| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Remove previous adjtime() implementation.
Update #2348.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file was imported from this repository:
https://github.com/freebsd/freebsd.git
This commit was used:
commit 3ec0dc367bff27c345ad83240625b2057af391b9
Author: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Mon Feb 7 14:16:16 2022 -0700
kern_ntptime.c: Remove ntp_init()
The ntp_init() function did set a couple of global objects to zero. These
objects are in the .bss section and already initialized to zero during kernel
or module loading.
Update #2348.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two places where we convert from a timecounter delta to
a bintime delta: tc_windup and bintime_off.
Both functions use the same calculations when the timecounter delta is
small. But for a large delta (greater than approximately an equivalent
of 1 second) the calculations were different. Both functions use
approximate calculations based on th_scale that avoid division. Both
produce values slightly greater than a true value, calculated with
division by tc_frequency, would be. tc_windup is slightly more
accurate, so its result is closer to the true value and, thus, smaller
than bintime_off result.
As a consequence there can be a jump back in time when time hands are
switched after a long period of time (a large delta). Just before the
switch the time would be calculated with a large delta from
th_offset_count in bintime_off. tc_windup does the switch using its own
calculations of a new th_offset using the large delta. As explained
earlier, the new th_offset may end up being less than the previously
produced binuptime. So, for a period of time new binuptime values may
be "back in time" comparing to values just before the switch.
Such a jump must never happen. All the code assumes that the uptime is
monotonically nondecreasing and some code works incorrectly when that
assumption is broken. For example, we have observed sleepq_timeout()
ignoring a timeout when the sbinuptime value obtained by the callout
code was greater than the expiration value, but the sbinuptime obtained
in sleepq_timeout() was less than it. In that case the target thread
would never get woken up.
The unified calculations should ensure the monotonic property of the
uptime.
The problem is quite rare as normally tc_windup should be called HZ
times per second (typically 1000 or 100). But it may happen in VMs on
very busy hypervisors where a VM's virtual CPU may not get an execution
time slot for a second or more.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Panzura LLC
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Hyper-V wants to register its MSR-based timecounter during
SI_SUB_HYPERVISOR, before SI_SUB_LOCK, since an emulated 8254 may not be
available for DELAY(). So we cannot use MTX_SYSINIT to initialize the
timecounter lock.
PR: 259878
Reviewed by: kib
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33014
|
| |
|
|
|
|
|
| |
Do not initialize Thread_Control::libc_reent if
CONFIGURE_DISABLE_NEWLIB_REENTRANCY is defined. This helps to catch errors
with a NULL pointer exception rather than a corruption of the thread control
block.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment the line discipline start function (l_start) has no
possibility to get feedback about the number of characters that have
been sent. This patch passes that information via an additional
parameter.
The change might trigger a warning on existing code because of a pointer
mismatch but it shouldn't break it. An existing function with the old
API will just ignore the additional parameter.
Update #4493
|
| |
|
|
|
|
| |
The dispatch code was unnecessarily saving and restoring an extra
interrupt frame. This avoids the extra frame and folds the dispatch call
into a fallthrough to the interrupt frame restoration code.
|
| |
|
|
|
|
| |
Avoid use of magic numbers in favor of named constants and add MSR to
the interrupt frame so that thread dispatch can occur on exceptions as
well.
|
| |
|
|
|
| |
Add the functions necessary to support RTEMS_EXCEPTION_EXTENSIONS and
mark this functionality as available on MicroBlaze.
|
| |
|
|
|
|
| |
This patch adds a vector for debug events along with a hook similar to
the exception framework. The debug vector generates an exception frame
for use by libdebugger.
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch updates the CPU_Exception_frame to include all necessary
registers, combines hardware snd software exception handlers into a
shared vector, provides an architecture-specific hook for taking
control of exception handling, and moves exception handling over to
actually using the CPU_Exception_frame instead of a minimal interrupt
stack frame. As the significant contents of _exception_handler.S have
been entirely rewritten, the copyright information on this file has been
updated to reflect that.
|
| |
|
|
|
| |
This includes fixes and improvements necessary to get libbsd networking
running.
|
| |
|
|
|
|
|
|
|
|
|
| |
When the stack checker is not enabled, the stack checker reporting
function can still be called. This prevents that call from performing a
null memory access in trying to find the high water mark if the stack
checker was never initialized.
This also introduces a test to ensure this call does not cause a crash.
