Use the define generated by the DTS instead of using the FLASH_ALIGN
alias. The latter is an internal mcuboot name. We shouldn't need it in
Zephyr itself.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This workaround fixes the issue that, after pin reset, RESETREAS bits
other than RESETPIN might also be set.
The workaround was added to both nRF52832 and nRF52840 SoCs.
Signed-off-by: Thiago Silveira <thiago@exati.com.br>
802.15.4 is the networking hardware available in KW41Z SoC (and
supported by Zephyr). So, if networking in enabled, automatically
select the corresponding driver. This is similar to how frdm_k64f
automatically selects Ethernet driver, 96b_carbon selects BLE/IPSP
drivers, etc. (But we apply it on SoC level to reuse across the
boards.)
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For 'rep stosl' ECX isn't a size value, it's how many times to repeat
the 4-byte string copy operation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some our Zephyr tools don't like seeing UTF-8 characters, as reported in
issue #4131) so a quick scan and replace for UTF-8 characters in .rst,
.h, and Kconfig files using "file --mime-encoding" (excluding the /ext
folders) finds these files to tweak.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add the following application-facing memory domain APIs:
k_mem_domain_init() - to initialize a memory domain
k_mem_domain_destroy() - to destroy a memory domain
k_mem_domain_add_partition() - to add a partition into a domain
k_mem_domain_remove_partition() - to remove a partition from a domain
k_mem_domain_add_thread() - to add a thread into a domain
k_mem_domain_remove_thread() - to remove a thread from a domain
A memory domain would contain some number of memory partitions.
A memory partition is a memory region (might be RAM, peripheral
registers, flash...) with specific attributes (access permission,
e.g. privileged read/write, unprivileged read-only, execute never...).
Memory partitions would be defined by set of MPU regions or MMU tables
underneath.
A thread could only belong to a single memory domain any point in time
but a memory domain could contain multiple threads.
Threads in the same memory domain would have the same access permission
to the memory partitions belong to the memory domain.
The memory domain APIs are used by unprivileged threads to share data
to the threads in the same memory and protect sensitive data from
threads outside their domain. It is not only for improving the security
but also useful for debugging (unexpected access would cause exception).
Jira: ZEP-2281
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
- syscall.h now contains those APIs needed to support invoking calls
from user code. Some stuff moved out of main kernel.h.
- syscall_handler.h now contains directives useful for implementing
system call handler functions. This header is not pulled in by
kernel.h and is intended to be used by C files implementing kernel
system calls and driver subsystem APIs.
- syscall_list.h now contains the #defines for system call IDs. This
list is expected to grow quite large so it is put in its own header.
This is now an enumerated type instead of defines to make things
easier as we introduce system calls over the new few months. In the
fullness of time when we desire to have a fixed userspace/kernel ABI,
this can always be converted to defines.
Some new code added:
- _SYSCALL_MEMORY() macro added to check memory regions passed up from
userspace in handler functions
- _syscall_invoke{7...10}() inline functions declare for invoking system
calls with more than 6 arguments. 10 was chosen as the limit as that
corresponds to the largest arg list we currently have
which is for k_thread_create()
Other changes
- auto-generated K_SYSCALL_DECLARE* macros documented
- _k_syscall_table in userspace.c is not a placeholder. There's no
strong need to generate it and doing so would require the introduction
of a third build phase.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
SoCs outside the Kinetis family can have the TRNG module, so move the
HAS_TRNG config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
SoCs outside the Kinetis family can have the RNGA module, so move the
HAS_RNGA config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
SoCs outside the Kinetis family can have the FTM module, so move the
HAS_FTM config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Note that 'select HAS_FTM' was previously missing from Kconfig.soc and
is now fixed.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
SoCs outside the Kinetis family can have the ADC16 module, so move the
HAS_ADC16 config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
SoCs outside the Kinetis family can have the LPSCI module, so move the
HAS_LPSCI config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
SoCs outside the Kinetis family can have the LPUART module, so move the
HAS_LPUART config from arch/arm/soc/nxp_kinetis to ext/hal/nxp/mcux
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Move all QEMU related defines to the boards and cleanup xtensa platforms
which were marked to be QEMU capable by mistake.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
mcuboot_constraints.h had FLASH information related to the SoC that
should be maintained as part of the SoC and not in the subsystem. Also
fixed Makefiles to check for IMG_UTIL Kconfig and not MCUBOOT.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
A quick look at "man syscall" shows that in Linux, all architectures
support at least 6 argument system calls, with a few supporting 7. We
can at least do 6 in Zephyr.
x86 port modified to use EBP register to carry the 6th system call
argument.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Instead of a common system call entry function, we instead create a
table mapping system call ids to handler skeleton functions which are
invoked directly by the architecture code which receives the system
call.
