This commit refactors kernel and arch headers to establish a boundary
between private and public interface headers.
The refactoring strategy used in this commit is detailed in the issue
This commit introduces the following major changes:
1. Establish a clear boundary between private and public headers by
removing "kernel/include" and "arch/*/include" from the global
include paths. Ideally, only kernel/ and arch/*/ source files should
reference the headers in these directories. If these headers must be
used by a component, these include paths shall be manually added to
the CMakeLists.txt file of the component. This is intended to
discourage applications from including private kernel and arch
headers either knowingly and unknowingly.
- kernel/include/ (PRIVATE)
This directory contains the private headers that provide private
kernel definitions which should not be visible outside the kernel
and arch source code. All public kernel definitions must be added
to an appropriate header located under include/.
- arch/*/include/ (PRIVATE)
This directory contains the private headers that provide private
architecture-specific definitions which should not be visible
outside the arch and kernel source code. All public architecture-
specific definitions must be added to an appropriate header located
under include/arch/*/.
- include/ AND include/sys/ (PUBLIC)
This directory contains the public headers that provide public
kernel definitions which can be referenced by both kernel and
application code.
- include/arch/*/ (PUBLIC)
This directory contains the public headers that provide public
architecture-specific definitions which can be referenced by both
kernel and application code.
2. Split arch_interface.h into "kernel-to-arch interface" and "public
arch interface" divisions.
- kernel/include/kernel_arch_interface.h
* provides private "kernel-to-arch interface" definition.
* includes arch/*/include/kernel_arch_func.h to ensure that the
interface function implementations are always available.
* includes sys/arch_interface.h so that public arch interface
definitions are automatically included when including this file.
- arch/*/include/kernel_arch_func.h
* provides architecture-specific "kernel-to-arch interface"
implementation.
* only the functions that will be used in kernel and arch source
files are defined here.
- include/sys/arch_interface.h
* provides "public arch interface" definition.
* includes include/arch/arch_inlines.h to ensure that the
architecture-specific public inline interface function
implementations are always available.
- include/arch/arch_inlines.h
* includes architecture-specific arch_inlines.h in
include/arch/*/arch_inline.h.
- include/arch/*/arch_inline.h
* provides architecture-specific "public arch interface" inline
function implementation.
* supersedes include/sys/arch_inline.h.
3. Refactor kernel and the existing architecture implementations.
- Remove circular dependency of kernel and arch headers. The
following general rules should be observed:
* Never include any private headers from public headers
* Never include kernel_internal.h in kernel_arch_data.h
* Always include kernel_arch_data.h from kernel_arch_func.h
* Never include kernel.h from kernel_struct.h either directly or
indirectly. Only add the kernel structures that must be referenced
from public arch headers in this file.
- Relocate syscall_handler.h to include/ so it can be used in the
public code. This is necessary because many user-mode public codes
reference the functions defined in this header.
- Relocate kernel_arch_thread.h to include/arch/*/thread.h. This is
necessary to provide architecture-specific thread definition for
'struct k_thread' in kernel.h.
- Remove any private header dependencies from public headers using
the following methods:
* If dependency is not required, simply omit
* If dependency is required,
- Relocate a portion of the required dependencies from the
private header to an appropriate public header OR
- Relocate the required private header to make it public.
This commit supersedes #20047, addresses #19666, and fixes#3056.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
In the cortex-r port we are currently using GIC as a fake cascade
controller hooked to a fake parent IRQ #0. And in gic_init() we use
IRQ_CONNECT() to connect this dummy IRQ.
Unfortunately this value is shifted and offset when calling
irq_set_priority_next_level() that tries to set the IRQ priority on a
value of 0xffffffff.
This value is offset again in gic_irq_set_priority() that actually sets
the priority on the PPI #31.
Fix this avoiding to set any priority for IRQ #0.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Existed already in commit 8ddf82cf70 ("First commit"). Has never been
used.
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Existed already in commit 8ddf82c ("First commit"). Has never been
used.
Found with a script.
Also remove some pointless menus that have no visible symbols in them.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Adding r0 to the clobber list in the inline ASM block of
z_arch_switch_to_main_thread(). This instructs assembler
to not use r0 to store ASM expression operands, e.g. in
the subsequent instruction, msr PSR %1.
We also do a minor optimization with the clearing of R1
before jumping to main.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a common definition for NUM_IRQS in arch/arm/core/Kconfig and
arch/riscv/Kconfig. That way, the type doesn't have to be given for
NUM_IRQS in all the Kconfig.defconfig files.
Trying to get rid of unnecessary "full" symbol definitions in
Kconfig.defconfig files, to make the organization clearer. It can also
help with finding unused symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
There are two set of code supporting x86_64: x86_64 using x32 ABI,
and x86 long mode, and this consolidates both into one x86_64
architecture and SoC supporting truly 64-bit mode.
() Removes the x86_64:x32 architecture and SoC, and replaces
them with the existing x86 long mode arch and SoC.
() Replace qemu_x86_64 with qemu_x86_long as qemu_x86_64.
() Updates samples and tests to remove reference to
qemu_x86_long.
() Renames CONFIG_X86_LONGMODE to CONFIG_X86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Define FP_FPU_DA in arch/arc/Kconfig to make it always available. That
way, the Kconfig.defconfig definitions can skip the type, making them
incomplete if the base definition of the symbol disappears. That makes
the organization easier to understand and errors easier to spot.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Define CPU_EM4* and CPU_EM6 in arch/arc/Kconfig to make them always
available. That way, the Kconfig.defconfig definitions can skip the
type, making them incomplete if the base definition of the symbol
disappears. That makes the organization easier to understand and errors
easier to spot.
The help texts were taken from
https://gcc.gnu.org/onlinedocs/gcc/ARC-Options.html. Help texts for
invisible symbols can be checked in the menuconfig too if you go into
show-all mode, so they're better than adding a comment.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
posix_soc_if.h is meant to be a private header between
the POSIX ARCH, SOC, and maybe boards,
it should not contain definitions meant to be used directly
by the kernel or app.
Some definitions were placed here due to a dependency moebius
loop.
Unravel that by removing all header dependencies in posix_soc_if.h,
move those definitions out to a more logical place,
and while we are here reduce the amount of users of
irq_offload.h in POSIX arch related code
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The page tables to use are now stored in the cpuboot struct.
For the first CPU, we set to the flat page tables, and then
update later in z_x86_prep_c() once the runtime tables have
been generated.
For other CPUs, by the time we get to z_arch_start_cpu()
the runtime tables are ready do go, and so we just install
them directly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- Bring in CONFIG_X86_MMU and some related defines to
common X86 Kconfig
- Don't set ARCH_HAS_USERSPACE for intel64 yet when
X86_MMU is enabled
- Uplevel x86_mmu.c to common code
- Add logic for handling PML4 table and generating PDPTs
- move z_x86_paging_init() to common kernel_arch_func.h
- Uplevel inclusion of mmustructs.h to common x86 arch.h,
both need it for memory domain defines
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Program text, rodata, and data need different MMU
permissions. Split out rodata and data from the program
text, updating the linker script appropriately.
Region size symbols added to the linker script, so these
can later be used with MMU_BOOT_REGION().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Same deal as in commit 7fdb525754 ("kconfig: Use 'default' instead of
'def_bool' in Kconfig.defconfig files"), but I hacked Kconfiglib to also
find cases where the type is given separately as e.g.
config FOO
int
default 3
Motivation (from a note in
https://docs.zephyrproject.org/latest/guides/kconfig/index.html):
For a symbol defined in multiple locations (e.g., in a
Kconfig.defconfig file in Zephyr), it is best to only give the
symbol type for the "base" definition of the symbol, and to use
'default' (instead of 'def_<type>' value) for the remaining
definitions. That way, if the base definition of the symbol is
removed, the symbol ends up without a type, which generates a
warning that points to the other definitions. That makes the extra
definitions easier to discover and remove.
It's also nice if 'def_bool' and the like turn into a semi-reliable flag
that the symbol is only defined in Kconfig.defconfig files. That might
be a sign that things could be cleaned up.
