This board is unmaintained and unsupported. It is not known to work and
has lots of conditional code across the tree that makes code
unmaintainable.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add missing linker section to avoid warning about orphans when building
with host compiler.
Fixes#12719
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Building tests/kernel/common/kernel.common with the new crosstools
SDK-ng resulted in an orphan short read-only data section. Fix this by
adding the .srodata section to the RISC-V linker script.
Signed-off-by: Nathaniel Graff <nathaniel.graff@sifive.com>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from x86 SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add missing sections being reported as orphan with latest compiler
version for x86 and discard them. Do the same on ARM.
Those sections are used for dynamic linking which we do not support in
Zephyr.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
I was half way through typing up my own one of these when I realized
there was one already in the tree. Move it to a shared header.
(FWIW: I really doubt that most architectures actually benefit from
their own versions of these tools -- GCC's optimizer is really good,
and custom assembly defeats optimization and factorizations of the
expressions in context.)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Adds support for the device configuration data (DCD), which provides a
sequence of commands to the imx rt boot ROM to initialize components
such as an SDRAM.
It is now possible to use the external SDRAM instead of the internal
DTCM on the mimxrt1020_evk, mimxrt1050_evk, and mimxrt1060_evk. Note,
however, that the default board configurations still link data into
internal DTCM, therefore you must use a device tree overlay to override
"zephyr,sram = &sdram0"
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds support for the boot data, image vector table, and FlexSPI NOR
config structures used by the imx rt boot ROM to boot an application
from an external xip flash device.
It is now possible to build and flash a bootable zephyr image to the
external xip flash on the mimxrt1020_evk, mimxrt1050_evk, and
mimxrt1060_evk boards via the 'ninja flash' build target and jlink
runner. Note, however, that the default board configurations still link
code into internal ITCM, therefore you must set CONFIG_CODE_HYPERFLASH=y
or CONFIG_CODE_QSPI=y explicitly to override the default. You must also
set CONFIG_NXP_IMX_RT_BOOT_HEADER=y to build the boot header into the
image.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The various linker scripts on arc would include autoconf.h in the arch
linker script but might have CONFIG_ symbols referenced in the soc
specific linker script. Move autoconf.h inclusion to top of the soc
specific linker script out of the arch specific one so we know
autoconf.h is seen before any CONFIG_ references.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For all builds, _image_ram_start is initially set to RAM_ADDR,
before it is (possibly) aligned for MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The main function is just a weak function that should be override by the
applications if they need. Just adding a nop instructions to explicitly
says that this function does nothing.
MISRA-C rule 2.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The definition of __app_ram_end linker symbol has been
erroneously placed outside the last linker section of
application memory. This commit fixes the problem.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch splits the text section into 2 parts. The first section
will have some info regarding vector tables and debug info. The
second section will have the complete text section.
This is needed to force the required functions and data variables
the correct locations.
This is due to the behavior of the linker. The linker will only link
once and hence this text section had to be split to make room
for the generated linker script.
Added a new Kconfig CODE_DATA_RELOCATION which when enabled will
invoke the script, which does the required relocation.
Added hooks inside init.c for bss zeroing and data copy operations.
Needed when we have to copy data from ROM to required memory type.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
RISC-V permits myriad extensions to the ISA, any of which may imply
additional context that must be saved and restored on ISR entry and
exit. The current in-tree example is the Pulpino core, which has extra
registers used by ISA extensions for running loops that shouldn't get
clobbered by an ISR.
This is currently supported by including pulpino-specific definitions
in the generic architecture code. This works, but it's a bit inelegant
and is something of a layering violation. A more generic mechanism is
required to support other RISC-V SoCs with similar requirements
without cluttering the arch code too much.
Provide that by extending the semantics of the existing
CONFIG_RISCV_SOC_CONTEXT_SAVE option to allow other SoCs to allocate
space for saving and restoring their own state, promoting the
currently pulpino-specific __soc_save_context / __soc_restore_context
routines to a RISC-V arch API.
The cost of making this generic is two more instructions in each ISR
to pass the SoC specific context to these routines in a0 rather than
just assuming the stack points to the right place. This is minimal,
and should have been done anyway to keep with the ABI.
As a first (and currently only in-tree) customer, convert the Pulpino
SoC code to this new mechanism.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Add symbol which contains the number of bytes contained
in the image.
Using '_image_rom_end' will not work, as there are
symbols loaded after its value.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Helper macro, MPU_ALIGN() is used by script
gen_app_partitions.py, so the macro needs to be available,
if the APP Shared memory feature is to be used. This commit
defines MPU_ALIGN() in the ARC linker.ld script.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the app_data_alignment.ld scripts
under arch/arc sub-directory, as it is not not used
at all in ARM builds. The script is still used for
ARC, whose v2 MPU also has the reuquirement for
power-of-two size alignment.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Move the definition of _image_ram_start at the beginning
of the RAMMABLE (SRAM) region, so it points to the actual
start of RAM linker sections.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit standardizes and simplifies the way we enforce
linker section alignment, to comply with minimum alignment
requirement for MPU, if we build Zephyr with MPU support:
- it enforces alignment with the minimum MPU granularity at
the beginning and end of linker sections that require to
be protected by MPU,
- it enforces alignment with size if required by the MPU
architecture.
Particularly for the Application Memory section, the commit
simplifies how the proper alignment is enforced, removing
the need of calculating the alignment with a post-linker
python script. It also removes the need for an additional
section for padding.
For the Application Shared Memory section(s), the commit
enforces minimum alignment besides the requirement for
alignment with size (for the respective MPUs) and fixes
a bug where the app_data_align was erronously used in the
scipts for auto-generating the linker scripts.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit enforces the use of ARM_MPU_REGION_MIN_ALIGN_AND_SIZE
in include/arch/arm/arch.h, instead of using 32 as a hard-coded
value. The symbol is also used in arm/thread.c to truncate the
thread stack size to satisfy MPU granularity. The commit does
not introduce behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug in the ARMv7-M convenience macro that
evaluates write-ability of given access permissions attributes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Declare and define nxp_mpu_config and nxp_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhances the documentation of the nxp_mpu_config
element in include/arch/arm/cortex_m/mpu/nxp_mpu.h, stressing
that it intends to store information for fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
We now place the linker directives for the SW ISR table
in the common linker scripts, instead of repeating it
everywhere.
The table will be placed in RAM if dynamic interrupts are
enabled.
A dedicated section is used, as this data must not move
in between build phases.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If dynamic interrupts are enabled, a set of trampoline stubs
are generated which transfer control to a common dynamic
interrupt handler function, which then looks up the proper
handler and parameter and then executes the interrupt.
Based on the prior x86 dynamic interrupt implementation which
was removed from the kernel some time ago, and adapted to
changes in the common interrupt handling code, build system,
and IDT generation tools.
An alternative approach could be to read the currently executing
vector out of the APIC, but this is a much slower operation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit contributes a patch to the Arm Cortex-M linker
script, which guarantees that the linker sections for shared
memory and the application memory will have sufficient padding
in between, so that the latter will start from an address that
is 32-byte aligned. This is required for ensuring that the MPU
regions defined using the start and end addresses of the two
sections will not overlap. The patch targets ARMv8-M MPU with
no requirement for power-of-two alignment and size.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Patch is useful for RISCV platforms which can not provide ROM memory.
Switching CONFIG_XIP to "n" disables allocating ROM region.
Signed-off-by: Vitaly Gaiduk <vitaly.gaiduk@cloudbear.ru>
With newer linker for ARC we can possibly get a warning like:
real-ld: warning: orphan section `.ARC.attributes' from `(foo.o)'
being placed in section `.ARC.attributes'.
Fixes#11060
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
struct segment_selector is defined but never used. Besides that, this
tag identifier was clashing with other identifier, what is an undefined
behaviour in C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When using C++ exceptions in a Cortex-M, the linker return a warning:
warning: orphan section ".ARM.extab"
.ARM.extab section containing exception unwinding information.
This section is missing in the linker script for Cortex-M.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
(Previous patch set was reverted due to issue with priv_stack.
Resubmitting after fixing the faults caused by priv_stack.noinit
not at the end of RAM.)
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Fixes#10473, #10474, #10515.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This puts the priviledged stack at the end of RAM.
This combines PR #10507 and #10542.
Fixes#10473Fixes#10474Fixes#10515
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The Cypress PSoC6 specifies some input sections in the startup
scripts. These sections (.heap, .stack, etc.) need to be placed
at correct location.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The function _arc_v2_irq_unit_is_in_isr computes a Boolean
value but the function returns a integer value.
Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Update rel-sections.ld to use wildcards instead of
spelling out those sections one by one.
Also, for POSIX, don't include this and turns off
the warnings. With different host toolchain across
different OS, it would be maintanence nightmare
to account for all those combinations. So this reverts
the POSIX linker script to before the first orphan
section changes.
Fixes#10493
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
In ARMv8-M MPU it is not possible to have the following access
permissions: Privileged RW / Unprivileged RO. So we define
K_MEM_PARTITION_IS_WRITABLE macro separately for v8M and v7M MPU
architectures (in the separate include files).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The Cypress PSoC6 specifies some input sections in the startup
scripts. These sections (.heap, .stack, etc.) need to be placed
at correct location.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Instead of hardcoding in linker script, use a Kconfig and deal with
dependencies in Kconfig instead of directly in the linker file.
This patch moves both:
PRIVILEGED_STACK_TEXT_AREA
and
KOBJECT_TEXT_AREA
to arch/Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Improve the documentation of the ARMv8-M MPU convenience macros
for setting up MPU regions at boot time, stressing that the
macros intend to be used for non-overlapping, fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhances the documentation of the mpu_config
element in include/arch/arm/cortex_m/mpu/arm_mpu.h, stressing
that it intends to store information for fixed MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove an inline explanatory comment for the thread
stack region type that is obsolete. The comment had
been been erroneously kept in after the enumeration
of MPU region types was refactored and cleaned up.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Any calculation based on linker variables shouldn't be inside
sections.
Also added the linker macro needed for the shared memory.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
According with ISO/IEC 9899:1999 §6.7 Declarations, typedefs name must
be uniques.
C99 clause 6.7
MISRA-C rule 1.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Some minor style fixes and rewording of the documentation
for ARM MPU region types.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit groups together the MPU region types
that are related to the User-space feature, so that
a single #ifdef USERSPACE is present in the enum.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Several style and typo fixes in inline comments of arm kernel
files and thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The header should check if the macro _MPU_PRESENT is defined
and create it only if not defined.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The size calculation for power of 2 MPUs were incorrect.
The calculation was not taking into account the amount of padding
the linker does when doing the required alignment. Hence the size
being calculated was completely incorrect.
With this patch the code now is optimized and the size of
partitions is now provided by the linker.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit moves the documentation corresponding to
_ARCH_THREAD_STACK_DEFINE(..) macro to the right place.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This reverts commit 17e9d623b4.
Single thread keep introducing more issues, decided to remove the
feature completely and push any required changes for after 1.13.
See #9808
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Some applications have a use case for a tiny MULTITHREADING=n build
(which lacks most of the kernel) but still want special-purpose
drivers in that mode that might need to handle interupts. This
creates a chicken and egg problem, as arch code (for obvious reasons)
runs _Cstart() with interrupts disabled, and enables them only on
switching into a newly created thread context. Zephyr does not have a
"turn interrupts on now, please" API at the architecture level.
So this creates one as an arch-specific wrapper around
_arch_irq_unlock(). It's implemented as an optional macro the arch
can define to enable this behavior, falling back to the previous
scheme (and printing a helpful message) if it doesn't find it defined.
Only ARM and x86 are enabled in this patch.
Fixes#8393
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit implements and integrates the ARMv8-M MPU driver
into the memory protection system for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a type definition for the ARM MPU
region attribute container. This allows to abstract the type
of the attribute container and make the code extendible for
ARMv8-M, where the size and structure of the attribute
container will be different.
