The difference between __irq_disable() and irq_lock() is that the former
essentially translates to `cpsid i`, whereas `irq_lock()` translates to
setting BASEPRI (on cores with BASEPRI). This means that using
irq_lock() does not disable zero-latency interrupts (ZLIs), which
reduces the potential execution latency of ZLIs.
In both isr_wrapper and _arch_isr_direct_pm() (which is just
really an implementation of ISR_DIRECT_PM()), we were using
__irq_disable() to disable all interrups, including ZLIs. But the code
executed with interrupts disabled handles waking up from idle, and so
must only be protected against regular interrupts being executed, not
ZLIs, which should have no effect on the correct execution of the code.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Commit 87719828ac introduced FSR definitions
for ARMv7-A/R; however, the value 16 which is documented in the ARM[1] as
a "TLB Conflict Abort", was introduced as "TLB Conflict Fault" instead and
described as a "Table Conflict Fault".
Update all affected files to use the ARM's naming for this error instead.
[1] Architecture Reference Manual (Document ID: ARM DDI 0406C.d)
"ARM Architecture Reference Manual for ARMv7-A and ARMv7-R Edition"
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
Introduce a Kconfig choice to select Pointer Authentication and Branch
Target Identification (PACBTI) features on Armv8.1-M Mainline CPUs.
The available options map to supported `-mbranch-protection` levels
(`standard`, `pac-ret`, `bti`, and combinations) documented at
https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
These options enable hardware-assisted control-flow integrity mechanisms on
targets like Cortex-M85, and require a toolchain with PACBTI support, such
as GCC 14.2 or newer.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Due to erratum 1013783-B, speculative accesses might be performed
to normal memory unmapped in the MPU. This can be avoided by using
MPU region 0 to cover all unmapped memory and make this region
execute-never and inaccessible.
Note that this applies when CPU Cortex-M7 implements MPU and D-cache.
Signed-off-by: Manuel Argüelles <manuel.arguelles@nxp.com>
Zephyr switched to using CMSIS_6 module in f726cb51
which breaks certain boards like `nucleo_h745zi_q/stm32h745xx/m7` when
CONFIG_CORTEX_M_DWT, CONFIG_TIMING_FUNCTIONS are enabled and cmsis from
`module/hal/cmsis` is not available (deleted explicitly after west
update).
This commit adds a provision to be able to use CMSIS_6 macros when the
module cmsis is not available.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
The original 'arch_pm_s2ram_resume' implementation saved lr on the stack
using 'push {lr}' and restored it using 'pop {lr}'. However, the Thumb-1
'pop' does not support lr as a target register, so this code would not
compile for ARMv6-M or ARMv8-M Baseline. r0 was added to these push/pop
later in 2590c48d40.
In 474d4c3249, arch_pm_s2ram* functions were
modified to no longer use the stack, which incidentally "fixed" this issue.
b4fb5d38eb reverted this commit and brought
back 'pop {r0, lr}' as-is, without taking compatibility into account.
Modify the sequence to use "pop {r0, pc}" which is supported on all
ARM M-profile implementations (v6/v7/v8 Baseline/v8 Mainline), and
add comments to (hopefully) prevent this issue from re-appearing.
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
On the Xilinx MPSoC (Cortex-R5) platform, erratic operation was often
seen when an operation which disabled the dcache, such as sys_reboot,
was performed. Usually this manifested as an undefined instruction trap
due to the CPU jumping to an invalid memory address.
It appears the problem was due to dirty cache lines being present at the
time the cache is disabled. Once the cache is disabled, the CPU will
ignore the cache contents and read the possibly out-of-date data in main
memory. Likewise, since the cache was being cleaned after it was already
disabled, if the CPU had already written through changes to some memory
locations, cleaning the cache at that point would potentially overwrite
those changes with older data.
The fact that the arch_dcache_flush_and_invd_all function was being
called to do the cleaning and invalidation also contributed to this
problem, because it is a non-inline function which means the compiler
will generate memory writes to the stack when the function is called and
returns. Corruption of the stack can result in the CPU ending up jumping
to garbage addresses when trying to return from functions.
To avoid this problem, the cache is now cleaned and invalidated prior to
the dcache being disabled. This is done by directly calling the
L1C_CleanInvalidateDCacheAll function, which, as it is declared as force
inline, should help ensure there are no memory accesses, which would
populate new cache lines, between the cache cleaning and disabling the
cache.
