This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring static memory regions at boot time. It also
adds LOG error messages, and ASSERTS, which fire if the static
MPU region configuration is not performed successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the generic ARM (core) API, which allows
the user to program a set of static (fixed) MPU regions at boot
time. The API function is invoked upon initialization, in the
ARM-specific call of _arch_switch_to_main_thread(). The API
implementation is provided in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a new Kconfig option symbol,
MPU_REQUIRES_NON_OVERLAPPING_REGIONS, to signify the use of an
MPU architecture that requires the active MPU regions be
non-overlapping. This requirement concerns the standard
(unmodified) ARMv8-M MPU implementation. For that, we select
the option in the definition of ARM_MPU, if the CPU architecture
is ARMv8-M (Baseline or Mainline).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
cmsis provides intrinsic functions to configure processor special
function register like control, psp(process stack pointer). Let's use
these functions which are maintained in cmsis repository.
This patch uses cmsis function to:
- set process stack pointer(PSP)
- switch SP to PSP
- disable interrupts
It also moves stack initialization from assembly to C
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
This commit removes the local state variable nxp_mpu_enabled,
defined and used in NXP MPU driver, as it is not useful.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds a required cast for the size calculation utilizing
pointer arithmetic. The stack_obj needs a cast to u32_t. This was
caught using a newer compiler.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
On ARM, _Swap() isn't atomic and a hardware interrupt can land after
the (irq_locked) caller has entered _Swap() but before the context
switch actually happens. This will require some platform-specific
workarounds in a few places in the scheduler.
This commit is just the Kconfig and selection on ARM.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fix misspellings in documentation (.rst, Kconfig help text, and .h
doxygen API comments), missed during regular reviews.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
LTO is not supported yet, but there are a handful of references to the
flag '-flto' and the non-existent Kconfig option 'LTO'. To not confuse
users about whether LTO is supported or not, we should remove this
dead code.
As an aside, prototyping has shown that supporting LTO will give
signicant (10%) code size improvments, but will not be trivial to
support due to how we process object files with python.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit removes the priv_stack_size field from the _thread_arch
on arm architecture as there is no code using value stored in this
variable.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Some toolchains are built with multilib enabled in order to provide
multiple versions of the same library, optimized for different ABI
or architecture. They require the -march= and -mabi= options to be
passed at link time. This is important for example when linking with
newlib.
We do that by passing zephyr_ld_options the same arguments than
zephyr_compile_options. The -mabi option is passed directly while the
-march option, if defined, is passed through ${ARCH_FLAG}.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The commit enforces the use of ARM_MPU_REGION_MIN_ALIGN_AND_SIZE
in include/arch/arm/arch.h, instead of using 32 as a hard-coded
value. The symbol is also used in arm/thread.c to truncate the
thread stack size to satisfy MPU granularity. The commit does
not introduce behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit introduces a Kconfig option to define the minimum MPU
region size and alignment for ARM Cortex-M MCU architecture. The
hidden option is used by the linker to properly align linker
sections respecting the MPU requirements. Additionally, it is
used to define MPU Guard size and minimum stack alignment for
ARM Cortex-M MCUs in include/arch/arm/arch.h .
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
There were many platforms where this function was doing nothing. Just
merging its functionality with _PrepC function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Avoid nested C++ comments inside the C comment block due to MISRA-C
rule 3.1. Keep the variables documenting possible caller saved
registers.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
The ARMv8-M Memory Protection Unit document indicates that a DMB
instruction must be used before disabling the MPU in order to force
outstanding memory transactions.
The ARMv7-M documentation is less clear about that, and only specifies
that a DSB instruction followed by a ISB instruction must be used
before enabling the MPU, which is already the case. The ARMv7-M and
ARMv8-M MPU are relatively similar to believe the same sequence should
be used for disabling it.
This patch therefore adds a DMB instruction before disabling the MPU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In Zephyr on Cortex-M SoCs with both the ARM MPU and the cache enabled,
there are 3 possible states and associated configuration for the RAM
cache attributes:
- MPU disabled WBWA non-shareable
- MPU enabled, background RAM region WBWA non-shareable
- MPU enabled, thread RAM region WBWA shareable
In practice this means than the thread RAM region toggles from
shareable to non-shareable on each context change.