Therefore, we can, now, move the definition of the region
data structure in the common arm_mpu.h header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds K-config options that allow the user to
signify an ARM Secure Firmware that contains Secure Entry
functions and to define the starting address of the linker
section that will contain the Secure Entry functions. It
also instructs the linker to append the NSC section if
instructed so by the user.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Split out the arch specific syscall code to reduce include pollution
from other arch related headers. For example on ARM its possible to get
errno.h included via SoC specific headers. Which created an interesting
compile issue because of the order of syscall & errno/errno syscall
inclusion.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If MMU is enabled, always make the BSS section MMU page aligned.
According to the comments, it is always aligned anyway.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Some drivers or tests need to execute some code before Zephyr is
booted, dynamically register command line arguments, etc.
For this purpose, we generalize the NATIVE_EXIT_TASK to also
provide hooks to run a function at a given point during the startup
of native_posix.
Also, test/boards/native_posix/exit_tasks is generalized to cover
this new functionality.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The .eh_frame symbol was causing __data_rom_start to contain the wrong
offset into the ROM, resulting in corrupt data copied into RAM by
_data_copy(). Fix by placing the .eh_frame in the .text section as is
done in include/arch/x86/linker.ld
Signed-off-by: Nathaniel Graff <nathaniel.graff@sifive.com>
When building the real mode, the linker definition has to place
the real mode entry code at the start of flash area.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
This commit adds the implementation that allows the ARM CPU
to recover from (otherwise fatal) MPU faults. A new error
reason, _NANO_ERR_RECOVERABLE, is introduced. The error
reason is used to suppress fault dump information, if the
error is actually recoverable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Shouldn't declare this and then pull in headers, fixes
error like "util.h:41:1: error: template with C linkage"
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Shouldn't declare this and then pull in headers, fixes
errors like "util.h:41:1: error: template with C linkage"
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some of the native application components or drivers need to
do a proper cleanup before the executable exits.
So we provide a macro similar to SYS_INIT but which will be
called just before exiting.
This can be used for freeing up resources, closing descriptors,
or doing any neccessary signaling to any other host process.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Change the REGION_FLASH_ATTR macros to set the cache attributes on Flash
regions to "Outer and inner write-through. No write allocate.". This
matches the cache attributes used when the MPU is disabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Change the REGION_RAM_ATTR macro to set the cache attributes on RAM
regions to "Outer and inner write-back. Write and read allocate". This
matches the cache attributes used when the MPU is disabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix NORMAL_OUTER_INNER_WRITE_BACK_WRITE_READ_ALLOCATE_NONSHAREABLE, the
bufferable bit should be set, while the shareable one should not be set.
At the same time, rename it from ..._NONSHAREABLE to _NON_SHAREABLE to
keep the same naming convention for all macro. Given it's not (yet)
used, it should not be an issue.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reduces the number of mpu regions statically reserved at boot time by
one, giving a total of five. We originally sought to reduce the total to
three: 1 background region with lowest precendence for supervisor r/w, 1
flash region, and 1 sram region. However, the nxp mpu hardware does not
give precedence to any region over another, and thus we cannot revoke
access from the background region with a higher priority region. This
means we cannot support hardware stack protection with a single
background region.
Instead, create two background regions that cover the entire address
space, except for sram.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Fix the title comment in the linker.ld script for ARM, to
make it clear that this is the common linker script for all
Cortex-M based platforms.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit re-defines the REGION_SIZE_<x> macros, present in
include/arch/arm/cortex_m/mpu/arm_mpu_v7m.h, with the help of
the existing ARM MPU regions size definitions in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors internal functions in arm_mpu.c to use
bitsets and functions taken directly from ARM CMSIS instead of
hardcoded arithmetic literals. In several internal functions
some part of the implementation is abstracted further in inline
functions or convenience macros, to facilitate extending the
arm_mpu.c for ARMv8-M. In addition, the commit adds minor
improvements in internal function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the macro definitions and convenience wrappers
for ARM MPU that are specific to ARMv6-m, and ARMv7-m to an
arch-specific MPU header file. It leaves only the generic
content in arm_mpu.h, i.e. the content that is supposed to
be common for ARMv8-M MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit modifies the interal macro defitions for MPU region
attributes in arm_mpu.h to use bitset flags directly from CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the redundant HAL definition for the ARM
Cortex-M MPU registers, and modifies the ARM MPU driver
implementation to directly use the provided HAL from CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The entry point can and therefore should be set by linker
scripts. Whenever possible one should express things in the source
language, be it .c or .ld, and not in code generators or in the build
system.
This patch removes the flag -eCONFIG_KERNEL_ENTRY from the linker's
command line and replaces it with the linker script command
ENTRY(CONFIG_KERNEL_ENTRY)
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is a public macro which calculates the size to be allocated for
stacks inside a stack array. This is necessitated because of some
internal padding (e.g. for MPU scenarios). This is particularly
useful when a reference to K_THREAD_STACK_ARRAY_DEFINE needs to be
made from within a struct.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
* We are now *much* better at not reserving unnecessary
system MPU regions based on configuration. The #defines
for intent are now an enumerated type. As a bonus, the
implementation of _get_region_index_by_type() is much
simpler. Previously we were wasting regions for stack guard
and application memory if they were not configured.
* NXP MPU doesn't reserve the last region if HW stack
protection isn't enabled.
* Certain parts of the MPU code are now properly ifdef'd
based on configuration.
* THREAD_STACK_REGION and THREAD_STACK_USER_REGION was a
confusing construction and has now been replaced with
just THREAD_STACK_REGION, which represents the MPU region
for a user mode thread stack. Supervisor mode stacks
do not require an MPU region.
* The bounds of CONFIG_APPLICATION_MEMORY never changes
and we just do it once during initialization instead of
every context switch.
* Assertions have been added to catch out-of-bounds cases.
Fixes: #7384
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
intList has been populated with the number of isrs, aka interrupts,
but nothing has not been using this information so we drop it and
everything used to construct it.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This commit includes the arch/arm/cortex_m/cmsis.h directly
in arm_mpu.h. This is requires as arm_mpu.h uses CMSIS macro
defines directly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
All architecture defines OCTET_TO_SIZEOFUNIT and SIZEOFUNIT_TO_OCTET
as identity functions. But the only user is tests/benchmarks/app_kernel.
It's effectively a no-op. Remove them.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
Set Zero Latency IRQ to priority level zero and SVCs to priority level
one when Zero Latency IRQ is enabled.
This makes Zero Zatency truly zero latency when the kernel has been
configured with userspace enabled, or when IRQ offloading is used.
Exceptions can still delay Zero Latency IRQ, but this is considered
ok since exceptions indicate a serious error, and the system needs to
recover.
Fixes: #7869
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit moves code from fe310 platform into RISC-V privilege common
folder. This way the code can be reused by other platforms in future.
signed-off-by: Karol Gugala <kgugala@antmicro.com>
This commit removes the macro definitions for MPU_RASR register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macro definitions for MPU_RBAR register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macro definitions for MPU_CTRL register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
* the original stack check codes have no consideration
for userspace case. This will wrong cause possible stack
check exception.
* this commit refactors the arc stack check support to
support the usperspace.
* this commit fixes#7885. All the failed tests in #7885
are run again to verify this commit. The test results are ok
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Previously, the stack buffer array wasn't being page-aligned.
If private kernel data was stored after the stack buffer in
the same page, the current thread would incorrectly have
access to it. Round stack sizes up on x86 to prevent this
problem.
Fixes#8118
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The r7 register is used as a frame pointer on ARM Thumb. As result, it
cannot be modified by the assembly code in functions using stack frame.
This commit replaces r7 by r8, which is a general purpose register.
Also it fixes#7704.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Change the zero latency interrupt priority level from 2 to 1.
This is the priority level that the kernel has reserved for the
zero latency IRQ feature by the _IRQ_PRIO_OFFSET constant.
The zero latency IRQ will now not be masked by the irq_lock function.
Update comments to reflect the priority levels reserved by the kernel.
Fixes: #8073
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Because the address alignment of MPUv2, the address should
not only be aligned at the start but also for the array member.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
This commit removes a redundant #ifdef check for
CONFIG_CPU_CORTEX_M_HAS_BASEPRI, which is covered
CONFIG_CPU_CORTEX_M_HAS_PROGRAMMABLE_FAULT_PRIOS, present
in the same ifdef check.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
CONFIG_UART_NSIM depends on CONFIG_NSIM, which was removed in commit
9bc69a46fa ("boards: Update arc em_starterkit support from 2.2 to
2.3"). Remove the dependency, and also remove the CONFIG_NSIM=y setting
from the test_nsim test (which should now work).
Also change the condition for EXTERN()ing _VectorTable in
include/arch/arc/v2/linker.ld to check CONFIG_UART_NSIM instead of
CONFIG_NSIM. I'm guessing the EXTERN() is there to make the symbol
visible to nSIM, though I don't know anything about it.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Upon return from a syscall handlers, the r1, r2, and r3 registers
could contain random kernel data that should not be leaked to user
mode. Zero these out before returning from _arm_do_syscall().
Fixes#7753.
The invocation macros need a clobber if r1, r2, or r3 are not used
to carry syscall arguments. This is a partial fix for #7754 but
there appear to be other issues.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Set bus master 4 to write and read access which allows
the USBFSOTG controller read/write access to the memory.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
This commit fixes the SecureFault IRQ number for non-CMSIS
compliant ARM Cortex-M MCUs. Erroneous IRQ number was introduced
in ec398e87796f8da2529f369746ae9b2b12d48ca4.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Newlib uses any RAM between _end and the bounds of physical
RAM for the _sbrk() heap. Set up a user-writable region
so that this works properly on x86.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Modify the linker script with the command INSERT.
It instructs the linker to augment the default linker script
SECTIONS with the ones provided with the one provided in
this script.
It also modified the meaning of the -T switch, so it no longer
replaces the default linker script
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
intel_s1000 has multiple levels of interrupts consisting of core, CAVS
Logic and designware interrupt controller. This patchset modifies
the regular gen_isr mechanism to support these multiple levels.
Change-Id: I0450666d4e601dfbc8cadc9c9d8100afb61a214c
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
intel_s1000 uses DesignWare IP for UART. National Semiconductor
16550 (UART) component specification is followed in this IP.
Change-Id: Ied7df1dc178d55b6dbe71d729d6383ba07274ea4
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
When MMU is enabled and the SOC we are running doesn't have
execute in-place(XIP) the final image will be a monolith which
sits in RAM. In such situations we need to maintain the alignment
for application memory. If not maintained the MMU boot tables
will not be configured properly.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
These functions were not used throughout the Zephyr code base, and
as such has been removed. They can be reinstated if there's a need,
but will need to be adapted to use retpolines when CONFIG_RETPOLINE
is set.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
In order to mitigate Spectre variant 2 (branch target injection), use
retpolines for indirect jumps and calls.
The newly-added hidden CONFIG_X86_NO_SPECTRE flag, which is disabled
by default, must be set by a x86 SoC if its CPU performs speculative
execution. Most targets supported by Zephyr do not, so this is
set to "y" by default.
A new setting, CONFIG_RETPOLINE, has been added to the "Security
Options" sections, and that will be enabled by default if
CONFIG_X86_NO_SPECTRE is disabled.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The original exception handling has space to optimize and
and some bugs need to be fixed.
* define NANO_ESF
* add the definition of NANO_ESF which is an irq_stack_frame
* add the corresponding codes in exception entry and handler
* remove _default_esf
* implement the _ARCH_EXCEPT
* use trap exception to raise exception by kernel
* add corresponding trap exception entry
* add _do_kernel_oops to handle the exception raised by
_ARCH_EXCEPT.
* add the thread context switch in exception return
* case: kernel oops may raise thread context switch
* case: some tests will re-implement SysFatalHandler to raise
thread context switch.
* as the exception and isr are handled in kernel isr stack, so
the thread context switch must be in the return of exception/isr
, and the exception handler must return, should not be decorated
with FUNC_NORETURN
* for arc, _is_in_isr should consider the case of exception
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
This patch changes the ARM system calls to use registers for passing
or arguments. This removes the possibility of stack issues when
callers do not adhere to the AAPCS.
