Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Years of iterative development had made this function more complicated
than it needed to be. Fixed some errors in the documentation as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All system calls made from userspace which involve pointers to kernel
objects (including device drivers) will need to have those pointers
validated; userspace should never be able to crash the kernel by passing
it garbage.
The actual validation with _k_object_validate() will be in the system
call receiver code, which doesn't exist yet.
- CONFIG_USERSPACE introduced. We are somewhat far away from having an
end-to-end implementation, but at least need a Kconfig symbol to
guard the incoming code with. Formal documentation doesn't exist yet
either, but will appear later down the road once the implementation is
mostly finalized.
- In the memory region for RAM, the data section has been moved last,
past bss and noinit. This ensures that inserting generated tables
with addresses of kernel objects does not change the addresses of
those objects (which would make the table invalid)
- The DWARF debug information in the generated ELF binary is parsed to
fetch the locations of all kernel objects and pass this to gperf to
create a perfect hash table of their memory addresses.
- The generated gperf code doesn't know that we are exclusively working
with memory addresses and uses memory inefficently. A post-processing
script process_gperf.py adjusts the generated code before it is
compiled to work with pointer values directly and not strings
containing them.
- _k_object_init() calls inserted into the init functions for the set of
kernel object types we are going to support so far
Issue: ZEP-2187
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In benchmark test (test_info) while making function call regs
r0 - r4 are modified into called function. Due to this value
inside r3 is getting lost.
This patch saves and restore the value in r0-r4 regs while making
function calls from assembly language.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The API/Variable names in timing_info looks very speicific to
platform (like systick etc), whereas these variabled are used
across platforms (nrf/arm/quark).
So this patch :-
1. changing API/Variable names to generic one.
2. Creating some of Macros whose implimentation is platform
depenent.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch removes the redundant stack alignment check being done. The
stack definition macros enforce the alignment requirements via the
__align() directives.
In addition, fix the rounding down of the psp to be correct. The
actual initial stack pointer is the end of the stack minus the size of
the __esf structure. Rounding down after the subtraction will get us
to the correct offset.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
For some reason, the ESP32 HAL defines XCHAL_EXCM_LEVEL to 3. This
enables a version of _Level4Vector that doesn't work on this hardware.
Without complete visibility if the version that should work be axed,
keep both in the tree, but build the working other version instead
if building for ESP32.
Jira: ZEP-2556
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
When we mask out the GPIO High impedance/Pull-up/Pull-down field we
should be shifting the mask file, not shifting the field. This is
because all the other defines already assume the shift.
Coverity-CID: 173640
Jira: ZEP-2538
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Esp-idf defines the BIT macro that is also defined in Zephyr's
misc/util.h. Fix the issue by including the esp-idf headers first, so
that a check in util.h won't redefine the macro if it's already
defined.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
* apply STACK_GUARD_SIZE, no extra space will be added if
MPU_STACK_GUARD is disabled
* When ARC_STACK_CHECKING is enabled, MPU_STACK_GUARD will be
disabled
* add two new api: arc_core_mpu_default and arc_core_mpu_region
to configure mpu regions
* improve arc_core_mpu_enable and arc_core_mpu_disable
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add arc mpu driver
* modify the corresponding kconfig and kbuild
* currently only em_starterkit 2.2's em7d configuration
has mpu feature (mpu version 2)
* as the minimum region size of arc mpu version 2 is 2048 bytes and
region size should be power of 2, the stack size of threads
(including main thread and idle thread) should be at least
2048 bytes and power of 2
* for mpu stack guard feature, a stack guard region of 2048 bytes
is generated. This brings more memory footprint
* For arc mpu version 3, the minimum region size is 32 bytes.
* the codes are tested by the mpu_stack_guard_test and stackprot
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Per ZEP-1958, Phase 2 of adding CC3220sf LaunchXL support,
was to "deprecate the CC3200 launchxl support in Zephyr
(redundant to the CC3220)."
Effectively, the CC3220 SOC replaces the CC3200.
This patch removes the following:
* the imported CC3200 SDK
* CC3200 SOC, board, DTS files.
* adjusts other files where cc3200 was mentioned.
Also, it fixes explicit references to CC3200 in generic
CC32xx driver files.
Jira: ZEP-1958
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
- .text, .text.*, .literal, .literal.* had no matching input section
rule and were being passed to the output binary verbatim. These
are all now in the output "text" section as intended.
- various rules in the data section were unnecessarily using KEEP().
- SW_ISR_TABLE wasn't included in linker script anywhere and was
ending up in its own section, and not the data section as intended.
- noinit section didn't exist at all, now defined.
Issue: ZEP-2508
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, calling NVIC_SetPriority(IRQn_Type irqn, ....) with
the NWP interrupt number of 171 caused a hard fault during a
subsequent svc #0 instruction during _Swap().
GNU compiler is generating a bit extension instruction (sxtb) which
converts a positive IRQ value argument to a negative value when
casting to the CMSIS IRQn_Type enum parameter type.
This generates a negative index, which then writes to an SCB
control register instead of NVIC register, causing a hard
fault later on.
This issue only occurs when passing interrupt numbers > 0x80
(eg: 171 (0xab) for the NWP) to the CMSIS NVIC apis.
The solution here is simply to redefine IRQn_Type to be an
unsigned 32 bit integer, while redefining the CMSIS IRQn_Type
enum definitions for interrupts less than zero.