* system call handler prototype specified. All but the most trivial
system calls will implement one of these. They validate all the
arguments, including verifying kernel/device object pointers, ensuring
that the calling thread has appropriate access to any memory buffers
passed in, and performing other parameter checks that the base system
call implementation does not check, or only checks with __ASSERT().
It's only possible to install a system call implementation directly
inside this table if the implementation has a return value and requires
no validation of any of its arguments.
A sample handler implementation for k_mutex_unlock() might look like:
u32_t _syscall_k_mutex_unlock(u32_t mutex_arg, u32_t arg2, u32_t arg3,
u32_t arg4, u32_t arg5, void *ssf)
{
struct k_mutex *mutex = (struct k_mutex *)mutex_arg;
_SYSCALL_ARG1;
_SYSCALL_IS_OBJ(mutex, K_OBJ_MUTEX, 0, ssf);
_SYSCALL_VERIFY(mutex->lock_count > 0, ssf);
_SYSCALL_VERIFY(mutex->owner == _current, ssf);
k_mutex_unlock(mutex);
return 0;
}
* the x86 port modified to work with the system call table instead of
calling a common handler function. fixed an issue where registers being
changed could confuse the compiler has been fixed; all registers, even
ones used for parameters, must be preserved across the system call.
* a new arch API for producing a kernel oops when validating system call
arguments added. The debug information reported will be from the system
call site and not inside the handler function.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- _arch_user_mode_enter() implemented
- _arch_is_user_context() implemented
- _new_thread() will honor K_USER option if passed in
- System call triggering macros implemented
- _thread_entry_wrapper moved and now looks for the next function to
call in EDI
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- There's no point in building up "validity" (declared volatile for some
strange reason), just exit with false return value if any of the page
directory or page table checks don't come out as expected
- The function was returning the opposite value as its documentation
(0 on success, -EPERM on failure). Documentation updated.
- This function will only be used to verify buffers from user-space.
There's no need for a flags parameter, the only option that needs to
be passed in is whether the buffer has write permissions or not.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We shouldn't be imposing any policy here, we do not yet use these in
Zephyr. Zero these at boot and otherwise leave alone.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
stm32f417xe and stm32f417xg have been introduced with 2
different defconfig files. Since same code is declared
in both files, mutualize declarations in a single file.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
The enumerations stm32{f3,f4}x_pin_config_mode aren't used any
more. This patch removes them.
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
In various places, a private _thread_entry_t, or the full prototype
were being used. Be consistent and use the same typedef everywhere.
Signen-off-by: Andrew Boie <andrew.p.boie@intel.com>
Indenting preprocessor directives reduces the code readability, because
it make preprocessor directives harder to spot.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add flash page layout support for STM32F4 SoCs.
This almost eliminates the need for flash_map.h, except for
STM32F4X_SECTOR_MASK, so delete the file and move the define into the
F4 implementation, to keep things simple.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Helper macros to ease the usage of the MMU page table structures.
Added Macros to get Page table address and Page Table Entry
values.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Most x86 exceptions that don't already have their own handlers
are fairly rare, but with the introduction of userspace
people will be seeing General Protection Faults much more
often. Report it as text so that users unfamiliar with x86
internals will know what is happening.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Years of iterative development had made this function more complicated
than it needed to be. Fixed some errors in the documentation as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.
The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.
- CONFIG_USERSPACE introduced. We are somewhat far away from having an
end-to-end implementation, but at least need a Kconfig symbol to
guard the incoming code with. Formal documentation doesn't exist yet
either, but will appear later down the road once the implementation is
mostly finalized.
- In the memory region for RAM, the data section has been moved last,
past bss and noinit. This ensures that inserting generated tables
with addresses of kernel objects does not change the addresses of
those objects (which would make the table invalid)
- The DWARF debug information in the generated ELF binary is parsed to
fetch the locations of all kernel objects and pass this to gperf to
create a perfect hash table of their memory addresses.
- The generated gperf code doesn't know that we are exclusively working
with memory addresses and uses memory inefficently. A post-processing
script process_gperf.py adjusts the generated code before it is
compiled to work with pointer values directly and not strings
containing them.