Fixes#6802
Signed-off-by: Andy Gross <andy.gross@linaro.org>
User mode shouldn't be able to read/write to this memory directly,
needs to be done on its behalf by driver system calls.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Define IRQ number for SecureFault Handler when building Secure
Firmware for non-CMSIS-compliant ARM Cortex-M MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macros for ARM fault flags from
include/arch/arm/cortex_m/cmsis.h header, since they are
defined in the respective core_cmXX.h header files. It also
modifies fault.c to use the updated fault macros taken directly
from ARM CMSIS headers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug in the ARM HardFAult handler, which
prevented from dumping the right UsageFault flags, after a
UsageFault had escalated to HardFault.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In asm2, the machine exception handler runs in interrupt context (this
is good: it allows us to defer the test against exception type until
after we have done the stack switch and dispatched any true
interrupts), but that means that the user error handler needs to be
invoked and then return through the interrupt exit code.
So the __attribute__(__noreturn__) that it was being decorated with
was incorrect. And actually fatal, as with gcc xtensa will crash
trying to return from a noreturn call.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The xtensa arch code had this empty offsets.h header sitting around.
Its name collides with the autogenerated offsets.h, making it
dangerously dependent on include file path order. Seems to be benign,
but it's freaking me out. Remove.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The new thread stack layout is as follow:
|---------------------|
| user stack |
|---------------------|
| stack guard (opt.) |
|---------------------|
| privilege stack |
-----------------------
For MPUv2
* user stack is aligned to the power of 2 of user stack size
* the stack guard is 2048 bytes
* the default size of privileg stack is 256 bytes.
For user thread, the following MPU regions are needded
* one region for user stack, no need of stack guard for user stack
* one region for stack guard when stack guard is enbaled
* regions for memory domain.
For kernel thread, the stack guard region will be at the top, adn
The user stack and privilege stack will be merged.
MPUv3 is the same as V2's layout, except no need of power of 2
alignment.
* reimplement the user mode enter function. Now it's possible for
kernel thread to drop privileg to user thread.
* add a separate entry for user thread
* bug fixes in the cleanup of regs when go to user mode
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The application memory area has a requirement of address alignment,
especially when MPU requires power of 2.
Modify the linker tmemplate to apply application memory address
alignment generation
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Enable us bit to check user mode more efficienly.
US is read as zero in user mode. This will allow use mode sleep
instructions, and it enables a form of denial-of-service attack
by putting the processor in sleep mode, but since interrupt
level/mask can't be set from user space that's not worse than
executing a loop without yielding.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add the implementation of syscall
* based on 'trap_s' intruction, id = 3
* add the privilege stack
* the privilege stack is allocted with thread stack
* for the kernel thread, the privilege stack is also a
part of thread stack, the start of stack can be configured
as stack guard
* for the user thread, no stack guard, when the user stack is
overflow, it will fall into kernel memory area which requires
kernel privilege, privilege violation will be raised
* modify the linker template and add MPU_ADDR_ALIGN
* add user space corresponding codes in mpu
* the user sp aux reg will be part of thread context
* When user thread is interruptted for the 1st time, the context is
saved in user stack (U bit of IRQ_CTLR is set to 1). When nest
interrupt comes, the context is saved in thread's privilege stack
* the arc_mpu_regions.c is moved to board folder, as it's board
specific
* the above codes have been tested through tests/kernel/mem_protect/
userspace for MPU version 2
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
This patch adjusts the default permissions on the bus master 3 (NET).
Recent changes restricted this to supervisor only, and this caused
issues with the network controllers access to memory.
Restrictions on access should really be enforced on the ARM core bus
master.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds a configure_mpu_user_context API and implements
the required function placeholders in the NXP and ARM MPU files.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The STM32 has special Core Coupled Memory, ccm for short, that can
only be accessed through the CPU and can not be use for DMA.
The following 3 sections have been added.
- ccm_bss for zero initialized data
- ccm_data for initialized data
- ccm_noinit for uninitialized data
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
This feature is X86 only and is not used or being tested. It is legacy
feature and no one can prove it actually works. Remove it until we have
proper documentation and samples and multi architecture support.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit defines the Kconfig options for
ARM Cortex-M23 and Cortex-M33 CPUs. It also
udpates the generic memory map for M23 and M33
implementations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds the generation and incorporation of privileged stack
regions that are used by ARM user mode threads. This patch adds the
infrastructure for privileged stacks. Later patches will utilize the
generated stacks and helper functions.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds application data section alignment constraints
to match the region definition requirements for ARM MPUs. Most MPUs
require a minimum of 32 bytes of alignment for any regions, but some
require power of two alignment to the size of a region.
This requires that the linker align the application data section to
the size of the section. This requires a linker pass to determine the
size. Once this is accomplished the correct value is added to a linker
include file that is utilized in subsequent linker operations.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
For SoCs that don't support vector table relocation in hardware, may not
support bootloader like mcuboot.
We introduce a way to relocate vector table in software by forwarding
the control of incoming IRQs to a new vector table which address is save
at fixed SRAM address.
User can change the data in that fixed SRAM address in order to relocate
vector table in software way.
Signed-off-by: Ding Tao <miyatsu@qq.com>
Refering the ARM's implementation, the initial support of memory
domain in ARC is added:
* changes in MPU drivers
* changes in Kconfig
* codes to configure memory domain during thread swap
* changes in linker script template
* memory domain related macro definitions
the commited codes are simply tested through
samples/mpu/mem_domain_apis_test.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The _vector_start was placed before the CONFIG_TEXT_SECTION_OFFSET, thus
adding the offset in the relocated vector table, making the table
invalid when relocated with a non null CONFIG_TEXT_SECTION_OFFSET.
This was tested using MCUboot with a 0x200 offset for the image header.
Fixes: eb48a0a73c ("arm: armv6-m: Support relocating vector table")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
A new arch (posix) which relies on pthreads to emulate the context
switching
A new soc for it (inf_clock) which emulates a CPU running at an
infinely high clock (so when the CPU is awaken it runs till completion
in 0 time)
A new board, which provides a trivial system tick timer and
irq generation.
Origin: Original
Fixes#1891
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add an architecure specfic code for the memory domain
configuration. This is needed to support a memory domain API
k_mem_domain_add_thread.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
MPU version 3 is included in em7d of em_starterkit 2.3.
The differences of MPU version 3 and version 2 are:
* different aux reg interface
* The address alignment requirement is 32 bytes
* supports secure mode
* supports SID (option)
* does not support memory region overlap
This commit adds the support MPU version 3 and also make some changes to
MPU version 2 to have an unified interface.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
In ARC's SecureShield, a new secure mode (currently only em) is added.
The secure/normal mode is orthogonal to kernel/user mode. The
differences between secure mode and normal mode are following:
* different irq stack frame. so need to change the definition of
_irq_stack_frame, assembly code.
* new aux regs, e.g, secure status(SEC_STAT), secure vector base
(VECT_BASE_S)
* interrupts and exceptions, secure mode has its own vector base;
interrupt can be configured as secure or normal through the
interrupt priority aux reg.
* secure timers. Two secure timers (secure timer 0 and timer 1) are
added.Here, for simplicity and backwards compatibility original
internal timers (timer 0 and timer1) are used as sys clock of zephyr
* on reset, the processor is in secure mode and secure vector base is
used.
Note: the mix of secure and normal mode is not supported, i.e. it's
assumed that the processor is always in secure mode.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Define _image_rodata_start/end to match x86 and so that we can
refer to them in the userspace test among others.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Implement API to validate user buffer. This API will iterate
all MPU regions to check if the given buffer is user accessible
or not. For #3832.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Added architecture specific support for memory domain destroy
and remove partition for arm and nxp. An optimized version of
remove partition was also added.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This is intended for memory-constrained systems and will save
4K per thread, since we will no longer reserve room for or
activate a kernel stack guard page.
If CONFIG_USERSPACE is enabled, stack overflows will still be
caught in some situations:
1) User mode threads overflowing stack, since it crashes into the
kernel stack page
2) Supervisor mode threads overflowing stack, since the kernel
stack page is marked non-present for non-user threads
Stack overflows will not be caught:
1) When handling a system call
2) When the interrupt stack overflows
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an introductory port for Zephyr to be run as a Jailhouse
hypervisor[1]'s "inmate cell", on x86 64-bit CPUs (running on 32-bit
mode). This was tested with their "tiny-demo" inmate demo cell
configuration, which takes one of the CPUs of the QEMU-VM root cell
config, along with some RAM and serial controller access (it will even
do nice things like reserving some L3 cache for it via Intel CAT) and
Zephyr samples:
- hello_world
- philosophers
- synchronization
The final binary receives an additional boot sequence preamble that
conforms to Jailhouse's expectations (starts at 0x0 in real mode). It
will put the processor in 32-bit protected mode and then proceed to
Zephyr's __start function.
Testing it is just a matter of:
$ mmake -C samples/<sample_dir> BOARD=x86_jailhouse JAILHOUSE_QEMU_IMG_FILE=<path_to_image.qcow2> run
$ sudo insmod <path to jailhouse.ko>
$ sudo jailhouse enable <path to configs/qemu-x86.cell>
$ sudo jailhouse cell create <path to configs/tiny-demo.cell>
$ sudo mount -t 9p -o trans/virtio host /mnt
$ sudo jailhouse cell load tiny-demo /mnt/zephyr.bin
$ sudo jailhouse cell start tiny-demo
$ sudo jailhouse cell destroy tiny-demo
$ sudo jailhouse disable
$ sudo rmmod jailhouse
For the hello_world demo case, one should then get QEMU's serial port
output similar to:
"""
Created cell "tiny-demo"
Page pool usage after cell creation: mem 275/1480, remap 65607/131072
Cell "tiny-demo" can be loaded
CPU 3 received SIPI, vector 100
Started cell "tiny-demo"
***** BOOTING ZEPHYR OS v1.9.0 - BUILD: Sep 12 2017 20:03:22 *****
Hello World! x86
"""
Note that the Jailhouse's root cell *has to be started in xAPIC
mode* (kernel command line argument 'nox2apic') in order for this to
work. x2APIC support and its reasoning will come on a separate commit.
As a reminder, the make run target introduced for x86_jailhouse board
involves a root cell image with Jailhouse in it, to be launched and then
partitioned (with >= 2 64-bit CPUs in it).
Inmate cell configs with no JAILHOUSE_CELL_PASSIVE_COMMREG flag
set (e.g. apic-demo one) would need extra code in Zephyr to deal with
cell shutdown command responses from the hypervisor.
You may want to fine tune CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC for your
specific CPU—there is no detection from Zephyr with regard to that.
Other config differences from pristine QEMU defaults worth of mention
are:
- there is no HPET when running as Jailhouse guest. We use the LOAPIC
timer, instead
- there is no PIC_DISABLE, because there is no 8259A PIC when running
as a Jailhouse guest
- XIP makes no sense also when running as Jailhouse guest, and both
PHYS_RAM_ADDR/PHYS_LOAD_ADD are set to zero, what tiny-demo cell
config is set to
This opens up new possibilities for Zephyr, so that usages beyond just
MCUs come to the table. I see special demand coming from
functional-safety related use cases on industry, automotive, etc.
[1] https://github.com/siemens/jailhouse
Reference to Jailhouse's booting preamble code:
Origin: Jailhouse
License: BSD 2-Clause
URL: https://github.com/siemens/jailhouse
commit: 607251b44397666a3cbbf859d784dccf20aba016
Purpose: Dual-licensing of inmate lib code
Maintained-by: Zephyr
Signed-off-by: Gustavo Lima Chaves <gustavo.lima.chaves@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
We were unnecessarily pulling in headers which resulted in kernel.h
being pulled in, which is undesirable since arch/cpu.h pulls in
these headers.
