Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
In arch.h the extern "C" in the including context is left active during
include of target-specific mpu headers to avoid more complex
restructuring.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Remove extern "C" support from files that don't declare objects or
functions.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
SR and LR were used as global names for load and store RISC-V assembler
operations, colliding with other uses such as SR for STATUS REGISTER in
some peripherals. Renamed them to a longer more specific name to avoid
the collision.
Signed-off-by: Karsten Koenig <karsten.koenig.030@gmail.com>
Related to #17997, for the POSIX arch:
* Remove some unnecessary extern "C" and ifdef blocks
* Move an include out of one of these blocks
* Add a missing extern "C" block
Background:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
* it's based on ARC SecureShield
* add basic secure service in arch/arc/core/secureshield
* necesssary changes in arch level
* thread switch
* irq/exception handling
* initialization
* add secure time support
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Cortex R has a write buffer that can cause reordering problems when
accessing memory mapped registers. Use memory barries to make sure that
these accesses are performed in the desired order.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Removes very complex boot-time generation of page tables
with a much simpler runtime generation of them at bootup.
For those x86 boards that enable the MMU in the defconfig,
set the number of page pool pages appropriately.
The MMU_RUNTIME_* flags have been removed. They were an
artifact of the old page table generation and did not
correspond to any hardware state.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* arc connect is a component to connect multiple arc cores
* it's necessary for arc smp support
* the following features are implemented
* inter-core interrupt unit
* gloabl free running counter
* inter-core debug unit
* interrupt distribute unit
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Makes the code that defines stacks, and code referencing
areas within the stack object, much clearer.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, context switching on x86 with memory protection
enabled involved walking the page tables, de-configuring all
the partitions in the outgoing thread's memory domain, and
then configuring all the partitions in the incoming thread's
domain, on a global set of page tables.
We now have a much faster design. Each thread has reserved in
its stack object a number of pages to store page directories
and page tables pertaining to the system RAM area. Each
thread also has a toplevel PDPT which is configured to use
the per-thread tables for system RAM, and the global tables
for the rest of the address space.
The result of this is on context switch, at most we just have
to update the CR3 register to the incoming thread's PDPT.
The x86_mmu_api test was making too many assumptions and has
been adjusted to work with the new design.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently page tables have to be re-computed in
an expensive operation on context switch. Here we
reserve some room in the page tables such that
we can have per-thread page table data, which will
be much simpler to update on context switch at
the expense of memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There are two aspects to this: CPU registers are twice as big, and the
load and store instructions must use the 'd' suffix instead of the 'w'
one. To abstract register differences, we simply use a ulong_t instead
of u32_t given that RISC-V is either ILP32 or LP64. And the relevant
lw/sw instructions are replaced by LR/SR (load/store register) that get
defined as either lw/sw or ld/sd. Finally a few constants to deal with
register offsets are also provided.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
These defines are specific to the Cortex-M. Move them to their own
header file to prepare for Cortex-R support.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
ARCv2 cores may access data not aligned by the data size boundary.
I.e. read entire 32-bit word from address 0x1.
This feature is configurable for ARC EM cores excluding those with
secure shield 2+2 mode. When it's available in hardware it's required
to enable that feature in run-time as well setting status32.AD bit.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Because NXP MPU's regions are dynamically enabled/disabled, USB
device's access maybe restricted when switching out of a task.
Background DMA transfers to/from RAM may happen during MPU region
reconfiguration or core idling.
Enabled USB (Kinetis MPU Master 4) to always have access to RAM address
space.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
This is now called z_arch_esf_t, conforming to our naming
convention.
This needs to remain a typedef due to how our offset generation
header mechanism works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We had a function that did this, but it was dead code.
Move to fatal.c and call from z_arm_fatal_error().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* z_NanoFatalErrorHandler() is now moved to common kernel code
and renamed z_fatal_error(). Arches dump arch-specific info
before calling.
* z_SysFatalErrorHandler() is now moved to common kernel code
and renamed k_sys_fatal_error_handler(). It is now much simpler;
the default policy is simply to lock interrupts and halt the system.
If an implementation of this function returns, then the currently
running thread is aborted.
* New arch-specific APIs introduced:
- z_arch_system_halt() simply powers off or halts the system.
* We now have a standard set of fatal exception reason codes,
namespaced under K_ERR_*
* CONFIG_SIMPLE_FATAL_ERROR_HANDLER deleted
* LOG_PANIC() calls moved to k_sys_fatal_error_handler()
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We are standardizing to a arch-independent set of exception
reason codes, don't overload it with internal state of
the ARM fault handling code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit adds a DTCM (Device Tightly Coupled Memory) section for
Cortex F7 MCUs. The Address and length is defined in the corresponding
device tree file.
