1. 05 Jun, 2021 40 commits
    • Philippe Gerum's avatar
      evl/syscall: remove indirection via pointer table · cce881ed
      Philippe Gerum authored
      
      
      We have only very few syscalls, prefer a plain switch to a pointer
      indirection which ends up being fairly costly due to exploit
      mitigations.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      cce881ed
    • Philippe Gerum's avatar
      0d0af4b4
    • Philippe Gerum's avatar
      uapi/evl: annotate label of user pointers in ABI · c7d4ce63
      Philippe Gerum authored
      
      
      All pointers passed as 64 bit long integer in the ABI in order to deal
      with compat mode refer to user memory. Annotate their description
      accordingly.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      c7d4ce63
    • Philippe Gerum's avatar
      drivers/evl: latmus: add sirq latency measurement · b678f869
      Philippe Gerum authored
      
      
      This mode measures the delay between the moment a synthetic interrupt
      is posted from the oob stage and when it is eventually received by its
      in-band handler. When measured under significant pressure, this gives
      the typical interrupt latency experienced by the in-band kernel due to
      local interrupt disabling.
      
      As a result of this change, the current ABI revision is bumped to 25.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      b678f869
    • Philippe Gerum's avatar
      evl/proxy: add read side · f99ad375
      Philippe Gerum authored
      
      
      A proxy should be usable for reading from an in-band file without
      encurring a stage switch, just like it is for the output direction.
      
      These changes introduce the EVL_CLONE_INPUT, EVL_CLONE_OUTPUT creation
      flags for a proxy, which can be used in a mutually exclusive manner,
      or combined in order to have a bidirectional channel to the target
      file.
      
      As a by-product, the output direction gains in-band poll() support.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      f99ad375
    • Philippe Gerum's avatar
      evl: introduce the observable element · 8c687c9e
      Philippe Gerum authored
      
      
      Observables enable the observer design pattern, in which any number of
      observer threads can be notified of updates to any number of
      observable subjects, in a loosely coupled fashion. In the same move,
      an EVL thread becomes in and of itself an observable which can be
      monitored for events.
      
      As a by-product, provide support for channeling SIGDEBUG notifications
      to threads through their own observable on request instead of, or in
      addition to issuing SIGDEBUG. The built-in runtime error detection
      capabilities the core provides can feed health monitors, based on the
      observability of threads.
      
      The core switches to ABI 23 as a result of these changes.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      8c687c9e
    • Philippe Gerum's avatar
      evl/thread: add unblock, demote and yield operations · 96a3747f
      Philippe Gerum authored
      
      
      - EVL_THRIOC_UNBLOCK releases the target thread from any ongoing wait
        on a resource (does not apply to forcible suspension).
      
      - EVL_THRIOC_DEMOTE unblocks and demotes the target thread to
        SCHED_WEAK.
      
      - EVL_THRIOC_YIELD performs sched_yield().
      
      In addition, EVL_THRIOC_SET/CLEAR_MODE are no more restricted to the
      current thread over oob, which did not make much sense. Calls from
      either in-band or oob are now allowed, and may target an arbitrary
      thread.
      
      These changes trigger a bump to ABI 22, although we keep on supporting
      21.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      96a3747f
    • Philippe Gerum's avatar
      evl: factory: add element visibility · 95ff7120
      Philippe Gerum authored
      
      
      Allow users to decide whether a new element should be made public or
      private at creation time, depending on a clone operation attribute.
      
      A public element appears as a cdev in the /dev/evl hierarchy, which
      means that it is visible to other processes (which was the static
      default before this change). On the contrary, a private element is
      only known from the process creating it, although it does appear in
      the /sysfs hierarchy regardless.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      95ff7120
    • Philippe Gerum's avatar
      evl/sched: tp: fix handling of input/output setup data · dd6dd9f1
      Philippe Gerum authored
      
      
      tp_control() did not receive the proper input on tp_install requests,
      neither did it return the proper information on tp_get. Great, fix
      the mess.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      dd6dd9f1
    • Philippe Gerum's avatar
    • Philippe Gerum's avatar
    • Philippe Gerum's avatar
      spidev: evl: enable out-of-band mode · 1f917b6f
      Philippe Gerum authored
      
      
      This code illustrates the usage of the out-of-band SPI transfer API in
      kernel space, interfacing with the EVL core for synchronizing on
      transfer completion events. It extends the SPIDEV ioctl() interface
      with a few control requests for running out-of-band SPI transfers,
      exporting the I/O buffer to applications via mmap() support.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      1f917b6f
    • Philippe Gerum's avatar
      evl: add support for compat mode · a56a66a1
      Philippe Gerum authored
      
      
      Compat mode (CONFIG_COMPAT) allows application binaries built for a
      32bit architecture to issue system calls to a 64bit kernel which
      implements such compatibility support.
      
