We need to correct the inline comment in swap_helper.S,
which is suggesting that system call attempts with
invalid syscall IDs (i.e. above the limit) do not force
the CPU to elevate privileges. This is in fact not true,
since the execution flow moves into valid syscall ID
handling.
In other words, all we do for system calls with invalid
ID numbers is to treat them as valid syscalls with the
K_SYSCALL_BAD ID value.
We fix the inline documentation to reflect the actual
execution flow.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
System call arguments are indexed from 1 to 6, so arg0
is corrected to arg1 in two occasions. In addition, the
ARM function for system calls is now called z_arm_do_syscall,
so we update the inline comment in __svc handler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ARMv8-M architecture supports the built-in stack overflow
detection mechanisms via the SPLIM registers. However, the
user might still wish to use the traditional MPU-based stack
overflow detection mechanism (for testing or other reasons).
We now allow the user to enable HW stack protection, but
manually turn off BUILTIN_STACK_GUARD option. This will force
the MPU_STACK_GUARD option to be selected.
It is still not allowed for the user to not select any stack
guard mechanisms, if HW_STACK_PROTECTION is selected.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix the start of the guard to take into account the
configurable size of the guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
move misc/reboot.h to power/reboot.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/dlist.h to sys/dlist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move tracing.h to debug/tracing.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Under FP shared registers mode (CONFIG_FP_SHARING=y),
a thread's user_options flag is checked during swap and
during stack fail check. Therefore, in k_float_disable()
we want to ensure that a thread won't be swapped-out with
K_FP_REGS flag cleared but still FP-active (CONTROL.FPCA
being not zero). To ensure that we temporarily disable
interrupts.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the ARM stack fail checking, under FP
Sharing registers mode, to account for the right width of
the MPU stack guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For threads that appear to be FP-capable (i.e. with K_FP_REGS
option flag set), we configure a wide MPU stack guard, if we
build with stack protection enabled (CONFIG_MPU_STACK_GUARD=y).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When an FP capable thread (i.e. with K_FP_REGS option)
transitions into user mode, we want to allocate a wider
MPU stack guard region, to be able to successfully detect
overflows of the privilege stack during system calls. For
that we also need to re-adjust the .priv_stack_start pointer,
which denotes the start of the writable area of the privilege
stack buffer.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When an FP capable thread is created (i.e. with K_FP_REGS
option) we want to allocate a wider MPU stack guard region,
to be able to successfully detect stack overflows. For that
we also need to re-adjust the values that will be passed to
the thread's stack_info .start and .size parameters.
applicable) for a thread which intends to use the FP services.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This commit aligns the programming of the privileged stack MPU
guard with that of the default stack guard (i.e of supervisor
threads). In particular:
- the guard is programmed BELOW the address indicated in
arch.priv_stack_start; it is, therefore, similar to the
default guard that is programmed BELOW stack_info.start.
An ASSERT is added to confirm that the guard is programmed
inside the thread privilege stack area.
- the stack fail check is updated accordningly
- arch.priv_stack_start is adjusted in arch_userspace_enter(),
to make sure we account for a (possible) guard requirement,
that is, if building with CONFIG_MPU_STACK_GUARD=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit re-organizes the macro definitions in arch.h for
the ARM architecture. In particular, the commit:
- defines the minimum alignment requirement for thread stacks,
that is, excluding alignment requirement for (possible)
MPU stack guards.
- defines convenience macros for the MPU stack guard align and
size for threads using the FP services under Shared registers
mode (CONFIG_FP_SHARING=y). For that, a hidden Kconfig option
is defined in arch/arm/core/cortex_m/mpu/Kconfig.
- enforces stack alignment with a wide MPU stack guard (128
bytes) under CONFIG_FP_SHARING=y for the ARMv7-M architecture,
which requires start address alignment with power-of-two and
region size.
The commit does not change the amount of stack that is reserved
with K_THREAD_STACK_DEFINE; it only determines the stack buffer
alignment as explained above.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit adds the architecture-specific implementation
of k_float_disable() for ARM and x86.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When building without support for user mode (CONFIG_USERSPACE=n)
we need to correct the starting address of the MPU Guard, before
passing it to the function that evaluates whether a stack
corruption has occurred. The bug was introduced by commit
(60bae5de38) in
PR-13619, where the start address of the MPU guard was properly
corrected, but the guard start at the corresponding stack-fail
check was not adjusted accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Change removes tracing hooks before threads are initialized
and thread switched out hook for ARM before first time switching
to main thread.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
ip register holds the stack_info.size (it is passed as argument
into z_arch_user_mode_enter(.)). We trust that the value of
stack_info.size contains the accurate size of the writable
stack buffer, above stack_info.start (as specified in kernel.h).
Therefore, we do not need to subtract any bytes for the MPU
stack guard. This allows us to clean-up one more occurrence of
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT in userspace.S.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_core_mpu_enable() and arm_core_mpu_disable() functions are
effectively static functions, only used in the drivers for ARM
and NXP MPU, therefore, we do not need to expose them in the
arm_core_mpu_dev.h header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_core_mpu_dev.h is an internal API, and is not supposed to
be directly called by kernel / application functions, therefore,
we can move it inside arch/arm/core/cortex_m/mpu directory.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Kconfig options:
- ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
- ARM_ENTRY_VENEERS_LIB_NAME
Use these to link the veneers lib into the Non-Secure Firmware when
needed.
Also, make the path passed to the linker absolute to make it work with
makefiles.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Rename function _PlatformInit() to z_platform_init() to
comply with naming conventions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT is taken into
account when allocating the area for the interrupt stack
using the K_THREAD_STACK_DEFINE macro. Therefore, we can
simplify how the top of the stack is derived during the
initialization of the system, by removing one more
occurrence of CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For architectures with custom swap to main, currently:
- arm
- posix
we are now using K_THREAD_STACK_SIZEOF macro to pass the
main thread stack size to z_arch_switch_to_main_thread().
