acpi_madt_entry_get() and acpi_dmar_entry_get() advance their loop
offset by subtable->Length with no check for zero. A malformed (or
malicious) firmware table with a subtable whose Length field is 0
would cause offset to never advance while the loop condition
(offset < table_length) remains true, hanging the boot indefinitely.
acpi_get_subtable_entry_num() already carries the fix: after
advancing the pointer it checks if the next subtable's Length is 0
and breaks. Apply the identical guard to both entry-get loops so
that a zero-length subtable is handled consistently across all three
ACPI iteration sites.
Assisted-by: GitHub Copilot:claude-sonnet-4.6
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Keep the original architecture IRQ key owned by idle across a
successful system PM transition.
Add architecture hooks and the PM_STATE_SET_IRQ_LOCKED migration
contract for SoCs that keep PM hooks from unmasking interrupts.
Signed-off-by: Holt Sun <holt.sun@nxp.com>
acpi is not really library code based on the new definition of what
should go into lib/. Move acpi into arch/common/ as it is cross arch
feature.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
gen_offset.h is an architecture-specific header, not a kernel one.
Move it under the arch tree where it belongs.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Allow to use a switch-case instead of an array holding ISR entries.
When most of IRQs are not used, they share the same, default entry.
It results in most of the ISR array entries being identical duplicates.
This change allows to use dynamically generated function (after first
linker pass) that uses switch-case instead of a full array.
Default entries are handled only once, in a default section.
Used IRQs have their own case sections.
This can help reduce binary size.
Signed-off-by: Adam Szczygieł <adam.szczygiel@nordicsemi.no>
Add Kconfig option EXCEPTION_DUMP_HOOK_ONLY. If the option is selected
the exception dumps are sent only to the exception hook. Sometimes even
the attempt to log in the exception routine may hang the system.
Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
Add hooks for delivering exception dump prints over a specialized
interface. If CONFING_EXCEPTION_DUMP_HOOK=y then a client program can
set function pointers for printing, flushing, and draining exception
generated prints.
These hooks were implemented for SOF usage, but should be generic
enough to implement alternative exception reporting on any platform.
Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
BTI requires that the C library be compiled with -mbranch-protection to
include BTI landing pads. Newlib from toolchains lacks this support, so
only minimal libc or picolibc built from source (PICOLIBC_USE_MODULE) can
be used with BTI.
Without this, the basic hello_world/ sample fails to execute.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Change the random number generator requirement for per-thread PAC keys
from a hard dependency to a more flexible approach:
- Use 'select CSPRNG_NEEDED' to automatically request cryptographic
RNG support rather than requiring specific RNG options to be
pre-enabled
- Use 'imply TEST_RANDOM_GENERATOR' as a fallback when no real CSPRNG
is available, enabling testing without hardware entropy
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Enable the ARM_PACBTI Kconfig choice for ARM64 architectures (ARMV8_A
and ARMV9_A) in addition to the existing ARM32 ARMV8_1_M_MAINLINE
support. Add the corresponding -mbranch-protection compiler flags to
both GCC and Clang target files for ARM64.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
doc: dts: api: remove documentation of chosen `zephyr,ccm`
The `zephyr,ccm` chosen was an ST-specific property which has been replaced
by the generic `zephyr,dtcm`. Remove region initialization code from the
common arch init code (+ BSS zeroing from common XIP init code).
Signed-off-by: Mathieu Choplain <mathieu.choplain-ext@st.com>
Specifying undefined symbol on linker invocation requests the linker to
search and include the symbol.
This ensures the symbol will be present in final output.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Combine the load and noload cache regions for a single MPU aligned block.
This is required to have an MPU region with a size that is a power of 2.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
To support unprivileged mode (CONFIG_USERSPACE):
- Set unprivileged PAC key registers when system is in unprivileged
mode.
- Add `bti` after each svc call, to make sure that the indirect jumps on
`lr` while returning from an `svc` don't result in a usage fault.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Add a config option to set unique PAC keys per thread and
make sure to retain them during context switch.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
As part of enabling PACBTI support:
- Add config options to enforce PAC and BTI features
- Enable these config options based on the branch protection choice
selected for `ARM_PACBTI`
- Enforce PACBTI, based on the new config options, by enabling
corresponding PACBTI bits in CONTROL register and in FVP.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Rename and move PACBTI config options to common Kconfig so that
they could be re-used for arm64 in the future.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Do not use private API prefix and move to architecture interface as
those functions are primarily used across arches and can be defined by
the architecture.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Cleanup init.c code and move early boot code into arch/ and make it
accessible outside of the boot process/kernel.
All of this code is not related to the 'kernel' and is mostly used
within the architecture boot / setup process.
The way it was done, some soc code was including kernel_internal.h
directly, which shouldn't be done.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move under arch, as this is not a kernel feature really. arch also
matches the test idcentifier in place.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Not really a kernel feature, more for architecture, which is reflected
in how XIP is enabled and tested. Move it to architecture code to keep
which much of the 'implementation' and usage is.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Commit f9168ae464 made all non-cached memory
loadable by default.
However as nocache memory is typically used for reserving larger buffers to
be shared between peripherals, this comes at fairly large cost towards ROM
usage.