      This work builds on the y2038 sanitization which eliminated the
      remaining assumptions about the size of native long integers in the
      same move.  Although these changes enable armv7 binaries to call an
      armv8 kernel, most of them are architecture-independent, and follow
      this pattern:
      
      - .compat_ioctl and .compat_oob_ioctl handlers are added to all file
        operations structs, pointing at compat_ptr_ioctl()
        compat_ptr_oob_ioctl() respectively.
      
      - all pointers passed by applications within ioctl() argument structs
        are conveyed as generic 64bit values.
      
      These changes mandate upgrading the ABI revision to #20.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      a56a66a1
    • Philippe Gerum's avatar
      uapi/evl: sched: make interface C++ friendly · 3837dc1b
      Philippe Gerum authored
      
      
      EVL uapi headers are pulled unmodified into user code, make sure we
      can use them in C++ applications.
      
      NOTE: those changes do NOT affect the ABI.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      3837dc1b
    • Philippe Gerum's avatar
      evl: y2038: sanitize timespec handling at kernel boundary · bf103a6b
      Philippe Gerum authored
      
      
      All timespec passed from/to user-space are now y2038-compliant
      (i.e. tv_sec is 64bit wide), using the __evl_timespec and
      __evl_itimerspec type definitions at kernel boundary. Conversions
      happen back and forth between these types and the timespec64 and
      itimerspec64 types used internally.
      
      Invariant: __evl_timespec and __evl_itimerspec are compatible bitwise
      with __kernel_timespec and __kernel_itimerspec respectively. libevl
      does assume so.
      
      Also:
      
      - The sanitization fixes the ABI so that timespec and itimerspec
        structs are always passed by address, ensuring -EFAULT on invalid
        pointer received from the user, instead of putting the latter at
        risk of SIGSEGV by forcing it to copy/dereference these arguments.
      
      - what EVL_CLKIOC_ADJ_TIME should do was never specified in the
        context of an EVL clock, and no defined use case ever
        existed. However, this service caused a y2038 problem due to the
        legacy timex struct argument. This service was removed from the ABI.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      bf103a6b
    • Philippe Gerum's avatar
      evl/control: plan for supporting a range of ABI revisions · eaf9c1ac
      Philippe Gerum authored
      
      
      Plan for future support of backward compatibily features, which would
      allow the core to honor multiple ABI revisions. To this end, the core
      identification structure now advertises a range of supported ABI
      revisions to user-space, i.e. [EVL_ABI_BASE..EVL_ABI_LEVEL] inclusive.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      eaf9c1ac
    • Philippe Gerum's avatar
      evl/clock: y2038: remove use of struct timex · 55b29cb0
      Philippe Gerum authored
      
      
      Conforming to upstream changes, struct __kernel_timex should be used
      instead. struct timex remains defined on the user-space side of the
      ABI exclusively.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      55b29cb0
    • Philippe Gerum's avatar
      evl/thread: replace SIGEVL_ACTION_HOME with a RETUSER event · 9b5ba338
      Philippe Gerum authored
      
      
      Send an INBAND_TASK_RETUSER event to force a user thread to call back
      so that we can switch it to out-of-band context. Drop
      SIGEVL_ACTION_HOME which is now useless.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      9b5ba338
    • Philippe Gerum's avatar
      evl: introduce synchronous breakpoint support · 7143dad3
      Philippe Gerum authored
      
      
      Synchronous breakpoints make sure to keep a ptrace-stepped thread
      synchronized with its siblings from the same process running in the
      background, as follows:
      
      - as soon as a ptracer (e.g. gdb) regains control over a thread which
        just hit a breakpoint or received SIGINT, sibling threads from the
        same process which run out-of-band are immediately frozen.
      
      - all sibling threads which have been frozen are set to wait on a
        common barrier before they can be released. Such release happens
        once all of them have joined the barrier in out-of-band context,
        after the (single-)stepped thread resumed.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      7143dad3
    • Philippe Gerum's avatar
      evl/stax: notify oob exclusion via SIGDEBUG_STAGE_LOCKED · b36a66c1
      Philippe Gerum authored
      
      
      Enabling the T_WOSX bit in the thread mode will cause
      SIGDEBUG_STAGE_LOCKED to be sent to the caller on return from any
      out-of-band sleep caused by a stage exclusion (i.e. in-band holding
      the lock).
      