Will do a separate pass later to remove some symbols only defined in
Kconfig.defconfig files.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
We add an ARM internal API which allows the kernel to
infer the execution mode we are going to return after
the current exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We introduce a Kconfig option to signify whether
an Architecture has the capability of detecting
whether execution is, currently, in a nested
exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We re-implement the z_arch_is_in_isr function
so it aligns with the implementation for other
ARCHEs, i.e. returning false whenever any IRQ
or system exception is active.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors and cleans up __fault, so the function
- reduces to supplying MSP, PSP, and EXC_RETURN to the C
function for fault handling
- simplifies itself, removing conditional
implementation, i.e. based on ARM Secure firmware,
The reason for that is simple: it is much better to write the
fault handling in C instead of assembly, so we really do only
what is strictly required, in assembly.
Therefore, the commit refactors the z_arm_fault() function
as well, organizing better the different functional blocks,
that is:
- unlocking interrupts
- retriving ESF
- asserting for HW errors
- printing additional error logs
The refactoring unifies the way the ESF is retrieved for the
different Cortex-M variants and security execution states.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add some documentation for ARM-specific function
z_do_kernel_oops, stating clearly that it is only
invoked inside SVC context. We also comment on
the validity of the supplied ESF.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We add a useful inline comment in the SVC handler (written in
assembly), which identifies one of the function return points
a bit more clearly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Replace:
dt_chosen_reg_addr
dt_chosen_reg_size
dt_node_reg_addr
dt_node_reg_size
with:
dt_chosen_reg_addr_int
dt_chosen_reg_size_int
dt_chosen_reg_addr_hex
dt_chosen_reg_size_hex
dt_node_reg_addr_int
dt_node_reg_size_int
dt_node_reg_addr_hex
dt_node_reg_size_hex
So that we get the proper formatted string for the type of symbol.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
"brk" is a break-point instruction which among other things
halts ARC core. As compared to pure halt (which is "flag 1" for ARC)
it is much more convenient as it might be executed from either
secure mode or normal mode (with SecureShield enabled), while "flag"
instruction will raise privilege violation exception if SecureShield
is enabled and we're in "normal" mode.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Unused since commit 6fd6b7e50a ("xtensa: remove legacy arch
implementation").
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Unused since commit 6fd6b7e50a ("xtensa: remove legacy arch
implementation").
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Duplicate definitions elsewhere have been removed.
A couple functions which are defined by the arch interface
to be non-inline, but were implemented inline by native_posix
and intel64, have been moved to non-inline.
Some missing conditional compilation for z_arch_irq_offload()
has been fixed, as this is an optional feature.
Some massaging of native_posix headers to get everything
in the right scope.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* implement DIRECT IRQ support both for normal irq and fast irq.
* add separate interrupt stack for fast irq and use CONFIG_ARC_
_FIRQ_STACK to control it. This will bring shortest interrupt
latency for fast irq.
* note that scheduing in DIRECT IRQ is not supported.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Unused after commit 71ce8ceb18 ("kernel: consolidate error handling
code").
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The PDPT was moved to the stack area since it has alignment
requirements, but never removed from here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The intel64 switch implementation doesn't actually use a switch handle
per se, just the raw thread struct pointers which get stored into the
handle field. This works fine for normally initialized threads, but
when switching out of a dummy thread at initialization, nothing has
initialized that field and the code was dumping registers into the
bottom of memory through the resulting NULL pointer.
Fix this by skipping the load of the field value and just using an
offset instead to get the struct address, which is actually slightly
faster anyway (a SUB immediate instruction vs. the load).
Actually for extra credit we could even move the switch_handle field
to the top of the thread struct and eliminate the instruction
entirely, though if we did that it's probably worth adding some
conditional code to make the switch_handle field disappear entirely.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This commit updates all references to HAS_CMSIS to use HAS_CMSIS_CORE
instead. With the changes introduced to allow multiple CMSIS variants
to be specified, the latter is semantically equivalent to the former.
For more details, see issue #19717.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
In this commit we implement the assembly functions in userspace.S
- z_arm_userspace_enter()
- z_arm_do_syscall()
- z_arch_user_string_nlen()
for ARMv6-M and ARMv8-M Baseline architecture. We "inline" the
implementation for Baseline, along with the Mainline (ARMv7-M)
implementation, i.e. we rework only what is required to build
for Baseline Cortex-M.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In this commit we implement the assembly functions in
swap_helper.S, namely
- z_arm_pendsv()
- z_arm_svc()
for ARMv6-M and ARMv8-M Baseline architecture. We "inline" the
implementation for Baseline, along with the Mainline (ARMv7-M)
implementation, i.e. we rework only what is required to build
for Baseline Cortex-M.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We do not support HW Stack protection capabilities in
Cortex-M Baseline CPUs (unless they have built-in stack
overflow detection capability). We adapt the Kconfig
option to reflect this.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove the
# Omit prompt to signify a "hidden" option
comments that appear on some symbols. They seem to have been copy-pasted
at random, as there are lots of promptless symbols that don't have them
(that's confusing in itself, because it might give the idea that the
ones with comments are special in some way).
I suspect those comments wouldn't have helped me much if I didn't know
Kconfig either. There's a lot more Kconfig documentation now too, e.g.
https://docs.zephyrproject.org/latest/guides/kconfig/index.html.
Keep some comments that give more information than the symbol having no
prompt.
Also do some minor drive-by cleanup.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This is an optional feature and no logic for it should
be present unless CONFIG_IRQ_OFFLOAD is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Line up everything nicely, add leading '0x' to hex
addresses, and remove redundant newlines. Add
whitespace between the register name and contents
so the contents can be easily selected from a terminal.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The struct definitions for pdpt, pd, and pt entries has been
removed:
- Bitfield ordering in a struct is implementation dependent,
it can be right-to-left or left-to-right
- The two different structures for page directory entries were
not being used consistently, or when the type of the PDE
was unknown
- Anonymous structs/unions are GCC extensions
Instead these are now u64_t, with bitwise operations used to
get/set fields.
A new set of inline functions for fetcing various page table
structures has been implemented, replacing the older macros.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This hasn't been necessary since we dropped support for 32-bit
non-PAE page tables. Replace it with u64_t and scrub any
unnecessary casts left behind.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will be used for both 32-bit and 64-bit mode.
This header gets pulled in by x86's arch/cpu.h, so put
it in include/arch/x86/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some assembly simplifications, to make code common for ARMv6
and ARMv7 architecture.
We can use ldrb, directly for reading the SVC encoding; this
removes the need for ANDing the result with 0xff right below.
We remove an immediate value of 0 from an str instruction, as
it's redundant.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add more documentation and inline explanatory comments in
assembly sources swap_helper.S and userspace.S and remove
redundant/wrong documentation when applicable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ARM user space requires ARM_MPU. We can, therefore,
remove the unnecessary #ifdef CONFIG_ARM_MPU blocks
in userspace.S. In addition, we do minor refactoring
in z_arm_userspace_enter(), and z_arm_pendsv(), and
z_arm_svc(), aiming at reducing the push/pop overhead
as much as possible.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
include/sys/arch_inlines.h will contain all architecture APIs
that are used by public inline functions and macros,
with implementations deriving from include/arch/cpu.h.
kernel/include/arch_interface.h will contain everything
else, with implementations deriving from
arch/*/include/kernel_arch_func.h.
Instances of duplicate documentation for these APIs have been
removed; implementation details have been left in place.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Set the NXE bit in the EFER MSR so that the NX bit can
be set in page tables. Otherwise, the NX bit is treated
as reserved and leads to a fault if set.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
arch/arm/core is shared between Cortex-M and Cortex-R, so
enhance the file description headers accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
A clean-up commit that removes unnecessary inclusions from
assembly files in arm/core and arm/core/cortex_m. It also
ogranizes the inclusions based on the following order and
set of rules:
- never include kernel_structs.h
- include toolchain.h and linker/sections.h in all ASM files
- include offsets-short.h, if ASM accesses offset constants
- include arch/cpu.h, if ASM accesses CMSIS constants
(defined locally in include/arch/arm)
- include file-specific headers, if needed (e.g. vector-table.h)
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
after recent changes in zephyr's fault handling, e.g. use log
to repace printk, it requires more stack to exception handling, or
the stack overflow may happen and crash the system.
this commit adds a kconfig option for exception stack size with
a larger default size.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The POSIX ARCH delegates some of the tasks which normally
are taken care of by the ARCH to the SOC or BOARD levels.
