The TOOLCHAIN_DISABLE_WARNING/TOOLCHAIN_ENABLE_WARNING macros are easier
to read and compiler agnostic.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Add sys_trace_idle_exit to RISCV cpu_idle functions and allow
enabling CPU_LOAD module for RISCV and disable it for SMP.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
What is the change?
- PXN attributes is set for static mpu regions such that
__ramfunc and __ram_text_reloc having userspace code
cannot be executed in privileged mode.
- Updated the notable change section to inform about the change in
behaviour of code executed from __ramfunc and __ram_text_reloc MPU
regions.
Why do we need this change?
- The current static MPU regions allows executing userspace/unprivileged
code from privileged mode which may not be expected and can lead to
secure privileged escalation attacks.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
What is the change?
This commit adds support for Armv8.1-M MPU architecture's PXN attribute.
This includes support for configuring MPU regions with PXN via
custom mpu_config, devicetree and static mpu_config.
The existing MPU region attribute macros are updated to retain existing
behaviour with this change with an addition of REGION_RAM_ATTR_PXN to be
used if one needs to configure a RAM region with PXN MPU attribute.
Why do we need this change?
Armv8.1-M architecture introduced a new MPU region attribute called
Privilege eXecute Never (PXN).
If an MPU region is configured with the PXN attribute set and if the,
processor attempts to execute code in this region while at
privileged level, a Memory Management Fault exception is triggered.
This ensures that specific tasks are executed only in unprivileged mode
and helps in preventing secure privilege escalation attacks.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
It has been discovered that direct IPI support does not work
correctly when CONFIG_X2APIC is enabled. Until that can be
fixed, restrict this feature on x86 to platforms that do not
enable CONFIG_X2APIC.
Fixes#87046
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Since commit 0aa6b1c9de, the 'ldr_parm' pointer is guaranteed to be
valid inside all the functions of the llext_load() call tree.
This commit fixes the only exception of llext_copy_strings(), which was
not passed the 'ldr_parm' pointer, and remove the redundant checks.
No functional change is intended by this commit.
Signed-off-by: Luca Burelli <l.burelli@arduino.cc>
Since 3466dab804 the generic llext_symbol_name() function abstracts
the use of llext_string() for (non-section) symbols. Define a similar
llext_section_name() function and replace current occurrences of
llext_string() with the proper abstraction.
By extending llext_symbol_name(), this commit also allows to print the
correct name of sections that are referred to by a symbol.
Signed-off-by: Luca Burelli <l.burelli@arduino.cc>
IAR doesn't support the __volatile__ keyword, and since the
toolchain.h isn't included by these arm-specific files and
other arm-specific files already uses volatile, I've made
them all use volatile.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
Previously, the arch_icache_invd_range function simply returned
-ENOTSUP for Cortex A/R. However, this causes a correctness issue when
the processor modifies memory and then executes it as instructions, like
the LLEXT subsystem does. The CPU might not see the up-to-date instructions
in memory.
This caused an LLEXT test failure when running on an emulated Cortex-R5
in QEMU with caches enabled. QEMU doesn't actually emulate the cache,
but it does seem to need the ISB barrier that is executed as part of the
cache invalidate operation in order to handle self-modifying code
properly.
These CPUs do in fact support a selective I-cache invalidate operation
(ICIMVAU) but the CMSIS library doesn't currently support it. For now,
just invalidate the entire I-cache when an icache_invd_range operation
is performed.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
The current_fp field in the z_kernel structure is only used
by 32-bit x86 (which does not support SMP). As such, it should
reside in the arch specific of section of _kernel.cpus[0].
This also changes the name of 'current_fp' to 'fpu_owner' to
be more consistent with other architectures.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Inside map_memory() with double mapping enabled, we should not
be mapping the memory with the incoming attributes as-is since
the incoming address may be on un-cached region but with
caching attribute. So we need to sanitize the attributes
according to the incoming address.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
CONFIG_DYNAMIC_BOOTARGS currently depends on CONFIG_MULTIBOOT_INFO
and CONFIG_BUILD_OUTPUT_EFI which are x86 specific.