      This is a debug mechanism aimed at detecting unwanted serialization of
      oob threads with in-band activity on accessing a resource protected by
      a stax.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      b36a66c1
    • Philippe Gerum's avatar
      drivers/evl: hectic: add stax test helpers · 4ca7d55e
      Philippe Gerum authored
      
      
      This allows writing user-space tests exercising the stax
      serialization.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      4ca7d55e
    • Philippe Gerum's avatar
      evl: add stage exclusion lock mechanism · 6c19d25f
      Philippe Gerum authored
      
      
      A STAge eXclusion lock (aka stax) serializes in-band vs out-of-band
      thread activities for accessing a resource. Multiple threads which run
      on the same execution stage can own the resource concurrently, threads
      from the converse stage have to wait until the last thread dropped the
      innermost lock. In other words, at any point in time, the resource is
      either:
      
      - owned by out-of-band threads exclusively
      - owned by in-band threads exclusively
      - not owned by any thread
      
      Sleeping while owning a stax whether from the in-band or out-of-band
      stage is ok, although this may defer threads running on the converse
      stage which may want to access the same resource. For this reason, a
      stax is definitely not designed for guaranteeing low latency to
      out-of-band threads, but merely as a way to allow safe sharing of some
      resource between both stages in case strictly reserving access to
      out-of-band threads by construction is not a practical option.
      
      Other serialization means such as mutexes (either regular in-band ones
      or EVL) should be used to enforce mutual exclusion among threads
      running on the same stage which may still concurrently run through a
      staxed section.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      6c19d25f
    • Philippe Gerum's avatar
      evl: uapi: fix license bits · a1186018
      Philippe Gerum authored
      
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      a1186018
    • Philippe Gerum's avatar
      evl/monitor: add support for recursive gate locking · 19d1a497
      Philippe Gerum authored
      
      
      Managing recursive mutexes is fully performed from userland in
      libevl. However, by making the lock nesting count visible in the
      shared state, we can have the kernel export it via /sysfs which may be
      helpful to users.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      19d1a497
    • Philippe Gerum's avatar
      evl/clock: switch timer oob_read() return to u64 value · e35e5079
      Philippe Gerum authored
      
      
      Better align with the regular timerfd API for POLA and simpler
      emulation.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      e35e5079
    • Philippe Gerum's avatar
      evl/thread: track count of remote wakeups · 8dd99413
      Philippe Gerum authored
      
      
      Having to trigger a rescheduling on a remote CPU for waking up an EVL
      thread may be the sign of a misconfiguration.
      
      Track the number of times this happens on a per-thread basis and
      export this information via /sysfs and EVL_THRIOC_GET_STATE.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      8dd99413
    • Philippe Gerum's avatar
      evl/thread: flesh out state info returned by EVL_THRIOC_GET_STATE · 8f4708bc
      Philippe Gerum authored
      
      
      This enables threads running out-of-band to retrieve most of the raw
      thread-related state information "evl ps" accesses through /sysfs
      attributes.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      8f4708bc
    • Philippe Gerum's avatar
      evl/control: add query for CPU state · bbc73f27
      Philippe Gerum authored
      
      
      A practical LART is to know beforehand when some out-of-band work is
      about to run on a non-isolated CPU, so that the application may warn
      the user about the potentially higher latency figures induced by
      higher rates of cache and TLB misses which may be caused by heavy
      in-band load running on the same core.
      
      The control device now accepts the
      [oob_]ioctl(EVL_CTLIOC_GET_CPUSTATE) request, which queries the
      current state of a CPU:
      
      - EVL_CPU_ISOL if it does not belong to housekeeping set of the
        in-band kernel, i.e. not mentioned in isolcpus= for the scheduling
        domain.
      
      - EVL_CPU_OOB if it is part of the out-of-band set EVL manages.
      
      - EVL_CPU_OFFLINE if currently off.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      bbc73f27
    • Philippe Gerum's avatar
      evl/clock: drop meaningless parameter from clock_sleep() · 8af49607
      Philippe Gerum authored
      
      
      clock_sleep() only accepts absolute timespecs, so we have no use of a
      pointer for collecting the remaining sleep time upon interrupt.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      8af49607
    • Philippe Gerum's avatar
      evl/proxy: enable fixed-size write, polling for output to drain · 9332f2a3
      Philippe Gerum authored
      
      
      Connecting a proxy with some special file may impose fixed-size writes
      to the latter, e.g. an eventfd would require that 64bit values only be
      written. These changes enable the application to set a fixed
      granularity the proxy must abide by when writing to the target file,
      so that such requirement is honored.
      
      In addition:
      
      - oob_write() may block until enough space is available in the
        transfer buffer to complete the sending, unless O_NONBLOCK is set on
        the proxy file.
      