To avoid changes in the kernel-arch IF propagating into
the arch-soc and arch-board interfaces (which would break
off-tree posix boards) isolate them.
Also move arch inlined functions into the arch.h header,
and out from the headers which specify the posix arch-soc
and arch-board interfaces.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
arch/cpu.h and kernel_arch_func.h are expected to define different
functions, per the architecture interface.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There's no compelling reason why this should be inline unlike all
other arches, it's a large function, called exactly once.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The specification for these arch APIs is to have them inline,
and the bodies were just oneliners calling another function
anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add in-line documentation describing the process of register
preservation and exception handling on Cortex-R.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The interrupt exit and swap service routines for Cortex-R
unnecessarily preserve r0 and lr registers when making function calls
using bl instruction.
In case of _IntExit in exc_exit.S, the r0 register containing the
caller mode is preserved at the top, and the lr register can safely be
assumed to have been saved into the system mode stack by the interrupt
service routine.
In case of __svc in swap_helper.S, since the function saves lr to the
system mode stack at the top and exits through _IntExit, it is not
necessary to preserve lr register when executing bl instructions.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
It's possible to have multiple processors configured without using the
SMP scheduler, so don't make definitions dependent on CONFIG_SMP.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
In non-SMP MP situations, the interrupt stacks might not exist, so
do not assume they do. Instead, initialize the TSS IST1 from the
cpuboot[] vector (meaning, on APs, the stack from z_arch_start_cpu).
Eliminates redundancy at the same time.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is the Wrong Thing(tm) with SMP enabled. Previously this
worked because interrupts would be re-enabled in the interrupt
entry sequence, but this is no longer the case.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
was ignoring the rest of the expression, though the effect was
harmless (including unreachable code in some builds).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Trivial change to the Kconfig: the first 32 vectors are reserved,
so it's not possible to have 256 IRQ vectors. Change max to 224.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Add duplicate per-CPU data structures (x86_cpuboot, tss, stacks, etc.)
for up to 4 total CPUs, add code in locore and z_arch_start_cpu().
The test board, qemu_x86_long, now defaults to 2 CPUs.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Take a dummy first argument, so that the BSP entry point (z_x86_prep_c)
has the same signature as the AP entry point (smp_init_top).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
A new 'struct x86_cpuboot' is created as well as an instance called
'x86_cpuboot[]' which contains per-CPU boot data (initial stack,
entry function/arg, selectors, etc.). The locore now consults this
table to set up per-CPU registers, etc. during early boot.
Also, rename tss.c to cpu.c as its scope is growing.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
There's no need to qualify the 64-bit CS/DS selectors, and the GS and
TR selectors are renamed CPU0_GS and CPU0_TR as they are CPU-specific.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
In some places the code was being overly pedantic; e.g., there is no
need to load our own 32-bit descriptors because the loader's are fine
for our purposes. We can defer loading our own segments until 64-bit.
The sequence is re-ordered to faciliate code sharing between the BSP
and APs when SMP is enabled (all BSP-specific operations occur before
the per-CPU initialization).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is really just to facilitate CPU bootstrap code between
the BSP and the APs, moving the clear operation out of the way.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
In the general case, the local APIC can't be treated as a normal device
with a single boot-time initialization - on SMP systems, each CPU must
initialize its own. Hence the initialization proper is separated from
the device-driver initialization, and said initialization is called
from the early startup-assembly code when appropriate.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The 32-bit and 64-bit assembly startup sequences share quite a
bunch of common code, so it's factored out into one file to avoid
repeating ourselves (and potentially falling out of sync).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The linker script was missing symbols that defined the boundaries
of kernel memory segments (_image_rom_end, etc.). These are added
so that core/memmap.c can properly account for those segments.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Elevate the previously 32-bit-only z_x86_prep_c() function to common
code, so both 32-bit and 64-bit arches now enter the kernel this way.
Minor changes to prep_c.c to make it build with the SMP scheduler on.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
And set qemu_x86_long board to build with CONFIG_SMP=y by default.
Apparently two benchmark tests - latency_measure and sys_kernel -
do not work with the SMP scheduler, so those tests are disabled.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This patch is a preparatory step in enabling the MMU in
long mode; no steps are taken to implement long mode support.
We introduce struct x86_page_tables, which represents the
top-level data structure for page tables:
- For 32-bit, this will contain a four-entry page directory
pointer table (PDPT)
- For 64-bit, this will (eventually) contain a page map level 4
table (PML4)
In either case, this pointer value is what gets programmed into
CR3 to activate a set of page tables. There are extra bits in
CR3 to set for long mode, we'll get around to that later.
This abstraction will allow us to use the same APIs that work
with page tables in either mode, rather than hard-coding that
the top level data structure is a PDPT.
z_x86_mmu_validate() has been re-written to make it easier to
add another level of paging for long mode, to support 2MB
PDPT entries, and correctly validate regions which span PDPTE
entries.
Some MMU-related APIs moved out of 32-bit x86's arch.h into
mmustructs.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch re-namespaces global variables and functions
that are used only within the arch/arm/ code to be
prefixed with z_arm_.
Some instances of CamelCase have been corrected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* the old codes may not save the caller saved regs correctly,
e.g. r7- r12. Because the sys call entry is called in the form
of static inline function. The compiler optimizations may not save
all the caller saved regs.
* new codes use the irq stack frame as the sys call frame and gurantee
all the called saved regs are pushed and popped correctly.
* the side effect of new codes are more stack operations and a little
overhead.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
This makes it clearer that this is an API that is expected
to be implemented at the architecture level.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The main and idle threads, and their associated stacks,
were being referenced in various parts of the kernel
with no central definition. Expose these in kernel_internal.h
and namespace with z_ appropriately.
The main and idle threads were being defined statically,
with another variable exposed to contain their pointer
value. This wastes a bit of memory and isn't accessible
to user threads anyway, just expose the actual thread
objects.
Redundance MAIN_STACK_SIZE and IDLE_STACK_SIZE defines
in init.c removed, just use the Kconfigs they derive
from.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This metric shows when the system first enters an idle
state, which has already been recorded in the arch-
independent implementation of the idle thread.
Only x86 was doing this.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is part of the core kernel -> architecture interface and
has been renamed z_arch_kernel_init().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
z_set_thread_return_value is part of the core kernel -> arch
interface and has been renamed to z_arch_thread_return_value_set.
z_set_thread_return_value_with_data renamed to
z_thread_return_value_set_with_data for consistency.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
k_cpu_idle() and k_cpu_atomic_idle() were being directly
implemented by arch code.
Rename these implementations to z_arch_cpu_idle() and
z_arch_cpu_atomic_idle(), and call them from new inline
function definitions in kernel.h.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is part of the core kernel -> architecture interface
and is appropriately renamed z_arch_is_in_isr().
References from test cases changed to k_is_in_isr().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is part of the core kernel -> architecture interface
and should have a leading prefix z_arch_.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Global variables related to timing information have been
renamed to be prefixed with z_arch, with naming arranged
in increasing order of specificity.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
ACPI is predominantly x86, and only currently implemented on x86,
but it is employed on other architectures, so rename accordingly.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Simple naming change, since MULTIBOOT is clear enough by itself and
"namespacing" it to X86 is unnecessary and/or inappropriate.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
x86 has more complex memory maps than most Zephyr targets. A mechanism
is introduced here to manage such a map, and some methods are provided
to populate it (e.g., Multiboot).
The x86_info tool is extended to display memory map data.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Originally, the multiboot info struct was copied in the early assembly
language code. This code is moved to a C function in multiboot.c for
two reasons:
1. It's about to get more complicated, as we want the ability to use
a multiboot-provided memory map if available, and
2. this will faciliate its sharing between 32- and 64-bit subarches.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Implement a simple ACPI parser with enough functionality to
enumerate CPU cores and determine their local APIC IDs.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
* In ARC, pop reg ==> sp=sp-4; *sp= b; The original codes have bug that
the save of ilink (st ilink [sp]) will crash the interruptted stack's
content. This commit fixes this bug and makes the codes easier to
understand
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Various C and Assembly modules
make function calls to z_sys_trace_*. These merely call
corresponding functions sys_trace_*. This commit
is to simplify these by making direct function calls
to the sys_trace_* functions from these modules.
