The difference between __irq_disable() and irq_lock() is that the former
essentially translates to `cpsid i`, whereas `irq_lock()` translates to
setting BASEPRI (on cores with BASEPRI). This means that using
irq_lock() does not disable zero-latency interrupts (ZLIs), which
reduces the potential execution latency of ZLIs.
In both isr_wrapper and _arch_isr_direct_pm() (which is just
really an implementation of ISR_DIRECT_PM()), we were using
__irq_disable() to disable all interrups, including ZLIs. But the code
executed with interrupts disabled handles waking up from idle, and so
must only be protected against regular interrupts being executed, not
ZLIs, which should have no effect on the correct execution of the code.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Allow to specify a human readable full name for archs that can then be
leveraged e.g. in the documentation.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
riscv_cpu_wake_flag and riscv_cpu_sp are variables, not functions, so
they should use the GDATA macro instead of the GTEXT macro. Otherwise,
the linker will warn when LTO is enabled:
ld.bfd: warning: type of symbol `riscv_cpu_wake_flag' changed from 2 to
1 in /tmp/cc39w5oK.ltrans0.ltrans.o
ld.bfd: warning: type of symbol `riscv_cpu_sp' changed from 2 to 1 in
/tmp/cc39w5oK.ltrans0.ltrans.o
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
In the commit 573a712bed patch "arm64:
reset: disable cache and MMU for safety", it disables D-Cache and MMU
for safety, but in some cases, for example the code is loaded into memory
by hardware debugger, we need to flush D-Cache before disable it in
order to make sure the data is coherent in the system, otherwise it
will report "Synchronous Abort" when D-Cache is disabled.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
This reverts commit 573a712bed.
The original patch disable cache and MMU, but in some cases, for example
the code is loaded into memory by hardware debugger, we need to flush
D-Cache before disable it in order to make sure the data is coherent
in the system, otherwise it will report "Synchronous Abort" when D-Cache
is disabled.
This patch revert the old one and the following patch will flush
the cache before disable it.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Added new configuration item to optionally enable APIs for operation
all data cache, by default these APIs are disabled.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Commit 87719828ac introduced FSR definitions
for ARMv7-A/R; however, the value 16 which is documented in the ARM[1] as
a "TLB Conflict Abort", was introduced as "TLB Conflict Fault" instead and
described as a "Table Conflict Fault".
Update all affected files to use the ARM's naming for this error instead.
[1] Architecture Reference Manual (Document ID: ARM DDI 0406C.d)
"ARM Architecture Reference Manual for ARMv7-A and ARMv7-R Edition"
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
Introduce a Kconfig choice to select Pointer Authentication and Branch
Target Identification (PACBTI) features on Armv8.1-M Mainline CPUs.
The available options map to supported `-mbranch-protection` levels
(`standard`, `pac-ret`, `bti`, and combinations) documented at
https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
These options enable hardware-assisted control-flow integrity mechanisms on
targets like Cortex-M85, and require a toolchain with PACBTI support, such
as GCC 14.2 or newer.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Instead of both checking CONFIG_BOARD_QEMU_X86 and
CONFIG_BOARD_QEMU_X86_64, simply check for CONFIG_QEMU_TARGET.
This also helps qemu_x86_tiny, qemu_x86_lakemont and any
future/downstream QEMU targets to keep things simple.
Signed-off-by: Ederson de Souza <ederson.desouza@intel.com>
the device_state need realocate when boot as second core.
as the relocation does not know the alignment, this could
be a case that the next data is mis-place after relocation.
fix this by add a alignment in device_state section.
still need revert aec0355380
reported in #86871fixes: #82841
Signed-off-by: Hake Huang <hake.huang@oss.nxp.com>
Due to erratum 1013783-B, speculative accesses might be performed
to normal memory unmapped in the MPU. This can be avoided by using
MPU region 0 to cover all unmapped memory and make this region
execute-never and inaccessible.
Note that this applies when CPU Cortex-M7 implements MPU and D-cache.
Signed-off-by: Manuel Argüelles <manuel.arguelles@nxp.com>
This adds a new kconfig and corresponding code to allow flushing
auto-refill data TLBs when page tables are swapped (e.g. during
context switching). This is mainly used to avoid multi-hit TLB
exception raised by certain memory access pattern. If memory is
only marked for user mode access but not inside a memory domain,
accessing that page in kernel mode would result in a TLB being
filled with kernel ASID. When going back into user mode, access
to the memory would result in another TLB being filled with
the user mode ASID. Now there are two entries on the same memory
page, and the multi-hit TLB exception will be raised if that
memory page is accessed. This type of access is better served
using memory partition and memory domain to share data. However,
this type of access is not prohibited but highly discouraged.
Wrapping the code in kconfig is simply because of the execution
penalty as there will be unnecessary TLB refilling being done.
So only enable this if necessary.
Fixes#88772
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This patch fixes memory corruption that can happen when running in
multi-thread and multi-core environment with heavy scheduling stress.
In SMP configuration, we must ensure that all thread's context is
stored before writing the switch_handle flag. Otherwise some of the
thread context writes could be delayed after another CPU begins to
schedule this thread which could lead to memory corruptions.