Signed-off-by: Alexander Wachter <alexander.wachter@student.tugraz.at>
When code relocation enabled, there will be serval regions holding
text. And then there will be function call between these .text
regions, when distance between caller and callee is too far, linker
will automatically generate and insert veneer functions. And these
veneer functions will be located right after the last instruction
in the .text region by the linker. So these code will be put in the
memory reserved for priv_stacks text and kobject text if they don't
consume all the reserved memory. Or the veneer functions will be put
before the reserved memory if there isn't code in the reserved
memory. And then in the user mode building process, there will be
different memory layout and it will cause usr mode not working.
And moving the memory reserved for priv_stacks text and kobject text
at the beginning of .text will avoid above problem. The detailed
analysis for this issue can be found on Github issue #17038.
Fixes: #17038.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Because NXP MPU's regions are dynamically enabled/disabled, ENET
device's access maybe restricted when switching out of a task.
Background DMA transfers from RAM to MAC/PHY may happen during MPU
region reconfiguration or core idling.
Enabled ENET (Kinetis MPU Master 3) to always have access to RAM address
space.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
The MVIC is no longer supported, and only the APIC-based interrupt
subsystem remains. Thus this layer of indirection is unnecessary.
This also corrects an oversight left over from the Jailhouse x2APIC
implementation affecting EOI delivery for direct ISRs only.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Don't allow inadvertent use of the existing z_x86_msr_read() when
compiled in long mode (CONFIG_X86_LONGMODE) as it won't work.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
These inlines currently only apply to IA32, so place accordingly.
Minor changes to direct and indirect users of the file for ordering.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file is only included from arch.h, so merge it into same. This
also avoids confusion with files in arch/x86/include/ of the same name.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The compiler is going to make better per-arch/per-implementation
choices about bit operations, so let's use the common definitions.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This header is currently IA32-specific, so move it into the subarch
directory and update references to it.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Making room for the Intel64 subarch in this tree. This header is
32-bit specific and so it's relocated, and references rewritten
to find it in its new location.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file is currently IA32-specific, so it is moved and the
reference to it at the arch-independent layer is moved.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file is 32-bit specific, so it is moved into the ia32/ directory
and references to it are updated accordingly.
Also, SP_ARG* definitions are no longer used, so they are removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Eliminate definitions for MSRs that we don't use. Centralize the
definitions for the MSRs that we do use, including their fields.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This pattern exists in both the include/arch/x86 and arch/x86/include
trees. This indirection is historic and unnecessary, as all supported
toolchains for x86 support gas/gcc-style inline assembly.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move sys_io.h to sys/sys_io.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix path for system_timer.h and loapic.h, we moved it to
include/drivers/timer/ and include/drivers/interrupt_controller/
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move internal and architecture specific headers from include/drivers to
subfolder for interrupt_controller:
include/drivers/interrupt_controller/
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This was only enabled by the MVIC, which in turn was only used
by the Quark D2000, which has been removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The Quark D2000 is the only x86 with an MVIC, and since support for
it has been dropped, the interrupt controller is orphaned. Removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
We introduce a new define to describe the alignment for a
privilege stack buffer. This macro definition is used by the
privilege stack generation script, to determine the required
alignment of threads' privilege stacks when building with
support for user mode.
We cannot use Z_THREAD_MIN_STACK_ALIGN in this case, because
the privilege stacks do not need to respect the minimum MPU
region alignment requirement, unless, of course, this is
enforced via the MPU Stack Guard feature.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit re-organizes the macro definitions in arch.h for
the ARM architecture. In particular, the commit:
- defines the minimum alignment requirement for thread stacks,
that is, excluding alignment requirement for (possible)
MPU stack guards.
- defines convenience macros for the MPU stack guard align and
size for threads using the FP services under Shared registers
mode (CONFIG_FP_SHARING=y). For that, a hidden Kconfig option
is defined in arch/arm/core/cortex_m/mpu/Kconfig.
- enforces stack alignment with a wide MPU stack guard (128
bytes) under CONFIG_FP_SHARING=y for the ARMv7-M architecture,
which requires start address alignment with power-of-two and
region size.
The commit does not change the amount of stack that is reserved
with K_THREAD_STACK_DEFINE; it only determines the stack buffer
alignment as explained above.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
These constants do not need global exposure, as they're only
referenced in the reboot API implementation. Also their names
are trimmed to fit into the X86-arch-specific namespace.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The only we support cores that don't have CMOV insns are the MINUTEIAs,
so we simply check for that rather this using a layer of indirection.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This commit adds the architecture-specific implementation
of k_float_disable() for ARM and x86.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When CONFIG_X2APIC is enabled, twiddle the appropriate MSR during
initialization to enable x2APIC mode.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
MSRs related to x2APIC will never be accessed directly by name, but
rather via an offset from a base MSR, so the definitions are removed
from msr.h.
New local APIC accessor functions, which are sensitive to xAPIC vs
x2APIC mode (CONFIG_X2APIC), are added to include/drivers/loapic.h.
