This patch fixes a hole in the stack guard configuration. The initial
branch to main is missing the stack guard configuration.
Fixes: Issue #3718
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch fixes calculations for the top of the interrupt and main
stacks. Due to power of two alignment requirements for certain MPUs,
the guard size must be taken into account due to the guard being
counted against the initial stack size.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds a configure_mpu_user_context API and implements
the required function placeholders in the NXP and ARM MPU files.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
During compile of lwm2m_client using qemu_x86, the following build
warning was noticed:
zephyr/arch/x86/core/excstub.S:132:2: warning: "/*" within comment [-Wcomment]
/*
In commit ff42bdd0a0 ("debug: remove option GDB_INFO"), the comment tag
was omitted. Fix the comment end tag.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
This feature is X86 only and is not used or being tested. It is legacy
feature and no one can prove it actually works. Remove it until we have
proper documentation and samples and multi architecture support.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This feature is X86 only and is not used or being tested. It is legacy
feature and no one can prove it actually works. Remove it until we have
proper documentation and samples and multi architecture support.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Atmel SAMD21 series was classified too broadly as SAMD.
This patch names it correctly to make room,
for other members of SAMD series
Signed-off-by: Sean Nyekjaer <sean@nyekjaer.dk>
Also pull out the SERCOM pads configuration to defines. Note that the
SAM0 has a two level configuration - a signal (like TX) is mapped to a
pad, and then a pad is mapped to a function on a pin.
Signed-off-by: Michael Hope <mlhx@google.com>
This commit defines the Kconfig options for
ARM Cortex-M23 and Cortex-M33 CPUs. It also
udpates the generic memory map for M23 and M33
implementations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add I2C Master driver for Nios-II I2C soft IP core.
This driver relies upon the Altera HAL I2C driver for all the bus level
transactions, interrupt handling and register programming.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Just some exclusions to coverage in code which cannot be
reached, or can only be reached in error conditions
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Added possibility to reconfigure CONFIG_SYS_CLOCK_TICKS_PER_SEC
for the native_posix board (before it could only be 100)
+
Fixed tickless idle support
+
Minor fixes in irq wrapping
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Whenever a Cortex-M0+ supports the VTOR register it makes no sense to
use the software vector relay mechanism. Therefore change the logic so
that SW_VECTOR_RELAY does not get enabled whenever a VTOR register is
present, but enable it if an M0+ has no VTOR.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
In a scenario where a platform harbours multiple interrupts to the
extent the core cannot support it, an interrupt controller is added
as an additional level of interrupt. It typically combines several
sources of interrupt into one line that is then routed to the parent
controller.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
This patch adds the generation and incorporation of privileged stack
regions that are used by ARM user mode threads. This patch adds the
infrastructure for privileged stacks. Later patches will utilize the
generated stacks and helper functions.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds application data section alignment constraints
to match the region definition requirements for ARM MPUs. Most MPUs
require a minimum of 32 bytes of alignment for any regions, but some
require power of two alignment to the size of a region.
This requires that the linker align the application data section to
the size of the section. This requires a linker pass to determine the
size. Once this is accomplished the correct value is added to a linker
include file that is utilized in subsequent linker operations.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Replace seldom occurrences of FLASH_DRIVER_NAME by equivalent
and commonly used FLASH_DEV_NAME.
Fixes#5919.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Some ARMv6-M Cortex-M0+-based SOCs have VTOR register
and can relocate vector table just as ARMv7-M ones.
Vector table relocation path should be choosed
by VTOR presence, not by arch.
Signed-off-by: Ilya Tagunov <tagunil@gmail.com>
Add Altera Nios-II QSPI Flash controller driver which has
has 1024 blocks or sectors wich each sector size being 64K bytes.
This driver supports flash erase, write, read and lock operations.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Some code in the POSIX architecture is only meant to handle
safely errors which should never occur and therefore
are not covered.
=> We exclude them from the coverage reports.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Some code in the POSIX SOC (inf_clock) will only be executed
if the program is terminated by receiving a SIGTERM in a particular
part. Therefore to avoid confusing developers with changing
coverage, let's exclude it from the coverage reports.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Some code in the POSIX arch core will only be executed
in some very atypical cases depending on the host load.