This does not introduce any behavioral changes for posix;
the K_THREAD_STACK_SIZEOF() simply returns the sizeof()
the stack object. For Arm, this allows us to clean-up one
more occurence of CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT
in kernel_arch_func.h.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When in Sharing Floating Point Services mode we want to
dynamically save and restore the FP registers in thread
context switch, depending on whether the swapped-in and
swapped-out threads are currently using the FP registers.
This commit adds this functionality to the ARM context
switch mechanism. The logic consists of inspecting the
corresponding status flag (present in thread.arch.mode)
to decide whether to save or restore the FP registers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Only a single bit of the 4-byte internal (thread.arch) status
variable 'mode' is currently used, when we build with User mode
support (CONFIG_USERSPACE=y). In this commit we extend the usage
of 'mode' variable, adding an additional bit-flag to track the
status of the floating point context in a particular thread,
i.e. to track whether FP context is active or not. The status
bit is meant to be used in context-switch, to restore the FP
register context when required.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The initial carved stack frame only needs to contain the basic
stack frame (state context), because:
- under No/Unshared FP Services mode no FP context is stacked.
- under FP Sharing mode FP context is cleared upon thread
creation.
This commit removes the unnecessary stacking of the FP context
during thread initialization. This results in reduced stack
usage under the Shared FP Services mode (CONFIG_FP_SHARING=y).
Also, we do not need to initialize the FPSCR, because there is
no FP stack frame carved.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In FP Sharing mode we enable both automatic and lazy state
preservation of the FP context. This configuration improves
interrupt latency. Under this configuration the FP registers
will only be stacked when the thread is swapped out during
context-switch. Before jumping to main() we clear the FPCA
flag of the CONTROL register, so the FP context can be used
by the main thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The compiler generates errors of the form
error: "CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT" is not defined,
evaluates to 0 [-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_ZERO_LATENCY_IRQS" is not defined, evaluates to 0
[-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_IRQ_OFFLOAD" is not defined, evaluates to 0
[-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_USERSPACE" is not defined, evaluates to 0 [-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Make _get_num_regions() return a constant representing the
number of HW MPU regions, defined in DTS, if such define
is available. This removes the need of evaluating the
number of regions at run-time. The ASSERT in arm_mpu_init()
is expanded, to cover that case, where the number of
regions is taken from DTS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In z_NanoFatalErrorHandler() we want to print the name
of the thread that has faulted, when building with
CONFIG_THREAD_NAME. This commit adds this functionality
for the Arm architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The typeof definitions in tz.h and cmse.h are not required
any more, as the ARM GCC toolchain intrinsics have been
modified to use __typeof__ directly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In kernel_arch_init() we initialize the ARM core (interrupt
setup, fault init, etc.) so we can also move z_clearfaults()
in the same function and skip invoking it in the SoC init
functions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
With -O0 optimizion, gcc compiler doesn't inline "static inline"
marked function. So when function call return from function
set_and_switch_to_psp which is to switch sp from MSP to PSP, the
ending "mov sp, r7" instruction will overwrite the just updated
sp value(PSP) with the beginning stack pointer(should be MSP)
stored in r7 register, so the switch doesn't happen. And it causes
unpredictable problems in the initialization process, the backward
analysis for this problem can be found on Github issue #15794.
Fixes: #15794.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
This commit fixes a build error, when building with
CONFIG_ARM_SECURE_FIRMWARE=y. The error was introduced
in #15930 (6f19d0), where we added internal structure
to the exception stack frame struct.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When compiling the kernel with CONFIG_SYS_CLOCK_TICKS_PER_SEC=0,
the CONFIG_SYS_CLOCK_EXISTS internal variable is unset.
This completely disables timer handling in the kernel, but a couple of
spots missed the required conditional compilation.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The ARM Cortex-M Exception Stack Frame (ESF) may consist of
several stack frame contexts (basic state context, additional
state context, FP context, etc.). To reflect these structural
properties, this commit re-factors the ESF, splitting out the
basic stack frame, holding the state context, into its own
struct container. The commit does not introduce behavioral
changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When some header are included into C++ source file, this kind of
compilations errors are generated:
error: invalid conversion from 'void*'
to 'u32_t*' {aka 'unsigned int*'} [-fpermissive]
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Initialize the Floating Point Status and Control Register when in
Unshared FP Registers mode (In Shared FP Registers mode, FPSCR is
initialized at thread creation for threads that make use of the FP).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the activation of the FP context
in ARM system boot. There is no need to do this, since
the FP context will be activated in the presence of
floating point instructions. We update the reference
documentation accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not sharing the
FP context among different threads, so we do not need to
include the FP high registers bank in the thread.arch
container.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not stacking the
FP context in exception entries, so we do not need to
include the FP registers bank in the exception stack
frame structure.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under unshared FP registers mode the FP register bank is
meant to be used by a single thread context. Therefore,
there is no need for automatic stacking of the FP register
bank at exception entries, or context switch, as the
registers are not expected to be shared among multiple
contexts.