These accessors use the MSR definitions as modified above.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The real-mode startup code is trivially changed to refer to MSR
definitions in include/arch/x86/msr.h, rather than its ad-hoc ones.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Light reorganization. All MSR definitions and manipulation functions
are consolidated into one header. The names are changed to use an
X86_* prefix instead of IA32_* which is misleading/incorrect.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
A basic display driver is added for a generic 32-bpp framebuffer.
Glue logic is added to the x86 arch to request the intitialization
of a linear framebuffer by the Multiboot loader (GRUB) and connect
it to this generic driver.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
When booting using GRUB, some useful information about the environment
is given to us via a boot information structure. We've not made any
use of this information so far, but the x86 framebuffer driver will.
A skeletal definition of the structure is given, and provisions are
made to preserve its contents at boot if the configuration requires it.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
All architectures declare those variables the same way, no need to
define them per arch, instead put them in common. If someone deviates,
they can create their own header.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We had architectures doing this differently, some had a dedicated
sys_io.h file, some not. Unify how it is done by splitting the arch
specific sys_io implementation into a sys_io file and include it
instead.
Move bits_portable.h to arch/common and split the file so more
architecture can reuse some of the definitions here instead of
duplicating code.
Where applicable use the common sys_io/ffs definitions.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
It's useful to be able to inspect the key returned from
z_arch_irq_unlock() to see if interrupts were enabled at the point
where z_arch_irq_lock() was called. Architectures tend to represent
this is a simple way that doesn't require platform assembly to
inspect.
Adds a simple test to kernel/common that validates this predicate with
a nested lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We do have a multi-architecture latency benchmark now, this one was x86
only, was never used or compiled in and is out-dated.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
STM32WB HCI driver requires definition of 2 RAM regions to support
use of 3 shared memory sections: MAPPING_TABLE, MB_MEM1 and MB_MEM2.
In linker.ld, under conditions of HCI driver to be enabled,
define SRAM1 and SRAM2 based on input defined in stm32wb linker.
Then define the 3 sections MAPPING_TABLE, MB_MEM1 and MB_MEM
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
arm_core_mpu_dev.h is an internal API, and is not supposed to
be directly called by kernel / application functions, therefore,
we can move it inside arch/arm/core/cortex_m/mpu directory.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add ifdefs to handle the nrf91 case. This change will dynamically
place and size the NSC region according to nrf91 HW limitations.
Add Cmake check of NSC offset if manually set.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Non-XIP system with FLASH_SIZE = 0 is no-flash system. And no-flash
system makes text, rodata, and data all in SRAM, so define the marco
ROM_ADDR to RAM_ADDR.
Fixes: #16027.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
on non-XIP system, SRAM is the default region, and relocated .data
section and .bss section of SRAM shouldn't be inserted between
_image_rom_start and _image_rom_end, because the memory region between
_image_rom_start and _image_rom_end will construct the mpu ro region.
Also for the newly added memory region on non-XIP system, the
relocated .text secition and .rodata section should also be mpu aligned.
Fixes: #16090.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Allows snippets to be placed in different locations:
- The noinit, rwdata and rodata output sections
- Two different locations for placing custom output sections,
one location for RAM and another for all other sections.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
The compiler was generating errors of the form
error: "CONFIG_ZERO_LATENCY_IRQS" is not defined, evaluates to 0
[-Werror=undef] when -Wundef is used and the config option was turned
off. Change check to ifdef.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Delete memory-related configs from defconfig and use device tree based
macros in general riscv32 linker script instead of Kconfig ones.
Signed-off-by: Filip Kokosinski <fkokosinski@internships.antmicro.com>
Signed-off-by: Mateusz Holenko <mholenko@antmicro.com>
The ARM Cortex-M Exception Stack Frame (ESF) may consist of
several stack frame contexts (basic state context, additional
state context, FP context, etc.). To reflect these structural
properties, this commit re-factors the ESF, splitting out the
basic stack frame, holding the state context, into its own
struct container. The commit does not introduce behavioral
changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not stacking the
FP context in exception entries, so we do not need to
include the FP registers bank in the exception stack
frame structure.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The size of the ROM region is now rounded up to the
nearest power of two; we no longer assume that RAM
is in a different part of memory.
Fixes: #15558
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Right now only numerical values are printed which must
be looked up in the Designware ARCv2 ISA Programmer's
Reference, which is not public.
Add a non-default Kconfig to print more information at
the expense of footprint, and enable it for all the simulator
targets.
We only print code/parameter details for machine check and
protection violations, more may be added later as desired.
This should cover all the exceptions we commonly encounter
for memory protection.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* fix the stack allocation and initialization
for mpu stack guard when USERSPACE is not configured
* fixes#15163
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Rename reserved function names in arch/ subdirectory. The Python
script gen_priv_stacks.py was updated to follow the 'z_' prefix
naming.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Rename reserved function names in drivers/ subdirectory. Update
function macros concatenatenating function names with '##'. As
there is a conflict between the existing gpio_sch_manage_callback()
and _gpio_sch_manage_callback() names, leave the latter unmodified.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Unlike the others, this macro was not taking into
account minimum MPU region sizes by filtering through
STACK_SIZE_ALIGN().