- _k_object_init() calls inserted into the init functions for the set of
kernel object types we are going to support so far
Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In benchmark test (test_info) while making function call regs
r0 - r4 are modified into called function. Due to this value
inside r3 is getting lost.
This patch saves and restore the value in r0-r4 regs while making
function calls from assembly language.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The API/Variable names in timing_info looks very speicific to
platform (like systick etc), whereas these variabled are used
across platforms (nrf/arm/quark).
So this patch :-
1. changing API/Variable names to generic one.
2. Creating some of Macros whose implimentation is platform
depenent.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch removes the redundant stack alignment check being done. The
stack definition macros enforce the alignment requirements via the
__align() directives.
In addition, fix the rounding down of the psp to be correct. The
actual initial stack pointer is the end of the stack minus the size of
the __esf structure. Rounding down after the subtraction will get us
to the correct offset.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
For some reason, the ESP32 HAL defines XCHAL_EXCM_LEVEL to 3. This
enables a version of _Level4Vector that doesn't work on this hardware.
Without complete visibility if the version that should work be axed,
keep both in the tree, but build the working other version instead
if building for ESP32.
Jira: ZEP-2556
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
When we mask out the GPIO High impedance/Pull-up/Pull-down field we
should be shifting the mask file, not shifting the field. This is
because all the other defines already assume the shift.
Coverity-CID: 173640
Jira: ZEP-2538
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Esp-idf defines the BIT macro that is also defined in Zephyr's
misc/util.h. Fix the issue by including the esp-idf headers first, so
that a check in util.h won't redefine the macro if it's already
defined.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
* apply STACK_GUARD_SIZE, no extra space will be added if
MPU_STACK_GUARD is disabled
* When ARC_STACK_CHECKING is enabled, MPU_STACK_GUARD will be
disabled
* add two new api: arc_core_mpu_default and arc_core_mpu_region
to configure mpu regions
* improve arc_core_mpu_enable and arc_core_mpu_disable
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add arc mpu driver
* modify the corresponding kconfig and kbuild
* currently only em_starterkit 2.2's em7d configuration
has mpu feature (mpu version 2)
* as the minimum region size of arc mpu version 2 is 2048 bytes and
region size should be power of 2, the stack size of threads
(including main thread and idle thread) should be at least
2048 bytes and power of 2
* for mpu stack guard feature, a stack guard region of 2048 bytes
is generated. This brings more memory footprint
* For arc mpu version 3, the minimum region size is 32 bytes.
* the codes are tested by the mpu_stack_guard_test and stackprot
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Per ZEP-1958, Phase 2 of adding CC3220sf LaunchXL support,
was to "deprecate the CC3200 launchxl support in Zephyr
(redundant to the CC3220)."
Effectively, the CC3220 SOC replaces the CC3200.
This patch removes the following:
* the imported CC3200 SDK
* CC3200 SOC, board, DTS files.
* adjusts other files where cc3200 was mentioned.
Also, it fixes explicit references to CC3200 in generic
CC32xx driver files.
Jira: ZEP-1958
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
- .text, .text.*, .literal, .literal.* had no matching input section
rule and were being passed to the output binary verbatim. These
are all now in the output "text" section as intended.
- various rules in the data section were unnecessarily using KEEP().
- SW_ISR_TABLE wasn't included in linker script anywhere and was
ending up in its own section, and not the data section as intended.
- noinit section didn't exist at all, now defined.
Issue: ZEP-2508
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, calling NVIC_SetPriority(IRQn_Type irqn, ....) with
the NWP interrupt number of 171 caused a hard fault during a
subsequent svc #0 instruction during _Swap().
GNU compiler is generating a bit extension instruction (sxtb) which
converts a positive IRQ value argument to a negative value when
casting to the CMSIS IRQn_Type enum parameter type.
This generates a negative index, which then writes to an SCB
control register instead of NVIC register, causing a hard
fault later on.
This issue only occurs when passing interrupt numbers > 0x80
(eg: 171 (0xab) for the NWP) to the CMSIS NVIC apis.
The solution here is simply to redefine IRQn_Type to be an
unsigned 32 bit integer, while redefining the CMSIS IRQn_Type
enum definitions for interrupts less than zero.
