This commit adds the logic to indicate that a Non-Secure fault
exception has been triggered due to a processor fault that has,
in fact, occurred in the Secure state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes the way we determine where the stacked
frame lies for (strictly) ARMv8-M Non-Secure firmware. It
introduces no changes to the default ARMv8-M behavior (i.e.
ARMv7-M compatible).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This is needed, because an interrupt can happen after the main/static
MPU region is disabled and before it is re-enabled.
This region gets implicitly disabled inside the _region_init call, when
its configuration registers change:
SYSMPU->WORD[index][0] = region_base;
SYSMPU->WORD[index][1] = region_end;
SYSMPU->WORD[index][2] = region_attr;
SYSMPU->WORD[index][3] = SYSMPU_WORD_VLD_MASK;
The TRM says this about the WORD0, WORD1 and WORD2 registers:
Writes to this register clear the region descriptor’s valid bit
(RGDn_WORD3[VLD]).
And thus if an interrupt happens after writing to WORD0 and before
writing VLD to WORD3 again, the code executes with enabled and yet
misconfigured MPU.
Fixes#13482
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
The linker file defines the __gcov_bss_size and _nocache_ram_size
symbols to get the size of the __gcov_bss and _nocache_ram section. Use
that instead of computing the value at runtime from the start and end
symbols.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
_arch_configure_dynamic_mpu_regions() may re-program the MPU
Stack Guard, to guard the privilege stack for overflows,
(if building with option CONFIG_MPU_STACK_GUARD). There is a
risk of actually overflowing the stack while doing the
re-programming. We minimize the risk by placing the
re-programming function immediately after we have switched to
the privileged stack so that the whole privilege stack area is
available for this critical operation.
Note that the risk for overflow is higher if using the normal
thread stack, since we do not control how much stack is actually
left, when user invokes _arm_userspace_enter().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the clearing of PSPLIM before determining the
privilege stack start and size. In this way the clearing can be
done without unnecessary pushing and popping r3 core register.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit provides two fixes for the ARMv8-M built-in stack
protection in userspace.S. First, it clears the PSPLIM register
before setting the PSP to the privileged stack. In the wake of
this, the privilege stack area can now be positioned enywhere,
i.e. does not have to be above the user stack area. Second, it
removes unncessary push/pop when clearing the PSPLIM register,
upon returning from the system call, since the r3 register is
not used anymore in this routine.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fixing the documentation for ARM core __svc function, which was
outdated and present only for the ARMv7-M version.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Stacking r3 at this point is not required as the register value
is not used afterwards, therefore, it does not need to be
retained.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to code re-organization inside __pendSV(), the stacking
and unstacking of scratch registers around the invocation of
read_timer_end_of_swap() is no longer required.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Just like with _Swap(), we need two variants of these utilities which
can atomically release a lock and context switch. The naming shifts
(for byte count reasons) to _reschedule/_pend_curr, and both have an
_irqlock variant which takes the traditional locking.
Just refactoring. No logic changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace Cortex-M3 with Cortex-M architecture family
in the header documentation of kernel_arch_data.h and
kernel_arch_func.h, which are generic header files for
the entire familty of ARM Cortex-M CPUs. The commit
adds some more minor style fixes in functions'
documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enforces default double-word stack alignmnet
on exception entry for Cortex-M3 and Cortex-M4 MCUs. The
patch ensures that we have consistent behavior in all
Cortex-M MCUs (double-world stack alignment on exception
entry is enforced by default in ARMv6, ARMv8, and Cortex-M7
processors).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the documentation of Kconfig option:
STACK_ALIGN_DOUBLE_WORD for Cortex-M microprocessors, stating
that the option is used in ARMv7-M MCUs to enforce 8-byte
stack alignment upon exception entry.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
use cmsis functions to avoid using direct assembly for main thread
switching.
This patch uses cmsis functions to:
- set PSP(process stack pointer) to main stack
- enable interrupts
Fixes#12878
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
The selection of the Cortex M systick driver to be used
as a system clock driver is controlled by
CONFIG_CORTEX_M_SYSTICK.
To replace it by another driver CONFIG_CORTEX_M_SYSTICK
must be set to 'n'. Unfortunately this also controls
the interrupt vector for the systick interrupt. It is
now routed to __reserved. More bad the interrupt vector
can not be set by IRQ_CONNECT as it is one of the hard
coded interrupts in the interrupt table.