This change removes those dependencies so that another architecture
can use CONFIG_DYNAMIC_BOOTARGS without the x86 specifc features.
Signed-off-by: William Tambe <williamt@cadence.com>
native_posix does not exist anymore. This header still applies for
targets setting CONFIG_NATIVE_APPLICATION until this option is removed.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This comment "moved" over the years as more code was added.
Let's put it where it belongs, and simplify it a bit.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Add calls to sys_trace_idle_exit when leaving idle state. It is
used to track CPU load.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Multi-level interrupts should be handled in irq init. Only level1
interrupts going directly to interrupt controller need to be
initialized.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Adds support for directed IPIs to x86/intel64. Use of direct IPIs
can further reduce the number of schedule IPIs sent and processed
in a system. Fewer IPI related ISRs mean that ...
1. Application code is interrupted less frequently
2. Lower likelihood of scheduler spinlock contention
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Add a new kconfig option to enable building the new component provided
in the native simulator, nsi_errno, which allows converting the errno
value between libCs.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
What is the change?
- This reverts commit 474d4c3249
Why do we need this change?
- This commit was added because Cortex-M didn't have a valid
stack to make required functionality work however,
the previous commit fixes this and makes interrupt stack
available for use. This removes Arm specific limitation from
these generic APIs so revert the commit to reflect the same.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
What is the change?
- APIs `pm_s2ram_mark_set` and `pm_s2ram_mark_check_and_clear`,
used to set/check pm_s2ram magic marker,
no longer have Arm specific limitations.
Why is this needed?
- These APIs are generic and should not have arch specific dependency.
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
Currently, RISC-V's architecture-specific relocations assume that
all relocations of type R_RISCV_PCREL_LO12_I and _S are processed
immediately after the R_RISCV_PCREL_HI20 relocation that they
share a relocation target with. While this is the case most of
the time, the RISC-V PSABI specification does not guarantee that.
This commit corrects this by determining the R_RISCV_PCREL_HI20
relocation based on the symbol value of the R_RISCV_PCREL_LO12
relocation, as specified in the PSABI.
Signed-off-by: Eric Ackermann <eric.ackermann@cispa.de>
The RISC-V port of llext requires additional parameters for
handling non-adjacent HI20/LO12 relocations in arch_elf_relocate():
the current extension (struct llext), the current extension loader
(struct llext_loader), the current section header (elf_shdr_t) and
the current symbol (elf_sym_t).
This changes the signature of arch_elf_relocate accordingly.
Signed-off-by: Eric Ackermann <eric.ackermann@cispa.de>
Examine the FP and LR values of each frame to prevent nested
exceptions caused by data aborts. Sometimes, abnormal FP and LR
values are not mapped by the MMU. If we access memory addresses
based on FP or LR values, a CPU data abort will occur. This issue
often accompanies stack overflow occurrences.
Based on this, it is safe to check the validity of memory mapping
with FP and LR values before accessing them.
Signed-off-by: Jungo Lin <jungolin.tw@gmail.com>
This isn't a FUNC_NORETURN function. On a handled
k_sys_fatal_error_handler(), we'll end up back here. And the
CODE_UNREACHABLE was causing code generateion bugs that prevented
return up the stack.
Note that the same pattern exists in MANY other architectures (it
seems like the original was part of x86). But in most cases the arch
assembly isn't actually capable of handling the return to an aborted
thread frame correctly. On arm64, it does actually work. So fix it
here at least.
Signed-off-by: Andy Ross <andyross@google.com>
Add call frame information (cfi) directives to the function
z_arm_cortex_r_svc, which triggers an SVC exception whose handler will
execute a context switch. The return address stored on the stack of a
suspended thread will point into z_arm_cortex_r_svc, that is, this
function will be the starting point when a debugger tries to produce a
call stack for a suspended thread. As the function is written in
assembly, most compilers will not emit any cfi automatically. This patch
adds cfi directives manually so that the call stack can be unwound.
The added cfi directives instruct the compiler to note in the
.debug_frame section that the canonical frame address is at offset 0
from r13, i.e., from the stack pointer.