Subsequently, the z_sys_trace_* functions are removed.
Signed-off-by: Mrinal Sen <msen@oticon.com>
- Remove redundant inclusions in irq_init.c
- Remove comment about thread_abort function,
which does not belong in this file (probably
left-out during code refactoring)
- Include arm cmsis.h only under #ifdef CONFIG_ARM
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This used to be part of the "restore always" set of registers because
__swap was expected to return a value. No longer required, so RAX is
moved to the volatile registers and we save a few cycles occasionally.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
A space is allocated in the TSS for per-CPU variables. At present,
this is only a 'struct _cpu *' to find the _kernel CPU struct. The
locore routines are rewritten to find _current and _nested via this
pointer rather than referencing the _kernel global directly.
This is obviously in preparation for SMP support.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This function call was erroneously inserted between the instruction
that set the Z flag and the instruction that tested the Z flag. The
call is moved up a few instructions where it can't junk CPU state.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Declare the 64-bit TSS as a struct, and define the instance in C.
Add a data segment selector that overlaps the TSS and keep that
loaded in GS so we can access the TSS via a segment-override prefix.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is moved from arch/x86/include/ia32/kernel_arch_func.h to the
common header arch/x86/include/kernel_arch_func.h so it can be shared.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is largely a conceptual change rather than an actual change.
Instead of using an array of interrupt stacks (one for each IRQ
nesting level), we use one interrupt stack and subdivide it. The
effect is the same, but this is more in line with the Zephyr model
of one ISR stack per CPU (as reflected in init.c).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Like its 32-bit sibling, the 64-bit code should EOI inline rather than
invoking a function. Defeats the performance advantages of x2APIC.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The boot time measurement sample was giving bogus values on x86: an
assumption was made that the system timer is in sync with the CPU TSC,
which is not the case on most x86 boards.
Boot time measurements are no longer permitted unless the timer source
is the local APIC. To avoid issues of TSC scaling, the startup datum
has been forced to 0, which is in line with the ARM implementation
(which is the only other platform which supports this feature).
Cleanups along the way:
As the datum is now assumed zero, some variables are removed and
calculations simplified. The global variables involved in boot time
measurements are moved to the kernel.h header rather than being
redeclared in every place they are referenced. Since none of the
measurements actually use 64-bit precision, the samples are reduced
to 32-bit quantities.
In addition, this feature has been enabled in long mode.
Fixes: #19144
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
There are not enough bits in k_thread.thread_state with SMP enabled,
and the field is (should be) private to the scheduler, anyway. So
move state bits to the _thread_arch where they belong.
While we're at it, refactor some offset data w/r/t _thread_arch
because it can be shared between 32- and 64-bit subarches.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
k_thread.thread_state (or rather, _thread_base.thread_state) should be
private to the kernel/scheduler, so flags previously stored there are
moved to _thread_arch where the belong.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
when enable CONFIG_CUSTOM_SECTION_ALIGN, it need less alignment
memory for image rom region. But that needs carefully configure
MPU region and sub-regions(ARMv7-M) to cover this feature.
Fixes: #17337.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
The GNU ARM Embedded "8-2019-q3-update" toolchain
erroneously uses "typeof" instead of "__typeof__".
To work around this we define typeof to be able to
support it.
This reverts commit 01a71eae3d.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We don't need to save the ABI caller-save registers here, because
we don't preempt threads from nested IRQ contexts.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is a naive implementation which does "eager" context switching
for floating-point context, which, of course, introduces performance
concerns. Other approaches have security concerns, SMP implications,
and impact the x86 arch and Zephyr project as a whole. Discussion is
needed, so punting with the straightforward solution for now.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Fleshed out z_arch_esf_t and added code to build this frame when
exceptions occur. Created a separate small stack for exceptions and
shifted the initialization code to use this instead of the IRQ stack.
Moved IRQ stack(s) to irq.c.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The IRQ_OFFLOAD_VECTOR config option is also moved to the arch level,
as it is shared between both 32- and 64-bit subarches.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Using the arch Kconfig here, instead of kernel/Kconfig. Intel64 with
the SysV ABI requires some pretty big stacks. These 4K-8K defaults
are arguably a bit small, but the Zephyr defaults are REALLY too small.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
First "complete" version of Intel64 support for x86. Compilation of
apps for supported boards (read: up_squared) with CONFIG_X86_LONGMODE=y
is now working. Booting, device drivers, interrupts, scheduling, etc.
appear to be functioning properly. Beware that this is ALHPA quality,
not ready for production use, but the port has advanced far enough that
it's time to start working through the test suite and samples, fleshing
out any missing features, and squashing bugs.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Widen the integer to pointer size before conversion, to make
explicit the intent (and silence the compiler warning). Also
fix a minor bug involving a duplicate (and thus dead) store.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This patch adds basic build infrastructure, definitions, a linker
script, etc. to use the Zephyr and 0.10.1 SDK to build a 64-bit
ELF binary suitable for use with GRUB to minimally bootstrap an
Apollo Lake (e.g., UpSquared) board. The resulting binary can hardly
be called a Zephyr kernel as it is lacking most of the glue logic,
but it is a starting point to flesh those out in the x86 tree.
The "kernel" builds with a few harmless warnings, both with GCC from
the Zephyr SDK and with ICC (which is currently being worked on in
a separate branch). These warnings are either related to pointer size
differences (since this is an LP64 build) and/or dummy functions
that will be replaced with working versions shortly.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Use different headers for kernel_arch_{func,thread}.h when in
CONFIG_X86_LONGMODE, and add placeholders for Intel64 versions.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Some definitions may be shared between subarchitectures, so refactor
accordingly. The definitions are also modified to separate bits. A
placeholder is created for the Intel64 definitions.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The IA32 and Intel64 subarchitectures will generate different offset
symbols, so they are refactored. No functional change.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The _irq_to_interrupt_vector[] array shouldn't be accessed directly,
as there is a macro for this.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Convert how we get the various chosen properties like "zephyr,console"
to use the new kconfig functions like dt_chosen_to_label.
Because of how kconfig parses things we define a set of variables of the
form DT_CHOSEN_Z_<PROP> since comma's are parsed as field seperators in
macros.
This conversion allows us to remove code in gen_defines.py for the
following chosen properties:
zephyr,console
zephyr,shell-uart
zephyr,bt-uart
zephyr,uart-pipe
zephyr,bt-mon-uart
zephyr,uart-mcumgr
zephyr,bt-c2h-uart
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We re-wrote the xtensa arch code, but never got around
to purging the old implementation.
Removed those boards which hadn't been moved to the new
arch code. These were all xt-sim simulator targets and not
real hardware.
Fixes: #18138
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
From the Jailhouse days, this has been a function call. That's silly.
We now inline the EOI in the ISR when in x2APIC mode. Also clean up
z_irq_controller_eoi(), so it now uses the inline macros.
Also, we now enable x2APIC on up_squared by default.
Fixes: #17133
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Use enumerate() to fix this pylint warning:
C0200: Consider using enumerate instead of iterating with range and
len (consider-using-enumerate)
enumerate() is handy when the loop body needs both the element and its
index. It returns (index, element) tuples.
Also use a tuple unpacking to extract 'handler' from the elements in
'vector'.
Piggyback a slightly simpler way to build a list of num_chars 0s.
Getting rid of warnings for a CI check.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Accidentally passed two arguments instead of one. Fixes this pylint
error:
arch/x86/gen_idt.py:132:8: E1121: Too many positional arguments for
function call (too-many-function-args)
Fixing pylint warning for a CI check.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Fix this warning, as a preparation for a CI check:
arch/common/gen_isr_tables.py:167:11: C0123: Using type() instead of
isinstance() for a typecheck. (unidiomatic-typecheck)
isinstance() has the advantage that it also handles inheritance, though
it doesn't really matter here. It's more common at least.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Getting slightly subjective, but fixes this pylint warning:
arch/x86/gen_idt.py:281:11: R1714: Consider merging these
comparisons with "in" to 'handler not in (spur_code, spur_nocode)'
(consider-using-in)
Getting rid of pylint warnings for a CI check. I could disable any
controversial ones (it's already a list of warnings to enable anyway).