Route the hard coded systick interrupt to z_clock_isr
and make z_clock_isr a weak symbol that can be overwritten
by an alternative systick system clock driver.
Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
This patch adjusts the way we are doing push/pop operations before
making function calls inside of assembly routines. ARM requires 8
byte aligned stack operations across public interfaces. This means
that we need to be sure to push multiples of 2 registers.
Fixes#2108
Signed-off-by: Andy Gross <andy.gross@linaro.org>
If you enable HW_STACK_PROTECTION, DEBUG_OPTIMIZATIONS, and
CPU_STATS, you can get a crash when switching to the main thread
due to the r3 getting munged during a inline ASM call. This patch
fixes that by adding r3 to the clobber list.
Fixes#12821
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This commit re-works the NXP MPU driver implementation so that
it aligns with the implementation for ARMv7-M and ARMv8-M MPU
architectures.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes obsolete ARM CORE MPU API definitions
and related implementation from arm_mpu.c, in the wake of
the transition to the new ARM MPU design.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves all internal implementation, relevant for
User mode, in a single place in the arm_mpu_v7_internal.h,
arm_mpu_v8_internal, and in arm_mpu.c. Additionally, the
commit cleans up internal function _get_region_attr() that
is not used any more.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the ARM Core MPU API for memory domains,
to align with the principle of de-coupling the partitioning
and the access attribution with the architecture-specific
MPU driver implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds the implementation of internal ARM MPU
function, arm_core_mpu_get_max_available_dyn_regions(),
required by _arch_mem_domain_max_partitions_get(),
according to the new architecture. The function returns
the number of the available partitions for memory domains
based on the total amount of HW regions and the
actual number of statically configured MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the internal (ARMv7-M and ARMv8-M)
API, which allows to user to (re)configure a memory partition
at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces an ARM API that allows the user to
program a set of dynamic MPU regions at run-time. The API
function is invoked every time the memory map needs to be
re-programmed (for example at thread context-switch). The
functionality is implementated in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring dynamic memory regions at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU, so it can configure the static memory regions at
boot time, as well as mark the areas, inside which dynamic MPU
region configuration at run-time will be allowed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU, so it can configure the static memory regions at
boot time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the initialization of static memory regions
from arm_mpu_init(), since they are now initialized, directly,
by the kernel. The programming of MPU regions configured in SOC
definition is kept here.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring static memory regions at boot time. It also
adds LOG error messages, and ASSERTS, which fire if the static
MPU region configuration is not performed successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the generic ARM (core) API, which allows
the user to program a set of static (fixed) MPU regions at boot
time. The API function is invoked upon initialization, in the
ARM-specific call of _arch_switch_to_main_thread(). The API
implementation is provided in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a new Kconfig option symbol,
MPU_REQUIRES_NON_OVERLAPPING_REGIONS, to signify the use of an
MPU architecture that requires the active MPU regions be
non-overlapping. This requirement concerns the standard
(unmodified) ARMv8-M MPU implementation. For that, we select
the option in the definition of ARM_MPU, if the CPU architecture
is ARMv8-M (Baseline or Mainline).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
cmsis provides intrinsic functions to configure processor special
function register like control, psp(process stack pointer). Let's use
these functions which are maintained in cmsis repository.
This patch uses cmsis function to:
- set process stack pointer(PSP)
- switch SP to PSP
- disable interrupts
It also moves stack initialization from assembly to C
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
This commit removes the local state variable nxp_mpu_enabled,
defined and used in NXP MPU driver, as it is not useful.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds a required cast for the size calculation utilizing
pointer arithmetic. The stack_obj needs a cast to u32_t. This was
caught using a newer compiler.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
On ARM, _Swap() isn't atomic and a hardware interrupt can land after
the (irq_locked) caller has entered _Swap() but before the context
switch actually happens. This will require some platform-specific
workarounds in a few places in the scheduler.
This commit is just the Kconfig and selection on ARM.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fix misspellings in documentation (.rst, Kconfig help text, and .h
doxygen API comments), missed during regular reviews.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
LTO is not supported yet, but there are a handful of references to the
flag '-flto' and the non-existent Kconfig option 'LTO'. To not confuse
users about whether LTO is supported or not, we should remove this
dead code.
As an aside, prototyping has shown that supporting LTO will give
signicant (10%) code size improvments, but will not be trivial to
support due to how we process object files with python.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