Added integral type headers since we do need those.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
kernel.h depends on arch.h, and reverse dependencies need to be
removed. Define k_tid_t as some opaque pointer type so that arch.h
doesn't have to pull in kernel.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This header needs Zephyr's specific type definitions. It also
needs struct k_mem_partition and struct k_mem_domain, but they
are defined opaquely here instead of pulling in kernel.h (which
would create nasty dependency loops)
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Created structures and unions needed to enable the software to
access these tables.
Also updated the helper macros to ease the usage of the MMU page
tables.
JIRA: ZEP-2511
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Some SOCs (e.g. STM32F0) can map the flash to address 0 and
the flash base address at the same time. Prevent writing to
duplicate flash address which stops the SOC.
Allow Cortex M SOCs to create their own vector table relocation
function.
Provide a relocation function for STM32F0x SOCs.
Fixes#3923
Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
arg6 is treated as a memory constraint. If that memory
address was expressed as an operand to 'mov' in the generated
code as an offset from the stack pointer, then the 'push'
instruction immediately before it could end up causing memory 4
bytes off from what was intended being passed in as the 6th
argument.
Add ESP register to the clobber list to fix this issue.
Fixes issues observed with k_thread_create() passing in a
NULL argument list with CONFIG_DEBUG=y.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to track permission on stack memory regions like we do
with other kernel objects. We want stacks to live in a memory
area that is outside the scope of memory domain permission
management. We need to be able track what stacks are in use,
and what stacks may be used by user threads trying to call
k_thread_create().
Some special handling is needed because thread stacks appear as
variously-sized arrays of struct _k_thread_stack_element which is
just a char. We need the entire array to be considered an object,
but also properly handle arrays of stacks.
Validation of stacks also requires that the bounds of the stack
are not exceeded. Various approaches were considered. Storing
the size in some header region of the stack itself would not allow
the stack to live in 'noinit'. Having a stack object be a data
structure that points to the stack buffer would confound our
current APIs for declaring stacks as arrays or struct members.
In the end, the struct _k_object was extended to store this size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These needed "memory" clobbers otherwise the compiler would do
unnecessary optimizations for parameters passed in as pointer
values.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add the following application-facing memory domain APIs:
k_mem_domain_init() - to initialize a memory domain
k_mem_domain_destroy() - to destroy a memory domain
k_mem_domain_add_partition() - to add a partition into a domain
k_mem_domain_remove_partition() - to remove a partition from a domain
k_mem_domain_add_thread() - to add a thread into a domain
k_mem_domain_remove_thread() - to remove a thread from a domain
A memory domain would contain some number of memory partitions.
A memory partition is a memory region (might be RAM, peripheral
registers, flash...) with specific attributes (access permission,
e.g. privileged read/write, unprivileged read-only, execute never...).
Memory partitions would be defined by set of MPU regions or MMU tables
underneath.
A thread could only belong to a single memory domain any point in time
but a memory domain could contain multiple threads.
Threads in the same memory domain would have the same access permission
to the memory partitions belong to the memory domain.
The memory domain APIs are used by unprivileged threads to share data
to the threads in the same memory and protect sensitive data from
threads outside their domain. It is not only for improving the security
but also useful for debugging (unexpected access would cause exception).
Jira: ZEP-2281
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
The compiler was complaining about impossible constraints since register
constraint was provided, but there are no general purpose registers left
available.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This wasn't working properly with CONFIG_APPLICATION_MEMORY enabled as
the sections weren't handled in the linker script.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A quick look at "man syscall" shows that in Linux, all architectures
support at least 6 argument system calls, with a few supporting 7. We
can at least do 6 in Zephyr.
x86 port modified to use EBP register to carry the 6th system call
argument.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Instead of a common system call entry function, we instead create a
table mapping system call ids to handler skeleton functions which are
invoked directly by the architecture code which receives the system
call.
* system call handler prototype specified. All but the most trivial
system calls will implement one of these. They validate all the
arguments, including verifying kernel/device object pointers, ensuring
that the calling thread has appropriate access to any memory buffers
passed in, and performing other parameter checks that the base system
call implementation does not check, or only checks with __ASSERT().
It's only possible to install a system call implementation directly
inside this table if the implementation has a return value and requires
no validation of any of its arguments.
A sample handler implementation for k_mutex_unlock() might look like:
u32_t _syscall_k_mutex_unlock(u32_t mutex_arg, u32_t arg2, u32_t arg3,
u32_t arg4, u32_t arg5, void *ssf)
{
struct k_mutex *mutex = (struct k_mutex *)mutex_arg;
_SYSCALL_ARG1;
_SYSCALL_IS_OBJ(mutex, K_OBJ_MUTEX, 0, ssf);
_SYSCALL_VERIFY(mutex->lock_count > 0, ssf);
_SYSCALL_VERIFY(mutex->owner == _current, ssf);
k_mutex_unlock(mutex);
return 0;
}
* the x86 port modified to work with the system call table instead of
calling a common handler function. fixed an issue where registers being
changed could confuse the compiler has been fixed; all registers, even
ones used for parameters, must be preserved across the system call.
* a new arch API for producing a kernel oops when validating system call
arguments added. The debug information reported will be from the system
call site and not inside the handler function.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- _arch_user_mode_enter() implemented
- _arch_is_user_context() implemented
- _new_thread() will honor K_USER option if passed in
- System call triggering macros implemented
- _thread_entry_wrapper moved and now looks for the next function to
call in EDI
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- There's no point in building up "validity" (declared volatile for some
strange reason), just exit with false return value if any of the page
directory or page table checks don't come out as expected
- The function was returning the opposite value as its documentation
(0 on success, -EPERM on failure). Documentation updated.
- This function will only be used to verify buffers from user-space.
There's no need for a flags parameter, the only option that needs to
be passed in is whether the buffer has write permissions or not.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The byte ones are required for ns16550 uart driver which is
present on some arm socs. Add half-word ones for completeness.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This was felt to be necessary at one point but actually isn't.
- When a thread is initialized to use a particular stack, calls will be
made to the MMU/MPU to restrict access to that stack to only that
thread. Once a stack is in use, it will not be generally readable even
if the buffer exists in application memory space.
- If a user thread wants to create a thread, we will need to have some
way to ensure that whatever stack buffer passed in is unused and
appropriate. Since unused stacks in application memory will be generally
accessible, we can just check that the calling thread to
k_thread_create() has access to the stack buffer passed in, it won't if
the stack is in use.
On ARM we had a linker definition for .stacks, but currently stacks are
just tagged with __noinit (which is fine).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.
The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.
- CONFIG_USERSPACE introduced. We are somewhat far away from having an
end-to-end implementation, but at least need a Kconfig symbol to
guard the incoming code with. Formal documentation doesn't exist yet
either, but will appear later down the road once the implementation is
mostly finalized.
- In the memory region for RAM, the data section has been moved last,
past bss and noinit. This ensures that inserting generated tables
with addresses of kernel objects does not change the addresses of
those objects (which would make the table invalid)
- The DWARF debug information in the generated ELF binary is parsed to
fetch the locations of all kernel objects and pass this to gperf to
create a perfect hash table of their memory addresses.
- The generated gperf code doesn't know that we are exclusively working
with memory addresses and uses memory inefficently. A post-processing
script process_gperf.py adjusts the generated code before it is
compiled to work with pointer values directly and not strings
containing them.
- _k_object_init() calls inserted into the init functions for the set of
kernel object types we are going to support so far
Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
* apply STACK_GUARD_SIZE, no extra space will be added if
MPU_STACK_GUARD is disabled
* When ARC_STACK_CHECKING is enabled, MPU_STACK_GUARD will be
disabled
* add two new api: arc_core_mpu_default and arc_core_mpu_region
to configure mpu regions
* improve arc_core_mpu_enable and arc_core_mpu_disable
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add arc mpu driver
* modify the corresponding kconfig and kbuild
* currently only em_starterkit 2.2's em7d configuration
has mpu feature (mpu version 2)
* as the minimum region size of arc mpu version 2 is 2048 bytes and
region size should be power of 2, the stack size of threads
(including main thread and idle thread) should be at least
2048 bytes and power of 2
* for mpu stack guard feature, a stack guard region of 2048 bytes
is generated. This brings more memory footprint
* For arc mpu version 3, the minimum region size is 32 bytes.
* the codes are tested by the mpu_stack_guard_test and stackprot
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Fix misspellings in .h files missed during code reviews
and affecting generated API documentation
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
An abnormal crash was encountered in ARMv6-M SoCs that don't have flash
starting at 0. With Zephyr OS the reason for this crash is that, on
ARMv6-M the system requires an exception vector table at the 0 address.
We implement the relocate_vector_table function to move the vector table
code to address 0 on systems which don't have the start of code already
at 0.
[kumar.gala: reworderd commit message, tweaked how we check if we need
to copy vector table]
Signed-off-by: Xiaorui Hu <xiaorui.hu@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The Xtensa port was the only one remaining to be converted to the new
way of connecting interrupts in Zephyr. Some things are still
unconverted, mainly the exception table, and this will be performed
another time.
Of note: _irq_priority_set() isn't called on _ARCH_IRQ_CONNECT(), since
IRQs can't change priority on Xtensa: while the architecture has the
concept of interrupt priority levels, each line has a fixed level and
can't be changed.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This patch adjusts the ARM MPU implementation to be compliant to the
recent changes that introduced the opaque kernel data types.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch always defines the ARCH_THREAD_STACK_XXX macros/functions
regardless of the MPU_STACK_GUARD usage. Only use MPU_STACK_GUARD when
determining the minimum stack alignment.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The mimimum mpu size is 32 bytes, but requires mpu base address to be
aligned on 32 bytes to work. Define architecture thread macro when
MPU_STACK_GUARD config to allocate stack with 32 more bytes.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
This patch adds the allow flash write CONFIG option to the ARM MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
This patch adds the allow flash write CONFIG option to the NXP MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
This is a simpler memory arrangement; RAM will start with
app data, and everything after it is either kernel data or
unclaimed memory reserved for the kernel's use.
New linker variables are also implemented here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Kernel data size shifts in between linker passes due to the addition
of the page tables. We would like application memory bounds to
remain fixed so that we can program the MMU permissions for it
at build time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Page faults will additionally dump out some interesting
page directory and page table flags for the faulting
memory address.
Intended to help determine whether the page tables have been
configured incorrectly as we enable memory protection features.
This only happens if CONFIG_EXCEPTION_DEBUG is turned on.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Subsequent patches will set this guard page as unmapped,
triggering a page fault on access. If this is due to
stack overflow, a double fault will be triggered,
which we are now capable of handling with a switch to
a know good stack.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now create a special IA hardware task for handling
double faults. This has a known good stack so that if
the kernel tries to push stack data onto an unmapped page,
we don't triple-fault and reset the system.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We will need this for stack memory protection scenarios
where a writable GDT with Task State Segment descriptors
will be used. The addresses of the TSS segments cannot be
put in the GDT via preprocessor magic due to architecture
requirments that the address be split up into different
fields in the segment descriptor.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This has one use-case: configuring the double-fault #DF
exception handler to do an IA task switch to a special
IA task with a known good stack, such that we can dump
diagnostic information and then panic.
Will be used for stack overflow detection in kernel mode,
as otherwise the CPU will triple-fault and reset.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A user space buffer must be validated before required operation
can proceed. This API will check the current MMU
configuration to determine if the buffer held by the user is valid.
Jira: ZEP-2326
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This needs to be in <arch/cpu.h> so that it can be called
from the k_panic()/k_oops() macros in kernel.h.
Fixes build errors on these arches when using k_panic() or
k_oops().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Different areas of memory will need to have different access
policies programmed into the MMU. We introduce MMU page alignment
to the following areas:
- The boundaries of the image "ROM" area
- The beginning of RAM representing kernel datas/bss/nonit
- The beginning of RAM representing app datas/bss/noinit
Some old alignment directives that are no longer necessary have
been removed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch splits out the application data and bss from the
rest of the kernel. Choosing CONFIG_APPLICATION_MEMORY will
result in the application and kernel being split.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Implements CONFIG_APPLICATION_MEMORY for x86. Working in
XIP and non-XIP configurations.