Fixes: #15130
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA defines a serie of essential types, boolean, signed/unsigned
integers, float, ... and operations must respect these essential types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This is used to have each arch canonically state how much
room in the stack object is reserved for non-thread use.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The ARM Cortex-M 321 application note is stressing that if
we disable interrupts by executing CPSID i(f), or by MSR
instructions (on PRIMASK, FAULTMASK registers), there is no
requirement to add barrier instructions after disabling
interupts. However, in ARMv7-M (and ARMv8-M Mainline) we use
BASEPRI, instead. Therefore, if we need the effect of disabling
interrupts to be recongnized immediately we should add barrier
instructions. This commit adds DSB and ISB barriers when
disabling interrupt using BASEPRI in the generic
arm _irq_lock() function as well as in the PendSV handler,
where we need to access kernel globals right after the interrups
are disabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
(OPTIONAL) was a vestiage from the initial import of the Zephyr code
base and we dont utilize it with the GNU linker. Additionally, the way
(OPTIONAL) gets defined to nothing creates a linker script that lld
(from llvm) doesn't like.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
* separate the ARC MPU driver into 2 parts
* arc_mpu_v2_internal.h for ARC MPUv2
* arc_mpu_v3_internal.h for ARC MPUv3
* For ARC MPUv2, keep the main design, but update and optimize the code
* For ARC MPUv3, implement mpu region split to supprt MPU region overlap
* misc updates and bug fixes
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The clang ARM assembler is a bit stricter than GNU as. Change mov to
movs for ARMv6 case of Z_ARCH_EXCEPT.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit enhances the documentation of z_arch_buffer_validate
describing the cases where the validation is performed
successfully, as well as the cases where the result is
undefined.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
During testing with sorting section by alignment with qemu_nios2,
if rodata section is not aligned on 4-byte boundary and its size
not of multiple of 4, it would never boot correctly. So align
the rodata here. This is in preparation to enable the linker
option to sort sections by alignment.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The app_smem.ld is also being used by architectures other than ARM.
So move the linker script out of include/arch/arm and into
include/linker.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The ARM Cortex-M 321 application note is stressing that
when enabling interrupts by executing CPSIE i(f), or by MSR
instructions (on PRIMASK, FAULTMASK, or BASEPRI registers),
there is a need for synchronization barrier instructions,
if there is a requirement for the effect of enabling
interrupts to be recongnized immediately. _arch_irq_unlock()
is invoked in several places, therefore, we add the
barriers to make the interrupt enabling function
applicable to all usage scenarios.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This commit corrects and improves the documentation for the
convenience macro _ARCH_THREAD_STACK_SIZEOF(sym). It stresses
that the returned size is guaranteed to match the amount of
stack that is available for the thread, that is, excluding any
areas not directly usable, e.g. a Stack Guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the MPU region re-programming functions,
to take as argument an array of pointers to memory partition
structures, instead of the whole array of the partitions. In
this way the stack usage can be minimized, if the actual
partition information is kept in statically allocated memory.
instead of the map itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The GCOV section is programmed as a static MPU region, only
in builds with support for User Mode, otherwise it is not
programmed into an MPU region at all. To reflect this in the
linker, the MPU-alignment for GCOV section is enforced only
under CONFIG_USERSPACE=y. Otherwise, single-word alignment
is enforced.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Retpolines were never completely implemented, even on x86.
Move this particular Kconfig to only concern itself with
the assembly code, and don't default it on ever since we
prefer SSBD instead.
We can restore the common kernel-wide CONFIG_RETPOLINE once
we have an end-to-end implementation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having to enable ramfunc support manually, just make it
transparently available to users, keeping the MPU region disabled if not
used to not waste a MPU region. This however wastes 24 bytes of code
area when the MPU is disabled and 48 bytes when it is enabled, and
probably a dozen of CPU cycles during boot. I believe it is something
acceptable.
Note that when XIP is used, code is already in RAM, so the __ramfunc
keyword does nothing, but does not generate an error.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Using __ramfunc to places a function in RAM instead of Flash.
Code that for example reprograms flash at runtime can't execute
from flash, in that case must placing code into RAM.
This commit create a new section named '.ramfunc' in link scripts,
all functions has __ramfunc keyword saved in thats sections and
will load from flash to sram after the system booted.
Fixes: #10253
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Slightly enhance the build-time ASSERT rule for memory
partitions sanity on ARMv8-M platforms, to check,
additionally, for proper (32-byte) alignment of the start
address.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames irq_vectors_alloc_data.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames gdt.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames user_mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Upon hard/soft irq or exception entry/exit, handle transitions
off or onto the trampoline stack, which is the only stack that
can be used on the kernel side when the shadow page table
is active. We swap page tables when on this stack.
