap segment for each app is allocated
and mapped on app startup. Scudo will only map heap
regions as necessary. This patch adds the ability to
reserve physical pages ahead of time to match existing
behavior.
Bug: 231152307
Change-Id: I053a1e45c8c420e9f805838dd7c7c68b91620262
|
|
When the .incbin assembler directive doesn't recognize a
section by its name, it creates a new section without any
flags. This means that it creates sections that are not
allocatable so the sections don't end up in the final
executables which leads to linker errors if something
references the embedded binary. This commit makes all
sections created by INCBIN allocatable so the linker will
place them in the executables.
Bug: 231151995
Change-Id: Iac88cb0c6581167209b04ba4b1640887f8eef47b
|
|
Bug: 259250505
Change-Id: Ie3da9b6c4ea97dc3630c7b1c0559433057c73e9f
|
|
Bug: 252870906
Change-Id: I59b8f246e29ecead08ae653ce6e7cf9fc6101840
|
|
INC{BIN,FILE} always use 4-byte alignment which is
unsuitable for embedding devicetree blobs (dtbs) in
binaries. This adds new INC{BIN,FILE}_ALIGNED macros that
take an extra alignment parameter to allow embedding dtbs
with 8-byte alignment. This fixes the rare devicetree test
failures caused by libfdt returning FDT_ERR_ALIGNMENT when
the dtb happens to not be aligned to 8 bytes.
Bug: 231151995
Change-Id: Ibd88156ef19cdd716ca5bb1fbce9ec4e7073e689
|
|
Bug: 231155845
Test: scudotest
Change-Id: Idf1cb980f6e1be42f3057502acef3e310aa3a27e
|
|
This commit adds an LK_LIBC_IMPLEMENTATION build flag that
can be set to `musl` or `lk` to select the kernel's libc.
The default (musl) is set in engine.mk to allow projects
that want to keep using lk to override it. This is also
required to allow conditionally building tests in
kerneltests-inc.mk as libc-trusty/test only compiles with
musl (LK libc is missing many headers and function
definitions). When a libc module is selected in
kernel/rules.mk we also define an
LK_LIBC_IMPLEMENTATION_IS_[LK,MUSL] macro to allow
conditionally compiling code based on which libc is used if
it's necessary.
This commit also moves off_t and ssize_t from lk/types.h to
LK's sys/types.h to only keep the LK definitions (which
differ from musl on some archs) when using LK libc. It also
includes inttypes.h in lk/types.h (used by both musl and
LK) to allow using the PRI macros it defines.
Bug: 230134581
Change-Id: I7a6c4b6d50d206241775e83961ee166689906515
|
|
This adds a TLS entry for libc-specific info when using
musl. The new entry is a pointer to a libc_state struct
(defined in libc-trusty's libc_state.h) which includes errno
and locale information which is required by musl's stdio
implementation.
Bug: 230134581
Change-Id: I0d6e33cfbe8d829fbf7a37dfdb233bda41e75580
|
|
Test: boot
Change-Id: I724a5d22ebfa7fe93bd0538f3409e625173a480b
|
|
Bug: 230134581
Change-Id: I90a71ed2ccfae048a754d43099dbcbee69913b5b
|
|
libcxx's locale.cpp defines an internal countof function so
this commit replaces that macro with an inline function
definition whenever compiler.h is included in C++. It also
adds the countof macro in two host tests that call countof
on pointers to empty arrays since zero-sized arrays are not
permitted in C++.
Bug: 230134581
Change-Id: I4d8dc311f86a1e6df5231ca4a16587023becca58
|
|
Musl provides its own version of this header, but the LK
version has LK-specific type and macro definitions that
we'll still need after switching the kernel to musl. To keep
these definitions musl's sys/types.h will include lk/types.h.
Since we are currently using LK libc, this commit keeps LK's
sys/types.h to #include lk/types.h. After switching to musl
this sys/types.h should be removed.
Bug: 230134581
Change-Id: I3a7a1a9be0ed26349366b45d006a1fe4316ea733
|
|
Musl's err.h will include LK's uapi/err.h when we switch the
kernel to musl. This change replaces LK's err.h's include
guards with `#pragma once` to allow this.
Bug: 230134581
Change-Id: I7837d6db5a9f98aa3b02ff31c2f265a6e27ffb73
|
|
LK defines uintptr_t as `unsigned long` for every arch, but
musl defines it as `unsigned int` for ARM so this switches
%lx to PRIxPTR when printing `uintptr_t`s. It also adds PRI
macros for the paddr_t, vaddr_t and addr_t typedefs and
changes the definition of PRIxPTR_USER when IS_64BIT is
false.