This patch does *not* implement any alignment constraints
imposed by the x86 MMU, such enabling will be done later.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
patch adds necessary files and does the modification to the existing
files to add device support for x86 based intel quark microcontroller
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
This is unmaintained and currently has no known users. It was
added to support a Wind River project. If in the future we need it
again, we should re-introduce it with an exception-based mechanism
for catching out-of-bounds memory queries from the debugger.
The mem_safe subsystem is also removed, it is only used by the
GDB server. If its functionality is needed in the future, it
shoudl be replaced with an exception-based mechanism.
The _image_{ram, rom, text}_{start, end} linker variables have
been left in place, they will be re-purposed and expanded to
support memory protection.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The porting of the TI CC2650 SoC introduces the need to
write a specific configuration area (CCFG) at the end of the
flash. It is read by the bootloader ROM of the SoC.
For now, this is a quick hack and not a generic solution;
similar needs may arise with other hardware.
Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@smile.fr>
Clearing fields in the region descriptor attributes doesn't always have
the expected effect of revoking permissions. In the case of bus master
supervisor mode fields (MxSM), setting to zero actually enables read,
write, and execute access.
When we reworked handling of region descriptor 0, we inadvertently
enabled execution from RAM by clearing the MxSM fields and enabling the
descriptor. This caused samples/mpu_test run to throw a usage fault
instead of an MPU-triggered bus fault.
Fix this by setting all the MxSM fields to 2'b11, which gives supervisor
mode the same access as user mode.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
We need to make sure that __NVIC_PRIO_BITS & CONFIG_NUM_IRQ_PRIO_BITS
are set to the same value. Add a simple build time check to ensure
this is the case. This is to catch future cases of issues like
ZEP-2243. This is a stop gap til we resolve ZEP-2262, which covers use
of both __NVIC_PRIO_BITS & CONFIG_NUM_IRQ_PRIO_BITS.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Macro is used to create a structure to specify the boot time
page table configuration. Needed by the gen_mmu.py script to generate
the actual page tables.
Linker script is needed for the following:
1. To place the MMU page tables at 4KByte boundary.
2. To keep the configuration structure created by
the Macro(mentioned above).
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Fixes an issue where if a thread calls k_panic() or k_oops()
with interrupts locked, control would return to the thread
and it would only be aborted after interrupts were unlocked
again.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The REGION bits (bit[3:0]) of MPU_RBAR register can specify the number
of the region to update if the VALID bit (bit[4]) is also set.
If the bit[3:0] of "region_addr" are not zero, might cause to update
unexpected region. This could happen since we might not declare stack
memory with specific alignment.
This patch will mask the bit[4:0] of "region_addr" to prevent updating
unexpected region.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Inserting the IDT results in any data afterwards being shifted.
We want the memory addresses between the zephyr_prebuilt.elf
and zephyr.elf to be as close as possible. Insert some dummy
data in the linker script the same size as the gen_idt data
structures. Needed for forthcoming patches which generate MMU
page tables at build time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Calling 'svc' on ARMv6 causes a hard fault if interrups are locked.
Force them unlocked before making the svc call.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ethernet on K64F is connected via Logical Bus Master 3.
Section 19.3.8 of K64F reference manual establishes bits 20-18
(M3UM) on page 427 as "Bus Master 3 User Mode Access Control".
To fix RWX user mode access via Bus Master 3 when MPU is enabled,
we need to add these bits to the MPU region descriptors.
This fixes ETH0 on K64F when MPU is enabled.
Fix recommended by Maureen Helm <maureen.helm@nxp.com>
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Let's clarify what bits are being set by removing magic numbers in the
MPU READ/WRITE/EXECUTE User Mode and Supervisor Mode defines.
Signed-off-by: Michael Scott <michael.scott@linaro.org>
This patch add arm core MPU support to NXP MPU driver.
With this feature it is now possible to enable stack guarding on NXP
MPUs.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Here are the main changes:
* board: Update EMSK onboard resources such as Button, Switch and LEDs
+ update soc.h for em7d, em9d, em11d
+ update board.h for em_starterkit board
* arc: Add floating point support and code density support
+ add kconfig configuration
+ add compiler options
+ add register definitions, marcos, assembly codes
+ fixes in existing codes and configurations.
* arc: Update detailed board configurations for cores of emsk 2.3
* script: Provide arc_debugger.sh for debugging em_starterkit board
+ make BOARD=em_starterkit debug
This will start openocd server for emsk, and arc gdb will connect
to this debug server, user can run `continue` command if user just
want to run the application, or other commands if debugging needed.
+ make BOARD=em_starterkit debugserver
This will start an openocd debugger server for emsk, and user can
connect to this debugserver using arc gdb and do what they want to.
+ make BOARD=em_starterkit flash
This will download the zephyr application elf file to emsk,
and run it.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
This patch add arm core MPU support to ARM MPU driver.
Change-Id: I5a61da4615ae687bf42f1c9947e291ebfd2d2c1d
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds the arm core MPU interface, a common way to access the
pu functionalities by the arm zephyr kernel.
The interface can be divided in two parts:
- a core part that will be implemented by the arm_core_mpu driver and
used directly by the kernel
- a driver part that will be implemented by the mpu drivers and used by
the arm_core_mpu driver
Change-Id: I590bd284abc40d98b06fdf1efb5800903313aa00
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds initial MPU support to NXP K6x family.
The boot configuration prevents the following security issues:
* Prevent to read at an address that is reserved in the memory map.
* Prevent to write into the boot Flash/ROM.
* Prevent from running code located in SRAM.
This driver has been tested on FRDM-K64F.
Change-Id: I907168fff0c6028f1c665f1d3c224cbeec31be32
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
For various reasons its often necessary to generate certain
complex data structures at build-time by separate tools outside
of the C compiler. Data is populated to these tools by way of
special binary sections not intended to be included in the final
binary. We currently do this to generate interrupt tables, forthcoming
work will also use this to generate MMU page tables.
The way we have been doing this is to generatea "kernel_prebuilt.elf",
extract the metadata sections with objcopy, run the tool, and then
re-link the kernel with the extra data *and* use objcopy to pull
out the unwanted sections.
This doesn't scale well if multiple post-build steps are needed.
Now this is much simpler; in any Makefile, a special
GENERATED_KERNEL_OBJECT_FILES variable may be appended to containing
the filenames to the generated object files, which will be generated
by Make in the usual fashion.
Instead of using objcopy to pull out, we now create a linker-pass2.cmd
which additionally defines LINKER_PASS2. The source linker script
can #ifdef around this to use the special /DISCARD/ section target
to not include metadata sections in the final binary.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These are macros that are expected to be defined at all times by
the compiler. We need them at the very beginning of kernel.h for
the k_thread definition, before it's possible to include arch.h.
Make a special toolchain header for XCC compiler and place these
defines in there. Otherwise inherit all the other GCC defines.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We don't use __scs or __scp anymore so we can remove the related linker
script and various defines and such associated with them.
Change-Id: Ibbbe27c23a3f2b816b992dfdeb4f80cf798e0d40
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
CC3220SF_LAUNCHXL effectively replaces the CC3200_LAUNCHXL,
with support for the CC3220SF SoC, which is an update for
the CC3200 SoC.
This is supported by the Texas Instruments CC3220 SDK.
Jira: ZEP-1958
Change-Id: I2484d3ee87b7f909c783597d95128f2b45db36f2
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
Historically, space for struct k_thread was always carved out of the
thread's stack region. However, we want more control on where this data
will reside; in memory protection scenarios the stack may only be used
for actual stack data and nothing else.
On some platforms (particularly ARM), including kernel_arch_data.h from
the toplevel kernel.h exposes intractable circular dependency issues.
We create a new per-arch header "kernel_arch_thread.h" with very limited
scope; it only defines the three data structures necessary to instantiate
the arch-specific bits of a struct k_thread.
Change-Id: I3a55b4ed4270512e58cf671f327bb033ad7f4a4f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch add the Memory Protection Unit parameter to the arm core
configuration.
Change-Id: Ifee8cdd5738391a6f182e8d0382d27eeb8c546ba
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Marc Moreno <marc.morenoberengue@linaro.org>
Put the reason code in r0 and make a SVC #2 call, which will be
propagated to _fatal_error_handler as an exception.
The _is_in_isr() implementation had to be tweaked a bit. User-generated
SVC exception no longer just used for irq_offload(); just because we are
in it does not mean we are in interrupt context. Instead, have the
irq_offload code set and clear the offload_routine global; it will be
non-NULL only if it's in use. Upcoming changes to support memory
protection (which will require system calls) will need this too.
We free up some small amount of ROM deleting _default_esf struct as it's
no longer needed.
Issue: ZEP-843
Change-Id: Ie82bd708575934cffe41e64f5c128c8704ca4e48
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We reserve a specific vector in the IDT to trigger when we want to
enter a fatal exception state from software.
Disabled for drivers/build_all tests as we were up to the ROM limit
on Quark D2000.
Issue: ZEP-843
Change-Id: I4de7f025fba0691d07bcc3b3f0925973834496a0
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unlike assertions, these APIs are active at all times. The kernel will
treat these errors in the same way as fatal CPU exceptions. Ultimately,
the policy of what to do with these errors is implemented in
_SysFatalErrorHandler.
If the archtecture supports it, a real CPU exception can be triggered
which will provide a complete register dump and PC value when the
problem occurs. This will provide more helpful information than a fake
exception stack frame (_default_esf) passed to the arch-specific exception
handling code.
Issue: ZEP-843
Change-Id: I8f136905c05bb84772e1c5ed53b8e920d24eb6fd
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For exceptions where we are just going to abort the current thread, we
need to exit handler mode properly so that PendSV can run and perform a
context switch. For ARM architecture this means that the fatal error
handling code path can indeed return if we were 1) in handler mode and
2) only wish to abort the current thread.
Fixes a very long-standing bug where a thread that generates an
exception, and should only abort the thread, instead takes down the
entire system.
Issue: ZEP-2052
Change-Id: Ib356a34a6fda2e0f8aff39c4b3270efceb81e54d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. This handles the remaining includes and kernel, plus
touching up various points that we skipped because of include
dependancies. We also convert the PRI printf formatters in the arch
code over to normal formatters.
Jira: ZEP-2051
Change-Id: Iecbb12601a3ee4ea936fd7ddea37788a645b08b0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a start to move away from the C99 {u}int{8,16,32,64}_t types to
Zephyr defined u{8,16,32,64}_t and s{8,16,32,64}_t. This allows Zephyr
to define the sized types in a consistent manor across all the
architectures we support and not conflict with what various compilers
and libc might do with regards to the C99 types.
We introduce <zephyr/types.h> as part of this and have it include
<stdint.h> for now until we transition all the code away from the C99
types.
We go with u{8,16,32,64}_t and s{8,16,32,64}_t as there are some
existing variables defined u8 & u16 as well as to be consistent with
Zephyr naming conventions.
Jira: ZEP-2051
Change-Id: I451fed0623b029d65866622e478225dfab2c0ca8
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Scanning for typos in comments and strings.
Change-Id: I3d4db89e0824959252c79c19baa50028354247bd
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The CONFIG_FLASH_LOAD_OFFSET allows the zephyr image to be placed at
an offset from the start of flash. This is useful for situations,
such as with a bootloader, to allow the image to not occupy the very
beginning of flash.
Complement this by adding a CONFIG_FLASH_LOAD_SIZE config, that can
constrain the size of the flash image. With the default of zero, the
behavior is as before, with the image allowed to occupy the rest of
the flash. It can also be defined to a non-zero value which will
constrain the image to occupy that many bytes of flash.
Although this is defined generally, it is currently only supported on
cortex-m targets.
Change-Id: I6e4a0e79c8459f931cd4757c932d20dac740f5f6
Signed-off-by: David Brown <david.brown@linaro.org>
__BYTE_ORDER__, __ORDER_BIG_ENDIAN__ and __ORDER_LITTLE_ENDIAN__ are not
defined when building with xcc, but are defined when building with gcc.
Define them conditionally.