Adjustments to page tables are now as follows:
- Any adjustments for stack memory access now are always done
to the user page tables
- Any adjustments for memory domains are now always done to
the user page tables
- With KPTI, resetting a page now clears the present bit
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If kernel page table isolation is enabled, we generate a second
set of page tables. These tables, except for the shared page, have
all non-user pages marked as non-present.
The MMU generation script has been refactored:
- Debugging output has been make significantly simpler and less
verbose
- Useless globals removed or adjusted
- MMU region list is validated as it is read
- Some tuples unpacked into individual variables to make the
code easier to read.
- Useless command line option for output binary endian-ness
remobved
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
KPTI requires that there exist one kernel page marked
'present', because switching between the kernel and the
shadow page tables is not done automatically and certain
other CPU data structures must always be in a present page.
Move IDT, GDT, all TSS to this page, and set up a small
trampoline stack as a safe landing area when doing
privilege level transitions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Since we know do DTS before Kconfig we should try and remove dts from
creating Kconfig namespaced symbols and leave that to Kconfig. So
rename CONFIG_CCM_<FOO> to DT_CCM_<FOO>.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
CONFIG_APPLICATION_MEMORY doesn't exist anymore, so the bit of code in
arm_core_mpu_dev.h related to it is dead and should be removed.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* K_APP_DMEM_SECTION/K_MEM_BMEM_SECTION macros now exist
to specifically define the name of the sections for data
and bss respectively.
* All boards now use the gen_app_partitions.py script, the
padding hacks for non-power-of-two arches didn't work right
in all cases. Linker scripts have been updated.
* The defined k_mem_partition is now completely initialized
at build time. The region data structures now only exist
to zero BSS.
Based on some work submitted by Adithya Baglody
<adithya.baglody@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is a separate data section which needs to be copied into
RAM.
Most arches just use the kernel's _data_copy(), but x86 has its
own optimized copying code.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace Cortex-M3 with Cortex-M architecture family
in the header documentation of kernel_arch_data.h and
kernel_arch_func.h, which are generic header files for
the entire familty of ARM Cortex-M CPUs. The commit
adds some more minor style fixes in functions'
documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the documentation of internal ARM core
function _arch_irq_lock(..), adding a more detailed description
of its impact on the different Cortex-M processors.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
add the handling of APP_SHARED_MEM.
privileged threads can access all the mem
explictly defined in user mode, i.e., APP_MEM & APP_SHARED_MEM
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
PAE tables introduce the NX bit which is very desirable
from a security perspetive, back in 1995.
PAE tables are larger, but we are not targeting x86 memory
protection for RAM constrained devices.
Remove the old style 32-bit tables to make the x86 port
easier to maintain.
Renamed some verbosely named data structures, and fixed
incorrect number of entries for the page directory
pointer table.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit re-works the NXP MPU driver implementation so that
it aligns with the implementation for ARMv7-M and ARMv8-M MPU
architectures.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the unnecessary MPU region type definitions
from arm_core_mpu_dev.h, as they are not used any more in any of
the architecture-specific MPU implementations (ARMv7-M, NXP, and
ARMv8-M MPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes obsolete ARM CORE MPU API definitions
and related implementation from arm_mpu.c, in the wake of
the transition to the new ARM MPU design.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the ARM Core MPU API for memory domains,
to align with the principle of de-coupling the partitioning
and the access attribution with the architecture-specific
MPU driver implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces an internal ARM MPU API that allows the
user to re-configure a memory partition in run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces an ARM API that allows the user to
program a set of dynamic MPU regions at run-time. The API
function is invoked every time the memory map needs to be
re-programmed (for example at thread context-switch). The
functionality is implementated in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and documents the internal ARM MPU
API to configure the dynamic memory regions at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and documents the internal ARM MPU
API to configure the static memory regions at boot time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The ARM core MPU API now uses solely k_mem_partition_attr_t
objects to represent memory region attributes. The objects
now include all attribution properties (including cache-
ability and share-ability). This commit updates the macro
definitions to comply with the new ARM Core MPU standard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the generic ARM (core) API, which allows
the user to program a set of static (fixed) MPU regions at boot
time. The API function is invoked upon initialization, in the
ARM-specific call of _arch_switch_to_main_thread(). The API
implementation is provided in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This board is unmaintained and unsupported. It is not known to work and
has lots of conditional code across the tree that makes code
unmaintainable.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add missing linker section to avoid warning about orphans when building
with host compiler.
Fixes#12719
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Building tests/kernel/common/kernel.common with the new crosstools
SDK-ng resulted in an orphan short read-only data section. Fix this by
adding the .srodata section to the RISC-V linker script.
Signed-off-by: Nathaniel Graff <nathaniel.graff@sifive.com>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from x86 SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add missing sections being reported as orphan with latest compiler
version for x86 and discard them. Do the same on ARM.