Jira: ZEP-1958
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
* add nested interrupt support for interrupts
+ use a varibale exc_nest_count to trace nest interrupt and exception
+ regular interrupts can be nested by regular interrupts and fast
interrupts
+ fast interrupt's priority is the highest, cannot be nested
* remove the firq stack and exception stack
+ remove the coressponding kconfig option
+ all interrupts (normal and fast) and exceptions will be handled
in the same stack (_interrupt stack)
+ the pros are, smaller memory footprint (no firq stack), simpler
stack management, simpler codes, etc.. The cons are, possible
10-15 instructions overhead for the case where fast irq nests
regular irq
* add the case of ARC in test/kernel/gen_isr_table
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
When you build application for em starterkit 2.3 em7d, it will
report error during build since it is not supported currently.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
em starterkit has two versions, 2.2 and 2.3.
Change soc.h to support both versions,
main changes are the interrupt connections.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
Since em starterkit has different firmware versions(2.2 and 2.3),
but the EM7D of 2.3 has new secureshield feature, which is not supported
in Zephyr, but EM7D of 2.2 is a normal EM core, which can be supported,
so we add support for 2.2 EM7D.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
An abnormal crash was encountered in ARMv6-M SoCs that don't have flash
starting at 0. With Zephyr OS the reason for this crash is that, on
ARMv6-M the system requires an exception vector table at the 0 address.
We implement the relocate_vector_table function to move the vector table
code to address 0 on systems which don't have the start of code already
at 0.
[kumar.gala: reworderd commit message, tweaked how we check if we need
to copy vector table]
Signed-off-by: Xiaorui Hu <xiaorui.hu@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Now that we have an mcux shim driver, remove the old k64-specific
driver. Also remove include/drivers/k20_sim.h, since the old
k64-specific driver was the only thing left using it.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Switches the default pwm driver from the k64-specific driver to the
mcux shim, which can be used on other SoCs with the ftm peripheral.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds a shim layer around the mcux ftm driver to adapt it to the Zephyr
pwm interface.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This cleans up the exception handling by removing the table declaration
from xtensa_intr_asm.S, and removing the unused
_xt_set_exception_handler() function.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The Xtensa port was the only one remaining to be converted to the new
way of connecting interrupts in Zephyr. Some things are still
unconverted, mainly the exception table, and this will be performed
another time.
Of note: _irq_priority_set() isn't called on _ARCH_IRQ_CONNECT(), since
IRQs can't change priority on Xtensa: while the architecture has the
concept of interrupt priority levels, each line has a fixed level and
can't be changed.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Dynamic IRQ allocation has been yanked from Zephyr a few releases ago,
so there's no point in keeping these options available.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This provides basic GPIO support, with interrupts, and the ability to
read and write to ports on a pin-by-pin basis.
Jira: ZEP-2286
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This patch adjusts the ARM MPU implementation to be compliant to the
recent changes that introduced the opaque kernel data types.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The mimimum mpu size is 32 bytes, but requires mpu base address to be
aligned on 32 bytes to work. Define architecture thread macro when
MPU_STACK_GUARD config to allocate stack with 32 more bytes.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
In the stm32_gpio_flags_to_conf function the configuration
values of the GPIO pin are shifted two times. One in the
stm32-pinctrlf1 header and one in the function. This patch
removes one of those shifts.
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
The value of the PTE (starting_pte_num) was not
calulated correctly. If size of the buffer exceeded 4KB,
the buffer validation API was failing.
JIRA: ZEP-2489
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The API name space for Bluetooth is bt_* and BT_* so it makes sense to
align the Kconfig name space with this. The additional benefit is that
this also makes the names shorter. It is also in line with what Linux
uses for Bluetooth Kconfig entries.
Some Bluetooth-related Networking Kconfig defines are renamed as well
in order to be consistent, such as NET_L2_BLUETOOTH.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This patch adds the allow flash write CONFIG option to the ARM MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
This patch adds the allow flash write CONFIG option to the NXP MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
Currently Thread time slice is getting reset at end of timer
interrupt. Due to which equal priority threads behind current thread
in ready_q are not getting chance to run and leading to starvation.
This patch handles time slice in _ExcExit section context switch is
required.
Jira: ZEP-2444
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
As luck would have it, the TSS for the main IA task has
all the information we need, populate an exception stack
frame with it.
The double-fault handler just stashes data and makes the main
hardware thread runnable again, and processing of the
exception continues from there.
We check the first byte before the faulting ESP value to see
if the stack pointer had run up to a non-present page, a sign
that this is a stack overflow and not a double fault for
some other reason.
Stack overflows in kernel mode are now recoverable for non-
essential threads, with the caveat that we hope we weren't in
a critical section updating kernel data structures when it
happened.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Configuring the RAM/ROM regions will be the same for all
x86 targets as this is done with linker symbols.