Under unshared FP registers mode we only need to clear the
FPSCR register once, before jumping to main(). However, we
initialize the FPSCR already at boot in case FP operations
need to be performed during boot.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In ARM builds with FP services (CONFIG_FLOAT=y) but without user
mode support (CONFIG_USERSPACE=n) we do not need and should not
enable full-access to the FP co-processor. Instead, we should
enabled access by privileged code only.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update the name of mem-domain API function to add a partition
so that it complies with the 'z_' prefix convention. Correct
the function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When performing thread context-switch it is not necessary to
have IRQs locked while saving the current thread's callee-saved
(and possibly floating point) registers. We only need to lock
the interrupts when accessing the thread ready queue cache.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit renames the symbol CPU_HAS_SYSTICK to
CPU_CORTEX_M_HAS_SYSTICK, to look similar to all
other CPU_CORTEX_M_HAS_ options, and moves the
K-config symbol definition from arm/core/Kconfig to
arm/core/cortex_m/Kconfig.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ARM SysTick timer is implemented by default in ARMv7-M
and Mainline ARMv8-M processors, so we include the
corresponding Kconfig symbol in arch/arm/core/cortex-M/Kconfig
and remove the selections from the Cortex-M SOCs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The struct _caller_saved is not used. Most architectures put
automatically the registers onto stack, in others architectures the
exception code does it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The struct _kernel_ach exists only because ARC' s port needed it, in
all other ports this was defined as an empty struct. Turns out that
this struct is not required even for ARC anymore, this is a legacy
code from nanokernel time.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The nxp mpu uses the logical OR of access permissions when multiple
region descriptors apply to a given memory access. This means that we
must partition the sram into two non-overlapping regions to implement
the mpu stack guard. This partitioning gets reconfigured at every
context switch, and if an interrupt occurs during this time, it can
cause a fault because we do not have a valid mpu region descriptor for
the sram.
This scenario was observed on frdm_k64f in tests/posix/common before
commit 2895da02a4, which changed timing.
In this case, we couldn't even print fault information to the console
and the hardware would reset. It looked a lot like a watchdog reset,
unless you attached a debugger to see the fault.
A similar problem was fixed in commit
ec424b7a45, but this change temporarily
disabled the mpu.
Fix both cases by locking interrupts during the critical sections, as
this is more secure than disabling the mpu.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This macro is slated for complete removal, as it's not possible
on arches with an MPU stack guard to know the true buffer bounds
without also knowing the runtime state of its associated thread.
As removing this completely would be invasive to where we are
in the 1.14 release, demote to a private kernel Z_ API instead.
The current way that the macro is being used internally will
not cause any undue harm, we just don't want any external code
depending on it.
The final work to remove this (and overhaul stack specification in
general) will take place in 1.15 in the context of #14269Fixes: #14766
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename reserved function names in arch/ subdirectory. The Python
script gen_priv_stacks.py was updated to follow the 'z_' prefix
naming.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Rename reserved function names in drivers/ subdirectory. Update
function macros concatenatenating function names with '##'. As
there is a conflict between the existing gpio_sch_manage_callback()
and _gpio_sch_manage_callback() names, leave the latter unmodified.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This commit initializes the thread.mode variable, right before
dropping thread privilege level to user mode. This is required,
as we need to know the privilege level of the thread, in case
we need to context-switch it -out and -in again (e.g. in case
an interrupt triggers a context-switch).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The arch.mode status flag is always inline with the actual
thread execution privilege leve. Therefore, we do not need
to be saving-off the thread's mode every time we intend to
context switch-out the thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the thread.mode variable, in system
calls, whenever we modify the execution privilege level.
We need to do this, in order to be able to properly handle
context-switching triggered by ISRs, while doing the system
calls. The commit ensures that a context-switch, triggered
by an ISR during or after,a system call will preserve the
right privilege level.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
MISRA defines a serie of essential types, boolean, signed/unsigned
integers, float, ... and operations must respect these essential types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
BIT macro uses an unsigned int avoiding implementation-defined behavior
when shifting signed types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This adds a compiler option -fno-inline for code coverage on
architectures which supports doing code coverage. This also
modifies the ALWAYS_INLINE macro to not do any inlining. This
needs to be done so code coverage can count the number of
executions to the correct lines.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Field stack_info.size is supposed to hold the actual writable
thread stack area, above what is pointed to by stack_info.start.
Therefore, in all MPU architectures we can program the Thread
Stack MPU region as starting from thread->stack_obj and with
size equal to stack_info.size plus the (possible) difference
between stack_obj and stack_info.start.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Consider a stack buffer at address 0x10000 with size 1024.
If a thread is created with this stack object, the resulting
fields in thread.stack_info ended up being a base address of
0x10020 with size 1024. The guard size needed to be subtracted
from the size in order for the bounds to be correct.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
FPU's control and status register (FPCSR) for a thread is not
initialized. Random values are written to this register and this leads
to failure on fp_sharing test.
FPCSR register is set to 0 according to the value of FPDSCR.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
Fix the type of struct field index to int, to avoid
loss of precision, in case the variable holds the value
-EINVAL (in the case of errors in MPU configuration).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In arm_core_mpu_mem_partition_config_update() we must fix the
index value of the start of the for loop, to address the case
when dynamic MPU regions are programmed in index values lower
than static_regions_num. (This might occur in ARMv8-M MPU,
depending on the order of programming the map of the
dynamic regions in run-time). We introduce function
_get_dyn_region_min_index(), and provide the implementation in
arm_mpu_v8_internal.h and arm_mpu_v7_internal.h (trivial).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In this commit we fix the implementation of internal function
_mpu_buffer_validate(), so it can work in the presence of a
security attribution unit (SAU, or IDAU). The fast validation
based on the CMSE address range check intrinsic is performed
first: if it fails, then a second, MPU-only check is performed
for ARMV8-M platforms that have TEE capabilities (i.e. SAU/IDAU
units).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Enhance the documentation for internal ARMv8-M MPU
function _mpu_buffer_validate().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an explanatory comment in ARM __swap()
function, stressing when, exactly, context-switch is
expected to occur, when we pend the PendSV exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The ARM Cortex-M 321 application note is stressing that if
we disable interrupts by executing CPSID i(f), or by MSR
instructions (on PRIMASK, FAULTMASK registers), there is no
requirement to add barrier instructions after disabling
interupts. However, in ARMv7-M (and ARMv8-M Mainline) we use
BASEPRI, instead. Therefore, if we need the effect of disabling
interrupts to be recongnized immediately we should add barrier
instructions. This commit adds DSB and ISB barriers when
disabling interrupt using BASEPRI in the generic
arm _irq_lock() function as well as in the PendSV handler,
where we need to access kernel globals right after the interrups
are disabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The clang ARM assembler is a bit stricter than GNU as. Change mov to
movs for ARMv6 case of z_arch_switch_to_main_thread.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit partially reverts the changes introduced in
(bbe1a19786), where the PSP
modification, the interrupt enabling, and the branch to main
thread were refactored in C functions. This introduced an issue
with stack usage when compiling without any optimization.