Change-Id: Ib205ffee28360aa240d61731b7a3d6f45401b4c1
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
The SiFive Freedom E310 SOC follows the riscv privilege
architecture specification and hence is declared within
the riscv privilege SOC family.
It also provides support for a riscv
Platform Level Interrupt Controller (PLIC)
Change-Id: I19ff0997eacc248f48444fc96566a105c6c02663
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
Updated the riscv-privilege SOC family to account for SOCs supporting
a Platform-level Interrupt Controller (PLIC) as specified by the
riscv privilege architecture.
riscv-privilege SOCs supporting a PLIC have to implement the following
list of APIs:
void riscv_plic_irq_enable(uint32_t irq);
void riscv_plic_irq_disable(uint32_t irq);
int riscv_plic_irq_is_enabled(uint32_t irq);
void riscv_plic_set_priority(uint32_t irq, uint32_t priority);
int riscv_plic_get_irq(void);
Change-Id: I0228574967348d572afc98a79257c697efc4309e
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
Current users of sys_bitfield*() are bending over backwards to cast
what is most of the times a pointer into an integer.
Bitfields can be better described with an void *, so
uint{8,16,32,64}_t or any other container can be used. Most
sys_bitfield*() operations, by extension, can do the same. Note void *
has byte arithmetic, like char *.
This change will also make it implicit, for any future split of the
address space between virtual (what the SW is seeing) and physical
(what the HW is seeing) way clearer, as the functions dealing with
physical, non directly referentiable/mappeable addreses to use an
integer type, like mem_addr_t.
- include/arch/ARCH/*asm_inline*:
- sys_bitfield*() all modified to take 'void *'
Note 'void *' arihtmethic is byte based, which makes some things
easier.
- include/sys_io.h:
- introduces DEFINE_BITFIELD
- update docs
- tests/kernel/bitfield: remove all the cast contortions, use DEFINE_BITFIELD
PENDING: update other TCs
- include/arch/nios/nios2.h, drivers/interrupt_controller/ioapic_intr.c:
remove cast contortions
Change-Id: I901e62c76af46f26ff0d29cdc37099597f884511
Jira: ZEP-1347
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
It's not entirely clear where the '%P' came from, but the proper,
documented operand modifier for inserting an immediate value without
punctuation is '%c'.
Change-Id: I17346a6c70183ce79e91faa2fbe61e7761dfd513
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently, ARM Cortex-M image ROMs are linked starting at the flash
device's base address (CONFIG_FLASH_BASE_ADDRESS). This prevents XIP
Zephyr applications from being linked to run from elsewhere on the
flash device. Linking Zephyr applications to run from elsewhere can be
necessary when running under a bootloader (i.e., booting into a Zephyr
application from a bootloader, not using Zephyr as a bootloader).
To enable this use case, add a new config option: FLASH_LOAD_OFFSET.
This option directs the linker to treat ROM as if it started that many
bytes from the base of flash on Cortex-M targets. The option defaults
to zero to preserve backwards compatibility.
Change-Id: I64f82aee257c19c2451f9789b0ab56999775b761
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Some arches may want to define this as an inline function, or
define in core arch code instead of timer driver code.
Unfortunately, this means we need to remove from the footprint
tests, but this is not typically a large function.
Issue: ZEP-1546
Change-Id: Ic0d7a33507da855995838f4703d872cd613a2ca2
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This implementation of _tsc_read returns a 64-bit value that
is derived from the 64-bit tick count multiplied by hwcycles per tick,
and then it adds the current value from the 32-bit timer.
This produces a 64-bit time. There is a bunch of math here, which
could be avoided if the CPU is built with Real-Time-Clock option.
EM Starter Kit SOCs don't have this. I don't think Arduino 101 does
either.
See ZEP-1559
Change-Id: I9f846d170246556ac40fe2f45809e457c6375d8c
Signed-off-by: Chuck Jordan <cjordan@synopsys.com>
Its current placement was splitting the vector table in half.
Move to rodata, a better place for it. There's no requirement for
it to be in the text section.
Change-Id: I67724b2a26a9cb62c2ccd473cb54c53e4f74dc32
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The BSS section needs to use AT> in XIP systems otherwise the LMA
addresses in the ELF binary are wrong, leading to issues if we
try to manipulate the binary with objcopy. The GROUP_DATA_LINK_IN
macro does the right thing here.
This was already done on other arches but ARC was missed.
Change-Id: I93748e919e0b68c1ff2dfb4b85b7064a8d980f3a
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
XCC does neither define __BYTE_ORDER__ nor __ORDER_LITTLE/BIG_ENDIAN__ macros.
This resulted in field preempt of thread.base not correctly built from other
union fields prio and sched_locked, which caused wrong scheduling.
Change-Id: I8566ef4a5cf555906c012c4adc488f9afb26c053
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
1) Fatal errors now all go through _SysFatalErrorHandler. When the
simulator is used, only the death of 'essential' threads will result
in the simulator exiting; some test cases that test exceptions may
actually expect a thread to terminate abnormally.
2) The human readability of the exception errors is improved.
Change-Id: I77f57ea0eae15b0c55237681b959cd21e3fe8c1c
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
find_msb_set logic was wrong. find_lsb_set() is now an inline function.
Change-Id: I2c19540907723589298b2f6af2ce1d68704bf1d7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Master branch changed requirements for license headers while this
branch has been in development.
Change-Id: I9bce16ff275057a4bb664019628fc9b6de7aef7c
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In order for OpenOCD to have a high-level view of an RTOS, it uses the
GDB protocol to obtain symbols from the system.
The GDB protocol, however, does not allow obtaining fields from
structures directly, and hardcoding offsets is not only brittle (due to
possibly different architectures or changes in the code), it's also
infeasible considering Zephyr is highly-configurable and parts of key
structs can be compiled in or out.
Export an array with offsets for these key structs. Also add a version
element in that array to allow changes in those structs.
Change-Id: I83bcfa0a7bd57d85582e5ec6efe70e1cceb1fc51
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This replaces the hard-coded vector table, as well as the
software ISR table created by the linker. Now both are generated
in build via script.
Issue: ZEP-1038, ZEP-1165
Change-Id: Ie6faaf8f7ea3a7a25ecb542f6cf7740836ad7da3
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch moves the include for the generated_dts_board.h inside of
the include/arch/arm/arch.h file. This was done to simplify the
includes required for files. Only two files will include the dts
generated include file directly: arch.h and the linker.ld
Change-Id: I2614f4fd4eeed2ab635a3264d7dac8b83f97b760
Signed-off-by: Andy Gross <andy.gross@linaro.org>
We now use CMSIS for ARM Cortex-M SoCs so we can remove the last bits of
scs and scb.
Jira: ZEP-1568
Change-Id: I0c7c45b0321dc402ed594e9faffb5109922edcf0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
_SCS_CPACR_CP10_Pos and _SCS_CPACR_CP11_Pos come from scs.h, we have
versions defined in cmsis.h we should be using instead.
Change-Id: Icd8db02000bbc9ef8b2cf89d359e008f62a7d5e9
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Coverted:
_ScbMemFaultMmfarReset
_ScbBusFaultBfarReset
_ScbUsageFaultAllFaultsReset
To use direct CMSIS register access.
Also removed scb.h and references as there is no longer any code in it.
Jira: ZEP-1568
Change-Id: I469f6af39d1bd41db712454b0b3e5ab331979033
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The previous code incorrectly used the value 0xfe to clear the mem and
bus faults. It attempted to handle the address register valid bits
separately, but reversed the bit order.
Jira: ZEP-1568
Change-Id: I240d072610af9979ca93c0081ed862df08929372
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Coverted:
_ScbBusFaultAddrGet
_ScbMemFaultAddrGet
To use direct CMSIS register access
Jira: ZEP-1568
Change-Id: Ic49b3ac3fc4fb63d413f273569c77f6539e4e572
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This patch adds support for using device tree configuration files for
configuring ARM platforms.
In this patch, only the FLASH_SIZE, SRAM_SIZE, NUM_IRQS, and
NUM_IRQ_PRIO_BITS were removed from the Kconfig options. A minimal set
of options were removed so that it would be easier to work through the
plumbing of the build system.
It should be noted that the host system must provide access to the
device tree compiler (DTC). The DTC can usually be installed on host
systems through distribution packages or by downloading and compiling
from https://git.kernel.org/pub/scm/utils/dtc/dtc.git
This patch also requires the Python yaml package.
This change implements parts of each of the following Jira:
ZEP-1304
ZEP-1305
ZEP-1306
ZEP-1307
ZEP-1589
Change-Id: If1403801e19d9d85031401b55308935dadf8c9d8
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This private data structure now no longer introduces a typedef or
uses CamelCase. It's not necessary to specify the size of extern
arrays, so we don't need a block of #ifdefs for every arch.
Change-Id: I71fe61822ecef29820280a43d5ac2822a61f7082
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Added a linker script that shall be common to most riscv SOCs.
Linker script also accounts for execution in place in ROM, when
CONFIG_XIP is set.
Nonetheless, riscv32 SOCs (like pulpino) requiring a different
system layout can still define their own linker script.
Change-Id: I3ad670446d439772c29a8204e307ac79643dc650
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
As cpu_idle.S is the only bit of code that is using the SCB asm defines,
so to allow us to remove scb.h in the future lets move the defines that
are used just into cpu_idle.S
Jira: ZEP-1568
Change-Id: I3c3a6f145ec4c1a43f076d079d5fe1694c255b78
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Kill of nvic.h and use either CMSIS helper functions for NVIC or direct
NVIC register access via CMSIS for IRQ handling code.
Jira: ZEP-1568
Change-Id: If21910b9293121efe85c3c9076a1c2b475ef91ef
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Move the exception priority related defines into exc.h out of nvic.h
Change-Id: I7ded917a3f6f7cdbc506b2f70c22f37eddc5f5c7
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace _ScbExcPrioSet with calls to NVIC_SetPriority as it handles both
interrupt and exception priorities. We don't need to shift around the
priority values for NVIC_SetPriority.
Jira: ZEP-1568
Change-Id: Iccd68733c3f7faa82b7ccb17200eef328090b6da
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Renames the flash security section so it makes sense for other Kinetis
devices, not just k64. In Kinetis reference manuals, this section is
referred to as the 'flash configuration field'.
Change-Id: I2b7c7cc1ec2541419d77878d367d96c9ceb7a0cf
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Replace _scs_relocate_vector_table with direct CMSIS register access and
use of __ISB/__DSB routinues. We also cleanup the code a little bit to
just have one implentation of relocate_vector_table() on ARMv7-M.
Jira: ZEP-1568
Change-Id: I088c30e680a7ba198c1527a5822114b70f10c510
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
As a first step towards removing the custom ARM Cortex-M Core code
present in Zephyr in benefit of using CMSIS, this change replaces
the use of the custom core code with CMSIS macros in
enable_floating_point().
Jira: ZEP-1568
Change-id: I544a712bf169358c826a3b2acd032c6b30b2801b
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Support using CMSIS defines and functions, we either pull the expect
defines/enum from the SoC HAL layers via <soc.h> for the SoC or we
provide a default set based on __NVIC_PRIO_BITS is defined.
We provide defaults in the case for:
IRQn_Type enum
*_REV define (set to 0)
__MPU_PRESENT define (set to 0 - no MPU)
__NVIC_PRIO_BITS define (set to CONFIG_NUM_IRQ_PRIO_BITS)
__Vendor_SysTickConfig (set to 0 - standard SysTick)
Jira: ZEP-1568
Change-Id: Ibc203de79f4697b14849b69c0e8c5c43677b5c6e
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
In preperation for removing the scb/scs layers and using CMSIS directly
lets remove all the _Scb* and _Scs* functions that are not currently
used.
Jira: ZEP-1568
Change-Id: If4641fb9a6de616b4b8793d4678aaaed48e794bc
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
On other targets, CONFIG_TEXT_SECTION_OFFSET allows the entire image to
be moved in memory to allow space for some type of header. The Mynewt
project bootloader prepends a small header, and this config needs to be
supported for this to work.