Jira: ZEP-1958
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
* add nested interrupt support for interrupts
+ use a varibale exc_nest_count to trace nest interrupt and exception
+ regular interrupts can be nested by regular interrupts and fast
interrupts
+ fast interrupt's priority is the highest, cannot be nested
* remove the firq stack and exception stack
+ remove the coressponding kconfig option
+ all interrupts (normal and fast) and exceptions will be handled
in the same stack (_interrupt stack)
+ the pros are, smaller memory footprint (no firq stack), simpler
stack management, simpler codes, etc.. The cons are, possible
10-15 instructions overhead for the case where fast irq nests
regular irq
* add the case of ARC in test/kernel/gen_isr_table
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
When you build application for em starterkit 2.3 em7d, it will
report error during build since it is not supported currently.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
em starterkit has two versions, 2.2 and 2.3.
Change soc.h to support both versions,
main changes are the interrupt connections.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
Since em starterkit has different firmware versions(2.2 and 2.3),
but the EM7D of 2.3 has new secureshield feature, which is not supported
in Zephyr, but EM7D of 2.2 is a normal EM core, which can be supported,
so we add support for 2.2 EM7D.
Signed-off-by: Huaqi Fang <huaqi.fang@synopsys.com>
An abnormal crash was encountered in ARMv6-M SoCs that don't have flash
starting at 0. With Zephyr OS the reason for this crash is that, on
ARMv6-M the system requires an exception vector table at the 0 address.
We implement the relocate_vector_table function to move the vector table
code to address 0 on systems which don't have the start of code already
at 0.
[kumar.gala: reworderd commit message, tweaked how we check if we need
to copy vector table]
Signed-off-by: Xiaorui Hu <xiaorui.hu@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Now that we have an mcux shim driver, remove the old k64-specific
driver. Also remove include/drivers/k20_sim.h, since the old
k64-specific driver was the only thing left using it.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Switches the default pwm driver from the k64-specific driver to the
mcux shim, which can be used on other SoCs with the ftm peripheral.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Adds a shim layer around the mcux ftm driver to adapt it to the Zephyr
pwm interface.
Jira: ZEP-2025
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This cleans up the exception handling by removing the table declaration
from xtensa_intr_asm.S, and removing the unused
_xt_set_exception_handler() function.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The Xtensa port was the only one remaining to be converted to the new
way of connecting interrupts in Zephyr. Some things are still
unconverted, mainly the exception table, and this will be performed
another time.
Of note: _irq_priority_set() isn't called on _ARCH_IRQ_CONNECT(), since
IRQs can't change priority on Xtensa: while the architecture has the
concept of interrupt priority levels, each line has a fixed level and
can't be changed.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Dynamic IRQ allocation has been yanked from Zephyr a few releases ago,
so there's no point in keeping these options available.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This provides basic GPIO support, with interrupts, and the ability to
read and write to ports on a pin-by-pin basis.
Jira: ZEP-2286
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This patch adjusts the ARM MPU implementation to be compliant to the
recent changes that introduced the opaque kernel data types.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The mimimum mpu size is 32 bytes, but requires mpu base address to be
aligned on 32 bytes to work. Define architecture thread macro when
MPU_STACK_GUARD config to allocate stack with 32 more bytes.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
In the stm32_gpio_flags_to_conf function the configuration
values of the GPIO pin are shifted two times. One in the
stm32-pinctrlf1 header and one in the function. This patch
removes one of those shifts.
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
The value of the PTE (starting_pte_num) was not
calulated correctly. If size of the buffer exceeded 4KB,
the buffer validation API was failing.
JIRA: ZEP-2489
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The API name space for Bluetooth is bt_* and BT_* so it makes sense to
align the Kconfig name space with this. The additional benefit is that
this also makes the names shorter. It is also in line with what Linux
uses for Bluetooth Kconfig entries.
Some Bluetooth-related Networking Kconfig defines are renamed as well
in order to be consistent, such as NET_L2_BLUETOOTH.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This patch adds the allow flash write CONFIG option to the ARM MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
This patch adds the allow flash write CONFIG option to the NXP MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
Currently Thread time slice is getting reset at end of timer
interrupt. Due to which equal priority threads behind current thread
in ready_q are not getting chance to run and leading to starvation.
This patch handles time slice in _ExcExit section context switch is
required.
Jira: ZEP-2444
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
As luck would have it, the TSS for the main IA task has
all the information we need, populate an exception stack
frame with it.
The double-fault handler just stashes data and makes the main
hardware thread runnable again, and processing of the
exception continues from there.
We check the first byte before the faulting ESP value to see
if the stack pointer had run up to a non-present page, a sign
that this is a stack overflow and not a double fault for
some other reason.
Stack overflows in kernel mode are now recoverable for non-
essential threads, with the caveat that we hope we weren't in
a critical section updating kernel data structures when it
happened.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Configuring the RAM/ROM regions will be the same for all
x86 targets as this is done with linker symbols.
Peripheral configuration left at the SOC level.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The CPU first checks the page directory entry for write
or user permissions on a particular page before looking
at the page table entry.
If a region configured all pages to be non user accessible,
and this was changed for a page within it to be accessible,
the PDE would not be updated and any access would still
return a page fault.
The least amount of runtime logic to deal with this is to
indicate at build time that some pages within a region may
be marked writable or user accessible at runtime, and to
pre-set the flags in the page directory entry accordingly.
The driving need for this is the region configuration for
kernel memory, which will have user permissions set at
runtime for stacks and user-configured memory domains.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Page faults will additionally dump out some interesting
page directory and page table flags for the faulting
memory address.
Intended to help determine whether the page tables have been
configured incorrectly as we enable memory protection features.
This only happens if CONFIG_EXCEPTION_DEBUG is turned on.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