To avoid confusing developers, let's exclude it from the
coverage reports.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Added a new config variable with the recommended stack
size for threads which are only meant for the posix architecture
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Defines the FLASH_DRIVER_NAME macro in soc.h for kinetis kl2x and kwx
SoC series. This macro is used by the storage and dfu subsystems, as
well as the flash_shell sample.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Rename the nano_internal.h to kernel_internal.h and modify the
header file name accordingly wherever it is used.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
rename main_clean_up() to posix_exit() for consistency
with all other global functions of this architecture
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Currently in zephyr the support for the arm userspace has not be
merged. But the Kconfig always sets the userspace flag and causes a
build failure. This is blocking the test cases for userspace.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add a new Kconfig option, BOOTLOADER_MCUBOOT, that automatically sets
the required options necessary to make the resulting image bootable by
the MCUboot open source bootloader. This includes the text section
offset and the vector relay table for Cortex-M0, and in the future it
might also add the DTS overlay required to link at slot0 offset in
flash.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Add device tree support for the "nxp,kinetis-ftfa" flash controller used
on the NXP KL2X and KW4xZ SoCs.
Fixes: #5788
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert NXP k6x and kw2xd flash driver to use device tree to get the
flash controller name from device tree. We introduce yaml bindings for
the "nxp,kinetis-ftfe" and "nxp,kinetis-ftfl" devices.
Fixes: #5788
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The old HAL and MDK have been removed from the source tree.
Since RADIO HAL is not yet present in nrfx, the "nrf_radio.h" file
was temporarily moved to "nrfx/hal" folder. It will be replaced with
the proper file from nrfx in its next update.
Signed-off-by: Michał Kruszewski <michal.kruszewski@nordicsemi.no>
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
This commit adds a glue layer that adapts nrfx to be usable in Zephyr
as a host environment and files with static configuration of nrfx
drivers for several supported SoCs.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
This moves and merges the existing board-level dts.fixup files
for STM32 L4 SOC family into one soc family level dts.fixup file.
No new fixup blocks have been added, only fixup blocks, that were
part of at least one board level dts.fixup file are present in
soc family level dts.fixup file.
disco_l475_iot1 boards fixup blocks for devices connected via SPI
and I2C stay in board level dts.fixup file, because they are board
specific.
Contributes to #5707
Signed-off-by: Daniel Wagenknecht <wagenknecht.daniel@gmail.com>
This moves and merges the existing board-level dts.fixup files
for STM32 F3 SOC family into one soc family level dts.fixup file.
No new fixup blocks have been added, only fixup blocks, that were
part of at least one board level dts.fixup file are present in
soc family level dts.fixup file.
Contributes to #5707
Signed-off-by: Daniel Wagenknecht <wagenknecht.daniel@gmail.com>
This moves and merges the existing board-level dts.fixup files
for STM32 F1 SOC family into one soc family level dts.fixup file.
No new fixup blocks have been added, only fixup blocks, that were
part of at least one board level dts.fixup file are present in
soc family level dts.fixup file.
Contributes to #5707
Signed-off-by: Daniel Wagenknecht <wagenknecht.daniel@gmail.com>
This moves and merges the existing board-level dts.fixup files
for STM32 F4 SOC family into one soc family level dts.fixup file.
No new fixup blocks have been added, only fixup blocks, that were
part of at least one board level dts.fixup file are present in
soc family level dts.fixup file.
96b_carbon boards fixup block for Bluetooth HCI device via SPI
stays in board level dts.fixup file, because it is board specific.
Contributes to #5707
Signed-off-by: Daniel Wagenknecht <wagenknecht.daniel@gmail.com>
This moves and merges the existing board-level dts.fixup files
for STM32 F0 SOC family into one soc family level dts.fixup file.
No new fixup blocks have been added, only fixup blocks, that were
part of at least one board level dts.fixup file are present in
soc family level dts.fixup file.
Contributes to #5707
Signed-off-by: Daniel Wagenknecht <wagenknecht.daniel@gmail.com>
Convert Atmel SAM0 flash driver to use device tree to get the flash
controller name and base address.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For SoCs that don't support vector table relocation in hardware, may not
support bootloader like mcuboot.
We introduce a way to relocate vector table in software by forwarding
the control of incoming IRQs to a new vector table which address is save
at fixed SRAM address.
User can change the data in that fixed SRAM address in order to relocate
vector table in software way.