Signed-off-by: Sylvain Chouleur <schouleur@snapchat.com>
Initializing the C++ stack unwinding data structures takes quite a bit
of stack space. Increase the TEST_EXTRA_STACK_SIZE when using these.
Signed-off-by: Keith Packard <keithp@keithp.com>
Zephyr switched to using CMSIS_6 module in f726cb51
which breaks certain boards like `nucleo_h745zi_q/stm32h745xx/m7` when
CONFIG_CORTEX_M_DWT, CONFIG_TIMING_FUNCTIONS are enabled and cmsis from
`module/hal/cmsis` is not available (deleted explicitly after west
update).
This commit adds a provision to be able to use CMSIS_6 macros when the
module cmsis is not available.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Stack walking on x86_64 can run with compiler optimization and
does not need CONFIG_NO_OPTIMIZATIONS as long as frame pointers
are not omitted. So remove the "depends on" for x86_64
from CONFIG_ARCH_HAS_STACKWALK.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add missing curly braces in if/while/for statements.
This is a style guideline we have that was not enforced in CI. All
issues fixed here were detected by sonarqube SCA.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Building gdbstub for xtensa is failing currently with multiple
failures like
arch/xtensa/core/gdbstub.c:432:24: error: invalid operands to \
binary - (have 'int *' and 'const struct arch_esf *')
432 | if ((int *)bsa - stack > 4) {
Fix them by using appropriate pointer types.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
The original 'arch_pm_s2ram_resume' implementation saved lr on the stack
using 'push {lr}' and restored it using 'pop {lr}'. However, the Thumb-1
'pop' does not support lr as a target register, so this code would not
compile for ARMv6-M or ARMv8-M Baseline. r0 was added to these push/pop
later in 2590c48d40.
In 474d4c3249, arch_pm_s2ram* functions were
modified to no longer use the stack, which incidentally "fixed" this issue.
b4fb5d38eb reverted this commit and brought
back 'pop {r0, lr}' as-is, without taking compatibility into account.
Modify the sequence to use "pop {r0, pc}" which is supported on all
ARM M-profile implementations (v6/v7/v8 Baseline/v8 Mainline), and
add comments to (hopefully) prevent this issue from re-appearing.
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
On the Xilinx MPSoC (Cortex-R5) platform, erratic operation was often
seen when an operation which disabled the dcache, such as sys_reboot,
was performed. Usually this manifested as an undefined instruction trap
due to the CPU jumping to an invalid memory address.
It appears the problem was due to dirty cache lines being present at the
time the cache is disabled. Once the cache is disabled, the CPU will
ignore the cache contents and read the possibly out-of-date data in main
memory. Likewise, since the cache was being cleaned after it was already
disabled, if the CPU had already written through changes to some memory
locations, cleaning the cache at that point would potentially overwrite
those changes with older data.
The fact that the arch_dcache_flush_and_invd_all function was being
called to do the cleaning and invalidation also contributed to this
problem, because it is a non-inline function which means the compiler
will generate memory writes to the stack when the function is called and
returns. Corruption of the stack can result in the CPU ending up jumping
to garbage addresses when trying to return from functions.
To avoid this problem, the cache is now cleaned and invalidated prior to
the dcache being disabled. This is done by directly calling the
L1C_CleanInvalidateDCacheAll function, which, as it is declared as force
inline, should help ensure there are no memory accesses, which would
populate new cache lines, between the cache cleaning and disabling the
cache.
Ideally, for maximum safety, the cache cleaning and cache disabling
should be done in assembler code, to guarantee that there are no memory
accesses generated by the compiler during these operations. However, the
present change does appear to solve this issue.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
This file previously defined an MPU access permission mode of 0x7 which
corresponded to privileged read-only, unprivileged read-only, similar to
mode 0x6. However, it appears that at least Cortex-R5 does not support
this mode, defining 0x7 as UNP (Unpredictable) or a value which should
not be used.
This value was in turn referenced by the REGION_FLASH_ATTR macro, which
caused the offending value to be used when a memory region was declared
as DT_MEM_ARM(ATTR_MPU_FLASH) in the device tree, causing such regions
to not work properly on Cortex-R5.
Since 0x6 is supported by both Cortex-M and Cortex-R and does the same
thing, there is no reason to use 0x7. Remove the RO_Msk definition which
referenced it, and change REGION_FLASH_ATTR to use P_RO_U_RO_Msk instead.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Add Kconfig option to dump only a portion of stack from the
current stack pointer to the stack end. This is enough to
let gdb reconstruct the stack trace and can significantly
reduce the dump size. This is crucial if the core dump needs
to be sent over radio.
Additionally, add another option to set the limit for the
dumped stack portion.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This ASSERT fails because the comparison is made between the physical
APIC ID and the virtual CPU's LAPIC ID. If CPU-1 is assigned to ACRN,
it considers that CPU as its CPU-0.
Signed-off-by: Anisetti Avinash Krishna <anisetti.avinash.krishna@intel.com>
Xtensa arch layer has some custom compilation commands to
generate the interrupt dispatchers and the core-isa* files.