Those sections are used for dynamic linking which we do not support in
Zephyr.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
I was half way through typing up my own one of these when I realized
there was one already in the tree. Move it to a shared header.
(FWIW: I really doubt that most architectures actually benefit from
their own versions of these tools -- GCC's optimizer is really good,
and custom assembly defeats optimization and factorizations of the
expressions in context.)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Adds support for the device configuration data (DCD), which provides a
sequence of commands to the imx rt boot ROM to initialize components
such as an SDRAM.
It is now possible to use the external SDRAM instead of the internal
DTCM on the mimxrt1020_evk, mimxrt1050_evk, and mimxrt1060_evk. Note,
however, that the default board configurations still link data into
internal DTCM, therefore you must use a device tree overlay to override
"zephyr,sram = &sdram0"
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds support for the boot data, image vector table, and FlexSPI NOR
config structures used by the imx rt boot ROM to boot an application
from an external xip flash device.
It is now possible to build and flash a bootable zephyr image to the
external xip flash on the mimxrt1020_evk, mimxrt1050_evk, and
mimxrt1060_evk boards via the 'ninja flash' build target and jlink
runner. Note, however, that the default board configurations still link
code into internal ITCM, therefore you must set CONFIG_CODE_HYPERFLASH=y
or CONFIG_CODE_QSPI=y explicitly to override the default. You must also
set CONFIG_NXP_IMX_RT_BOOT_HEADER=y to build the boot header into the
image.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The various linker scripts on arc would include autoconf.h in the arch
linker script but might have CONFIG_ symbols referenced in the soc
specific linker script. Move autoconf.h inclusion to top of the soc
specific linker script out of the arch specific one so we know
autoconf.h is seen before any CONFIG_ references.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For all builds, _image_ram_start is initially set to RAM_ADDR,
before it is (possibly) aligned for MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The main function is just a weak function that should be override by the
applications if they need. Just adding a nop instructions to explicitly
says that this function does nothing.
MISRA-C rule 2.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The definition of __app_ram_end linker symbol has been
erroneously placed outside the last linker section of
application memory. This commit fixes the problem.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch splits the text section into 2 parts. The first section
will have some info regarding vector tables and debug info. The
second section will have the complete text section.
This is needed to force the required functions and data variables
the correct locations.
This is due to the behavior of the linker. The linker will only link
once and hence this text section had to be split to make room
for the generated linker script.
Added a new Kconfig CODE_DATA_RELOCATION which when enabled will
invoke the script, which does the required relocation.
Added hooks inside init.c for bss zeroing and data copy operations.
Needed when we have to copy data from ROM to required memory type.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
RISC-V permits myriad extensions to the ISA, any of which may imply
additional context that must be saved and restored on ISR entry and
exit. The current in-tree example is the Pulpino core, which has extra
registers used by ISA extensions for running loops that shouldn't get
clobbered by an ISR.
This is currently supported by including pulpino-specific definitions
in the generic architecture code. This works, but it's a bit inelegant
and is something of a layering violation. A more generic mechanism is
required to support other RISC-V SoCs with similar requirements
without cluttering the arch code too much.
Provide that by extending the semantics of the existing
CONFIG_RISCV_SOC_CONTEXT_SAVE option to allow other SoCs to allocate
space for saving and restoring their own state, promoting the
currently pulpino-specific __soc_save_context / __soc_restore_context
routines to a RISC-V arch API.
The cost of making this generic is two more instructions in each ISR
to pass the SoC specific context to these routines in a0 rather than
just assuming the stack points to the right place. This is minimal,
and should have been done anyway to keep with the ABI.
As a first (and currently only in-tree) customer, convert the Pulpino
SoC code to this new mechanism.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Add symbol which contains the number of bytes contained
in the image.
Using '_image_rom_end' will not work, as there are
symbols loaded after its value.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Helper macro, MPU_ALIGN() is used by script
gen_app_partitions.py, so the macro needs to be available,
if the APP Shared memory feature is to be used. This commit
defines MPU_ALIGN() in the ARC linker.ld script.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the app_data_alignment.ld scripts
under arch/arc sub-directory, as it is not not used
at all in ARM builds. The script is still used for
ARC, whose v2 MPU also has the reuquirement for
power-of-two size alignment.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Move the definition of _image_ram_start at the beginning
of the RAMMABLE (SRAM) region, so it points to the actual
start of RAM linker sections.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit standardizes and simplifies the way we enforce
linker section alignment, to comply with minimum alignment
requirement for MPU, if we build Zephyr with MPU support:
- it enforces alignment with the minimum MPU granularity at
the beginning and end of linker sections that require to
be protected by MPU,
- it enforces alignment with size if required by the MPU
architecture.
Particularly for the Application Memory section, the commit
simplifies how the proper alignment is enforced, removing
the need of calculating the alignment with a post-linker
python script. It also removes the need for an additional
section for padding.