Signed-off-by: Ding Tao <miyatsu@qq.com>
Cortex-M0 do not have the Vector Table Base Address Offset Register, so
Cortex-M0 vector table address can not be changed.
But in some Cortex-M0 SoCs like STM32F0 series, they have some mechanism
that can remap the vector table address to the start address of SRAM.
Use this flag to indicates whether current Cortex-M0 SoC support such a
remap or not.
Signed-off-by: Ding Tao <miyatsu@qq.com>
In order to be able to build MCUboot for nRF51 we require the flash
driver name in the nRF51 soc.h header.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
So far, DT did not support the flash driver name.
Any flash-controller should have the appropriate
flash driver that should be identified by its name.
This path adds generic support for extract the description
from the flash-controller node,
adds implementation of this property for all nrf5x targets.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Refering the ARM's implementation, the initial support of memory
domain in ARC is added:
* changes in MPU drivers
* changes in Kconfig
* codes to configure memory domain during thread swap
* changes in linker script template
* memory domain related macro definitions
the commited codes are simply tested through
samples/mpu/mem_domain_apis_test.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
It appears the STM32F411XE doesn't support RNG so remove enabling it
from the SoC defconfig and flag an error if attempting to build the
driver on that SoC.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
A fix for this issue is in progress, meanwhile warn the user that
they may be susceptible to this problem if they enable user mode on
an x86-based target that is not known to be immune.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When Kconfiglib was introduced it caused a significant performance
issue. This patch uses pruning to mitigate the performance issue.
The pruning exploits the fact that before the Kconfig database is
parsed we already know what ARCH and BOARD has been selected. So in
theory we could prune away all Kconfig sources that are not related to
the current ARCH or BOARD. In practice, it is only the Kconfig sources
in zephyr/arch/$ARCH and zephyr/board/$ARCH/ that are easy to prune.
Still, that is quite a few Kconfig sources. For qemu_x86 this patch
reduced the number of parsed Kconfig source files from 632 to
272. This pruning resulted in a incremental reconfiguration (time
cmake ..) speedup of 21% (0.56s to 0.46) and a clean build speedup of
4% (Using board qemu_x86 and sample hello_world).
Furthermore, it should be easier to maintain ARCH's and BOARD's
out-of-tree since the user now has a mechanism to redirect where
Kconfig sources are found. But this has not been explored.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
In STM32 family, RNG IP is available only on F4 and L4 series.
Besides STM32F401 does not support is neither.
Get entropy driver available on STM32 devices supporting it and
generate a compilation issue on STM32 devices that do not own
the RNG IP.
Solves #5448
Signed-Off-By: Erwan Gouriou <erwan.gouriou@linaro.org>
When asserts are enabled we run into an issue with newlib and types of
printf style formatters not matching. The easy fix to this is to cast
the uint32_t to u32_t to make things consistent with or without newlib
enabled.
This fixes#5645
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Instead of accessing the environment variable ZEPHYR_BASE every time we
require accessing the source code root, use an intermediate variable
that has OS path separators correctly set to '/' to avoid issues on
Windows.
Note: This removes the ZEPHYR_SOURCE_DIR CMake variable. External
applications using that will need to change to use the new ZEPHYR_BASE
variable.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Current STM32 SoC initialization code sets really weird startup values
to SystemCoreClock. It should be consistent with Reference Manuals after
this change.
Signed-off-by: Ilya Tagunov <tagunil@gmail.com>
Include low level random generator header in case stm32 random number
generator should be used by entropy driver
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
With the native port we are able to generate coverage reports, add the
needed options to the compliler and add a kconfig option to enable this
on the supported architectures.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
A new arch (posix) which relies on pthreads to emulate the context
switching
A new soc for it (inf_clock) which emulates a CPU running at an
infinely high clock (so when the CPU is awaken it runs till completion
in 0 time)
A new board, which provides a trivial system tick timer and
irq generation.
Origin: Original
Fixes#1891
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Was ARM specific and could not be used by other architectures.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The PIO cores on Altera Nios-II processors can be used
for GPIOs and each PIO core can be configured as Input only,
Output only or as Bidirectional port from the Qsys tool.
The present Nios-II softcpu image on the Zephyr only has the
support for Output only port and the PIOs[0:3] are wired to
LED[0:3] on the Altera MAX10 board.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
when a current thread is added to a memory domain the pages/sections
must be configured immediately.