Closes #4588
|
| |
|
|
|
|
|
|
|
|
|
| |
GCC versions prior to 6.1 used a RTEMS thread model based on
rtems_gxx_*() functions. GCC version 6.1 or later uses the
self-contained synchronization objects of Newlib <sys/lock.h> for the
RTEMS thread model.
Remove the obsolete implementation.
Close #3143.
|
| |
|
|
|
| |
Use the SRS (Store Return State) instruction if available. This
considerably simplifies the context save and restore.
|
| |
|
|
|
|
|
|
|
|
|
| |
On a public interface, the stack pointer must be aligned on an 8-byte
boundary. However, it may temporarily be only aligned on a 4-byte
boundary. The interrupt handling code must ensure that the stack
pointer is properly aligned before it calls a function. See also:
https://developer.arm.com/documentation/den0013/d/Interrupt-Handling/External-interrupt-requests/Nested-interrupt-handling
Update #4579.
|
| |
|
|
| |
Update #4579.
|
| |
|
|
|
|
|
|
| |
Use volatile register r0 for the per-CPU control of the current
processor instead of the non-volatile register r7. This enables the use
of r7 in a follow up patch. Do the interrupt handling in ARM mode.
Update #4579.
|
| |
|
|
| |
Update #4579.
|
| |
|
|
| |
Make sure there are no pending events after a test case.
|
| |
|
|
| |
Update #4572.
|
| |
|
|
|
|
|
|
| |
close() file 'bf' to avoid leaking descriptor.
CID 1437645: Resource leak in rtems_fdt_load().
Closes #4297
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This is done to get the target path for the overlay nodes which is very useful
in many cases. For example, Xen hypervisor needs it when applying overlays
because Xen needs to do further processing of the overlay nodes, e.g. mapping of
resources(IRQs and IOMMUs) to other VMs, creation of SMMU pagetables, etc.
Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Message-Id: <1637204036-382159-2-git-send-email-fnu.vikram@xilinx.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
| |
UINT32_MAX is an integer of type unsigned int. UINT32_MAX + 1 overflows
unless explicitly computed as unsigned long long. This led to some
invalid addresses being treated as valid.
Cast UINT32_MAX to uint64_t explicitly.
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
|
| |
|
|
|
|
|
|
| |
The ALIGNMENT error was missing a string, leading to <unknown error>
being returned.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness in
the different legs of the conditional operator, in fdtget.c.
In the questionable expression, we are constructing a 16-bit value out of
two unsigned 8-bit values, however are relying on the compiler's
automatic expansion of the uint8_t to a larger type, to survive the left
shift. This larger type happens to be an "int", so this part of the
expression becomes signed.
Fix this by explicitly blowing up the uint8_t to a larger *unsigned* type,
before doing the left shift. And while we are at it, convert the hardly
readable conditional operator usage into a sane switch/case expression.
This fixes "make fdtget", when compiled with -Wsign-compare.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20210618172030.9684-3-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Coverity gets a bit confused by loading fdt_size_dt_strings() and
using it in a memmove(). In fact this is safe because the callers
have verified this information (via FDT_RW_PROBE() in fdt_pack() or
construction in fdt_open_into()).
Passing in strings_size like we already do struct_size seems to get
Coverity to follow what's going on here.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Only checking the FDT alignment in fdt_ro_probe_() means that
fdt_check_header() can pass, but then subsequent API calls fail on
alignment checks. Let's add an alignment check to fdt_check_header() so
alignment errors are found up front.
Cc: Tom Rini <trini@konsulko.com>
Cc: Frank Rowand <frowand.list@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20210406190712.2118098-1-robh@kernel.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently the unchecked return value of the first fdt_next_tag() call in
fdt_add_subnode_namelen() is tripping Coverity Scan in some circumstances,
although it appears not to for the scan on our project itself.
This fdt_next_tag() should always return FDT_BEGIN_NODE, since otherwise
the fdt_subnode_offset_namelen() above would have returned BADOFFSET or
BADSTRUCTURE.
Still, add a check to shut Coverity up, gated by a can_assume() to avoid
bloat in small builds.
Reported-by: Ryan Long <ryan.long@oarcorp.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in fdt_open_into
Changes in v3:
- Remove noop version sets
- Set version correctly on loaded fdt in fdt_open_into
Fixes: f1879e1a50eb ("Add limited read-only support for older (V2 and V3) device tree to libfdt.")