Reverting to use assembly functions to jump to main thread
ensures, now, that the pointer to main() is preserved intact
while changing the PSP and passed correctly to z_thread_entry().
Fixes#14471.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit simply moves the MPU re-programming of
dynamic regions during initialization to occur right
before switching PSP to the main thread stack. As a
result, the MPU re-programming will execute using
the interrupt stack. No functional changes are
introduced.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The clang ARM assembler is a bit stricter than GNU as, make a few
changes so things build with both
Signed-off-by: Peter Smith <peter.smith@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Architecture defconfigs are not used anymore and are stale. Remove them
to avoid confusion.
Related to #14442
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
The commit adds an __ASSERT statement when configuring
the ARMv8-M build-in stack guard for supervisor thread
stack overflow protection, to catch the case when the
stack_info.start does not point to the beginning of the
thread stack allocated area, pointed by stack_obj.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- moves the reservation of the area for local thread data
inside the arch-specific _new_thread() function,
- aligns the end of the thread's stack with the granularity
of the MPU, already at thread's initialization, moving it
out of userspace_enter() function. In this way, the local
thread data are stored inside the thread stack area that
is, later, assigned unprivileged RW permissions (if thread
enters user mode).
- passes the right thread stack size information to function
_new_thread_init(), which stores it into stack_info.start.
As a result, the whole usable User Thread stack area (i.e.
excluding a possible guard area) falls inside the region
programmed as unprivileged RW, during context-switch.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Appears within a menu that already has 'depends on ARM_SECURE_FIRMWARE'.
'depends on FOO' on a menu will add 'depends on FOO' to each item within
it. 'if FOO' work similarly.
Tip: When adding a symbol, check its dependencies in the menuconfig
('ninja menuconfig', then / to jump to the symbol). The menuconfig also
shows how the file with the symbol got included, so if you see
duplicated dependencies, it's easy to hunt down where they come from.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
- The ARC CPU_HAS_MPU dependencies were added within the menu
menu "ARCH MPU Options"
depends on CPU_HAS_MPU
(arch/arc/core/mpu/Kconfig is source'd within it).
- The ARM CPU_HAS_MPU dependencies were redundantly added by
if CPU_HAS_MPU
source "arch/arm/core/cortex_m/mpu/Kconfig"
endif
and by some 'depends on CPU_HAS_MPU' within that file. Remove the
'depends on' and move the 'if' into the file instead.
Tip: Jump to symbols with '/' in the menuconfig and press '?' to check
their dependencies. If there are duplicated dependencies, the
'included via ...' path can be handy to discover where they are added.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Refactor internal ARM v7m and v8m MPU region re-programming
functions to take as argument a pointer to k_mem_partition
objects, instead of the object itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Refactor internal NXP MPU region re-programming functions
to take as argument a pointer to k_mem_partition objects,
instead of the object itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the MPU region re-programming functions,
to take as argument an array of pointers to memory partition
structures, instead of the whole array of the partitions. In
this way the stack usage can be minimized, if the actual
partition information is kept in statically allocated memory.
instead of the map itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The "ARM Cortex-M options" menu is already within a 'if CPU_CORTEX_M',
so no need to put 'depends on CPU_CORTEX_M' on it.
Tip: Jump to symbols with '/' in the menuconfig and press '?' to check
their dependencies. If there are duplicated dependencies, the
'included via ...' path can be handy to discover where they are added.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Based on the definition of _ARCH_THREAD_STACK_DEFINE() macro
for ARM, the MPU Stack Guard region is placed inside the
allocated stack object, only if
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT and CONFIG_USERSPACE
are both set. For ARM stack objects, allocated using the
_ARCH_THREAD_STACK_DEFINE() macro, such as the threads' stacks
and the interrupt stack, the above must be reflected on how we
set the initial start of the stacks.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
On x86, if a supervisor thread belonging to a memory domain
adds a new partition to that domain, subsequent context switches
to another thread in the same domain, or dropping itself to user
mode, does not have the correct setup in the page tables.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit introduces a generic arch/arm function to evaluate
thread stack corruption. The function shall be used upon
occurrence of MemManage and Bus Faults.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an explanatory note in the places
where we manually adjust the PSP after stacking Bus
and MemManage errors, stressing that this is due to
the fact that interrupt tail-chaining cannot always
be guaranteed by the processor.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit removes a redundant check for imprecise bus fault,
when a precise bus fault has occurred, now that we have
re-worked the BusFault handler to iterate through all possible
bus errors.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the logic, based on which we assess
thread stack corruptions upon BusFault exceptions triggered
by the NXP MPU module. BusFaults rely on calling external
function to assess whether a thread stack corruption due to
overflow has occurred. Upon detection of stack corruption,
the current stack pointer is manually adjusted upwards, to
prevent un-stacking errors from firing up upon returning from
the exception.
Additionally, the commit allows to be checking for all different
types of BusFault occurrences that are reported through BFSR,
without stopping after having spotted the first BusFault type.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the logic, based on which we assess
thread stack corruptions upon MemManageFault exceptions.
Furthermore, it takes out all kernel-related logic and relies
on calling external function 'evaluate_thread_stack_corruption'
to assess whether a thread stack overflow has occurred. Upon
detection of stack corruption, the current stack pointer is
manually adjusted upwards, to prevent un-stacking errors from
firing up upon returning from the exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the debug message on UsageFaults
related to Stack overflow, stating that the context
area is not valid. An inline comment is added, with
more detailed explanation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes two Constant Expression Result errors,
in the NXP MPU driver due to incompatible integer types.