This commit creates two distinct sections for both loadable and
non-loadable nocache memory sections.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Add support for CONFIG_ROM_START_OFFSET on ARC processors. Note that the
arc ISA requires vector table offset to be at a 1024 KiB boundary, so
the default ROM_START_OFFSET when using MCUBoot must be increased.
Signed-off-by: Daniel DeGrasse <ddegrasse@tenstorrent.com>
Add CONFIG_ARCH_SUPPORTS_ROM_OFFSET, a convenience Kconfig to indicate
that CONFIG_ROM_START_OFFSET is supported on this architecture
Signed-off-by: Daniel DeGrasse <ddegrasse@tenstorrent.com>
Add semihosting support for Xtensa architecture.
Existing semihosting instructions are based on ARM, so they are
converted to Xtensa codes before the semihosting call is invoked.
Return codes of read, write and seek calls had to be converted to match
semihosting API definitions.
Signed-off-by: Tahsin Mutlugun <Tahsin.Mutlugun@analog.com>
Move semihost_x_args structs to include/semihost_types.h so that
semihost implementations can access their elements if needed.
Signed-off-by: Tahsin Mutlugun <Tahsin.Mutlugun@analog.com>
When not using dynamic interrupt mapping, various interrupt tables are
configured to be stored in read-only memory in the linker script.. Mark
them const so that the linker doesn't complain.
This affects _sw_isr_table, _irq_vector_table, and z_shared_sw_isr_table in
arch/common along with _VectorTable in arch/arc.
Signed-off-by: Keith Packard <keithp@keithp.com>
The `nocache` is not loadable, thus data stored therein cannot be
initialized by the startup code. This might be needed in special
cases. E.g. One might have a buffer which one wants to DMA into,
and which is a member of a struct. Other members of the struct one
may want to have initialized by the startup code.
The buffer thus should be placed in the `nocache` region, but for
the other members of the buffer to be initialized by the startup
code, the `nocache` region needs to be loadable.
Fix it by making the `nocache` region loadable. Adding a KConfig
symbol to do this optionally was considered, but deemed unnecessary
during the PR.
Signed-off-by: Julian Achatzi <mail@achatzi.pro>
`CONFIG_LEGACY_MULTI_LEVEL_TABLE_GENERATION` had been deprecated since
#66877 for 2 releases, interrupt controller drivers should have been
updated to use the new `IRQ_PARENT_ENTRY_DEFINE()` macro. Remove it.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Fix `arch_timing_cycles_get()` to prevent overflow on 32bit cycles
rollover. Also make `arch_timing_counter_get()` to work 64bit when
`CONFIG_TIMER_HAS_64BIT_CYCLE_COUNTER` is set.
The issue was observable, for example when `tests/benchmarks/wait_queues`
or `tests/benchmarks/sched_queues` were executed on qemu for `mps2/an385`
and the benchmark has its iterations large enough as the default
BENCHMARK_NUM_ITERATIONS=1000.
Signed-off-by: Dmitrii Golovanov <dmitrii.golovanov@intel.com>
Previously, there were two separate Kconfig definitions
of ARM_MPU located at:
- arch/arm/core/mpu/Kconfig
- arch/arm64/core/cortex_r/Kconfig
This lead to incomplete default settings and unexpected
missing configurations.
This commit combines the two into a single unified definition
now located at arch/common/Kconfig to prevent this.
Signed-off-by: Samuel Chee <samche01@arm.com>
ramfunc region is copied into RAM from FLASH region during XIP init. We
copy from the loadaddr of the region, and were previously loading to the
symbol __ramfunc_start. This is incorrect when using an MPU with
alignment requirements, as the __ramfunc_start symbol may have padding
placed before it in the region. The __ramfunc_start symbol still needs
to be aligned in order to be used by the MPU though, so define a new
symbol __ramfunc_region_start, and use that symbol when copying the
__ramfunc region from FLASH to RAM.
Fixes#75296
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
This reverts commit 88f6851a3d.
This is being reverted because it is redundant with the capabilities of
zephyr,memory-region and zephyr,memory-attr properties.
Signed-off-by: Declan Snyder <declan.snyder@nxp.com>
nocache ram is usually used by DMA to transfer data between
peripherals and ram. Some chips use isolated nocache ram,
which does not necessarily have to be in RAMABLE-REGION.
By specifying the zephyr,nocache-ram options, users can specify
the region where nocache-ram is located. If the user does not
specify it, it defaults to RAMABLE-REGION.
Signed-off-by: Weiwei Guo <guoweiwei@syriusrobotics.com>
With this commit, it is now allowed to register any ISR and arg
combination for the same IRQ, except the case when the exact same
ISR-arg combination is already registered.
The previous assert logic had a restriction where the same ISR could not
be registered multiple times with different arguments.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
The bits allocated for each aggregator level only need to be enough to
encode CONFIG_MAX_IRQ_PER_AGGREGATOR, instead of the combined number of
IRQs from all aggregators in that level.
Add additional check for L3 interrupts as well, if it is enabled.
Updated the assert in `z_get_sw_isr_table_idx()` to be more verbose.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Removed an unnecessary cast to void * from a function that already
had the correct signature.
This makes for more portable code as casting between code and data
pointers are frowned upon by the C standard.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
Use the multi-level interrupt APIs that accepts `level` as an
argument for the code where the level of the interrupt is not
known at build time.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