The specific alignment requirements of the vector table are chip
specific, and generally will be a power of two larger than the size of
the vector table.
Change-Id: I631a42ff64fb8ab86bd177659f2eac5208527653
Signed-off-by: David Brown <david.brown@linaro.org>
_NvicSwInterruptTrigger is only utilized by a testcase for irq handling
on ARM-V7M. Just put the code into the testcase so we dont need to
support an additional interface.
Change-Id: I763c63c32a7a52918250458351d08b8fa54069dd
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
pulpino soc has custom-extended riscv ISA that is accounted
for if CONFIG_RISCV_GENERIC_TOOLCHAIN is not set.
(ex: bit manipulation asm opcodes)
Change-Id: I4dafc4ebc2fedcc4eb6a3dedd0412816afea6004
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
RISC-V is an open-source instruction set architecture.
Added support for the 32bit version of RISC-V to Zephyr.
1) exceptions/interrupts/faults are handled at the architecture
level via the __irq_wrapper handler. Context saving/restoring
of registers can be handled at both architecture and SOC levels.
If SOC-specific registers need to be saved, SOC level needs to
provide __soc_save_context and __soc_restore_context functions
that shall be accounted by the architecture level, when
corresponding config variable RISCV_SOC_CONTEXT_SAVE is set.
2) As RISC-V architecture does not provide a clear ISA specification
about interrupt handling, each RISC-V SOC handles it in its own
way. Hence, at the architecture level, the __irq_wrapper handler
expects the following functions to be provided by the SOC level:
__soc_is_irq: to check if the exception is the result of an
interrupt or not.
__soc_handle_irq: handle pending IRQ at SOC level (ex: clear
pending IRQ in SOC-specific IRQ register)
3) Thread/task scheduling, as well as IRQ offloading are handled via
the RISC-V system call ("ecall"), which is also handled via the
__irq_wrapper handler. The _Swap asm function just calls "ecall"
to generate an exception.
4) As there is no conventional way of handling CPU power save in
RISC-V, the default nano_cpu_idle and nano_cpu_atomic_idle
functions just unlock interrupts and return to the caller, without
issuing any CPU power saving instruction. Nonetheless, to allow
SOC-level to implement proper CPU power save, nano_cpu_idle and
nano_cpu_atomic_idle functions are defined as __weak
at the architecture level.
Change-Id: I980a161d0009f3f404ad22b226a6229fbb492389
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
The cortex-m7 is an implementation of armv7-m. Adjust the Kconfig
support for cortex-m7 to reflect this and drop the unnecessary,
explicit, conditional compilation.
Change-Id: I6ec20e69c8c83c5a80b1f714506f7f9e295b15d5
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Precursor patches have arranged that conditional compilation hanging
on CONFIG_CPU_CORTEX_M3_M4 provides support for ARMv7-M, rename the
config variable to reflect this.
Change-Id: Ifa56e3c1c04505d061b2af3aec9d8b9e55b5853d
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Precursor patches have arranged all conditional compilation hanging on
CONFIG_CPU_CORTEX_M0_M0PLUS such that it actually represents support
for ARM ARMv6-M, rename the config variable to reflect this.
Change-Id: I553fcf3e606b350a9e823df31bac96636be1504f
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The ARM code base provides for three mutually exclusive ARM
architecture related conditional compilation choices. M0_M0PLUS,
M3_M4 and M7. Throughout the code base we have conditional
compilation gated around these three choices. Adjust the form of this
conditional compilation to adopt a uniform structure. The uniform
structure always selects code based on the definition of an
appropriate config option rather the the absence of a definition.
Removing the extensive use of #else ensures that when support for
other ARM architecture versions is added we get hard compilation
failures rather than attempting to compile inappropriate code for the
added architecture with unexpected runtime consequences.
Adopting this uniform structure makes it straight forward to replace
the adhoc CPU_CORTEX_M3_M4 and CPU_CORTEX_M0_M0PLUS configuration
variables with ones that directly represent the actual underlying ARM
architectures we provide support for. This change also paves the way
for folding adhoc conditional compilation related to CPU_CORTEX_M7
directly in support for ARMv7-M.
This change is mechanical in nature involving two transforms:
1)
#if !defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
is transformed to:
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
#elif defined(CONFIG_CPU_CORTEX_M3_M4) || defined(CONFIG_CPU_CORTEX_M7)
...
2)
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
#else
...
#endif
is transformed to:
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
#elif defined(CONFIG_CPU_CORTEX_M3_M4) || defined(CONFIG_CPU_CORTEX_M7)
...
#else
#error Unknown ARM architecture
#endif
Change-Id: I7229029b174da3a8b3c6fb2eec63d776f1d11e24
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The cortex-m related memory map definitions in memory-map.h are all
CPU specific. In preparation for replacing
CONFIG_CPU_CORTEX_M0_M0PLUS with CONFIG_ARMV6_M and
CONFIG_CPU_CORTEX_M4_M4 with CONFIG_ARMV7_M, adjust memory_map.h
conditional compilation to hang on CONFIG_* variables for specific
cortex CPUs.
Change-Id: I2af0b75eaa5b16f88836dbdae41446beacaeba71
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The ICCM memory, when present, can be both written and read,
so changing the attributes to be read-write-execute.
Change-Id: I432bd36f4a6ef632b7c4ce3bf8aa138895d52642
Signed-off-by: Chuck Jordan <cjordan@synopsys.com>
The Cortex-M0(+) and in general processors that support only the ARMv6-M
instruction set have a reduced set of registers and fields compared to
the ARMv7-M compliant processors.
This change goes through all core registers and disables or removes
everything that is not part of the ARMv6-M architecture when compiling
for Cortex-M0.
Jira: ZEP-1497
Change-id: I13e2637bb730e69d02f2a5ee687038dc69ad28a8
Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The Cortex-M0(+) and in general processors that support only the ARMv6-M
instruction set can only access the NVIC_IPRn registers with word
accesses, and not with byte ones like the Cortex-M3 and onwards. This
patch addresses the issue by modifying the way that _NvicIrqPrioSet()
writes to the IPRn register, using a word access for Cortex-M0(+).
A similar issue is addressed for internal exceptions, this time for the
SHPR registers that are accessed differently on ARMv6-M.
Reference code taken from CMSIS.
Jira: ZEP-1497
Change-id: I08e1bf60b3b70579b42f4ab926ee835c18bb65bb
Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Since the value is treated as uint8_t internally anyway, just use
uint8_t for the input and output parameter types.
Jira: ZEP-1497
Change-Id: I61d68eb39cba5d82dad6ab7593b267c26e003d2b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
That module is not used anymore: it was introduced pre-Zephyr to add
some kind of awareness when debugging ARM Cortex-M3 code with GDB but
was never really used by anyone. It has bitrotted, and with the recent
move of the tTCS and tNANO data structures to common _kernel and
k_thread, it does not even compile anymore.
Jira: ZEP-1284, ZEP-951
Change-Id: Ic9afed00f4229324fe5d2aa97dc6f1c935953244
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
nano_cpu_idle/nano_cpu_atomic_idle were not ported to the unified
kernel, and only the old APIs were available. There was no real impact
since, in the unified kernel, only the idle thread should really be
doing power management. However, with a single-threaded kernel, these
functions can be useful again.
The kernel internals now make use of these APIs instead of the legacy
ones.
Change-Id: Ie8a6396ba378d3ddda27b8dd32fa4711bf53eb36
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The Cortex-M3/4 kernel was reserving priorities 0 and 1 for itself, but
was not registering any exception on priority 0. Only reserve priority 0
and use it for SVC and fault exceptions instead of priority 1.
Change-Id: Iff2405e27fd4bed4e49ab90ec2ae984f2c0a83a6
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
There are now three flags that decide how many priorities are reserved
by the kernel, each one requiring one priority level: Zero Latency
Interrupts, BASEPRI locking (for SVC usage) and faults that are not at
priority -1, so that taking them in an ISR actually triggers the fault
synchronously.
Change-Id: I7f4d760c9110051aeb82dcfd8cd68026a9b74b54
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This allows using it in _EXC_PRIO() instead of hardcoding 2 and 3.
Change-Id: I3549be54602643e06823ba63beb6a6992f39f776
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Move interrupt initialization for the ARC to its own
device. The init function for the arc will be only
doing platform specific operations
Jira: ZEP-1288
Change-Id: Icb04c3622890021c65cd24cecf6cafee6c37caf9
Signed-off-by: Julien Delayen <julien.delayen@intel.com>
Drop the unnecessary trailing whitespace formatting in inline asm.
Change-Id: I351df91b7175fe21d268d325865838b4840def8d
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Replace the use of a hardwired temporary register in the irq_lock()
implementation with a local variable. This will allow the compiler
more flexibility in register allocation.
Change-Id: Ifbdb52fca1d40404d55934343ac2a8153df7e1a8
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The cortex-m4 irq_lock() implementation uses a movs instruction, thus
clobbering the condition code, but does not include the clobber in the
asm clobber list. This is a bug in the situation where the compiler
schedules a live condition code over the inline lock instructions.
Since the irq_lock() implementation does not need to kill the CC we
simply switch to mov from movs.
Take the opportunity to drop the unnecessay .n and let the assembler
choose an appropriate encoding.
This fixes a bug found by inspection, it has not actually been
observed in real code.
Change-Id: Id60fa3362df9d4bf05c3d5e23066410ede92d73c
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Memory accesses could be reordered before an irq_lock() or
after an irq_unlock() without the memory barriers.
See commit 15bc537712 for the
ARM fix for a complete description of the issue and fix.
Change-Id: I1d96fe0088d90150f0888c2893d017155fc0a0a7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Memory accesses could be reordered before an irq_lock() or after an
irq_unlock() without the memory barriers.
See commit 15bc537712 for the ARM fix for
a complete description of the issue and fix.
Change-Id: I056afb0406cabe0e1ce2612904e727ccce5f6308
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Memory accesses could be reordered before an irq_lock() or after an
irq_unlock() without the memory barriers.
See commit 15bc537712 for the ARM fix for
a complete description of the issue and fix.
Change-Id: Ic92a6b33f62a938d2252d68eccc55a5fb07c9114
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Add the missing memory clobber to irq_unlock() in order to prevent the
compiler reordering memory operations over the unlock.
Change-Id: If1d664079796618ed247ff5b33b8b3f85fb7e680
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The inline asm definition of irq_lock() on the ARM architecture marks
the ASM as volatile which prevents the compiler from removing the
isntruction but does provide any information to the compiler to
prevent the inline ASM instruction being re-ordered relative to other
instructions. The instruction used in irq_lock() do not touch memory,
however in order to acheive their intended purpose they must be
ordered relative to other memory access instruction. This is acheived
by adding the "memory" clobber.
Instances of the compiler inappropriately re-ordering irq_lock() calls
relative to other instructions without this patch can be observed in
the code generated for k_sleep() on NRF51 target boards.
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Change-Id: I9d42d54cd9a50e8150c10ce6715af7ca2f5cfe51
If a particular project needs to add additional data to the
binary image, in most cases the entire linker script needs to
forked into the project space, causing maintenance issues if
the main linker script is changed.
Now we add some Kconfig options to allow a project to specify
some additional linker scripts which get included by the main
one in a few key areas:
1) In the definition to the 'rodata' section, which can allow
additional data to be included in this ROM section.
2) In the definition to the 'datas' section, which allows
additional data to be included in this RAM section.
3) Arbitrary additional sections to be included at the end of
the binary.
For 1 and 2, this is useful to include data generated outside of
the normal C compilation, such as data structures that are created
by special build tools.
3 is useful for including arbitrary binary blobs inside the final
image, such as for peripheral or co-processor firmware.
Change-Id: I5738d3d6da25f5bc96cda8ae806bf1a3fb34bd5d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Sets the interrupt descriptor table in C domain.
Change-Id: Ia8d2f585ebf60464aeedf2a54363e4683cf257a5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The pointer value needs to be dereferenced first.
Change-Id: I80d8a9b4837adfc7d0efc69c229c863d05e52a93
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
It is referred to as D/B in the Intel manuals.