Fixes#13836.
Fixes#13865.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes several essential inline comments in the
core assembly code for ARM, improving code readability.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit applies the same fixes, concering the Constant
Expression Result errors identified in the ARMv7-M and the
NXP MPU drivers, into the ARMv8-M MPU implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes two Constant Expression Result errors,
in the ARMv7-M MPU driver due to incompatible integer types.
Fixes#13844.
Fixes#13854.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit aligns the implementation of arm_core_mpu_disable()
function in NXP MPU with the implementation in the ARM MPU
module, by introducing a Data Memory Barrier, (DMB) instead of
a DSB instruction. This is in accordance with the ARM guidelines
of using the memory protection unit.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having to enable ramfunc support manually, just make it
transparently available to users, keeping the MPU region disabled if not
used to not waste a MPU region. This however wastes 24 bytes of code
area when the MPU is disabled and 48 bytes when it is enabled, and
probably a dozen of CPU cycles during boot. I believe it is something
acceptable.
Note that when XIP is used, code is already in RAM, so the __ramfunc
keyword does nothing, but does not generate an error.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The linker file defines the __ramfunc_ram_size symbols to get the size
of the __ramfunc_ram section. Use that instead of computing the value at
runtime from the start and end symbols. This saves 16 bytes of code with
CONFIG_RAM_FUNCTION=y.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Using __ramfunc to places a function in RAM instead of Flash.
Code that for example reprograms flash at runtime can't execute
from flash, in that case must placing code into RAM.
This commit create a new section named '.ramfunc' in link scripts,
all functions has __ramfunc keyword saved in thats sections and
will load from flash to sram after the system booted.
Fixes: #10253
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
This commit fixes a bug that was always propagating the
default error reason (_NANO_ERR_HW_EXCEPTION) to the
system fatal error handler for (strictly) Secure and
for Non-Secure FW builds on ARMv8-M.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Include the EXC_RETURN payload flag macro definitions into
compilation when building for Non-Secure firmware, too.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug for ARM builds with no USERSPACE support
where the MPU stack guard had been erroneously placed, i.e. not
at the beginning of the stack object. This was eating 32-bytes
off of the thread stack. In addition to that, the commit adds a
usefull ASSERT statement for builds with USERSPACE, which checks
that the start of the guard matches the beginning of the entire
stack object.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Its possible that memcpy is marked to check that a NULL value is passed
to it. The instance of memcpy in relocate_vector_table its valid that
we're are copying to 0/NULL. So supress the possible warning generated
by gcc -Wnonnull.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
With this commit we clear the BusFault Status Register error
bits, after processing the fault, for all ARM architecture
variants and implementations (not only for ARMv8-M mainline).
That is a fix, since the bits are sticky in the ARMv7-M
variants, as well. The commit fixes, additionally, a typo
in the spelling of BFSR.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds the logic to indicate that a Non-Secure fault
exception has been triggered due to a processor fault that has,
in fact, occurred in the Secure state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes the way we determine where the stacked
frame lies for (strictly) ARMv8-M Non-Secure firmware. It
introduces no changes to the default ARMv8-M behavior (i.e.
ARMv7-M compatible).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This is needed, because an interrupt can happen after the main/static
MPU region is disabled and before it is re-enabled.
This region gets implicitly disabled inside the _region_init call, when
its configuration registers change:
SYSMPU->WORD[index][0] = region_base;
SYSMPU->WORD[index][1] = region_end;
SYSMPU->WORD[index][2] = region_attr;
SYSMPU->WORD[index][3] = SYSMPU_WORD_VLD_MASK;
The TRM says this about the WORD0, WORD1 and WORD2 registers:
Writes to this register clear the region descriptor’s valid bit
(RGDn_WORD3[VLD]).
And thus if an interrupt happens after writing to WORD0 and before
writing VLD to WORD3 again, the code executes with enabled and yet
misconfigured MPU.
Fixes#13482
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
The linker file defines the __gcov_bss_size and _nocache_ram_size
symbols to get the size of the __gcov_bss and _nocache_ram section. Use
that instead of computing the value at runtime from the start and end
symbols.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
_arch_configure_dynamic_mpu_regions() may re-program the MPU
Stack Guard, to guard the privilege stack for overflows,
(if building with option CONFIG_MPU_STACK_GUARD). There is a
risk of actually overflowing the stack while doing the
re-programming. We minimize the risk by placing the
re-programming function immediately after we have switched to
the privileged stack so that the whole privilege stack area is
available for this critical operation.
Note that the risk for overflow is higher if using the normal
thread stack, since we do not control how much stack is actually
left, when user invokes _arm_userspace_enter().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the clearing of PSPLIM before determining the
privilege stack start and size. In this way the clearing can be
done without unnecessary pushing and popping r3 core register.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit provides two fixes for the ARMv8-M built-in stack
protection in userspace.S. First, it clears the PSPLIM register
before setting the PSP to the privileged stack. In the wake of
this, the privilege stack area can now be positioned enywhere,
i.e. does not have to be above the user stack area. Second, it
removes unncessary push/pop when clearing the PSPLIM register,
upon returning from the system call, since the r3 register is
not used anymore in this routine.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fixing the documentation for ARM core __svc function, which was
outdated and present only for the ARMv7-M version.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Stacking r3 at this point is not required as the register value
is not used afterwards, therefore, it does not need to be
retained.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to code re-organization inside __pendSV(), the stacking
and unstacking of scratch registers around the invocation of
read_timer_end_of_swap() is no longer required.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Just like with _Swap(), we need two variants of these utilities which
can atomically release a lock and context switch. The naming shifts
(for byte count reasons) to _reschedule/_pend_curr, and both have an
_irqlock variant which takes the traditional locking.