A problem occurs when we add a thread to current and then drop
down to usermode. In such a case memory domain will become active
the next time a swap occurs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add an architecure specfic code for the memory domain
configuration. This is needed to support a memory domain API
k_mem_domain_add_thread.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The system ID core is a simple read-only device that
provides Qsys systems with a unique identifer.
Nios-II processor systems use the system ID core to
verify that an executable program was compiled targeting
the actual hardware image configured in the target FPGA.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
MPU version 3 is included in em7d of em_starterkit 2.3.
The differences of MPU version 3 and version 2 are:
* different aux reg interface
* The address alignment requirement is 32 bytes
* supports secure mode
* supports SID (option)
* does not support memory region overlap
This commit adds the support MPU version 3 and also make some changes to
MPU version 2 to have an unified interface.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* em7d of em_starterkit 2.3 supports secure mode. add the support
in kconfig and build system.
* change the default configuration of em_starterkit 2.3 to em7d
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
In ARC's SecureShield, a new secure mode (currently only em) is added.
The secure/normal mode is orthogonal to kernel/user mode. The
differences between secure mode and normal mode are following:
* different irq stack frame. so need to change the definition of
_irq_stack_frame, assembly code.
* new aux regs, e.g, secure status(SEC_STAT), secure vector base
(VECT_BASE_S)
* interrupts and exceptions, secure mode has its own vector base;
interrupt can be configured as secure or normal through the
interrupt priority aux reg.
* secure timers. Two secure timers (secure timer 0 and timer 1) are
added.Here, for simplicity and backwards compatibility original
internal timers (timer 0 and timer1) are used as sys clock of zephyr
* on reset, the processor is in secure mode and secure vector base is
used.
Note: the mix of secure and normal mode is not supported, i.e. it's
assumed that the processor is always in secure mode.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Add FIRQ option and change the _isr_wrapper. Currently, firq is
enabled by default, but in some arc configuration, firq can be
disabled.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Some drivers doesn't implement flash API page layout extension
which is causing the application crash once the API was calling.
This patch introduce system termination for this in those drivers
which doesn't implement extension. This will help to discover this
problem early.
It is not done by preprocessor check because it is possible to have
enabled a driver which support and a driver which doesn't support
this API simultaneously.
Now FLASH_PAGE_LAYOUT configuration option is accessible only in case
that at last one driver which implements mentioned API is enabled.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Enable USB OTG support for olimex stm32-e407 and stm32f407g_disc1
boards by adding USB OTG to the pinmux table. Also, fix out of
range endpoint addresses in CDC ACM case for STM32F4 based boards.
Signed-off-by: Sudarsana Nagineni <sudarsana.nagineni@intel.com>
'make flash' is failing for altera_max10 board due to the
missing NIOS2_CPU_SOF environment variable. Though it is set
in arch/nios2/soc/nios2f-zephyr/CMakeLists.txt but it is not
taking effect when flashing script is run. The reason could be
following which is mentioned in https://itk.org/Wiki/CMake_FAQ
"environment variables SET in the CMakeLists.txt only
take effect for cmake itself (configure-time), so you cannot use
this method to set an environment variable that a custom command
might need (build-time)."
Now, NIOS2_CPU_SOF is set from boards/nios2/altera_max10/board.cmake
file which is more logical because all the FLASH related environment
variables are being set from board.cmake
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
The exticrX registers were shifted by a word, so configuring
an EXTI line on a port different of PA misconfigured the EXTI line
source and could flood with unwanted events.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Added Inter-IC Sound driver (based on SSC module) for Atmel
SAM MCU family.
Tested on Atmel SMART SAM E70 Xplained board
Origin: Original
Jira: ZEP-2509
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Added DMA (XDMAC) driver for Atmel SAM MCU family. The driver provides
private DMA API to be used by the SAM family device drivers. Public
DMA API to be used by user space programs is currently missing.
Tested on Atmel SMART SAM E70 Xplained board
Origin: Original
Jira: ZEP-1609
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Save the required scratch pad register (in this case only edx)
before calling the C function.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Not all boards require the various binary formats zephyr generates. So
be selective based on the arch, SoC or board and only geenrate the
binaries actually needed.
Fixes#5009
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Implement API to validate user buffer. This API will iterate
all MPU regions to check if the given buffer is user accessible
or not. For #3832.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Unlike other NXP SoCs currently in Zephyr, the mimxrt1052 has the ARM
MPU rather than the NXP MPU. Start out by enabling it with a simple set
of memory regions for "flash" (ITCM), "ram" (DTCM), and the peripheral
buses. More regions will need to be added when we implement support for
external memories.