Signed-off-by: Justin Covell <jujugoboom@gmail.com>
Message-Id: <20201229041749.2187-1-jujugoboom@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
| |
There's a small inaccuracy in the comment describing these new helpers.
This corrects it, and reformats while we're there.
Fixes: f98f28ab ("libfdt: Internally perform potentially unaligned loads")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commits 6dcb8ba4 "libfdt: Add helpers for accessing unaligned words"
introduced changes to support unaligned reads for ARM platforms and
11738cf01f15 "libfdt: Don't use memcpy to handle unaligned reads on ARM"
improved the performance of these helpers.
On further discussion, while there are potential cases where we could be
used on platforms that do not fixup unaligned reads for us, making this
choice the default is very expensive in terms of binary size and access
time. To address this, introduce and use new fdt{32,64}_ld_ functions
that call fdt{32,64}_to_cpu() as was done prior to the above mentioned
commits. Leave the existing load functions as unaligned-safe and
include comments in both cases.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Message-Id: <20201211022736.31657-1-trini@konsulko.com>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
| |
The device tree must be loaded in to memory at an 8-byte aligned
address. Add a check for this condition in fdt_ro_probe_() and a new
error code to return if we are not.
Signed-off-by: Tom Rini <trini@konsulko.com>
Message-Id: <20201104130605.28874-1-trini@konsulko.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The API documentation in libfdt.h seems to follow the Linux kernel's
kernel-doc format[1].
Running "scripts/kernel-doc -v -none" on the file reports some problems,
mostly missing return values and missing parameter descriptions.
Fix those up by providing the missing bits, and fixing the other small
issues reported by the script.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/doc-guide/kernel-doc.rst
Message-Id: <20201012165331.25016-1-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_strerror().
Force FDT_ERRTABSIZE to be signed (it's surely small enough to fit), so
that the types match. Also move the minus sign to errval, as this is
actually what we use in the next line.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-7-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness in
comparisons in fdt_get_string().
Introduce a new usigned variable, which holds the actual (negated)
stroffset value, so we avoid negating all the other variables and have
proper types everywhere.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-6-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_setprop_inplace_namelen_partial().
fdt_getprop_namelen() will only return negative error values in "proplen"
if the return value is NULL. So we can rely on "proplen" being positive
in our case and can safely cast it to an unsigned type.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-5-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_create_with_flags().
By making hdrsize a signed integer (we are sure it's a very small
number), we avoid all the casts and have matching types.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-4-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in comparisons in fdt_move().
This stems from "bufsize" being passed in as a signed integer, even
though we would expect a buffer size to be positive.
Short of changing the prototype, check that bufsize is not negative, and
cast it to an unsigned type in the comparison.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-3-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_add_string_().
Make all variables unsigned, and express the negative offset trick via
subtractions in the code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20201001164630.4980-2-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_node_offset_by_phandle().
Uses a better suited bitwise NOT operator to denote the special value of
-1, which automatically results in an unsigned type.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-14-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_resize().
A negative buffer size will surely do us no good, so let's rule this
case out first.
In the actual comparison we then know that a cast to an unsigned type is
safe.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-10-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_splice_().
Since we just established that oldlen is not negative, we can safely
cast it to an unsigned type.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-8-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness in
comparisons in fdt_get_string().
In the first two cases, we have just established that the signed values
are not negative, so it's safe to cast the values to an unsigned type.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-7-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in a comparison in fdt_grab_space_().
All the involved values cannot be negative, so let's switch the types of
the local variables to unsigned to make the compiler happy.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-4-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about a mismatching signedness
in comparisons in fdt_mem_rsv().
Since all involved values must be positive, change the used types to be
unsigned.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-3-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wsign-compare, compilers warn about mismatching signedness in
comparisons in fdt_offset_ptr().
This mostly stems from "offset" being passed in as a signed integer,
even though the function would not really tolerate negative values.
Short of changing the prototype, check that offset is not negative, and
use an unsigned type internally.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Message-Id: <20200921165303.9115-2-andre.przywara@arm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fdt_check_node_offset_() checks for a valid offset but also changes the
offset by calling fdt_next_tag(). Hence, do not skip this function if
ASSUME_VALID_INPUT is set but only omit the initial offset check in that
case.
As this function works very similar to fdt_check_prop_offset_(), do the
offset check there as well depending on ASSUME_VALID_INPUT.
Message-Id: <1913141.TlUzK5foHS@noys4>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| |
|
|
|
|
| |
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Message-Id: <20200616011217.15253-1-patrick.oppenlander@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
