-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
overhaul thread stack specification #24714
Conversation
All checks are passing now. Tip: The bot edits this comment instead of posting a new one, so you can check the comment's history to see earlier messages. |
5786294
to
9bc36ff
Compare
71db270
to
8a87dda
Compare
This now takes a stack pointer as an argument with TLS and random offsets accounted for properly. Based on zephyrproject-rtos#24467 authored by Flavio Ceolin. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Check that the base of every stack object is properly defined. This can get messed up if K_THREAD_STACK_ARRAY_DEFINE isn't specified properly. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This had been copy-pasted between linker scripts, create a central header for it. The linker scripts for xtensa and posix have very different structure and have been left alone. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Most of these checks can be performed on non-userspace supporting platforms. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
thread->stack_info is now much more well maintained. Make these tests that validate that user mode has no access just outside the bounds of it, instead of the entire object. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Purely for informational purposes. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently for informational purposes, although we do check that the carveout is smaller than the stack_size. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
I need direction on what we need to do for this PR to get it merged. If we reserve data, then there is a guard instantiated in two places, with the one in the stack object wasted when we drop to user mode. If we don't, we have the above situation. The proper fix in my view is to convert ARM to not generate privilege stacks when it shouldn't, which I believe we agreed to do after this PR. If there's something you would like me to do for this PR to ease your concerns please share it. |
857608e
to
ea346bf
Compare
No we don't; the guard in the stack object becomes part of the user thread stack, for ARCHes that do not require power-of-two alignment. Just that the user stack will grow a bit more :) But, I have been thinking more of it, and I think that your simplification is the best option, for one fundamental reason. Most of ARMv8-M platforms will be Mainline (Cortex-M33) and those ones won't use MPU guards, anyways. That's regardless of building with or without USERSPACE support. The only ones that will have the minor inconsistency that I described above are
The other reason is what you mention: we will move to not generating separate privilege stacks for ARMv8-M, hopefully soon. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving this, assuming @andrewboie will fix the last issue spotted.
For issues that might occur, there's plenty of time to fix until release.
ea346bf
to
ecec552
Compare
These stacks are appropriate for threads that run purely in supervisor mode, and also as stacks for interrupt and exception handling. Two new arch defines are introduced: - ARCH_KERNEL_STACK_GUARD_SIZE - ARCH_KERNEL_STACK_OBJ_ALIGN New public declaration macros: - K_KERNEL_STACK_RESERVED - K_KERNEL_STACK_EXTERN - K_KERNEL_STACK_DEFINE - K_KERNEL_STACK_ARRAY_DEFINE - K_KERNEL_STACK_MEMBER - K_KERNEL_STACK_SIZEOF If user mode is not enabled, K_KERNEL_STACK_* and K_THREAD_STACK_* are equivalent. Separately generated privilege elevation stacks are now declared like kernel stacks, removing the need for K_PRIVILEGE_STACK_ALIGN. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will save memory on many platforms that enable user mode. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The idle thread(s) always run in supervisor mode. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The system workqueue is a kernel thread that doesn't run in user mode. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Explain best practices for defining stack object macros. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There are predictable relationships between the actual size of a stack object, the return value of K_*_STACK_SIZEOF() macros, and the original size passed in when the stack was declared. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
ecec552
to
992c2cb
Compare
Need to test MPU guards on ARMv8. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
992c2cb
to
6d6cddd
Compare
@andrewboie Does that fixes #26865 ? |
@maksimmasalski no it does not but I'll find some time for it this week, easy fix |
This PR attempts to centralize stack management to common code, introduce kernel-only stacks which use less memory, and document best practices for new architecture ports.
Major changes in this PR:
Please see individual commit messages for more details.
Fixes: #13651
Fixes: #13637
Fixes: #25635
Note about naming: I chose
K_KERNEL_STACK_*
for the supervisor-only stack macros and leftK_THREAD_STACK_*
alone, as to not break existing code (you can use K_THREAD_STACK for everything at the expense of memory)Other than avoiding breakages, I have no particular attachment to these names though. There is already unfortunately another type of kernel object called
k_stack
.This also closes #14269 (making it obsolete, and removing relevant workaround for ARMv7-M)