Peripheral configuration left at the SOC level.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The CPU first checks the page directory entry for write
or user permissions on a particular page before looking
at the page table entry.
If a region configured all pages to be non user accessible,
and this was changed for a page within it to be accessible,
the PDE would not be updated and any access would still
return a page fault.
The least amount of runtime logic to deal with this is to
indicate at build time that some pages within a region may
be marked writable or user accessible at runtime, and to
pre-set the flags in the page directory entry accordingly.
The driving need for this is the region configuration for
kernel memory, which will have user permissions set at
runtime for stacks and user-configured memory domains.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Page faults will additionally dump out some interesting
page directory and page table flags for the faulting
memory address.
Intended to help determine whether the page tables have been
configured incorrectly as we enable memory protection features.
This only happens if CONFIG_EXCEPTION_DEBUG is turned on.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The ouput speed of the gpio pins passed via the 'conf' argument was
ignored, causing the speed to always be in its reset state (lowest
possible speed for most pins). This was causing problems for pins that
actually need a speed faster than the default, like the ethernet
controller pins.
Combined with the correct pinmux configuration this fixes problems
of the olimex_stm32_e407 board not being able to send ethernet data.
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Move to using the generated IRQ defines from the DTS instead of soc.h.
This change also fixes a minor bug in that the error irq priority wasn't
getting correctly picked up from device tree.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
STM32F3 pinmux handler is reworked to support future pinmux dts
generation.
Preliminary change is done to move pin configuration
informations in a {pin, conf} structure closer to dts fields
"pins" array is removed as information is transfered to
"pinconf" array
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
STM32F4 pinmux handler is reworked to support future pinmux dts
generation.
Preliminary change is done to move pin configuration
informations in a {pin, conf} structure closer to dts fields
"pins" array is removed as information is transfered to
"pinconf" array
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Rework stm32f1 pinmux code for future dts based pinmux code
generation.
Pin configuration is now done directly thanks to gpio port
configuration. Reference to pseudo alternate functions are
now removed same as the use of pins[] array.
Pins function (uart tx for instance) is set implicitly by
defining gpio mode and configuration.
This behavior is specific to stm32f10x series.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
STM32L4 pinmux handler is reworked to support future pinmux dts
generation.
Preliminary change is done to move pin configuration
informations in a {pin, conf} structure closer to dts fields
"pins" array is removed and information is transferred to
"pinconf" array
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
In L4 series, select HAS_STM32CUBE is done per soc.
This could be factorized in Kconfig.series.
Aim is to lower the steps to add a new SoC.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Now that we generate BLUETOOTH_UART_ON_DEV_NAME, UART_PIPE_ON_DEV_NAME,
and BLUETOOTH_MONITOR_ON_DEV_NAME Kconfig defines for dts enabled
platforms add those into the appropriate dts files and remove from the
various board/Kconfig.defconfig files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This will trigger a page fault if the guard area
is written to. Since the exception itself will try
to write to the memory, a double fault will be triggered
and we will do an IA task switch to the df_tss and panic.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Subsequent patches will set this guard page as unmapped,
triggering a page fault on access. If this is due to
stack overflow, a double fault will be triggered,
which we are now capable of handling with a switch to
a know good stack.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now create a special IA hardware task for handling
double faults. This has a known good stack so that if
the kernel tries to push stack data onto an unmapped page,
we don't triple-fault and reset the system.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We will need this for stack memory protection scenarios
where a writable GDT with Task State Segment descriptors
will be used. The addresses of the TSS segments cannot be
put in the GDT via preprocessor magic due to architecture
requirments that the address be split up into different
fields in the segment descriptor.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This has one use-case: configuring the double-fault #DF
exception handler to do an IA task switch to a special
IA task with a known good stack, such that we can dump
diagnostic information and then panic.
Will be used for stack overflow detection in kernel mode,
as otherwise the CPU will triple-fault and reset.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is one less host tool we have to compile for every build,
and makes the build tools more portable across host OSes.
The code is also much simpler to maintain.
Issue: ZEP-2063
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This enables the MMU-based stack protection feature,
which will cause a fatal error if a thread overflows
its stack in kernel mode, at a nontrivial cost in memory
(4K per thread).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will cause sanitycheck runs to finish more quickly
instead of sitting there waiting on a timeout. We already
do this with the Xtensa simulator.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With introduction of commit "pinmux: stm32: directly return error if
stm32_get_pin_config fails", pin configuration fails when
pins are not configured in pins[] array.