      - POLLOUT|POLLWRNORM can be monitored for waiting for the output to
      drain.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      9332f2a3
    • Philippe Gerum's avatar
      evl/control: export device name as symbol · 856ea28a
      Philippe Gerum authored
      
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      856ea28a
    • Philippe Gerum's avatar
    • Philippe Gerum's avatar
      evl/mutex: turn user debug options into dynamic settings · 9298420f
      Philippe Gerum authored
      
      
      With this rework, we have two separate per-thread mode flags for
      greater flexibility aimed at controlling the debug features on a
      per-thread basis:
      
      - T_WOSS can be set to trigger SIGDEBUG upon (unexpected) stage switch
        to in-band mode. This is strictly equivalent to the obsoleted T_WARN
        bit.
      
      - T_WOLI enables/disables the detection of locking inconsistencies
        with mutexes via the EVL_THRIOC_{SET, CLEAR}_MODE interface. This
        combines the former static CONFIG_EVL_DEBUG_MUTEX_INBAND and
        CONFIG_EVL_DEBUG_MUTEX_SLEEP options.
      
      Enabling CONFIG_EVL_DEBUG_WOLI turns on T_WOLI by default for every
      new EVL thread running in userland, which can be opted out on a
      per-thread basis using EVL_THRIOC_CLEAR_MODE.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      9298420f
    • Philippe Gerum's avatar
      evl/sched: reorganize and clarify priority scales · 6e5518e2
      Philippe Gerum authored
      
      
      The new hierachy of priority scales is as follows:
      
      EVL_CORE_MIN_PRIO = EVL_WEAK_MIN_PRIO
      ...
      	EVL_FIFO_MIN_PRIO ==
      	     EVL_QUOTA_MIN_PRIO ==
      	          EVL_TP_MIN_PRIO (== 1)
      	...
      	EVL_FIFO_MAX_PRIO =
      	     EVL_QUOTA_MAX_PRIO ==
      	          EVL_TP_MAX_PRIO ==
      		       EVL_WEAK_MAX_PRIO (< MAX_USER_RT_PRIO)
      ...
      EVL_CORE_MAX_PRIO (> MAX_RT_PRIO)
      
      We reserve a couple of priority levels above the highest inband
      kthread priority (MAX_RT_PRIO..MAX_RT_PRIO+1), which are guaranteed to
      be higher than the highest inband user task priority
      (MAX_USER_RT_PRIO-1) we use for SCHED_FIFO. Those extra levels can be
      used for EVL kthreads which must top the priority of any userland
      thread.
      
      SCHED_EVL was dropped int the process, since userland is now
      constrained to EVL_FIFO_MAX_PRIO by construction.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      6e5518e2
    • Philippe Gerum's avatar
      evl/monitor: fix polling support · 5b1526ee
      Philippe Gerum authored
      
      
      Requires a couple of ABI changes.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      5b1526ee
    • Philippe Gerum's avatar
      evl/thread: drop check for T_MOVED status bit · c4db0a95
      Philippe Gerum authored
      
      
      We don't plan for switching CPU from out-of-band context anymore, so
      T_MOVED is basically pointless now.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      c4db0a95
    • Philippe Gerum's avatar
      evl/monitor: add event mask protocol · 7b353029
      Philippe Gerum authored
      
      
      This protocol operates the monitor value as a set of boolean event
      flags forming a 32bit-wide event group. All bits from a group are
      initially set to zero.
      
      An event flag group is a lightweight notification mechanism. The
      application can send bitmasks to raise individual bits from the group
      (i.e. group_value |= bits), or wait for the group to have at least one
      bit set for satisfying the request. In the latter case, the group
      value is read then cleared atomically, and the collected bits are
      returned to the thread heading the wait queue.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      7b353029
    • Philippe Gerum's avatar
      evl/monitor: plan for extending the range of supported protocols · 4801695f
      Philippe Gerum authored
      
      
      Introduce a 'protocol' specifier for monitors along with a basic type
      (gate or event), which userland can pass to change the way a monitor
      can be signaled and awaited. Define PI/PP gates using this new
      information bit associated to the generic EVL_MONITOR_GATE type.
      
      With this change in, the pre-existing ungated event can be enriched
      with additional protocols beyond the semaphore-based P/V operations.
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      4801695f
    • Philippe Gerum's avatar
      uapi/evl: export ABI level · eb84f4f3
      Philippe Gerum authored
      
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      eb84f4f3
    • Philippe Gerum's avatar
      uapi/evl: fix thread state labels · d8d8c231
      Philippe Gerum authored
      
      Signed-off-by: Philippe Gerum's avatarPhilippe Gerum <rpm@xenomai.org>
      d8d8c231