Change-Id: If021d875da2d83a256926d9233f1559c8c2ed1db
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr kernel is unable to compile when CONFIG_RUNTIME_NMI is enabled in
defconfig on ARM's architectures.
This patch addresses the following issues:
* In nmi.c _DefaultHandler() is referencing a function
(_ScbSystemReset()) not defined in Zephyr. This has now been replaced
with sys_arch_reboot.
* nmi.h is included in ASM files and due to the usage of "extern" the
compilation ends with an error. Added the directive _ASMLANGUAGE to
prevent the problem.
Jira: ZEP-1319
Change-Id: I7623ca97523cde04e4c6db40dc332d93ca801928
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Most kernel APIs are now ready for inclusion in the API guide.
The APIs largely follow a standard template to provide users
of the API guide with a consistent look-and-feel.
Change-Id: Ib682c31f912e19f5f6d8545d74c5f675b1741058
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Add Low Power States support to the power shim layer
and show the usage in the quark_se sample.
States are defined as follow:
- SYS_POWER_STATE_CPU_LPS: SS2 with LPSS enabled
- SYS_POWER_STATE_CPU_LPS_1: SS2 with LPSS disabled
- SYS_POWER_STATE_CPU_LPS_2: SS1 with LPSS disabled
Jira: ZEP-994
Change-Id: Ie4b93f6e539cb53fc035be00280b66b2cb0d9fea
Signed-off-by: Julien Delayen <julien.delayen@intel.com>
Updates x86 floating point support to reflect changes that have
been made in recent months.
* Many, many, many cosmetic changes (mostly revisions to comments).
* Elimination of unnecessary function aliases that were needed
to support the task and fiber versions of certain APIs.
* Elimination of run-time code to enable a thread's "FP regs"
option bit if the "SSE regs" option bit was set. The kernel
now recognizes that the thread is using the FPU as long as
either option bit is set. (If the thread has both option bits
enabled this is the same as if only the "SSE regs" bit is set.)
Change-Id: Ic12abc54b6fa78921749b546d8debf23e7ad232d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
C++ support moved from nanokernel.h to kernel.h.
Change-Id: I5e1631941e26f4ab3f311b680267b743bab15e40
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Symbols now use the K_ prefix which is now standard for the
unified kernel. Legacy support for these symbols is retained
to allow existing applications to build successfully.
Change-Id: I3ff12c96f729b535eecc940502892cbaa52526b6
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
There are a number of data sections that are repeated across
all the linker scripts for various architecture. In practice these
don't always get updated and we have had problems with bit-rot.
Consolidate these to make maintenance easier.
x86 linker scripts now follow the same naming convention and we
get rid of a linker-epilog.h that wasn't necessary and whose purpose
has been lost to the mists of time. If applications want to define their
own sections they should be allowed to. Linker scripts for x86 do not
end with .h any more, they are not C header files even though we use
C's preprocessor.
Issue: ZEP-688
Change-Id: I893eb4619969695c1f980efd7c2ec9fa5dad136d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All M7 features common to M3/M4 are working. New features like Tightly
Coupled Memory (TCM) are not yet supported.
Change-Id: I5f7b292e70843aec415728f24c973bb003014f4b
Jira: ZEP-977
Signed-off-by: Piotr Mienkowski <Piotr.Mienkowski@schmid-telecom.ch>
Support Cortex-M0, M3/M4, M7 is easier when the memory map is defined in
terms of absolute addresses.
Based work from: Piotr Mienkowski <Piotr.Mienkowski@schmid-telecom.ch>
Change-Id: I860860c369e8bed6c6c23661a15ce464d87ff221
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
With this patch we introduce unified kernel support for NIOS II.
Not all test cases have been ported, but the following command
currently succeeds with 43/43 passing test cases:
$ sanitycheck --arch=nios2 -xKERNEL_TYPE=unified \
--tag=unified_capable
Issue: ZEP-934
Change-Id: Id8effa0369a6a22c4d0a789fa2a8e108af0e0786
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
ARC does not align data structures by 4 bytes by default.
Add necessary linker sections.
Change-Id: I3bf7aa38b9bc8cba56f824469040c027968fa564
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Not disabling SysTick as it is optional by the spec.
SVC not used as there is no priority-based interrupt masking (only
PendSV is used).
Largely based on a previous work done by Euan Mutch <euan@abelon.com>.
Jira: ZEP-783
Change-Id: I38e29bfcf0624c1aea5f9fd7a74230faa1b59e8b
Signed-off-by: Ricardo Salveti <ricardo.salveti@linaro.org>
This is used by a test case, and it's better to just put this
here instead of forking the linker scripts.
Change-Id: Ifbb90b73bb26118ae2422cc6feccb3db58a26f2c
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This mechanism was intended to reserve space during the first pass for
certain data structures created by gen_idt, but this is unnecessary.
The only memory addresses that must be fixed between the two passes are the
locations of the interrupt stubs, which are in the .text section much
earlier than the generated data structures; they do not shift.
Change-Id: I3aab00e171e6a9ff439a7af8d69769e4c29337a7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For XIP images, in order to avoid the situation when
__data_rom_start is 32-bit aligned, but the actual data is placed
after rodata section, which may not end exactly at 32-bit border,
pad rodata section, so __data_rom_start points at data and it is
32-bit aligned.
On non-XIP images this may enlarge image size up to 3 bytes.
This is generally not an issue, since modern ROM and FLASH
memory is usually 4k aligned.
Change-Id: I3d37fccbc610615585d776144ab9e281368258d6
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
ARC interrupts can be either level or pulse.
Level interrupts remain asserted until the interrupt service routine
clears the interrupt at the peripheral. This is the default and most
common case.
Pulse interrupts have an extra flip-flop that converts a pulse to a
level. The ARC auto-clears this level as the interrupt service routine
is entered. As such, an interrupt handler for a pulse interrupt need
not clear the interrupt.
It is the rare device that uses pulse interrupts.
Nothing currently calls this inline function so ARC interrupts are
LEVEL by default.
(see ZEP-83)
Change-Id: I09ef86aae1926c1327e82ff99c2f8aa7eabde684
Signed-off-by: Chuck Jordan <cjordan@synopsys.com>
Binutils ld has an annoying misfeature (apparently a regression from a
few years ago) that alignment directives (and alignment specifiers on
symbols) apply only to the runtime addresses and not, apparently, to
the load address region specified with the "AT>" syntax. The net
result is that by default the LMA output ends up too small for the
addresses generated in RAM. See here for some details:
https://sourceware.org/ml/binutils/2013-06/msg00246.htmlhttps://sourceware.org/ml/binutils/2014-01/msg00350.html
The required workaround/fix is that AFAICT any section which can have
inherit a separate VMA vs. LMA from a previous section must specify an
"ALIGN_WITH_INPUT" attribute. Otherwise the sections will get out of
sync and the XIP data will be wrong at runtime.
No, I don't know why this isn't the default behavior.
A further complexity is that this feature only works as advertised
when the section is declared with the "AT> region" syntax after the
block and not "AT(address)" in the header. If you use the header
syntax (with or without ALIGN_WITH_INPUT), ld appears to DOUBLE-apply
padding and the LMA ends up to big. This is almost certainly a
binutils bug, but it's trivial to work around (and the working syntax
is actually cleaner) so we adjust the usage here.
Note finally that this patch includes an effective reversion of commit
d82e9dd9 ("x86: HACK force alignment for _k_task_list section"), which
was an earlier workaround for what seems to be the same issue.
Jira: ZEP-955
Change-Id: I2accd92901cb61fb546658b87d6752c1cd14de3a
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Interrupt stubs now just push the ISR and parameter onto the stack
and jump to the common interrupt code, never to return.
Change-Id: I82543d8148b5c7dfe116c43f41791f852614bb28
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Merge the Cortex-M3/M4 memory map bits into the master memory map in
prep for it being shared with Cortex-M7 support and Cortex-M0 support
going forward.
Change-Id: I211fc2a2d7d49082b51463f06e6e71cca75d886f
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Due to the memory pool structure only static declaration of
memory pool is possible.
Change-Id: I4797ed88fd2ac3b7812ff26e552e1745611c4575
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
This header has a bunch of data structure definitions and macros useful
for manipulating segment descriptors on X86. The old IDT_ENTRY defintion
is removed in favor of the new 'struct segment_descriptor' which can be
used for all segment descriptor types and not just IRQ gates.
We also add some inline helper functions for examining segment registers,
descriptor tables, and doing far jumps/calls.
Change-Id: I640879073afa9765d2a214c3fb3c3305fef94b5e
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add _arch_irq_is_enabled external interrupt API to find out
if an IRQ is enabled.
Change-id: I8ccbaa6d4640c1ab8369d2d35c01a2cfbb02f6cd
Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
The Arduino 101 comes with a bootloader that supports DFU
and flashing of all cores using the dfu-util package.
This changes the memory layout of the image built for the
Arduino 101 and remove previous work-arounds to allow booting,
including the version-header section in the linker script.
The bootloader expects the text section at +0x30 from the physical
load address and thus requires special treatment in the linker
script.
Other changes by Andrew Boie:
The flash size parameters were both wrong. X86 side has 192K
of flash from 0x4003000 - 0x40060000, the entire span of
sys_flash1.
ARC side is now the span from 0x40010000 - 0x40030000, 128K.
Change-Id: Iecfa5d2b84a3f522d9eca06268d6b8b71a094aaa
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
In 1.0 you could set only one callback on the whole gpio controller. It
was impossible for another sub-system to add another callback, without
overwritting an existing one.
Such API has been obsolete for a long time and no one is using it
anymore. Thus removing it entirely.
Change-Id: I6a17fd99373dc6cef1fa2ebb421e992412d5015e
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The x86 architecture port is fitted with support for the unified kernel,
namely:
- the interrupt exit code now calls _Swap() if the current
thread is not a coop thread and if the scheduler is not locked
- there is no 'task' fields in the _nanokernel anymore: _Swap()
now calls _get_next_ready_thread instead
- the _nanokernel.fiber field is replaced by a more sophisticated
ready_q, based on the microkernel's priority-bitmap-based one
- nano_private includes nano_internal.h from the unified directory
- the FIBER, TASK and PREEMPTIBLE flags do not exist anymore: the thread
priority drives the behaviour
- the tcs uses a dlist for queuing in both ready and wait queues instead
of a custom singly-linked list
- other new fields in the tcs include a schedule-lock count, a
back-pointer to init data (when the task is static) and a pointer to
swap data, needed when a thread pending on _Swap() must be passed more
then just one value (e.g. k_stack_pop() needs an error code and data)
- fiberRtnValueSet() is aliased to _set_thread_return_value since it
also operates on preempt threads now
- _set_thread_return_value_with_data() sets the swap_data field in
addition to a return value from _Swap()
- convenience aliases are created for shorter names:
- _current is defined as _nanokernel.current
- _ready_q is defined as _nanokernel.ready_q
- _Swap() sets the threads's return code to -EAGAIN before swapping out
to prevent timeouts to have to set it (solves hard issues in some
kernel objects).
- Floating point support.
Note that, in _Swap(), the register holding the thread to be swapped in has
been changed from %ecx to %eax in both the legacy kernel and the unified kernel
to take advantage of the fact that the return value of _get_next_ready_thread()
is stored in %eax, and this avoids moving it to %ecx.
Work by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
Allan Stephens <allan.stephens@windriver.com>
Benjamin Walsh <benjamin.walsh@windriver.com>
Change-Id: I4ce2bd47bcdc62034c669b5e889fc0f29480c43b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Commit 3e63a74514 did not revert properly
things.
Change-Id: I792d5698966542ce2cfb9f858c56b30c392f02a2
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
You can't query the LOAPIC for every kind of interrupt that fires,
it has no idea about IRQs that were generated by an 'int' instruction
for example. Extend the semantics of _irq_controller_isr_vector_get()
to return -1 if the vector can't be identified.
Issue: ZEP-602
Change-Id: I1174aa62fbedffdcd329d60da8ef14fabb042dc3
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>