This was the case for configuration UART1 assigned on PB6/PB7.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
'commit
("devicetree: Generate BLUETOOTH_UART ,UART_PIPE etc config from dt")'
created a dependency of selecting UART_QMSI_0 on device tree.
This change is reverted as it incorrect.
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
If the adc driver configuration is enabled (CONFIG_ADC=y), then enable
the mcux shim driver by default for all Kinetis SoCs.
Jira: ZEP-1396
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds a shim layer around the mcux adc16 driver to adapt it to the Zephyr
adc interface.
Jira: ZEP-1396
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
patch uses chosen property zephyr,bt-uart, zephyr,uart-pipe
and zephyr,bt-mon-uart to determine the uart instance to be
used for bluetooth,uart_pipe and bluetooth_monitor and generate
appropriate configs.
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
A user space buffer must be validated before required operation
can proceed. This API will check the current MMU
configuration to determine if the buffer held by the user is valid.
Jira: ZEP-2326
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This needs to be in <arch/cpu.h> so that it can be called
from the k_panic()/k_oops() macros in kernel.h.
Fixes build errors on these arches when using k_panic() or
k_oops().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We can use the chosen property "zephyr,console" to determine what uart
should be used as the console and find its name to generate a define for
CONFIG_UART_CONSOLE_ON_DEV_NAME.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This breaks too easily, for example if &some_linker_variable
is used. The names don't matter at all, use preprocessor
__COUNTER__.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously we were instantiating QEMU with 32MB of RAM but
only enabling a small fraction of it.
Now we boot with 8MB of ram. We ignore the first 4K so we can
make that an unmapped paged to catch NULL pointer dereferences.
If XIP is enabled, the "ROM" region will be the first half of
memory, the "RAM" region the latter.
Move the IDT_LIST and MMU_LIST regions elsewhere so they don't
overlap the new memory arrangement.
Use !XIP to fix a problem where CONFIG_RAM_SIZE was set incorrectly
for XIP case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a STM32 LL based driver for the RNG processor. The RNG processor
is a random number generator, based on a continuous analog noise, that
provides a random 32-bit value to the host when read. The RNG passed
the FIPS PUB 140-2 (2001 October 10) tests with a success ratio of 99%.
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Right now we allow for the I2C subsystem to be built without any drivers
enabled that utilize it. When we added support for the new STM32 I2C
driver we forced the I2C driver to be enabled if the I2C subsystem was
enabled. While this makes a reasonable amount of sense, it breaks
current assumptions for various testcases that we need to cleanup.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
By now, t0 register restored value is overwritten
by mepc and mstatus values prior to returning from ISR.
Fixed by restoring mstatus and mepc registers before
restoring the caller-saved registers.
As t0 is a temporary register within the riscv ABI,
this issue was unnoticed for most applications, except
for computation intensive apps, like crypto tests.
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
The defaults of 0x100000 for ROM and 0x400000 for RAM are intended
to 'fake' a XIP configuration, this all takes place in just RAM.
The gap between these two values is 3 megabytes, specify this
properly.
Fixes numerous test cases on qemu_x86 if CONFIG_XIP is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Enabled the boot_time test on ARM SoCs, set __start_time_stamp on ARM
since we don't have a free running counter similar to TSC on x86.
Also moved to printing the values out as %u to increase the range of
values.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This patch allows more generic USB configuration in the samples
and removes platform dependent driver configuration.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
In added mode flash operation are performed in timeslice
(in radio idle time).
Kconfig for mode enabling CONFIG_SOC_FLASH_NRF5_RADIO_SYNC.
Erase and write API implementations were rewritten and preserved against
concurrent execution.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Board port was done before the yaml transition, so was missing a
cc2650_sensortag.yaml. As such when we build all the test we get a few
build errors that we also fixed up.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add configuration, documentation, pinmux, fixup and dts support for
STM32F103x8 based Minimum System Development board.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add configuration and memory definitions to support STM32F103x8
Medium-density performance line SoC with 64 KB Flash.
Merge multiple files into single Kconfig.defconfig.stm32f103xx
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Since not all socs from f3 series (i.e stm32f334x8 no MPU) have MPU
capability, add capability only for MPU capable socs in Kconfig.soc
JIRA: ZEP-2220
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
As other stm32 series support MPU, move common file in a file tree
useable by socs from other series
JIRA: ZEP-2220
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
patch adds necessary files and does the modification to the existing
files to add device support for x86 based intel quark microcontroller
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
The first stage bootloader, part of the ESP32 ROM, already sets up
a stack that's sufficient to execute C programs. So, instead of
implementing __stack() in assembly, do it in C to simplify things
slightly.