Tested with:
- samples/mpu/mpu_stack_guard_test
- tests/kernel/mem_protect/protection
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds the mimxrt1052 SoC, which belongs to a new family (nxp_imx) and
series (rt) of SoCs. The mimxrt1052 integrates an Arm Cortex-M7 core,
512 KB TCM, and many peripherals including 2D graphics, an LCD display
controller, camera interface, SPDIF and I2S. Unlike other SoCs in
Zephyr, the mimxrt1052 has no internal flash.
This initial port to mimxrt1052 configures the system clock to operate
at 528 MHz, and enables the serial/uart and gpio interfaces to support
the hello_world and blinky samples. Support for additional Zephyr driver
interfaces will come later.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
When CONFIG_X86_MMU is enabled for arduino 101 the start address
should be aligned to 4kB. If not aligned the page tables would not
be created and the build fails.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
During swap the required page tables are configured. The outgoing
thread's memory domain pages are reset and the incoming thread's
memory domain is loaded. The pages are configured if userspace
is enabled and if memory domain has been initialized before
calling swap.
GH-3852
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Added architecture specific support for memory domain destroy
and remove partition for arm and nxp. An optimized version of
remove partition was also added.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This is intended for memory-constrained systems and will save
4K per thread, since we will no longer reserve room for or
activate a kernel stack guard page.
If CONFIG_USERSPACE is enabled, stack overflows will still be
caught in some situations:
1) User mode threads overflowing stack, since it crashes into the
kernel stack page
2) Supervisor mode threads overflowing stack, since the kernel
stack page is marked non-present for non-user threads
Stack overflows will not be caught:
1) When handling a system call
2) When the interrupt stack overflows
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Besides the fact that we did not have that for the current supported
boards, that makes sense for this new, virtualized mode, that is meant
to be run on top of full-fledged x86 64 CPUs.
By having xAPIC mode access only, Jailhouse has to intercept those MMIO
reads and writes, in order to examine what they do and arbitrate if it's
safe or not (e.g. not all values are accepted to ICR register). This
means that we can't run away from having a VM-exit event for each and
every access to APIC memory region and this impacts the latency the
guest OS observes over bare metal a lot.
When in x2APIC mode, Jailhouse does not require VM-exits for MSR
accesses other that writes to the ICR register, so the latency the guest
observes is reduced to almost zero.
Here are some outputs of the the command line
$ sudo ./tools/jailhouse cell stats tiny-demo
on a Jailhouse's root cell console, for one of the Zephyr demos using
LOAPIC timers, left for a couple of seconds:
Statistics for tiny-demo cell (x2APIC root, x2APIC inmate)
COUNTER SUM PER SEC
vmexits_total 7 0
vmexits_management 3 0
vmexits_cr 2 0
vmexits_cpuid 1 0
vmexits_msr 1 0
vmexits_exception 0 0
vmexits_hypercall 0 0
vmexits_mmio 0 0
vmexits_pio 0 0
vmexits_xapic 0 0
vmexits_xsetbv 0 0
Statistics for tiny-demo cell (xAPIC root, xAPIC inmate)
COUNTER SUM PER SEC
vmexits_total 4087 40
vmexits_xapic 4080 40
vmexits_management 3 0
vmexits_cr 2 0
vmexits_cpuid 1 0
vmexits_msr 1 0
vmexits_exception 0 0
vmexits_hypercall 0 0
vmexits_mmio 0 0
vmexits_pio 0 0
vmexits_xsetbv 0 0
Statistics for tiny-demo cell (xAPIC root, x2APIC inmate)
COUNTER SUM PER SEC
vmexits_total 4087 40
vmexits_msr 4080 40
vmexits_management 3 0
vmexits_cr 2 0
vmexits_cpuid 1 0
vmexits_exception 0 0
vmexits_hypercall 0 0
vmexits_mmio 0 0
vmexits_pio 0 0
vmexits_xapic 0 0
vmexits_xsetbv 0 0
See that under x2APIC mode on both Jailhouse/root-cell and guest, the
interruptions from the hypervisor are minimal. That is not the case when
Jailhouse is on xAPIC mode, though. Note also that, as a plus, x2APIC
accesses on the guest will map to xAPIC MMIO on the hypervisor just
fine.