Just refactoring. No logic changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace Cortex-M3 with Cortex-M architecture family
in the header documentation of kernel_arch_data.h and
kernel_arch_func.h, which are generic header files for
the entire familty of ARM Cortex-M CPUs. The commit
adds some more minor style fixes in functions'
documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enforces default double-word stack alignmnet
on exception entry for Cortex-M3 and Cortex-M4 MCUs. The
patch ensures that we have consistent behavior in all
Cortex-M MCUs (double-world stack alignment on exception
entry is enforced by default in ARMv6, ARMv8, and Cortex-M7
processors).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the documentation of Kconfig option:
STACK_ALIGN_DOUBLE_WORD for Cortex-M microprocessors, stating
that the option is used in ARMv7-M MCUs to enforce 8-byte
stack alignment upon exception entry.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
use cmsis functions to avoid using direct assembly for main thread
switching.
This patch uses cmsis functions to:
- set PSP(process stack pointer) to main stack
- enable interrupts
Fixes#12878
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
The selection of the Cortex M systick driver to be used
as a system clock driver is controlled by
CONFIG_CORTEX_M_SYSTICK.
To replace it by another driver CONFIG_CORTEX_M_SYSTICK
must be set to 'n'. Unfortunately this also controls
the interrupt vector for the systick interrupt. It is
now routed to __reserved. More bad the interrupt vector
can not be set by IRQ_CONNECT as it is one of the hard
coded interrupts in the interrupt table.
Route the hard coded systick interrupt to z_clock_isr
and make z_clock_isr a weak symbol that can be overwritten
by an alternative systick system clock driver.
Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
This patch adjusts the way we are doing push/pop operations before
making function calls inside of assembly routines. ARM requires 8
byte aligned stack operations across public interfaces. This means
that we need to be sure to push multiples of 2 registers.
Fixes#2108
Signed-off-by: Andy Gross <andy.gross@linaro.org>
If you enable HW_STACK_PROTECTION, DEBUG_OPTIMIZATIONS, and
CPU_STATS, you can get a crash when switching to the main thread
due to the r3 getting munged during a inline ASM call. This patch
fixes that by adding r3 to the clobber list.
Fixes#12821
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This commit re-works the NXP MPU driver implementation so that
it aligns with the implementation for ARMv7-M and ARMv8-M MPU
architectures.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes obsolete ARM CORE MPU API definitions
and related implementation from arm_mpu.c, in the wake of
the transition to the new ARM MPU design.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves all internal implementation, relevant for
User mode, in a single place in the arm_mpu_v7_internal.h,
arm_mpu_v8_internal, and in arm_mpu.c. Additionally, the
commit cleans up internal function _get_region_attr() that
is not used any more.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the ARM Core MPU API for memory domains,
to align with the principle of de-coupling the partitioning
and the access attribution with the architecture-specific
MPU driver implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds the implementation of internal ARM MPU
function, arm_core_mpu_get_max_available_dyn_regions(),
required by _arch_mem_domain_max_partitions_get(),
according to the new architecture. The function returns
the number of the available partitions for memory domains
based on the total amount of HW regions and the
actual number of statically configured MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the internal (ARMv7-M and ARMv8-M)
API, which allows to user to (re)configure a memory partition
at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces an ARM API that allows the user to
program a set of dynamic MPU regions at run-time. The API
function is invoked every time the memory map needs to be
re-programmed (for example at thread context-switch). The
functionality is implementated in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring dynamic memory regions at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU, so it can configure the static memory regions at
boot time, as well as mark the areas, inside which dynamic MPU
region configuration at run-time will be allowed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU, so it can configure the static memory regions at
boot time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the initialization of static memory regions
from arm_mpu_init(), since they are now initialized, directly,
by the kernel. The programming of MPU regions configured in SOC
definition is kept here.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring static memory regions at boot time. It also
adds LOG error messages, and ASSERTS, which fire if the static
MPU region configuration is not performed successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the generic ARM (core) API, which allows
the user to program a set of static (fixed) MPU regions at boot
time. The API function is invoked upon initialization, in the
ARM-specific call of _arch_switch_to_main_thread(). The API
implementation is provided in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a new Kconfig option symbol,
MPU_REQUIRES_NON_OVERLAPPING_REGIONS, to signify the use of an
MPU architecture that requires the active MPU regions be
non-overlapping. This requirement concerns the standard
(unmodified) ARMv8-M MPU implementation. For that, we select
the option in the definition of ARM_MPU, if the CPU architecture
is ARMv8-M (Baseline or Mainline).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
cmsis provides intrinsic functions to configure processor special
function register like control, psp(process stack pointer). Let's use
these functions which are maintained in cmsis repository.
This patch uses cmsis function to:
- set process stack pointer(PSP)
- switch SP to PSP
- disable interrupts
It also moves stack initialization from assembly to C
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
This commit removes the local state variable nxp_mpu_enabled,
defined and used in NXP MPU driver, as it is not useful.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds a required cast for the size calculation utilizing
pointer arithmetic. The stack_obj needs a cast to u32_t. This was
caught using a newer compiler.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
On ARM, _Swap() isn't atomic and a hardware interrupt can land after
the (irq_locked) caller has entered _Swap() but before the context
switch actually happens. This will require some platform-specific
workarounds in a few places in the scheduler.
This commit is just the Kconfig and selection on ARM.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fix misspellings in documentation (.rst, Kconfig help text, and .h
doxygen API comments), missed during regular reviews.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
LTO is not supported yet, but there are a handful of references to the
flag '-flto' and the non-existent Kconfig option 'LTO'. To not confuse
users about whether LTO is supported or not, we should remove this
dead code.
As an aside, prototyping has shown that supporting LTO will give
signicant (10%) code size improvments, but will not be trivial to
support due to how we process object files with python.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit removes the priv_stack_size field from the _thread_arch
on arm architecture as there is no code using value stored in this
variable.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Some toolchains are built with multilib enabled in order to provide
multiple versions of the same library, optimized for different ABI
or architecture. They require the -march= and -mabi= options to be
passed at link time. This is important for example when linking with
newlib.