This ESP32-specific initialization will perform the following:
- Disable the watchdog timer that's enabled by the bootloader
- Move exception handlers to IRAM
- Disable normal interrupts
- Disable the second CPU
- Zero out the BSS segment
Things that might be performed in the future include setting up the
CPU frequency, memory protection regions, and enabling the flash
cache.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Unconditionally use CONFIG_SIMULATOR_XTENSA to determine if XT_SIMULATOR
or XT_BOARD should be defined.
If CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC, also define XT_CLOCK_FREQ. This
isn't ideal as the clock frequency might be changed in runtime and this
effectively makes it a constant.
Until we can control the clock frequency in runtime, this will suffice.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This is a minimal driver enabling console output during the port
bringup. While the driver works, only one of the three UART devices
are supported, and there isn't any way to change any parameters or
use interrupts. This will most likely be superceded by a proper
driver after the port has matured.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Due to the configurable nature of the Xtensa platform, the generic name of
"LX6" cannot be used to describe an SoC as far as Zephyr goes. So ESP32 is
defined both as a SoC and as a board.
This is based on work by Rajavardhan Gundi.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
We always have UART_IRQ_FLAGS set to 0, so just call IRQ_CONNECT with a
0 argument for the flags, and remove the UART_IRQ_FLAGS. This is
towards support for using the driver on the TI CC2650. (we add a
comment about that as well).
Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@smile.fr>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Clearing fields in the region descriptor attributes doesn't always have
the expected effect of revoking permissions. In the case of bus master
supervisor mode fields (MxSM), setting to zero actually enables read,
write, and execute access.
When we reworked handling of region descriptor 0, we inadvertently
enabled execution from RAM by clearing the MxSM fields and enabling the
descriptor. This caused samples/mpu_test run to throw a usage fault
instead of an MPU-triggered bus fault.
Fix this by setting all the MxSM fields to 2'b11, which gives supervisor
mode the same access as user mode.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
1. Changed _tsc_read() to k_cycles_get_32(). Thus reading the
time stamp will be agnostic of the architecutre used.
2. Changed the variable names from *_tsc to *_time_stamp.
JIRA: ZEP-1426
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add a separate section in the linker to place the MMU configuration
information. This location is read by the gen_mmu.py script to
create the actual page tables.
JIRA: ZEP-2095
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
In crt0.S the MMU is initialized. It uses the statically build
page tables. Here 32-bit paging scheme is used, thereby each page
table entry maps to a 4KB page. The valid regions of the memory are
specified by SOC specific file(soc.c).
JIRA: ZEP-2099
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Makefile rule to create the MMU page tables at boot time. This
rule invokes the gen_mmu.py script to create a binary which is
then placed into the kernel image using objcopy.
Makefile.mmu is included only when CONFIG_X86_MMU is enabled.
JIRA: ZEP-2095
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Macro is used to create a structure to specify the boot time
page table configuration. Needed by the gen_mmu.py script to generate
the actual page tables.
Linker script is needed for the following:
1. To place the MMU page tables at 4KByte boundary.
2. To keep the configuration structure created by
the Macro(mentioned above).
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Kconfig definition for enabling the memory management Unit
on x86 based platforms.
JIRA: ZEP-2093
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The .balign directives were not working correctly in their
previous positions as the directive was applying to the section
before the variable's section, causing in some builds the
variables to be misaligned, and accesses to them causing faults.
With the alignments after the section declaration, the variables
will now be aligned as specified. Any future variable declarations
should use this form instead to ensure proper alignment.
Signed-off-by: Michael R Rosen <michael.r.rosen@intel.com>
Both the ARM and NXP MPU drivers incorrectly calculated the region index
by assuming the region type (e.g., THREAD_STACK_GUARD_REGION) was
zero-indexed, when in reality it is one-indexed. This had the effect of
wasting one region.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The NXP MPU requires special handling of region descriptor 0 to
guarantee that the debugger has access to the entire address space. It
does not allow writes from the core to affect the start or end
addresses, or the permissions associated with the debugger.
The original implementation of this driver attempted to work around
region descriptor 0, resulting in an off-by-1 error caught by Coverity.
Instead, define region descriptor 0 explicitly in the mpu_regions array,
and add some asserts to ensure that one doesn't try to change its start
or end addresses. This has an added benefit such that more permissions
can be enabled in region 0 if desired, whereas the previous
implementation always forced all writable permissions to be cleared.
