If CONFIG_3RD_LEVEL_INTERRUPTS is not enabled then we see the following
error during sw_isr_table generation:
Traceback (most recent call last):
File "zephyr/arch/common/gen_isr_tables.py", line 291, in <module>
main()
File "zephyr/arch/common/gen_isr_tables.py", line 199, in main
if syms["CONFIG_3RD_LEVEL_INTERRUPTS"]:
KeyError: 'CONFIG_3RD_LEVEL_INTERRUPTS'
ninja: build stopped: subcommand failed.
Fix the logic to look for the symbol instead of referencing it.
Signed-off-by: Michael Scott <mike@foundries.io>
The old xtensa layer had an unused/untested facility where it would
apparently try to slave a timer tick to an arbitrary interrupt. The
legacy headers were still checking the kconfigs used to enable that
even though nothing wants it and the new driver has removed them,
breaking builds on platforms like S1000 that still use the older
layer.
Don't try to finess this as these files are going away. Just make
them local preprocessor symbols and set them to the default values
they always had.
(Note: the feature doesn't sound like it would have been so bad,
actually. We should probably crib that idea of having an
"external_tick" driver, but there's no reason for it to have been
arch-specific.)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Xtensa interrupts are handled generically, by testing a set of flagged
interrupts in the INTERRUPT register. It's not possible to know
exactly which device "caused" an interrupt.
The entry code was dispatching correctly, but it was failing to test
the enable state in INTENABLE. Such an interrupt will never "fire",
but it might still be flagged, and if we happen to end up handling an
interrupt of the same priority (due to some other device) the entry
handler would incorrectly invoke the disabled interrupt.
Found by dumb luck and a comedy of errors: the recent timer driver
change swapped the counter in use, which changed the interrupt number
to one shared with the I2C driver, whose early interrupts (odd that
this device is interrupting on boot when not in use, but whatever)
would then discover the OTHER timer counter had been flagged and try
to invoke an ISR for that other counter, which was the _irq_spurious()
spurious interrupt handler.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Zephyr isn't ready to handle interrupts yet, until the
threading/scheduler are set up and we make our first context switch.
This was a semi-hidden bug: only the timer interrupt would actually
get unmasked before the system was ready, and obviously would never
have time to fire a tick before the system completed initialization.
But a combination of system load and a new version of Qemu (which
seems to be more sensitive to non-deterministic timing glitchery) has
made this visible. About 2-3% of the time when run under a full
sanitycheck, the qemu process will get swapped away for long enough
that the tick timer expires before _Cstart() has reached
enable_multithreading().
It looks like the original code was cut and pasted from another
implementation, which was expected to call into an "application"
main() routine that wanted interrupts ready.
Fixes#11182
(Note also that this code is not used for ESP-32, which has its own
startup path)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The ARMv8-M Memory Protection Unit document indicates that a DMB
instruction must be used before disabling the MPU in order to force
outstanding memory transactions.
The ARMv7-M documentation is less clear about that, and only specifies
that a DSB instruction followed by a ISB instruction must be used
before enabling the MPU, which is already the case. The ARMv7-M and
ARMv8-M MPU are relatively similar to believe the same sequence should
be used for disabling it.
This patch therefore adds a DMB instruction before disabling the MPU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In Zephyr on Cortex-M SoCs with both the ARM MPU and the cache enabled,
there are 3 possible states and associated configuration for the RAM
cache attributes:
- MPU disabled WBWA non-shareable
- MPU enabled, background RAM region WBWA non-shareable
- MPU enabled, thread RAM region WBWA shareable
In practice this means than the thread RAM region toggles from
shareable to non-shareable on each context change.
However the Cortex-M7 SoC does not support the WBWA shareable
configuration and fallback to simpler caching configuration. The
Technical Reference Manual states:
"By default, only Normal, Non-shareable memory regions can be cached
in the RAMs. Caching only takes place if the appropriate cache is
enabled and the memory type is cacheable. Shared cacheable memory
regions can be cached if CACR.SIWT is set to 1."