We do that by passing zephyr_ld_options the same arguments than
zephyr_compile_options. The -mabi option is passed directly while the
-march option, if defined, is passed through ${ARCH_FLAG}.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The commit enforces the use of ARM_MPU_REGION_MIN_ALIGN_AND_SIZE
in include/arch/arm/arch.h, instead of using 32 as a hard-coded
value. The symbol is also used in arm/thread.c to truncate the
thread stack size to satisfy MPU granularity. The commit does
not introduce behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit introduces a Kconfig option to define the minimum MPU
region size and alignment for ARM Cortex-M MCU architecture. The
hidden option is used by the linker to properly align linker
sections respecting the MPU requirements. Additionally, it is
used to define MPU Guard size and minimum stack alignment for
ARM Cortex-M MCUs in include/arch/arm/arch.h .
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
There were many platforms where this function was doing nothing. Just
merging its functionality with _PrepC function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Avoid nested C++ comments inside the C comment block due to MISRA-C
rule 3.1. Keep the variables documenting possible caller saved
registers.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
The ARMv8-M Memory Protection Unit document indicates that a DMB
instruction must be used before disabling the MPU in order to force
outstanding memory transactions.
The ARMv7-M documentation is less clear about that, and only specifies
that a DSB instruction followed by a ISB instruction must be used
before enabling the MPU, which is already the case. The ARMv7-M and
ARMv8-M MPU are relatively similar to believe the same sequence should
be used for disabling it.
This patch therefore adds a DMB instruction before disabling the MPU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In Zephyr on Cortex-M SoCs with both the ARM MPU and the cache enabled,
there are 3 possible states and associated configuration for the RAM
cache attributes:
- MPU disabled WBWA non-shareable
- MPU enabled, background RAM region WBWA non-shareable
- MPU enabled, thread RAM region WBWA shareable
In practice this means than the thread RAM region toggles from
shareable to non-shareable on each context change.
However the Cortex-M7 SoC does not support the WBWA shareable
configuration and fallback to simpler caching configuration. The
Technical Reference Manual states:
"By default, only Normal, Non-shareable memory regions can be cached
in the RAMs. Caching only takes place if the appropriate cache is
enabled and the memory type is cacheable. Shared cacheable memory
regions can be cached if CACR.SIWT is set to 1."
Similar indications can be found in the documentation from various
vendors: ST (AN4838), NXP (AN12042) and Atmel (AN15679).
It means that the thread RAM regions are either not cached (CACR.SIWT=0,
default) or WBWT cached (CACR.SIWT=1). This causes a performance issue.
In addition before switching a region from cached to non-cached and
vice-versa, the existing MPU code does not perform cache clean and/or
invalidate operations. This might cause data loss or corruption.
We should therefore change the RAM cache attributes to make them always
consistent. This patches change the thread/application RAM region from
WBWA shareable to WBWA non-shareable. This is done for all ARMv7-M SoCs
with an ARM MPU, however other SoCs (M0+, M3, M4) do not have cache, so
their behaviour should be unchanged.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
'b' can't jump very far on Cortex-M0 and will cause linker issues when
isr_wrapper and _IntExit are placed far away from each other.
To resolve this we use the 'bx' instruction, as it can jump much
further. Using 'bx' is not dangerous because we are jumping to thumb
mode code.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Remove either duplicate settings between arch & board, or just set
HAS_DTS at the arch level since all the boards for a given arch support
DTS now.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit moves the block of the early return before
the derivation of the stack size, to avoid unnecessary
operations if this is not a user thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In user mode a thread stack will include the optional
stack guard area (present if MPU_STACK_GUARD is defined.
The guard area has been originally take out of the thread
stack size calculation. For MPUs with no power-of-two size
requirement, we need to increase the size of the MPU region
for user-mode, to account for the additional guard region.
MPUs with power-of-two size requirement will, anyway, round
up the region size to the next power of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and implements an internal ARM
TrustZone-M API to allow the Non-Secure firmware to use
the Floating Point Unit (FPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a Kconfig symbol hierarchy which allows
the user to build Zephyr Secure and Non-Secure images on ARMv8-M
MCUs with support for Trusted Execution. However, the high-level
configuration structure is generic, thus, can be potentially
used for any platform that supports Trusted Execution.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit extends the support of built-in thread stack
protection (i.e. based on the stack pointer limit registers)
in ARMv8-M, so that it works with user mode. The commit
does the following:
- enables and disables the stack limit checking on the
privileged stack, inside thread system calls, and upon
entering user mode,
- does not enable stack limit checking in context switch,
if the thread is in user mode.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The function _IsInIsr computes a Boolean value but the function
returns a integer value. Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Instead of checking every time we hit the low-level context switch
path to see if the new thread has a "partner" with which it needs to
share time, just run the slice timer always and reset it from the
scheduler at the points where it has already decided a switch needs to
happen. In TICKLESS_KERNEL situations, we pay the cost of extra timer
interrupts at ~10Hz or whatever, which is low (note also that this
kind of regular wakeup architecture is required on SMP anyway so the
scheduler can "notice" threads scheduled by other CPUs). Advantages:
1. Much simpler logic. Significantly smaller code. No variance or
dependence on tickless modes or timer driver (beyond setting a
simple timeout).
2. No arch-specific assembly integration with _Swap() needed
3. Better performance on many workloads, as the accounting now happens
at most once per timer interrupt (~5 Hz) and true rescheduling and
not on every unrelated context switch and interrupt return.