Ideally, for maximum safety, the cache cleaning and cache disabling
should be done in assembler code, to guarantee that there are no memory
accesses generated by the compiler during these operations. However, the
present change does appear to solve this issue.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
This file previously defined an MPU access permission mode of 0x7 which
corresponded to privileged read-only, unprivileged read-only, similar to
mode 0x6. However, it appears that at least Cortex-R5 does not support
this mode, defining 0x7 as UNP (Unpredictable) or a value which should
not be used.
This value was in turn referenced by the REGION_FLASH_ATTR macro, which
caused the offending value to be used when a memory region was declared
as DT_MEM_ARM(ATTR_MPU_FLASH) in the device tree, causing such regions
to not work properly on Cortex-R5.
Since 0x6 is supported by both Cortex-M and Cortex-R and does the same
thing, there is no reason to use 0x7. Remove the RO_Msk definition which
referenced it, and change REGION_FLASH_ATTR to use P_RO_U_RO_Msk instead.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Add Kconfig option to dump only a portion of stack from the
current stack pointer to the stack end. This is enough to
let gdb reconstruct the stack trace and can significantly
reduce the dump size. This is crucial if the core dump needs
to be sent over radio.
Additionally, add another option to set the limit for the
dumped stack portion.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
There is no need for kernel/internal/smp.h as SOF does not call
z_sched_ipi(). Actually... git log over there has no mention of
z_sched_ipi() anywhere, just arch_sched_ipi().
And include <ksched.h> for source using z_sched_ipi() since
they are using scheduling functions, and would be the correct
file to include.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Move and rephrase the comment to better explain reason why obtained
IRQ number is decremented.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Allow to place the vector table section in SRAM with
CONFIG_SRAM_VECTOR_TABLE option for all cortex-m architecture that
have VTOR register.
Signed-off-by: Martin Hoff <martin.hoff@silabs.com>
Move SRAM_VECTOR_TABLE symbol from general Kconfig to Arch Kconfig
because it depends on the architecture possibility to relocate the
vector table.
Signed-off-by: Martin Hoff <martin.hoff@silabs.com>
Allow relocate_vector_table() to be overwritten. This is necessary if
the IRQ vector table is handled proprietary, e.g. before the zephyr
kernel is initialized. In this case we want this function to be empty to
avoid overriding the previous configuration.
Co-authored-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Signed-off-by: Eivind Jølsgard <eivind.jolsgard@nordicsemi.no>
Add support for processing the Fault Status Registers and recoverable
data abort for the cortex A7.
Based on Cortex-A7 MPCore Technical Reference Manual (ARM DDI 0406).
(see https://developer.arm.com/documentation/ddi0406)
Signed-off-by: Julien Racki <julien.racki@st.com>
The TOOLCHAIN_DISABLE_WARNING/TOOLCHAIN_ENABLE_WARNING macros are easier
to read and compiler agnostic.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
What is the change?
- PXN attributes is set for static mpu regions such that
__ramfunc and __ram_text_reloc having userspace code
cannot be executed in privileged mode.
- Updated the notable change section to inform about the change in
behaviour of code executed from __ramfunc and __ram_text_reloc MPU
regions.
Why do we need this change?
- The current static MPU regions allows executing userspace/unprivileged
code from privileged mode which may not be expected and can lead to
secure privileged escalation attacks.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
What is the change?
This commit adds support for Armv8.1-M MPU architecture's PXN attribute.
This includes support for configuring MPU regions with PXN via
custom mpu_config, devicetree and static mpu_config.
The existing MPU region attribute macros are updated to retain existing
behaviour with this change with an addition of REGION_RAM_ATTR_PXN to be
used if one needs to configure a RAM region with PXN MPU attribute.
Why do we need this change?
Armv8.1-M architecture introduced a new MPU region attribute called
Privilege eXecute Never (PXN).
If an MPU region is configured with the PXN attribute set and if the,
processor attempts to execute code in this region while at
privileged level, a Memory Management Fault exception is triggered.
This ensures that specific tasks are executed only in unprivileged mode
and helps in preventing secure privilege escalation attacks.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
IAR doesn't support the __volatile__ keyword, and since the
toolchain.h isn't included by these arm-specific files and
other arm-specific files already uses volatile, I've made
them all use volatile.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
Previously, the arch_icache_invd_range function simply returned
-ENOTSUP for Cortex A/R. However, this causes a correctness issue when
the processor modifies memory and then executes it as instructions, like
the LLEXT subsystem does. The CPU might not see the up-to-date instructions
in memory.