Similar indications can be found in the documentation from various
vendors: ST (AN4838), NXP (AN12042) and Atmel (AN15679).
It means that the thread RAM regions are either not cached (CACR.SIWT=0,
default) or WBWT cached (CACR.SIWT=1). This causes a performance issue.
In addition before switching a region from cached to non-cached and
vice-versa, the existing MPU code does not perform cache clean and/or
invalidate operations. This might cause data loss or corruption.
We should therefore change the RAM cache attributes to make them always
consistent. This patches change the thread/application RAM region from
WBWA shareable to WBWA non-shareable. This is done for all ARMv7-M SoCs
with an ARM MPU, however other SoCs (M0+, M3, M4) do not have cache, so
their behaviour should be unchanged.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
.gnu.linkonce is an internal undocumented ld feature.
Just use __weak, which does the same thing we want.
This is only done for _sw_isr_table. _irq_vector_table
is left alone due to unwanted interactions between
__weak and the ld KEEP() directive.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If dynamic interrupts are enabled, a set of trampoline stubs
are generated which transfer control to a common dynamic
interrupt handler function, which then looks up the proper
handler and parameter and then executes the interrupt.
Based on the prior x86 dynamic interrupt implementation which
was removed from the kernel some time ago, and adapted to
changes in the common interrupt handling code, build system,
and IDT generation tools.
An alternative approach could be to read the currently executing
vector out of the APIC, but this is a much slower operation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In the past the capability to install interrupts at runtime was
removed due to lack of use-cases for Zephyr's intended targets.
Now we want to support hypervisor applications like ACRN where
virtual devices are presented to the kernel using PCI enumeration,
and the interrupt configuration is not known at build time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
'b' can't jump very far on Cortex-M0 and will cause linker issues when
isr_wrapper and _IntExit are placed far away from each other.
To resolve this we use the 'bx' instruction, as it can jump much
further. Using 'bx' is not dangerous because we are jumping to thumb
mode code.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Remove either duplicate settings between arch & board, or just set
HAS_DTS at the arch level since all the boards for a given arch support
DTS now.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit moves the block of the early return before
the derivation of the stack size, to avoid unnecessary
operations if this is not a user thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In user mode a thread stack will include the optional
stack guard area (present if MPU_STACK_GUARD is defined.
The guard area has been originally take out of the thread
stack size calculation. For MPUs with no power-of-two size
requirement, we need to increase the size of the MPU region
for user-mode, to account for the additional guard region.
MPUs with power-of-two size requirement will, anyway, round
up the region size to the next power of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
struct k_thread already has a pointer type k_tid_t, there is no need for
this definition to tcs.
Less symbols/names make the code cleaner and more readable.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit increases the privilege stack size to 512 bytes,
when building with support for built-in stack-overflow checking.
This is in alignment with #10729, which increases the privilege
stack size when MPU-based stack guarding is enabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and implements an internal ARM
TrustZone-M API to allow the Non-Secure firmware to use
the Floating Point Unit (FPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This was causing a `label handle_irq defined but not used` warning
during build.
Fixes#10801.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This commit contributes a Kconfig symbol hierarchy which allows
the user to build Zephyr Secure and Non-Secure images on ARMv8-M
MCUs with support for Trusted Execution. However, the high-level
configuration structure is generic, thus, can be potentially
used for any platform that supports Trusted Execution.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit extends the support of built-in thread stack
protection (i.e. based on the stack pointer limit registers)
in ARMv8-M, so that it works with user mode. The commit
does the following:
- enables and disables the stack limit checking on the
privileged stack, inside thread system calls, and upon
entering user mode,
- does not enable stack limit checking in context switch,
if the thread is in user mode.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch reduces the size of ISRs by changing the script to generate
the dispatcher per level to, instead of generating an indirect call per
mask match, do that just once at the function end.
For ESP32, this provides ~380bytes of savings in a (very) hot path
(text, just for the matcher functions generated by xtensa_intgen.py,
drop from 2197 bytes to 1817 bytes).