Signed-off-by: Gustavo Lima Chaves <gustavo.lima.chaves@intel.com>
This is an introductory port for Zephyr to be run as a Jailhouse
hypervisor[1]'s "inmate cell", on x86 64-bit CPUs (running on 32-bit
mode). This was tested with their "tiny-demo" inmate demo cell
configuration, which takes one of the CPUs of the QEMU-VM root cell
config, along with some RAM and serial controller access (it will even
do nice things like reserving some L3 cache for it via Intel CAT) and
Zephyr samples:
- hello_world
- philosophers
- synchronization
The final binary receives an additional boot sequence preamble that
conforms to Jailhouse's expectations (starts at 0x0 in real mode). It
will put the processor in 32-bit protected mode and then proceed to
Zephyr's __start function.
Testing it is just a matter of:
$ mmake -C samples/<sample_dir> BOARD=x86_jailhouse JAILHOUSE_QEMU_IMG_FILE=<path_to_image.qcow2> run
$ sudo insmod <path to jailhouse.ko>
$ sudo jailhouse enable <path to configs/qemu-x86.cell>
$ sudo jailhouse cell create <path to configs/tiny-demo.cell>
$ sudo mount -t 9p -o trans/virtio host /mnt
$ sudo jailhouse cell load tiny-demo /mnt/zephyr.bin
$ sudo jailhouse cell start tiny-demo
$ sudo jailhouse cell destroy tiny-demo
$ sudo jailhouse disable
$ sudo rmmod jailhouse
For the hello_world demo case, one should then get QEMU's serial port
output similar to:
"""
Created cell "tiny-demo"
Page pool usage after cell creation: mem 275/1480, remap 65607/131072
Cell "tiny-demo" can be loaded
CPU 3 received SIPI, vector 100
Started cell "tiny-demo"
***** BOOTING ZEPHYR OS v1.9.0 - BUILD: Sep 12 2017 20:03:22 *****
Hello World! x86
"""
Note that the Jailhouse's root cell *has to be started in xAPIC
mode* (kernel command line argument 'nox2apic') in order for this to
work. x2APIC support and its reasoning will come on a separate commit.
As a reminder, the make run target introduced for x86_jailhouse board
involves a root cell image with Jailhouse in it, to be launched and then
partitioned (with >= 2 64-bit CPUs in it).
Inmate cell configs with no JAILHOUSE_CELL_PASSIVE_COMMREG flag
set (e.g. apic-demo one) would need extra code in Zephyr to deal with
cell shutdown command responses from the hypervisor.
You may want to fine tune CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC for your
specific CPU—there is no detection from Zephyr with regard to that.
Other config differences from pristine QEMU defaults worth of mention
are:
- there is no HPET when running as Jailhouse guest. We use the LOAPIC
timer, instead
- there is no PIC_DISABLE, because there is no 8259A PIC when running
as a Jailhouse guest
- XIP makes no sense also when running as Jailhouse guest, and both
PHYS_RAM_ADDR/PHYS_LOAD_ADD are set to zero, what tiny-demo cell
config is set to
This opens up new possibilities for Zephyr, so that usages beyond just
MCUs come to the table. I see special demand coming from
functional-safety related use cases on industry, automotive, etc.
[1] https://github.com/siemens/jailhouse
Reference to Jailhouse's booting preamble code:
Origin: Jailhouse
License: BSD 2-Clause
URL: https://github.com/siemens/jailhouse
commit: 607251b44397666a3cbbf859d784dccf20aba016
Purpose: Dual-licensing of inmate lib code
Maintained-by: Zephyr
Signed-off-by: Gustavo Lima Chaves <gustavo.lima.chaves@intel.com>
Add support for nrf52 series SOC. This patch Adds :-
1. Architecture specific Power Management APIs.
2. APIs for invoking various Power Management tasks into nrf52.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Remove defines for IRQs we don't use. We should be getting this from DT
so this gives us a list of what we need to cleanup. Remove various
memory address offset defines to the ones we actually use.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Some "random" drivers are not drivers at all: they just implement the
function `sys_rand32_get()`. Move those to a random subsystem in
preparation for a reorganization.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The CLOCK_CONTROL config option is already defined in
drivers/clock_control, so there's no need to redefine it in arch/.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>