This caused an LLEXT test failure when running on an emulated Cortex-R5
in QEMU with caches enabled. QEMU doesn't actually emulate the cache,
but it does seem to need the ISB barrier that is executed as part of the
cache invalidate operation in order to handle self-modifying code
properly.
These CPUs do in fact support a selective I-cache invalidate operation
(ICIMVAU) but the CMSIS library doesn't currently support it. For now,
just invalidate the entire I-cache when an icache_invd_range operation
is performed.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Add calls to sys_trace_idle_exit when leaving idle state. It is
used to track CPU load.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Multi-level interrupts should be handled in irq init. Only level1
interrupts going directly to interrupt controller need to be
initialized.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
What is the change?
- This reverts commit 474d4c3249
Why do we need this change?
- This commit was added because Cortex-M didn't have a valid
stack to make required functionality work however,
the previous commit fixes this and makes interrupt stack
available for use. This removes Arm specific limitation from
these generic APIs so revert the commit to reflect the same.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
What is the change?
- APIs `pm_s2ram_mark_set` and `pm_s2ram_mark_check_and_clear`,
used to set/check pm_s2ram magic marker,
no longer have Arm specific limitations.
Why is this needed?
- These APIs are generic and should not have arch specific dependency.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
The RISC-V port of llext requires additional parameters for
handling non-adjacent HI20/LO12 relocations in arch_elf_relocate():
the current extension (struct llext), the current extension loader
(struct llext_loader), the current section header (elf_shdr_t) and
the current symbol (elf_sym_t).
This changes the signature of arch_elf_relocate accordingly.
Signed-off-by: Eric Ackermann <eric.ackermann@cispa.de>
Add call frame information (cfi) directives to the function
z_arm_cortex_r_svc, which triggers an SVC exception whose handler will
execute a context switch. The return address stored on the stack of a
suspended thread will point into z_arm_cortex_r_svc, that is, this
function will be the starting point when a debugger tries to produce a
call stack for a suspended thread. As the function is written in
assembly, most compilers will not emit any cfi automatically. This patch
adds cfi directives manually so that the call stack can be unwound.
The added cfi directives instruct the compiler to note in the
.debug_frame section that the canonical frame address is at offset 0
from r13, i.e., from the stack pointer.
Signed-off-by: Emil Kieri <emil.kieri@iar.com>
One nmemonic was missed by f84342828cd1
That commit said:
The ARM Thumb-1 instruction set, used by ARMv6-M and ARMv8-M Baseline
cores, does not have a valid encoding for "immediate-to-register move
without affecting flags" instruction (i.e. `mov reg, imm`), and the only
valid variant of immediate-to-register move instruction for it is `movs`,
which affects the flags.
Since none of the register initialisation instructions used here are
flag-sensitive in their context, this commit changes `mov` to `movs`.
This fixes the compilation errors with Clang/LLVM, which is more picky
about the `mov` mnemonic usage and prints out an "invalid instruction"
error when `mov reg, imm` is specified in Thumb-1 mode.
Note that GNU assembler implicitly converts `mov reg, imm` to `movs reg,
imm` when assembling in Thumb-1 mode.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
Some basic flags that were hardcoded needed
to be moved to properties to be able to implement
alternative toolchains.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
It's possible to have MEM_ATTR=n and ARM_MPU=y. This fixes the compile
issue with it by compiling out the calls to define the DT mpu regions.
Signed-off-by: Ryan McClelland <ryanmcclelland@meta.com>
This commit updates cortex_m related code to align it with the rules from
.clang-format. This is done to simplify future changes in these files as
we are about to implement use_switch support.
Some rules conflict with checkpatch and therefore some small part of the
code locally disable clang-format.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
Encoding T3 allows for an offset of up to 12bits in size allowing for a
single instruction instead of 3.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
Regular label are exported in the object file and cause gdb to consider
them as function start. Local labels on the other hand are not exported.
For example, using `disassemble z_arm_pendsv` after this change will
disassemble the whole function rather than stop at the first branch.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
What is the change?
- Use a macro that search for "zephyr, memory-attr" in only
those nodes that have the property "zephyr, memory-regions".