For the Application Shared Memory section(s), the commit
enforces minimum alignment besides the requirement for
alignment with size (for the respective MPUs) and fixes
a bug where the app_data_align was erronously used in the
scipts for auto-generating the linker scripts.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit enforces the use of ARM_MPU_REGION_MIN_ALIGN_AND_SIZE
in include/arch/arm/arch.h, instead of using 32 as a hard-coded
value. The symbol is also used in arm/thread.c to truncate the
thread stack size to satisfy MPU granularity. The commit does
not introduce behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug in the ARMv7-M convenience macro that
evaluates write-ability of given access permissions attributes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Declare and define nxp_mpu_config and nxp_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhances the documentation of the nxp_mpu_config
element in include/arch/arm/cortex_m/mpu/nxp_mpu.h, stressing
that it intends to store information for fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
We now place the linker directives for the SW ISR table
in the common linker scripts, instead of repeating it
everywhere.
The table will be placed in RAM if dynamic interrupts are
enabled.
A dedicated section is used, as this data must not move
in between build phases.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If dynamic interrupts are enabled, a set of trampoline stubs
are generated which transfer control to a common dynamic
interrupt handler function, which then looks up the proper
handler and parameter and then executes the interrupt.
Based on the prior x86 dynamic interrupt implementation which
was removed from the kernel some time ago, and adapted to
changes in the common interrupt handling code, build system,
and IDT generation tools.
An alternative approach could be to read the currently executing
vector out of the APIC, but this is a much slower operation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit contributes a patch to the Arm Cortex-M linker
script, which guarantees that the linker sections for shared
memory and the application memory will have sufficient padding
in between, so that the latter will start from an address that
is 32-byte aligned. This is required for ensuring that the MPU
regions defined using the start and end addresses of the two
sections will not overlap. The patch targets ARMv8-M MPU with
no requirement for power-of-two alignment and size.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Patch is useful for RISCV platforms which can not provide ROM memory.
Switching CONFIG_XIP to "n" disables allocating ROM region.
Signed-off-by: Vitaly Gaiduk <vitaly.gaiduk@cloudbear.ru>
With newer linker for ARC we can possibly get a warning like:
real-ld: warning: orphan section `.ARC.attributes' from `(foo.o)'
being placed in section `.ARC.attributes'.
Fixes#11060
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
struct segment_selector is defined but never used. Besides that, this
tag identifier was clashing with other identifier, what is an undefined
behaviour in C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When using C++ exceptions in a Cortex-M, the linker return a warning:
warning: orphan section ".ARM.extab"
.ARM.extab section containing exception unwinding information.
This section is missing in the linker script for Cortex-M.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
(Previous patch set was reverted due to issue with priv_stack.
Resubmitting after fixing the faults caused by priv_stack.noinit
not at the end of RAM.)
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Fixes#10473, #10474, #10515.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This puts the priviledged stack at the end of RAM.
This combines PR #10507 and #10542.
Fixes#10473Fixes#10474Fixes#10515
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The Cypress PSoC6 specifies some input sections in the startup
scripts. These sections (.heap, .stack, etc.) need to be placed
at correct location.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The function _arc_v2_irq_unit_is_in_isr computes a Boolean
value but the function returns a integer value.
Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Update rel-sections.ld to use wildcards instead of
spelling out those sections one by one.
Also, for POSIX, don't include this and turns off
the warnings. With different host toolchain across
different OS, it would be maintanence nightmare
to account for all those combinations. So this reverts
the POSIX linker script to before the first orphan
section changes.
Fixes#10493
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
In ARMv8-M MPU it is not possible to have the following access
permissions: Privileged RW / Unprivileged RO. So we define
K_MEM_PARTITION_IS_WRITABLE macro separately for v8M and v7M MPU
architectures (in the separate include files).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The Cypress PSoC6 specifies some input sections in the startup
scripts. These sections (.heap, .stack, etc.) need to be placed
at correct location.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Instead of hardcoding in linker script, use a Kconfig and deal with
dependencies in Kconfig instead of directly in the linker file.
This patch moves both:
PRIVILEGED_STACK_TEXT_AREA
and
KOBJECT_TEXT_AREA
to arch/Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Improve the documentation of the ARMv8-M MPU convenience macros
for setting up MPU regions at boot time, stressing that the
macros intend to be used for non-overlapping, fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhances the documentation of the mpu_config
element in include/arch/arm/cortex_m/mpu/arm_mpu.h, stressing
that it intends to store information for fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove an inline explanatory comment for the thread
stack region type that is obsolete. The comment had
been been erroneously kept in after the enumeration
of MPU region types was refactored and cleaned up.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Any calculation based on linker variables shouldn't be inside
sections.
Also added the linker macro needed for the shared memory.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
According with ISO/IEC 9899:1999 §6.7 Declarations, typedefs name must
be uniques.