However, the include path to find core-isa.h does not work
for Espressif ESP32. So update the mechanism to use correct
path pointing to Espressif HAL when targeting ESP32 family
SoCs.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The QingKe V2C has an integer multiplier but no divide. Add support
for the corresponding Zmmul extension and, as the extension was added
in GCC 13.0, add a test for the compiler version.
Signed-off-by: Michael Hope <michaelh@juju.nz>
Add support for .mot file flash using west flash command
The RX build output .mot as binary file to flash into
board
Signed-off-by: Phi Tran <phi.tran.jg@bp.renesas.com>
Signed-off-by: Duy Nguyen <duy.nguyen.xa@renesas.com>
GCC and Clang support the undefined behavior sanitizer in any
configuration, the only restriction is that if you want to get nice
messages printed, then you need the ubsan library routines which are only
present for posix architecture or when using picolibc.
This patch adds three new compiler properties:
* sanitizer_undefined. Enables the undefined behavior sanitizer.
* sanitizer_undefined_library. Calls ubsan library routines on fault.
* sanitizer_undefined_trap. Invokes __builtin_trap() on fault.
Overhead for using the trapping sanitizer is fairly low and should be
considered for use in CI once all of the undefined behavior faults in
Zephyr are fixed.
Signed-off-by: Keith Packard <keithp@keithp.com>
There is no need for kernel/internal/smp.h as SOF does not call
z_sched_ipi(). Actually... git log over there has no mention of
z_sched_ipi() anywhere, just arch_sched_ipi().
And include <ksched.h> for source using z_sched_ipi() since
they are using scheduling functions, and would be the correct
file to include.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Move and rephrase the comment to better explain reason why obtained
IRQ number is decremented.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Allow to place the vector table section in SRAM with
CONFIG_SRAM_VECTOR_TABLE option for all cortex-m architecture that
have VTOR register.
Signed-off-by: Martin Hoff <martin.hoff@silabs.com>
Move SRAM_VECTOR_TABLE symbol from general Kconfig to Arch Kconfig
because it depends on the architecture possibility to relocate the
vector table.
Signed-off-by: Martin Hoff <martin.hoff@silabs.com>
The declaration for the text region '__text_region_start' and
'__text_region_end' should be consistent with the declaration in the
include file 'zephyr/linker/linker-defs.h'.
The local declarations are:
extern uintptr_t __text_region_start, __text_region_end;
whereas 'linker_defs.h' declares them as:
extern char __text_region_start[];
extern char __text_region_end[];
This may result in conflicting types when 'linker_defs.h' is indirectly
included. Hence, remove the local declarations.
Signed-off-by: Christoph Winklhofer <cj.winklhofer@gmail.com>
The `nocache` is not loadable, thus data stored therein cannot be
initialized by the startup code. This might be needed in special
cases. E.g. One might have a buffer which one wants to DMA into,
and which is a member of a struct. Other members of the struct one
may want to have initialized by the startup code.
The buffer thus should be placed in the `nocache` region, but for
the other members of the buffer to be initialized by the startup
code, the `nocache` region needs to be loadable.
Fix it by making the `nocache` region loadable. Adding a KConfig
symbol to do this optionally was considered, but deemed unnecessary
during the PR.
Signed-off-by: Julian Achatzi <mail@achatzi.pro>
When looking for jump address in the syscall table, we need to
multiply the syscall ID by 4 before adding the address offset
of the beginning of the table. This is due to the jump address
being 32-bit (4 bytes). Instead of using two instructions to
shift the ID by 4 first and then the addition, we can use one
ADDX4 instruction to achieve the same result.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Since the necessary register values are now pre-computed and
stored in the memory domain struct, we can use them directly
in various assembly locations, thus replacing the function
call to xtensa_swap_update_page_tables().
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
When context switching and dealing with non-nested interrupts,
the context to be restored are saved in the thread stack.
When userspace is enabled, this means saving context into
the user stacks for user threads. This allows PS values to be
manipulated externally by setting PS.RING in the saved PS
value to 0, resulting in granting kernel access privilege when
the thread is restored. To prevent this, we store the PS value
into the thread struct instead, where user threads cannot
manipulate that. Note that nested interrupts and syscalls are
not using the user stack but the interrupt stack and thread
privileged stack respectively, where they are not accessible
under user mode.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
When syscall assembly is executed, the EPC points to the syscall
instruction, and we have to manually advance it so we will
return to the instruction after syscall to continue execution.
However, with zero-overhead loops and the syscall instruction is
the last instruction, this simple addition does not work as it
would point past the loop and would have skipped the loop.
Because of this, syscall entrance would need to look at the loop
registers and set the PC back to the beginning of loop if we are
still looping. Assuming most of the syscalls are not inside
loops, the extra handling code consumes quite a few cycles.
To workaround this, simply adds a nop after syscall so we no
longer have to deal with loops at syscall entrance, and that
a nop is faster than all the code to manipulate loop registers.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This extends arch_cohere_stacks() to handle privileged stacks of
user threads when userspace is enabled.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