4. It's SMP-safe. The previous scheme kept the slice ticks as a
global variable, which was an unnoticed bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Before entering userspace, the MPU stack guard is
configured to guard the default (i.e. afterwards, the "user")
thread stack, as the privileged stack has not yet been set. Upon
entering userspace the MPU stack guard needs to be re-programmed
to the privileged stack, otherwise, there is a risk that the
first system call might be serviced without privileged stack
protection, if it occurs before any context-switch. This commit
fixes this issue, by calling configure_mpu_stack_guard(..) upon
userspace entering.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
MISRA-C requires that all declarations of a specific function, or
object, use the same names and type qualifiers.
MISRA-C rule 8.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added LOG_PANIC to fault handlers to ensure that log is flush and
logger processes messages in a blocking way in fault handler.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Remove the inclusion of <string.h>, if CONFIG_INIT_STACKS
is defined, because it is not required anywhere in thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Several style and typo fixes in inline comments of arm kernel
files and thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an inline explanatory comment in the API
for setting the non-secure stack-pointer limit registers, to
stress that the API is only applicable to Mainline ARMv8-M MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a minor bug by setting the error reason
(to, default, _NANO_ERR_HW_EXCEPTION) for errors detected
during Secure/Non-Secure stack inspection. Applicable only
to Secure firmware.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit introduces CPU_HAS_ARM_MPU and CPU_HAS_NXP_MPU options,
which indicate which flavour of MPU is supported by given SoC family.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The __reset vector is using the 'b' instruction to jump to _PrepC. 'b'
can only jump 2KB on Cortex-M0 platforms so this causes build failures
when _PrepC happens to be too far away from __reset.
To resolve this we use 'bl' instead as it can jump two thousand times
further[0].
This can also be resolved by porting the reset vector to C or by
placing the _PrepC function in a dedicated section that the linker
places next to __reset.
[0] http://infocenter.arm.com/help/topic/com.arm.doc.dui0489e/Cihfddaf.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The ARMv8-m Memory Protection Unit does not require MPU regions
to be power-of-two aligned and sized. This commit removes this
requirement when building for ARMv8-m MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
__swap function was returning -EAGAIN in some case, though its return
value was declared as unsigned int.
This commit changes this function to return int since it can return a
negative value and its return was already been propagate as int.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
As far as possible SoC-specific code should be contained to it's
directory and core systems should not be referencing specific
SoCs. This keeps the common code clean and makes it easier to maintain
out-of-tree SoCs.
To this end we move CONFIG_SOC_TI_LM3S6965_QEMU's soft-reset related
code out of arch/arm/core/cortex_m and into arch/arm/soc/ti_lm3s6965.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rather than do that for each architecture, source SoC Kconfigs where the
code is maintained, under ZEPHYR_BASE/soc.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move the SoC outside of the architecture tree and put them at the same
level as boards and architectures allowing both SoCs and boards to be
maintained outside the tree.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
UART pins (TX, RX, RTS, CTS) are now configured in DTS files.
RTS and CTS definitions are optional. If flow control is enabled
and RTS/CTS pins are not defined, then compiler will issue
an error message.
Signed-off-by: Paweł Zadrożniak <pawel.zadrozniak@nordicsemi.no>
A bootloader may leave primask or faultmask set, so clear them during
startup when we enable interrupts and switch to the main thread.
Previously we only cleared primask for architecture variants which don't
support basepri, but now we do it for all architecture variants.
Fixes a failure on mimxrt1050_evk with the latency_measure test and
shell_module sample when using an nxp internal bootloader.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This change adds DTS definition of SPI device for nRF chips.
It also removes SPI pin configuration from Kconfig and moves it to
chip DTS.
Signed-off-by: Filip Kubicz <filip.kubicz@nordicsemi.no>
This commit adds ADC nodes to DTS files for nRF SoCs and introduces
corresponding bindings for these nodes.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Remove I2C and SPI instances when enabling I2C_STM32 and
SPI_STM32 drivers.
It allows to enable the drivers if ports I2C_4, SPI_4,
SPI_5, SPI_6 are selected.
Signed-off-by: Yannis Damigos <giannis.damigos@gmail.com>
One can enable I2C_3 in kconfig and set status = "ok" in dts, but
the driver expects to find the config as fixed up with this
addition.
Signed-off-by: Kiril Zyapkov <k.zyapkov@allterco.com>
The Cortex-M7 CPU included in the SAM e70 SoCs has instruction and data
caches that significantly boost the performances. Enable them during the
SoC initialization.
Fixes#8138
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
_k_syscall_table is an array of function pointers and is declared as
such in C sources, this makes it an STT_OBJECT[0] in the symbol
table. But when the same symbol is declared in assembly, it is
declared to be a function, which would make the symbol an STT_FUNC.
When linking with LTO this type inconsistency results in the warning:
real-ld: Warning: type of symbol `_k_syscall_table' changed from 2 to
1 in /tmp/cc84ofK0.ltrans8.ltrans.o
To fix this warning we declare the table with GDATA instead of GTEXT,
which will change the type from 'function' to 'object'.
[0]
https://docs.oracle.com/cd/E19455-01/816-0559/chapter6-79797/index.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The Cortex-M7 CPU included in the STM32F7 SoCs has instruction and data
caches that significantly boost the performances. Enable them during the
SoC initialization. Note that the D-cache should only be enabled if it
is disabled, to workaround CMSIS issue #331.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This patch changes clock initialization sequence to initialize external
cristal oscillators only if it was not done before. Initialization of
external cristal oscillators may be performed by the bootloader.
Tested on BRD4250B evaluation board.
Fixes#9471
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Move to more generic tracing hooks that can be implemented in different
ways and do not interfere with the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit adds an __ASSERT line in _get_region_attr_by_type,
to signal an error if the supplied MPU region type is not valid.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a UL suffix after numerical digits to ensure
the correctness of certain shift operations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements and integrates the ARMv8-M MPU driver
into the memory protection system for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors arm_mpu.c by moving all internal function
implementation that is specific to ARMv7-M architecture to a
separate internal header file. This allows to easily extend
arm_mpu.c to support ARMv8-M by including all ARMv8-M-specific
implementation in a similar internal header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>