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Promote a handy and often-overlooked sys.exit() feature: Passing it a
string (or any other non-int object) prints it to stderr and exits with
status 1.
See the documentation at
https://docs.python.org/3/library/sys.html#sys.exit.
This indirectly prints some errors to stderr that previously went to
stdout.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This adds a simple infinite loop when double exception is raised.
Without this, if double exception occurs, it would execute
arbitrary code.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This follows the z_arch_irq_en-/dis-able() so that the SoC
definitions are responsible for functions related to multi-level
interrupts.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Currently, the interrupt service code manually raises the CPU task
priority to the priority level of the vector being serviced to defer
any lower-priority interrupts. This is unnecessary; the local APIC
is aware that an interrupt is in-service and accounts for its priority
when deciding whether to issue an overriding interrupt to the CPU.
Signed-off-by: Charles E. Youse <charles@gnuless.org>
Use the 'not in' operator. Fixes this pylint warning:
arch/xtensa/core/xtensa_intgen.py:77:7: C0113: Consider changing
"not lvl in ints_by_lvl" to "lvl not in ints_by_lvl" (unneeded-not)
Fixing pylint warnings for a CI check.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Reported by pylint's 'bad-whitespace' warning.
Not gonna enable this warning in the CI check, because it flags stuff
like deliberately aligning assignments and gets too cultish. Just a
cleanup pass.
For whatever reason, the common convention in Python is to skip spaces
around '=' when passing keyword arguments and giving default arguments:
f(x=3, y=4)
def f(x, y=8):
...
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The code in question is very non-trivial so without good explanation
it takes a lot of time to realize what's done there and why
it still works in the end.
Here I'm trying to save a couple of man-days for the next developers
who's going to touch that piece of code.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
This commit makes it possible to infer Z_ARCH_EXCEPT()
calls in SVCs that escalate to HardFault due to being
invoked from priority level equal or higher to the
interrupt priority level of the SVC Handler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
commit 780324b8ed ("cleanup: rename fiber/task -> thread")
seems to be done by a script and in that particular case turned
menaingful sentence into nonsense. Alas, threads might be in all
four states.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Anas Nashif <anas.nashif@intel.com>
We manage IRQs in a quite a different way now since
commit f8d061faf7 ("arch: arc: add nested interrupt support")
so that comment not only makes no sense but also may fool a reader
as disabling of interrupts happens in the very beginning of
_rirq_exit() but not here.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
we should not rely on that eret has a copy of ilink in fast
irq handling. This will cause crash for hs cores.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
For the old codes, if nest interrupts come out after _isr_wrapper
and before _check_nest_int_by_irq_act, then multi-bits in irq_act
will be set, this will result irq stack will not be switched in
correctly
As a fix, it's still need to use nest interrupt counter to do
interrupt stack switch as before
The difference is in the past exc_nest_count is used, but here
_kernel.nested/_kernel.cpus[cpu_id].nested is used.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* in arc secureshield interrupts can be configured
as secure or normal
* in sw design, high interrupt priorites are allocated to
secure world, low priorities are allocated to normal world.
* secure interrupt > secure thread > normal interrupt > normal
thead
So, here secure world/firmware only checks secure interrupt
priorities
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
it's not allowed to switch to thread preempted by exception as
its context is not saved.
So if a thread switch is required in exception handling, e.g.
kill a thread, the old thread cannot be switched back
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
For arc processor equiped with secureshield, SEC_STAT.IRM
bit should be recorded, it determins which mode irq should
return
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Set the recommended thread stack size to 40 bytes in case a build is
made for a 64-bit native posix board
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Update the xtensa backend to work better with the new fatal error
architecture. Move the stack frame dump (xtensa uses a variable-size
frame becuase we don't spill unused register windows, so it doesn't
strictly have an ESF struct) into z_xtensa_fatal_error(). Unify the
older exception logging with the newer one (they'd been sort of glomed
together in the recent rework), mostly using the asm2 code but with
the exception cause stringification and the PS register field
extraction from the older one.
Note that one shortcoming is that the way the dispatch code works, we
don't have access to the spilled frame from within the spurious error
handler, so this can't log the interrupted CPU state. This isn't
fixable easily without adding overhead to every interrupt entry, so it
needs to stay the way it is for now. Longer term we could exract the
caller frame from the window state and figure it out with some
elaborate assembly, I guess.
Fixes#18140
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
It was discovered that the xtensa version of
z_arch_irq_connect_dynamic() was being removed along with the old
xtensa architecture support, because it was never included in the asm2
builds.
But there's no xtensa-specific code in it at all. Architectures that
use the existing sw_isr_table mechanism and don't (or can't, in the
case of xtensa which has fixed interrupt priority) interpret the other
parameters might as well have access to a working generic
implementation.
Fixes#18272
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Remove extern "C" support from files that don't declare objects or
functions.
In arch/arc/arch.h the extern "C" in the including context is left
active during an include to avoid more complex restructuring.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Remove extern "C" support from files that don't declare objects or
functions.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
In arch.h the extern "C" in the including context is left active during
include of target-specific mpu headers to avoid more complex
restructuring.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
'recoverable' is a value passed by reference and we
should be dereferencing the pointer, to check if the
fault has been classified as recoverable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Remove extern "C" support from files that don't declare objects or
functions.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
SR and LR were used as global names for load and store RISC-V assembler
operations, colliding with other uses such as SR for STATUS REGISTER in
some peripherals. Renamed them to a longer more specific name to avoid
the collision.
Signed-off-by: Karsten Koenig <karsten.koenig.030@gmail.com>
When coming out of an exception, we need to mask interrupts
to avoid races when decrementing the nested count. Move
the instruction that does this earlier.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Related to #17997, for the POSIX arch:
* Remove some unnecessary extern "C" and ifdef blocks
* Move an include out of one of these blocks
* Add a missing extern "C" block
Background:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
* it's based on ARC SecureShield
* add basic secure service in arch/arc/core/secureshield
* necesssary changes in arch level
* thread switch
* irq/exception handling
* initialization
* add secure time support
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
according to high-level design,in user mode software-triggered system
fatal exceptions only allow oops and stack check failure
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
exception, different with irq offload, may be raised interrupt
handling, e.g.
* z_check_stack_sentinel
* wrong code
we need to add specific handling of this case in exception handling
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
after appling the new "_get_curr_cpu_irq_stack" in _exc_entry,
the caculation of exception stack is wrong, this will
cause stack overflow, make the exception handling corrupt.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
This commit enables the option to route the BusFault,
HardFault, and NMI exceptions in Secure state, when
building for Cortex-M CPUs with ARM_SECURE_FIRMWARE=y.
This allows the various test to utilize BusFault,
HardFault and NMI exceptions during testing.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For now we enforce the medany code model for 64-bit builds as we get
reloc issues otherwise. The instruction set and ABI are also set to
soft-float usage.
The ilp32 ABI is explicitly specified on 32-bit build to make sure
it is not using a wrong default if the same toolchain is used for both
32- and 64-bit builds. The archittecture options are the same as the
SDK's riscv32 toolchain default in that case.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Since commit c535300539 ("drivers/timer: New ARM SysTick driver"),
_NanoIdleValGet and _NanoIdleValClear have been unused.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Assembly language start code will enter here, which sets up
early kernel initialization and then calls z_cstart() when
finished.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Removes very complex boot-time generation of page tables
with a much simpler runtime generation of them at bootup.
For those x86 boards that enable the MMU in the defconfig,
set the number of page pool pages appropriately.
The MMU_RUNTIME_* flags have been removed. They were an
artifact of the old page table generation and did not
correspond to any hardware state.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* modify the reset flow for SMP
* add smp related initialization
* implement ipi related functions
* implement thread switch in isr/exception
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* arc connect is a component to connect multiple arc cores
* it's necessary for arc smp support
* the following features are implemented
* inter-core interrupt unit
* gloabl free running counter
* inter-core debug unit
* interrupt distribute unit
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Makes the code that defines stacks, and code referencing
areas within the stack object, much clearer.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, context switching on x86 with memory protection
enabled involved walking the page tables, de-configuring all
the partitions in the outgoing thread's memory domain, and
then configuring all the partitions in the incoming thread's
domain, on a global set of page tables.