C99 clause 6.7
MISRA-C rule 1.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Some minor style fixes and rewording of the documentation
for ARM MPU region types.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit groups together the MPU region types
that are related to the User-space feature, so that
a single #ifdef USERSPACE is present in the enum.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Several style and typo fixes in inline comments of arm kernel
files and thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The header should check if the macro _MPU_PRESENT is defined
and create it only if not defined.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The size calculation for power of 2 MPUs were incorrect.
The calculation was not taking into account the amount of padding
the linker does when doing the required alignment. Hence the size
being calculated was completely incorrect.
With this patch the code now is optimized and the size of
partitions is now provided by the linker.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit moves the documentation corresponding to
_ARCH_THREAD_STACK_DEFINE(..) macro to the right place.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This reverts commit 17e9d623b4.
Single thread keep introducing more issues, decided to remove the
feature completely and push any required changes for after 1.13.
See #9808
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Some applications have a use case for a tiny MULTITHREADING=n build
(which lacks most of the kernel) but still want special-purpose
drivers in that mode that might need to handle interupts. This
creates a chicken and egg problem, as arch code (for obvious reasons)
runs _Cstart() with interrupts disabled, and enables them only on
switching into a newly created thread context. Zephyr does not have a
"turn interrupts on now, please" API at the architecture level.
So this creates one as an arch-specific wrapper around
_arch_irq_unlock(). It's implemented as an optional macro the arch
can define to enable this behavior, falling back to the previous
scheme (and printing a helpful message) if it doesn't find it defined.
Only ARM and x86 are enabled in this patch.
Fixes#8393
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit implements and integrates the ARMv8-M MPU driver
into the memory protection system for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a type definition for the ARM MPU
region attribute container. This allows to abstract the type
of the attribute container and make the code extendible for
ARMv8-M, where the size and structure of the attribute
container will be different.
Therefore, we can, now, move the definition of the region
data structure in the common arm_mpu.h header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds K-config options that allow the user to
signify an ARM Secure Firmware that contains Secure Entry
functions and to define the starting address of the linker
section that will contain the Secure Entry functions. It
also instructs the linker to append the NSC section if
instructed so by the user.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Split out the arch specific syscall code to reduce include pollution
from other arch related headers. For example on ARM its possible to get
errno.h included via SoC specific headers. Which created an interesting
compile issue because of the order of syscall & errno/errno syscall
inclusion.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If MMU is enabled, always make the BSS section MMU page aligned.
According to the comments, it is always aligned anyway.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Some drivers or tests need to execute some code before Zephyr is
booted, dynamically register command line arguments, etc.
For this purpose, we generalize the NATIVE_EXIT_TASK to also
provide hooks to run a function at a given point during the startup
of native_posix.
Also, test/boards/native_posix/exit_tasks is generalized to cover
this new functionality.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The .eh_frame symbol was causing __data_rom_start to contain the wrong
offset into the ROM, resulting in corrupt data copied into RAM by
_data_copy(). Fix by placing the .eh_frame in the .text section as is
done in include/arch/x86/linker.ld
Signed-off-by: Nathaniel Graff <nathaniel.graff@sifive.com>
When building the real mode, the linker definition has to place
the real mode entry code at the start of flash area.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
This commit adds the implementation that allows the ARM CPU
to recover from (otherwise fatal) MPU faults. A new error
reason, _NANO_ERR_RECOVERABLE, is introduced. The error
reason is used to suppress fault dump information, if the
error is actually recoverable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Shouldn't declare this and then pull in headers, fixes
error like "util.h:41:1: error: template with C linkage"
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Shouldn't declare this and then pull in headers, fixes
errors like "util.h:41:1: error: template with C linkage"
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some of the native application components or drivers need to
do a proper cleanup before the executable exits.
So we provide a macro similar to SYS_INIT but which will be
called just before exiting.
This can be used for freeing up resources, closing descriptors,
or doing any neccessary signaling to any other host process.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Change the REGION_FLASH_ATTR macros to set the cache attributes on Flash
regions to "Outer and inner write-through. No write allocate.". This
matches the cache attributes used when the MPU is disabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Change the REGION_RAM_ATTR macro to set the cache attributes on RAM
regions to "Outer and inner write-back. Write and read allocate". This
matches the cache attributes used when the MPU is disabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix NORMAL_OUTER_INNER_WRITE_BACK_WRITE_READ_ALLOCATE_NONSHAREABLE, the
bufferable bit should be set, while the shareable one should not be set.
At the same time, rename it from ..._NONSHAREABLE to _NON_SHAREABLE to
keep the same naming convention for all macro. Given it's not (yet)
used, it should not be an issue.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reduces the number of mpu regions statically reserved at boot time by
one, giving a total of five. We originally sought to reduce the total to
three: 1 background region with lowest precendence for supervisor r/w, 1
flash region, and 1 sram region. However, the nxp mpu hardware does not
give precedence to any region over another, and thus we cannot revoke
access from the background region with a higher priority region. This
means we cannot support hardware stack protection with a single
background region.
Instead, create two background regions that cover the entire address
space, except for sram.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