Signed-off-by: Emil Kieri <emil.kieri@iar.com>
When building pre-located LLEXTs of ET_DYN type (shared ELF object)
on Xtensa, all the R_XTENSA_RELATIVE relocations are already correct,
the current code actually breaks them by mobing the value from the
target address-space to a storage range address. Simply removing the
recalculation solves the issue.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
One nmemonic was missed by f84342828cd1
That commit said:
The ARM Thumb-1 instruction set, used by ARMv6-M and ARMv8-M Baseline
cores, does not have a valid encoding for "immediate-to-register move
without affecting flags" instruction (i.e. `mov reg, imm`), and the only
valid variant of immediate-to-register move instruction for it is `movs`,
which affects the flags.
Since none of the register initialisation instructions used here are
flag-sensitive in their context, this commit changes `mov` to `movs`.
This fixes the compilation errors with Clang/LLVM, which is more picky
about the `mov` mnemonic usage and prints out an "invalid instruction"
error when `mov reg, imm` is specified in Thumb-1 mode.
Note that GNU assembler implicitly converts `mov reg, imm` to `movs reg,
imm` when assembling in Thumb-1 mode.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
Some basic flags that were hardcoded needed
to be moved to properties to be able to implement
alternative toolchains.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
It's possible to have MEM_ATTR=n and ARM_MPU=y. This fixes the compile
issue with it by compiling out the calls to define the DT mpu regions.
Signed-off-by: Ryan McClelland <ryanmcclelland@meta.com>
This commit updates cortex_m related code to align it with the rules from
.clang-format. This is done to simplify future changes in these files as
we are about to implement use_switch support.
Some rules conflict with checkpatch and therefore some small part of the
code locally disable clang-format.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
Encoding T3 allows for an offset of up to 12bits in size allowing for a
single instruction instead of 3.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
Regular label are exported in the object file and cause gdb to consider
them as function start. Local labels on the other hand are not exported.
For example, using `disassemble z_arm_pendsv` after this change will
disassemble the whole function rather than stop at the first branch.
Signed-off-by: Wilfried Chauveau <wilfried.chauveau@arm.com>
What is the change?
- Use a macro that search for "zephyr, memory-attr" in only
those nodes that have the property "zephyr, memory-regions".
- Fixes#83448.
Why is this needed?
- Using `DT_REG_ADDR` inside `DT_FOREACH_STATUS_OKAY_NODE_VARGS` can
lead to compiler warnings if a devicetree node has an addresses
larger than 64bits. An example of such node is wm8904 i3c with 92
bit encoding addresses `audio_codec: wm8904@1a0000000000000000`.
We can avoid this warning since this is not applicable for nodes
that have the attribute "zephyr,memory-regions".
Signed-off-by: Sudan Landge <sudan.landge@arm.com>
The Zaamo and Zalrsc Extension (Version v1.0.0, 2024-04-25; Ratified) split
the standard A extension into two subextensions. As of date, the `_zaamo`
and `_zlrsc` extension specifications are accepted by the upstream
in-development GCC through the `march` argument. This means that those
subextensions are not yet supported by GCC shipped with Zephyr SDK.
Signed-off-by: Filip Kokosinski <fkokosinski@antmicro.com>
CLIC supports mintstatus.MIL (RO) and mcause.MPIL (RW) for the current
interrupt level and the previous interrut level before a trap. Each ISR
must execute MRET to set mcause.MPIL back to mintstatus.MIL.
This commit introduces CONFIG_CLIC_SUPPORT_INTERRUPT_LEVEL to handle
mcause.MPIL for interrupt preemption in nested ISR, and uses
CONFIG_RISCV_ALWAYS_SWITCH_THROUGH_ECALL to ensure ISR always switch out
with MRET.
e.g.
With CONFIG_RISCV_ALWAYS_SWITCH_THROUGH_ECALL=n, a context-switch in
ISR may skip MRET in this flow:
IRQ -> _isr_wrapper -> z_riscv_switch() -> retrun to arch_switch()
Signed-off-by: Jimmy Zheng <jimmyzhe@andestech.com>