However the Cortex-M7 SoC does not support the WBWA shareable
configuration and fallback to simpler caching configuration. The
Technical Reference Manual states:
"By default, only Normal, Non-shareable memory regions can be cached
in the RAMs. Caching only takes place if the appropriate cache is
enabled and the memory type is cacheable. Shared cacheable memory
regions can be cached if CACR.SIWT is set to 1."
Similar indications can be found in the documentation from various
vendors: ST (AN4838), NXP (AN12042) and Atmel (AN15679).
It means that the thread RAM regions are either not cached (CACR.SIWT=0,
default) or WBWT cached (CACR.SIWT=1). This causes a performance issue.
In addition before switching a region from cached to non-cached and
vice-versa, the existing MPU code does not perform cache clean and/or
invalidate operations. This might cause data loss or corruption.
We should therefore change the RAM cache attributes to make them always
consistent. This patches change the thread/application RAM region from
WBWA shareable to WBWA non-shareable. This is done for all ARMv7-M SoCs
with an ARM MPU, however other SoCs (M0+, M3, M4) do not have cache, so
their behaviour should be unchanged.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
'b' can't jump very far on Cortex-M0 and will cause linker issues when
isr_wrapper and _IntExit are placed far away from each other.
To resolve this we use the 'bx' instruction, as it can jump much
further. Using 'bx' is not dangerous because we are jumping to thumb
mode code.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Remove either duplicate settings between arch & board, or just set
HAS_DTS at the arch level since all the boards for a given arch support
DTS now.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit moves the block of the early return before
the derivation of the stack size, to avoid unnecessary
operations if this is not a user thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In user mode a thread stack will include the optional
stack guard area (present if MPU_STACK_GUARD is defined.
The guard area has been originally take out of the thread
stack size calculation. For MPUs with no power-of-two size
requirement, we need to increase the size of the MPU region
for user-mode, to account for the additional guard region.
MPUs with power-of-two size requirement will, anyway, round
up the region size to the next power of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and implements an internal ARM
TrustZone-M API to allow the Non-Secure firmware to use
the Floating Point Unit (FPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a Kconfig symbol hierarchy which allows
the user to build Zephyr Secure and Non-Secure images on ARMv8-M
MCUs with support for Trusted Execution. However, the high-level
configuration structure is generic, thus, can be potentially
used for any platform that supports Trusted Execution.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit extends the support of built-in thread stack
protection (i.e. based on the stack pointer limit registers)
in ARMv8-M, so that it works with user mode. The commit
does the following:
- enables and disables the stack limit checking on the
privileged stack, inside thread system calls, and upon
entering user mode,
- does not enable stack limit checking in context switch,
if the thread is in user mode.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The function _IsInIsr computes a Boolean value but the function
returns a integer value. Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Instead of checking every time we hit the low-level context switch
path to see if the new thread has a "partner" with which it needs to
share time, just run the slice timer always and reset it from the
scheduler at the points where it has already decided a switch needs to
happen. In TICKLESS_KERNEL situations, we pay the cost of extra timer
interrupts at ~10Hz or whatever, which is low (note also that this
kind of regular wakeup architecture is required on SMP anyway so the
scheduler can "notice" threads scheduled by other CPUs). Advantages:
1. Much simpler logic. Significantly smaller code. No variance or
dependence on tickless modes or timer driver (beyond setting a
simple timeout).
2. No arch-specific assembly integration with _Swap() needed
3. Better performance on many workloads, as the accounting now happens
at most once per timer interrupt (~5 Hz) and true rescheduling and
not on every unrelated context switch and interrupt return.
4. It's SMP-safe. The previous scheme kept the slice ticks as a
global variable, which was an unnoticed bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Before entering userspace, the MPU stack guard is
configured to guard the default (i.e. afterwards, the "user")
thread stack, as the privileged stack has not yet been set. Upon
entering userspace the MPU stack guard needs to be re-programmed
to the privileged stack, otherwise, there is a risk that the
first system call might be serviced without privileged stack
protection, if it occurs before any context-switch. This commit
fixes this issue, by calling configure_mpu_stack_guard(..) upon
userspace entering.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
MISRA-C requires that all declarations of a specific function, or
object, use the same names and type qualifiers.
MISRA-C rule 8.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added LOG_PANIC to fault handlers to ensure that log is flush and
logger processes messages in a blocking way in fault handler.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