The generated code also uses the BIT() macro, which shifts 1UL instead
of 1. Shifting a signed integer is UB in C.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This allows Kconfig to specify which special register is being
used to store the pointer to the _kernel.cpu struct.
Since the SoC itself is highly configurable, sometimes MISC0 is not
available. So this adds the ability to use other special registers.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Always compare unsigned interger type with another unsigned
integer type. Currently in nios2, posix, riscv32, x86 and xtensa
we were comparing the _kernel.nested variable with a signed
interger type. Fixed this violation.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The function _IsInIsr computes a Boolean value but the function
returns a integer value. Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Instead of checking every time we hit the low-level context switch
path to see if the new thread has a "partner" with which it needs to
share time, just run the slice timer always and reset it from the
scheduler at the points where it has already decided a switch needs to
happen. In TICKLESS_KERNEL situations, we pay the cost of extra timer
interrupts at ~10Hz or whatever, which is low (note also that this
kind of regular wakeup architecture is required on SMP anyway so the
scheduler can "notice" threads scheduled by other CPUs). Advantages:
1. Much simpler logic. Significantly smaller code. No variance or
dependence on tickless modes or timer driver (beyond setting a
simple timeout).
2. No arch-specific assembly integration with _Swap() needed
3. Better performance on many workloads, as the accounting now happens
at most once per timer interrupt (~5 Hz) and true rescheduling and
not on every unrelated context switch and interrupt return.
4. It's SMP-safe. The previous scheme kept the slice ticks as a
global variable, which was an unnoticed bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The system tick count is a 64 bit quantity that gets updated from
interrupt context, meaning that it's dangerously non-atomic and has to
be locked. The core kernel clock code did this right.
But the value was also exposed to the rest of the universe as a global
variable, and virtually nothing else was doing this correctly. Even
in the timer ISRs themselves, the interrupts may be themselves
preempted (most of our architectures support nested interrupts) by
code that wants to set timeouts and inspect system uptime.
Define a z_tick_{get,set}() API, eliminate the old variable, and make
sure everyone uses the right mechanism.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was another "global variable" API. Give it function syntax too.
Also add a warning, because on nRF devices (at least) the cycle clock
runs in kHz and is too slow to give a precise answer here.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Before entering userspace, the MPU stack guard is
configured to guard the default (i.e. afterwards, the "user")
thread stack, as the privileged stack has not yet been set. Upon
entering userspace the MPU stack guard needs to be re-programmed
to the privileged stack, otherwise, there is a risk that the
first system call might be serviced without privileged stack
protection, if it occurs before any context-switch. This commit
fixes this issue, by calling configure_mpu_stack_guard(..) upon
userspace entering.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds Big Endian architecture support. Even if a compiler
generating big endian object files is used, our linker script, or
include/linker/linker-tool-gcc.h to be precise, has default output
format as little endian.
This patch adds a hidden config CONFIG_BIG_ENDIAN, which should be set
by big endian architectures or a SoC's, and adds an condition to
switch OUTPUT_FORMAT in our linker.cmd.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
To allow apps to compile with CONFIG_REBOOT,
add a weak stub for sys_arch_reboot which does nothing
in the POSIX arch
POSIX boards may choose to provide a more sensible implementation
if relevant.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Instead of hardcoding in linker script, use a Kconfig and deal with
dependencies in Kconfig instead of directly in the linker file.
This patch moves both:
PRIVILEGED_STACK_TEXT_AREA
and
KOBJECT_TEXT_AREA
to arch/Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
MISRA-C requires that all declarations of a specific function, or
object, use the same names and type qualifiers.
MISRA-C rule 8.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Under GNU C, sizeof(void) = 1. This commit merely makes it explicit u8.
Pointer arithmetics over void types is:
* A GNU C extension
* Not supported by Clang
* Illegal across all ISO C standards
See also: https://gcc.gnu.org/onlinedocs/gcc/Pointer-Arith.html
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