We now have a much faster design. Each thread has reserved in
its stack object a number of pages to store page directories
and page tables pertaining to the system RAM area. Each
thread also has a toplevel PDPT which is configured to use
the per-thread tables for system RAM, and the global tables
for the rest of the address space.
The result of this is on context switch, at most we just have
to update the CR3 register to the incoming thread's PDPT.
The x86_mmu_api test was making too many assumptions and has
been adjusted to work with the new design.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The current API was assuming too much, in that it expected that
arch-specific memory domain configuration is only maintained
in some global area, and updates to domains that are not currently
active have no effect.
This was true when all memory domain state was tracked in page
tables or MPU registers, but no longer works when arch-specific
memory management information is stored in thread-specific areas.
This is needed for: #13441#13074#15135
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These turned out to be quite useful when debugging MMU
issues, commit them to the tree. The output format is
virtually the same as gen_mmu_x86.py's verbose output.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently page tables have to be re-computed in
an expensive operation on context switch. Here we
reserve some room in the page tables such that
we can have per-thread page table data, which will
be much simpler to update on context switch at
the expense of memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Has the same effect of catching stack overflows, but
makes debugging with GDB simpler since we won't get
errors when inspecting such regions. Making these
areas non-present was more than we needed, read-only
is sufficient.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There are two aspects to this: CPU registers are twice as big, and the
load and store instructions must use the 'd' suffix instead of the 'w'
one. To abstract register differences, we simply use a ulong_t instead
of u32_t given that RISC-V is either ILP32 or LP64. And the relevant
lw/sw instructions are replaced by LR/SR (load/store register) that get
defined as either lw/sw or ld/sd. Finally a few constants to deal with
register offsets are also provided.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The ARM specific _impl_k_thread_abort function only applies to Cortex-M
so move it to the cortex_m specific directory.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Adapted from similar code in the x86_64 port.
Useful when debugging boot problems on actual x86
hardware if a JTAG isn't handy or feasible.
Turn this on for qemu_x86.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* when fpu is configured or mpy_option > 6,
accl regs (r58, r59) will be configured,
they are used by fpu and mac, and are caller
-saved scratch regs, so need to be saved before
jumping to interrupt handlers
* r25 and r30 are also caller-saved scratch reg.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
for arc, floating point support cannot be enabled
automatically, so k_float_enable is requred.
z_arch_float_enable is for k_float_enable
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The ARC HS is a family of high performance CPUs from Synopsys
capable of running wide range of applications from heavy DPS
calculation to full-scale OS.
Still as with other ARC cores ARC HS might be tailored to
a particular application.
As opposed to EM cores ARC HS cores always have support of unaligned
data access and by default GCC generates such a data layout with
so we have to always enable unaligned data access in runtime otherwise
on attempt to access such data we'd see "Unaligned memory exception".
Note we had to explicitly mention CONFIG_CPU_ARCEM=y in
all current defconfigs as CPU_ARC{EM|HS} are now parts of a
choice so we cannot simply select ether option in board's Kconfig.
And while at it change "-mmpy-option" of ARC EM to "wlh1"
which is the same as previously used "6" but matches
Programmer's Reference Manual (PRM) and is more human-friendly.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
ARCv2 cores may access data not aligned by the data size boundary.
I.e. read entire 32-bit word from address 0x1.
This feature is configurable for ARC EM cores excluding those with
secure shield 2+2 mode. When it's available in hardware it's required
to enable that feature in run-time as well setting status32.AD bit.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
KFLAG instruction might affect multiple flags in STATUS32 register
and so when we need just AE-bit to be reset we need first read current
state of STATUS32, then change our bit and set STATUS32 again.
Otherwise critical flags including stack checking, unaligned access etc
will be dropped for good.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Up until now only ARC EM family has been supported in Zephyr
which don't support atomic operations other than
compare-and-excange, so custom atomic ops with load-locked(LLOCK)/
store-conditional(SCOND) were never used that's how we never
realised CONFIG_ATOMIC_OPERATIONS_CUSTOM points to the wrong file:
"atomic.c" while real implementation is in "atomic.S".
Fix that now.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
It looks like, at some point in the past, initializing thread stacks
was the responsibility of the arch layer. After that was centralized,
we forgot to remove the related conditional header inclusion. Fixed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
* use IRQ_ACT to check nest interrupt
* implement an asm macro for nest interrupt check
* no need to use exc_nest_count, remove it
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* do not use a specific variable (saved_r0/saved_sp) to free r0
/exchange sp, but use stack to do that.
* it will make code scalable, e.g. for SMP, no need to define
variables for each core
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* as ilink has a copy in ERET, it can be reused as a gp
* use ilink to do the job of arc_exc_saved_sp to save 4 bytes
and save some cycles because no load/store of memory
* it will make code scalable, e.g. for SMP, no need to
define variables for each core
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
User mode is only allowed to induce oopses and stack check
failures via software-triggered system fatal exceptions. This
commit forces a kernel oops if any other fatal exception reason
is enforced.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This is now called z_arch_esf_t, conforming to our naming
convention.
This needs to remain a typedef due to how our offset generation
header mechanism works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We had a function that did this, but it was dead code.
Move to fatal.c and call from z_arm_fatal_error().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We introduce a new z_fatal_print() API and replace all
occurrences of exception handling code to use it.
This routes messages to the logging subsystem if enabled.
Otherwise, messages are sent to printk().
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* z_NanoFatalErrorHandler() is now moved to common kernel code
and renamed z_fatal_error(). Arches dump arch-specific info
before calling.
* z_SysFatalErrorHandler() is now moved to common kernel code
and renamed k_sys_fatal_error_handler(). It is now much simpler;
the default policy is simply to lock interrupts and halt the system.
If an implementation of this function returns, then the currently
running thread is aborted.
* New arch-specific APIs introduced:
- z_arch_system_halt() simply powers off or halts the system.
* We now have a standard set of fatal exception reason codes,
namespaced under K_ERR_*
* CONFIG_SIMPLE_FATAL_ERROR_HANDLER deleted
* LOG_PANIC() calls moved to k_sys_fatal_error_handler()
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We are standardizing to a arch-independent set of exception
reason codes, don't overload it with internal state of
the ARM fault handling code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
sw_isr_table has two entries, an argument and an ISR function. The
comment on struct _isr_table_entry in include/sw_isr_table.h says that
"This allows a table entry to be loaded [...] with one ldmia
instruction, on ARM [...]". Some arch, e.g. SPARC, also has a double
word load instruction, "ldd", but the instruct must have address align
to double word or 8 bytes.
This commit makes the table alignment configurable. It allows each
architecture to specify it, if needed. The default value is 0 for no
alignment.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
The SoC initialization code used system clock frequency
as a CPU clock frequency. This commit corrects that by
obtaining the needed value from DTS.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Fix a race which seems to have been presenting itself
very sporadically on loaded systems.
The race seems to have caused tests/kernel/sched/schedule_api
to fail at random on native_posix.
The case is a bit convoluted:
When the kernel calls z_new_thread(), the POSIX arch saves
the new thread entry call in that new Zephyr thread stack
together with a bit of extra info for the POSIX arch.
And spawns a new pthread (posix_thread_starter()) which
will eventually (after the Zephyr kernel swapped to it),
call that entry function.
(Note that in principle a thread spawned by pthreads may
be arbitrarily delayed)
The POSIX arch does not try to synchronize to that new
pthread (because why should it) until the first time the
Zephyr kernel tries to swap to that thread.
But, the kernel may never try to swap to it.
And therefore that thread's posix_thread_starter() may never
have got to run before the thread was aborted, and its
Zephyr stack reused for something else by the Zephyr app.
As posix_thread_starter() was relaying on looking into that
thread stack, it may now be looking into another thread stack
or anything else.
So, this commit fixes it by having posix_thread_starter()
get the input it always needs not from the Zephyr stack,
but from its own pthread_create() parameter pointing to a
structure kept by the POSIX arch.
Note that if the thread was aborted before reaching that point
posix_thread_starter() will NOT call the Zephyr thread entry
function, but just cleanup.
With this change all "asynchronous" parts of the POSIX arch
should relay only on the POSIX arch own structures.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Qemu is already updated past 2.9 release, so this
workaround for QEMU_CORTEX_M3 is now obsolete and
can be removed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Before, attempting to induce a kernel oops would instead
lead to a general protection fault as the interrupt vector
was at DPL=0.