- Fixes#83448.
Why is this needed?
- Using `DT_REG_ADDR` inside `DT_FOREACH_STATUS_OKAY_NODE_VARGS` can
lead to compiler warnings if a devicetree node has an addresses
larger than 64bits. An example of such node is wm8904 i3c with 92
bit encoding addresses `audio_codec: wm8904@1a0000000000000000`.
We can avoid this warning since this is not applicable for nodes
that have the attribute "zephyr,memory-regions".
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
This reverts commit 42036cdbca.
Architecture specific code should not do preemption checking before context
switch. This is already handled by the scheduler, so duplicating it would
be redundant and error prone. These checks used to be necessary, but the
scheduler has been rewritten since then and the checks were removed in
3a0cb2d35d (kernel: Remove legacy preemption checking, 2018-05-23).
The check this reverts was also incorrect, as it didn't take scheduler
locking nor meta-IRQs into account.
Fixes#80574
Signed-off-by: Kalle Kietäväinen <kalle.kietavainen@silabs.com>
ARM has deprecated usage of non-shareable device memory.
K_MEM_CACHE_NONE flag used by devices to map physical memory translates
to MT_DEVICE but no MATTR_SHARED attribute is set in such a request.
This results in mapping device memory that is non-shareable.
Depending on the memory interconnect of a SoC, mapping the device memory
as non-shareable can prevent access to the device. Such behavior has
been observed on the TI AM3358 SoC.
To comply with the ARM deprecation notice and prevent access issues to
device memory, all device memory is mapped as shareable.
Signed-off-by: Abe Kohandel <abe.kohandel@gmail.com>
With our builds for Arm M7 we are selecting FPU_SHARING and
MPU_STACK_GUARD. For that setup, we have
ARM_MPU_REGION_MIN_ALIGN_AND_SIZE=64 and
MPU_STACK_GUARD_MIN_SIZE_FLOAT=128. So worst case scenario,
we are going to have stack that is 64-byte aligned and
128-byte guard at the bottom of the buffer.
Fixes: #83714
Signed-off-by: Maciej Kusio <rysiof@gmail.com>
What is the change?
- Fixes#83660 allowing device to now enter suspend mode even if
CONFIG_DEBUG_THREAD_INFO is enabled.
Why is this needed?
- z_sys_post_kernel was cleared as part of #d778d5c
to "allow debuggers to display the correct thread state after
the first 3 instructions have run".
This is not required while resuming from suspend and
it prevents the device from entering suspend so,
move it out of resume path.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Define the generic _current directly and get rid of the generic
arch_current_get().
The SMP default implementation is now known as z_smp_current_get().
It is no longer inlined which saves significant binary size (about 10%
for some random test case I checked).
Introduce z_current_thread_set() and use it in place of
arch_current_thread_set() for updating the current thread pointer
given this is not necessarily an architecture specific operation.
The architecture specific optimization, when enabled, should only care
about its own things and not have to also update the generic
_current_cpu->current copy.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mostly a revert of commit b1def7145f ("arch: deprecate `_current`").
This commit was part of PR #80716 whose initial purpose was about providing
an architecture specific optimization for _current. The actual deprecation
was sneaked in later on without proper discussion.
The Zephyr core always used _current before and that was fine. It is quite
prevalent as well and the alternative is proving rather verbose.
Furthermore, as a concept, the "current thread" is not something that is
necessarily architecture specific. Therefore the primary abstraction
should not carry the arch_ prefix.
Hence this revert.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Previously, there were two separate Kconfig definitions
of ARM_MPU located at:
- arch/arm/core/mpu/Kconfig
- arch/arm64/core/cortex_r/Kconfig
This lead to incomplete default settings and unexpected
missing configurations.
This commit combines the two into a single unified definition
now located at arch/common/Kconfig to prevent this.
Signed-off-by: Samuel Chee <samche01@arm.com>
The return value of the system_off call is overwritten by the the call to
pm_s2ram_mark_check_and_clear. As arch_pm_s2ram_suspend needs to specify
why system_off failed, we need to make sure the rv of system_off is moved
to a safe register before calling pm_s2ram_mark_check_and_clear and moved
to r0 als rv of arch_pm_s2ram_suspend when the suspend call exits.
Signed-off-by: Hessel van der Molen <hvandermolen@dexels.com>