Coverity-CID: 170473
Jira: ZEP-2258
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The original implementation of _get_num_regions() parsed the CESR[NRGD]
register field to determine the number of mpu region descriptors
implemented in hardware. There was a possible path in the code to return
zero, which would cause underflow later on in arm_core_mpu_configure().
Coverity complained despite an assert to catch this condition. Instead,
use a preprocessor macro from mcux that defines the number of mpu region
descriptors.
Coverity-CID: 169811
Jira: ZEP-2208
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Stack sentinel doesn't prevent corruption, it just notices when
it happens. Any memory could be in a bad state and it's more
appropriate to take the entire system down rather than just kill
the thread.
Fatal testcase will still work since it installs its own
_SysFatalErrorHandler.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).
This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.
This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.
The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.
Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The REGION bits (bit[3:0]) of MPU_RBAR register can specify the number
of the region to update if the VALID bit (bit[4]) is also set.
If the bit[3:0] of "region_addr" are not zero, might cause to update
unexpected region. This could happen since we might not declare stack
memory with specific alignment.
This patch will mask the bit[4:0] of "region_addr" to prevent updating
unexpected region.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
The kernel tracks time slice usage with the _time_slice_elapsed global.
Every time the timer interrupt goes off and the timer driver calls
_nano_sys_clock_tick_announce() with the elapsed time, this is added to
_time_slice_elapsed. If it exceeds the total time slice, the thread is
moved to the back of the queue for that priority level and
_time_slice_elapsed is reset to zero.
In a non-tickless kernel, this is the only time _time_slice_elapsed is
reset. If a thread uses up a partial time slice, and then cooperatively
switches to another thread, the next thread will inherit the remaining
time slice, causing it not to be able to run as long as it ought to.
There does exist code to properly reset the elapsed count, but it was
only compiled in a tickless kernel. Now it is built any time
CONFIG_TIMESLICING is enabled.
Issue: ZEP-2107
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add necessary Kconfig and minimal device tree in order to support
STM32F412ZG variant as found on the Nucleo STM32F412 board.
Origin: Original
Change-Id: Ic98a686f478ce551dc6101466ed0cf16924109e8
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Following migration of stm32f1xx series clock control driver to
STM32Cube LL API, cleanup stm32 code base in order to take into
account that this is the only clock driver available for stm32
family.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Following introduction of stm32cube LL based clock control driver,
remove references to former native driver.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Align stm32f1xx series clock driver to other parts of stm32 family.
Driver support both Connectivity and Density lines of stm32f1 series,
that are based on different Reset and Clock Control architectures.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
The STM32F413ZH has 1536kB of Flash and 320kB of SRAM. This
configuration is currently not supported by ST MPU driver, so fill in
the blanks.
Note: The MPU does not support region size that is not a power-of-2 (see
the SIZE field in the MPU_RASR register). This is a problem for our
1536kB Flash region, so it was rounded up to the nearest choice. This is
possible because the memory in the range 0x0818000 - 0x0FFFFFFF is
"Reserved" and thus not mapped anyway.
Change-Id: If0c3d1db564ca45e77f8b5bafa2afdbafa85b40f
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
This reverts commit 37f4178f58.
This change builds gen_idt in the zephyr project tree instead of
building it in outdir of the application. The build process should all
happen inside outdir and no binaries should be placed in the zephyr
tree.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
pop {lr} instruction is not supported in ARMv6-M, fixed by
using pop {r0}; mov lr, r0; instructions.
Jira: ZEP-2222
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
We now have generic ARM M4 MPU support added to Zephyr.
Let's enable it for use with Nordic nRF52 chips.
Memory Layout was generated from Section 8.3 "Memory
Map" of nRF52 Product Specifications (for both nRF52832
and nRF52840):
0x00000000: Flash
0x10000000: Factory Information Config Registers
0x10001000: User Information Config Registers
0x20000000: SRAM
0x40000000: APB Peripherals
0x50000000: AHB Peripherals
0xE0000000: ARM M4 Private Peripheral Registers
NOT Configured:
0x60000000: External RAM
0x80000000: External RAM
0xA0000000: External Device
0xC0000000: External Device
NOTE: More work will be needed for future Nordic MWU (Memory
Watching Unit) support.
Signed-off-by: Michael Scott <michael.scott@linaro.org>
This patch add arm core MPU support to NXP MPU driver.
With this feature it is now possible to enable stack guarding on NXP
MPUs.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>