Now we allow by setting DPL=3. We restrict the allowable
reason codes to either stack overflows or kernel oops; we
don't want user mode to be able to create a kernel panic,
or fake some other kind of exception.
Fixes an issue where the stack canary test case was triggering
a GPF instead of a stack check exception on x86.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need to pass -m64 instead of -m32 when CONFIG_64BIT is set.
This is pretty x86 centric. Many platforms don't have the ability
to select between 32-bits or 64-bits builds and either of those should
be dropped in that case with restriction on the available configuration
done elsewhere. But for the time being this allows for testing both.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Correct the storage type of the thread status pointer
not assuming 32bit pointer and integer size
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
For the x86 architecture the z_arch_float_disable() is only
implemented when building with CONFIG_LAZY_FP_SHARING, so we
make z_arch_float_disable() return -ENOSYS when we build with
FLOAT and FP_SHARING but on an x86 platform where
LAZY_FP_SHARING is not supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The current version is 32-bit specific, so move it to ia32/
and add a layer of indirection via an arch-level header file.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Refactoring 32- and 64-bit subarchitectures, so this file is moved
to ia32/ and a new "redirector" header file is introduced.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This data is subarchitecture-specific, so move it to ia32/
and add a layer of indirection at the architecture level.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Some of this is 32-bit specific, some applies to all subarchitectures.
A preliminary attempt is made to refactor and place 32-bit-specific
portions in ia32/kernel_arch_data.h.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file merely declares external functions referenced only
by ia32/cache.c, so the declarations are inlined instead.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file was used to generate offsets for host tools that are no
longer in use, so it's removed and the offsets are no longer generated.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Over time, this has been reduced to a few functions dealing solely
with floating-point support, referenced only from core/ia32/float.c.
Thus they are moved into that file and the header is eliminated.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
* if thread switchs in interrupt, the target sp must be in
thread's kernel stack, no need to do hardware sp switch
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The MVIC is no longer supported, and only the APIC-based interrupt
subsystem remains. Thus this layer of indirection is unnecessary.
This also corrects an oversight left over from the Jailhouse x2APIC
implementation affecting EOI delivery for direct ISRs only.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This header is currently IA32-specific, so move it into the subarch
directory and update references to it.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Making room for the Intel64 subarch in this tree. This header is
32-bit specific and so it's relocated, and references rewritten
to find it in its new location.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This file is 32-bit specific, so it is moved into the ia32/ directory
and references to it are updated accordingly.
Also, SP_ARG* definitions are no longer used, so they are removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Eliminate definitions for MSRs that we don't use. Centralize the
definitions for the MSRs that we do use, including their fields.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This pattern exists in both the include/arch/x86 and arch/x86/include
trees. This indirection is historic and unnecessary, as all supported
toolchains for x86 support gas/gcc-style inline assembly.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
z_arm_do_syscall is executing in privileged mode. This implies
that we shall not be allowed to use the thread's default
unprivileged stack, (i.e push to or pop from it), to avoid any
possible stack corruptions.
Note that since we execute in PRIV mode and no MPU guard or
PSPLIM register is guarding the end of the default stack, we
won't be able to detect any stack overflows.
This commit implement the above change, by forcing
z_arm_do_syscall() to FIRST switch to privileged
stack and then do all the preparations to execute
the system call.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We need to correct the inline comment in swap_helper.S,
which is suggesting that system call attempts with
invalid syscall IDs (i.e. above the limit) do not force
the CPU to elevate privileges. This is in fact not true,
since the execution flow moves into valid syscall ID
handling.
In other words, all we do for system calls with invalid
ID numbers is to treat them as valid syscalls with the
K_SYSCALL_BAD ID value.
We fix the inline documentation to reflect the actual
execution flow.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
System call arguments are indexed from 1 to 6, so arg0
is corrected to arg1 in two occasions. In addition, the
ARM function for system calls is now called z_arm_do_syscall,
so we update the inline comment in __svc handler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
If the offset within the thread struct to the
ARC arch-specific 'relinquish_cause' member is too
large, ld_s instructions referencing it will not
compile. This happens easily if CONFIG_THREAD_NAME
reserves a name buffer within the thread struct, since
all the arch-specific members come last.
Use the regular 'ld' instruction instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
ARMv8-M architecture supports the built-in stack overflow
detection mechanisms via the SPLIM registers. However, the
user might still wish to use the traditional MPU-based stack
overflow detection mechanism (for testing or other reasons).
We now allow the user to enable HW stack protection, but
manually turn off BUILTIN_STACK_GUARD option. This will force
the MPU_STACK_GUARD option to be selected.
It is still not allowed for the user to not select any stack
guard mechanisms, if HW_STACK_PROTECTION is selected.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Work around a testcase problem, where we want to check some
logic for the bounds check bypass mitigation in the common
kernel code. By changing the ifdef to the x86-specific option
for these lfence instructions, we avoid IAMCU build errors
but still test the common code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fix the start of the guard to take into account the
configurable size of the guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
* here use new style z_arch_switch,i.e. CONFIG_USE_SWITCH
to replace old swap mechnism.
* it's also required by SMP support
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
move misc/reboot.h to power/reboot.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/dlist.h to sys/dlist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move tracing.h to debug/tracing.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Under FP shared registers mode (CONFIG_FP_SHARING=y),
a thread's user_options flag is checked during swap and
during stack fail check. Therefore, in k_float_disable()
we want to ensure that a thread won't be swapped-out with
K_FP_REGS flag cleared but still FP-active (CONTROL.FPCA
being not zero). To ensure that we temporarily disable
interrupts.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the ARM stack fail checking, under FP
Sharing registers mode, to account for the right width of
the MPU stack guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For threads that appear to be FP-capable (i.e. with K_FP_REGS
option flag set), we configure a wide MPU stack guard, if we
build with stack protection enabled (CONFIG_MPU_STACK_GUARD=y).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When an FP capable thread (i.e. with K_FP_REGS option)
transitions into user mode, we want to allocate a wider
MPU stack guard region, to be able to successfully detect
overflows of the privilege stack during system calls. For
that we also need to re-adjust the .priv_stack_start pointer,
which denotes the start of the writable area of the privilege
stack buffer.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When an FP capable thread is created (i.e. with K_FP_REGS
option) we want to allocate a wider MPU stack guard region,
to be able to successfully detect stack overflows. For that
we also need to re-adjust the values that will be passed to
the thread's stack_info .start and .size parameters.
applicable) for a thread which intends to use the FP services.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This adds the necessary bits to utilize the x86_64 toolchain
built by sdk-ng for x86_64 when toolchain variant is either
zephyr or xtools. This allows decoupling the builds from
the host toolchain.
Newlib is also available with this toolchain so remove
the Kconfig restriction on CONFIG_NEWLIB_LIBC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The libc hooks for Newlib requires CONFIG_SRAM_SIZE and
the symbol "_end" at the end of memory. This is in preparation
for enabling Newlib for x86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This was only enabled by the MVIC, which in turn was only used
by the Quark D2000, which has been removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The Quark D2000 is the only x86 with an MVIC, and since support for
it has been dropped, the interrupt controller is orphaned. Removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This commit aligns the programming of the privileged stack MPU
guard with that of the default stack guard (i.e of supervisor
threads). In particular:
- the guard is programmed BELOW the address indicated in
arch.priv_stack_start; it is, therefore, similar to the
default guard that is programmed BELOW stack_info.start.
An ASSERT is added to confirm that the guard is programmed
inside the thread privilege stack area.
- the stack fail check is updated accordningly
- arch.priv_stack_start is adjusted in arch_userspace_enter(),
to make sure we account for a (possible) guard requirement,
that is, if building with CONFIG_MPU_STACK_GUARD=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit re-organizes the macro definitions in arch.h for
the ARM architecture. In particular, the commit:
- defines the minimum alignment requirement for thread stacks,
that is, excluding alignment requirement for (possible)
MPU stack guards.
- defines convenience macros for the MPU stack guard align and
size for threads using the FP services under Shared registers
mode (CONFIG_FP_SHARING=y). For that, a hidden Kconfig option
is defined in arch/arm/core/cortex_m/mpu/Kconfig.