Bug: 230134581
Change-Id: I8bb5adef690a65adf426816f51313db3b1df9c3a
|
|
LK defines uint64_t as `unsigned long long` for every arch,
but musl defines it as `unsigned long` for aarch64 and x64
so this switches %llx to PRIx64 when printing `uint64_t`s.
There are analogous changes for %llu and %lld. This also
adds a PRI macro for printing `asid_t`.
Bug: 230134581
Change-Id: Iafa6b4c1d341832e3aeead0ee3fc517b8e3b1ff6
|
|
where not needed
The Thread module currently has build-time dependency
PLATFORM_HAS_DYNAMIC_TIMER around code using timer interfaces.
Since the timer interfaces encapsulate whether a hardware timer
is optionally selected or not, and the interfaces work
properly with or without this option, it is no longer necessary
for the callers of these interfaces to have such
conditional-compilation dependency. Also, remove
thread_timer_tick() and all its call references.
Bug: 234715025
Test: timertest
Change-Id: Iff03b0fb88ac098d882a06d79f5f1e99b9ca6896
|
|
This prefixes LK's internal debug level macros to avoid name
collisions with macros defined in other headers. `dprintf`
still takes a debug level without prefix to avoid having to
change each placed it's used, but the defined macros all
have prefixes when LK_DEBUGLEVEL_NO_ALIASES is true. Also
the deprecated debug level macros are still defined if
LK_DEBUGLEVEL_NO_ALIASES is false or undefined. This is the
default to avoid breaking code that uses the debug level
macros directly, though downstream code should migrate to
the prefixed macros.
Bug: 230134581
Change-Id: Ia5bf456b32a265e696d85d69603c764507523200
|
|
In contrast with existing pmm_add_arena() routine this new
implementation:
- does not use boot time allocator for page tracking
structures so can be used at later boot stages
- allocates page tracking structures from newly added memory
regions making arenas independent from each other
- can be used for adding memory regions that are not kernel
mapped at boot time.
Bug: 231345893
Change-Id: I57dd389696119c6c153809c8836a4525cff2e886
|
|
Revert submission 2161077-trusty-kernel-namespace-debuglevels
Reason for revert: broke downstream builds
Reverted Changes:
I07fc3efe4:include/debug.h: Namespace LK debug levels by pref...
Ibbc7a15ed:lib/trusty: Namespace LK debug levels by prefixing...
Change-Id: I260f73bf06708db7944b200dc669d5c935a4136d
|
|
The debug level macros defined by LK conflict with the
LogSeverity enum variants in libbase. This commit prefixes
the `level` argument passed to dprintf with `LK_DEBUGLEVEL_`
to avoid this conflict without having to change every place
dprintf is used.
Bug: 230134581
Change-Id: I07fc3efe428555649799bdef7b269c1cd31678d2
|
|
The first two arguments to atomic_store_explicit must have
the same type which previously wasn't the case because the
SMP_MAX_CPUS macros defined in the build system isn't an
int32_t literal.
Bug: 230134581
Change-Id: I0943bd5882a5eb09e409a656fc16aaa1d224121e
|
|
Musl defines a `weak` macro that expands to
`__attribute__((__weak__))` so this commit changes LK's
__WEAK macro to allow using either.
Bug: 230134581
Change-Id: I1197f252c43a4719cd04186a4ac5d3ac65109f56
|
|
Implements the generic part of KASLR which randomly selects
a load bias and shifts the virtual address of the kernel
by that bias.
Bug: 80147716
Change-Id: If25dbd1138a77009ce047400354943cd56e1e818
|
|
Adds a new vm_map_initial function that applies the initial
mappings and is called from early MMU initialization context.
Bug: 80147716
Change-Id: I3fd0b7b11c0fb9b31c3b32041f6955a6d97767e2
|
|
This provides a second version of the boot_alloc_mem() function
that takes a second alignment parameter. Also updates the
kernel/vm.h header to declare the two functions.
Bug: 80147716
Change-Id: Ia83b2ecedafd44b3de7f20d434779dc600133b32
|
|
Add a relocate_kernel() function that applies dynamic relocations
to the kernel image. This also requires the kernel to be PIE, which
is now the default in all cases.
Bug: 80147716
Change-Id: Ie86fdbd4ddb4811c134cd883c8f7f47ae8be25c3
|