- enforces stack alignment with a wide MPU stack guard (128
bytes) under CONFIG_FP_SHARING=y for the ARMv7-M architecture,
which requires start address alignment with power-of-two and
region size.
The commit does not change the amount of stack that is reserved
with K_THREAD_STACK_DEFINE; it only determines the stack buffer
alignment as explained above.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
These constants do not need global exposure, as they're only
referenced in the reboot API implementation. Also their names
are trimmed to fit into the X86-arch-specific namespace.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This appears to date all the way back to the initial import
and is used in exactly one place if DEBUG is on. Removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Previously the existing EFLAGS was used as a base which was
then manipulated accordingly. This is unnecessary as the bits
preserved contain no useful state related to the new thread.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The ARCH_CHOICE symbol on the arch/Kconfig choice for Architecture
selection, allows for multiple definitions of the choice group which
makes it possible for out-of-tree architectures to add entries to the
list as needed.
For example, in $(ARCH_DIR)/$(ARCH)/Kconfig by adding something like;
choice ARCH_CHOICE
config xARCH
bool "xARCH architecture"
endchoice
No functional change expected.
Signed-off-by: Danny Oerndrup <daor@demant.com>
No-cache SRAM section is currently used for ARM-only builds
with support for no-cacheable memory sections (i.e.
CONFIG_ARCH_HAS_NOCACHE_MEMORY_SUPPORT) and it holds
uninitialized data. This commit properly defines the
corresponding linker section using SECTION_DATA_PROLOGUE
and GROUP_DATA_LINK_IN macros.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Create source directory for IA32-subarch specific files, and move
qualifying files to that subdirectory.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The only we support cores that don't have CMOV insns are the MINUTEIAs,
so we simply check for that rather this using a layer of indirection.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This option is set iff CONFIG_X86 is set, thus it provides no useful
information. Remove the option and replace references with CONFIG_X86.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This commit adds the architecture-specific implementation
of k_float_disable() for ARM and x86.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Support for Floating Point (both un-sharing and sharing
registers mode) is currently implemented for ARM and X86
architectures, so reflect this in the Kconfig symbol
definition.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When building without support for user mode (CONFIG_USERSPACE=n)
we need to correct the starting address of the MPU Guard, before
passing it to the function that evaluates whether a stack
corruption has occurred. The bug was introduced by commit
(60bae5de38) in
PR-13619, where the start address of the MPU guard was properly
corrected, but the guard start at the corresponding stack-fail
check was not adjusted accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
More clearly differentiate MVIC vs. APIC timer code, and use new APIC
accessors in include/drivers/loapic.h. Remove extraneous comments, and
other light cleanup work.
This driver is in need of a serious overhaul -- despite appearing to
have support for TICKLESS_KERNEL and DEVICE_POWER_MANAGEMENT, bitrot
has taken its toll and the driver will not build with these enabled.
These should be removed or made to work... but not in this patch.
Old x2APIC-related accessors in kernel_arch_func.h are eliminated.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Simple renaming and Kconfig reorganization. Choice of local APIC
access method isn't specific to the Jailhouse hypervisor.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
The real-mode startup code is trivially changed to refer to MSR
definitions in include/arch/x86/msr.h, rather than its ad-hoc ones.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Light reorganization. All MSR definitions and manipulation functions
are consolidated into one header. The names are changed to use an
X86_* prefix instead of IA32_* which is misleading/incorrect.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
drivers/interrupt_controller/i8259.c is not a driver; it exists
solely to disable the i8259s when the configuration calls for it.
The six-byte sequence to mask the controllers is moved to crt0.S
and the pseudo-driver is removed.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This is the generic symbol to select or otherwise test for when 64-bit
compilation is desired. Two trivial usages of this symbol are also
included.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Change removes tracing hooks before threads are initialized
and thread switched out hook for ARM before first time switching
to main thread.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
ARC EM4 is just a baseline configuration of ARC EM family of CPU cores.
But with addition of more featuers like caches, DSP extensions etc
we're effectively getting EM6, EM5D etc templates.
So to not confuse users let's talk about families of ARC cores
as that's what makes sense together with extra features but not
templates itself.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
A basic display driver is added for a generic 32-bpp framebuffer.
Glue logic is added to the x86 arch to request the intitialization
of a linear framebuffer by the Multiboot loader (GRUB) and connect
it to this generic driver.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
When booting using GRUB, some useful information about the environment
is given to us via a boot information structure. We've not made any
use of this information so far, but the x86 framebuffer driver will.
A skeletal definition of the structure is given, and provisions are
made to preserve its contents at boot if the configuration requires it.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Per guidelines, all statements should have braces around them. We do not
have a CI check for this, so a few went in unnoticed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
ip register holds the stack_info.size (it is passed as argument
into z_arch_user_mode_enter(.)). We trust that the value of
stack_info.size contains the accurate size of the writable
stack buffer, above stack_info.start (as specified in kernel.h).
Therefore, we do not need to subtract any bytes for the MPU
stack guard. This allows us to clean-up one more occurrence of
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT in userspace.S.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
It's useful to be able to inspect the key returned from
z_arch_irq_unlock() to see if interrupts were enabled at the point
where z_arch_irq_lock() was called. Architectures tend to represent
this is a simple way that doesn't require platform assembly to
inspect.
Adds a simple test to kernel/common that validates this predicate with
a nested lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We do have a multi-architecture latency benchmark now, this one was x86
only, was never used or compiled in and is out-dated.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
arm_core_mpu_enable() and arm_core_mpu_disable() functions are
effectively static functions, only used in the drivers for ARM
and NXP MPU, therefore, we do not need to expose them in the
arm_core_mpu_dev.h header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_core_mpu_dev.h is an internal API, and is not supposed to
be directly called by kernel / application functions, therefore,
we can move it inside arch/arm/core/cortex_m/mpu directory.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Kconfig options:
- ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
- ARM_ENTRY_VENEERS_LIB_NAME
Use these to link the veneers lib into the Non-Secure Firmware when
needed.
Also, make the path passed to the linker absolute to make it work with
makefiles.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Rename function _PlatformInit() to z_platform_init() to
comply with naming conventions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT is taken into
account when allocating the area for the interrupt stack
using the K_THREAD_STACK_DEFINE macro. Therefore, we can
simplify how the top of the stack is derived during the
initialization of the system, by removing one more
occurrence of CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For architectures with custom swap to main, currently:
- arm
- posix
we are now using K_THREAD_STACK_SIZEOF macro to pass the
main thread stack size to z_arch_switch_to_main_thread().
This does not introduce any behavioral changes for posix;
the K_THREAD_STACK_SIZEOF() simply returns the sizeof()
the stack object. For Arm, this allows us to clean-up one
more occurence of CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT
in kernel_arch_func.h.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When in Sharing Floating Point Services mode we want to
dynamically save and restore the FP registers in thread
context switch, depending on whether the swapped-in and
swapped-out threads are currently using the FP registers.
This commit adds this functionality to the ARM context
switch mechanism. The logic consists of inspecting the
corresponding status flag (present in thread.arch.mode)
to decide whether to save or restore the FP registers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Only a single bit of the 4-byte internal (thread.arch) status
variable 'mode' is currently used, when we build with User mode
support (CONFIG_USERSPACE=y). In this commit we extend the usage
of 'mode' variable, adding an additional bit-flag to track the
status of the floating point context in a particular thread,
i.e. to track whether FP context is active or not. The status
bit is meant to be used in context-switch, to restore the FP
register context when required.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The initial carved stack frame only needs to contain the basic
stack frame (state context), because:
- under No/Unshared FP Services mode no FP context is stacked.
- under FP Sharing mode FP context is cleared upon thread
creation.
This commit removes the unnecessary stacking of the FP context
during thread initialization. This results in reduced stack
usage under the Shared FP Services mode (CONFIG_FP_SHARING=y).
Also, we do not need to initialize the FPSCR, because there is
no FP stack frame carved.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In FP Sharing mode we enable both automatic and lazy state
preservation of the FP context. This configuration improves
interrupt latency. Under this configuration the FP registers
will only be stacked when the thread is swapped out during
context-switch. Before jumping to main() we clear the FPCA
flag of the CONTROL register, so the FP context can be used
by the main thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
