This commit removes the priv_stack_size field from the _thread_arch
on arm architecture as there is no code using value stored in this
variable.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit removes the custom_data field from _thread_arch
for xtensa platform as it is currently unused.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This reverts commit 140863f6a7.
This was found to be causing problems with certain linkers which
generate different code depending on whether a symbol is weak or
not.
Fixes#11916
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When code relocation feature with userspace mode is turned on we
need a bit more memory to fit the text section for these 2
generated files.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
In C90 was introduced function prototype, that allows argument types
to be checked against parameter types, though it is not necessary
specify names for the parameters. MISRA-C requires names for function
prototype parameters, it claims that names can provide useful
information regarding the function interface.
MISRA-C rule 8.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When __ASSERT is not enabled there is an attribution to the variable
total_partitions and it is never used.
MISRA-C rule 2.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There is a function called _thread_entry defined in
lib/thread_entry.c. Just changing name to fix MISRA-C violation.
MISRA-C rule 5.8
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Previously, this was only built if CONFIG_EXCEPTION_DEBUG
was enabled, but CONFIG_USERSPACE needs it too for validating
strings sent in from user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
RISC-V permits myriad extensions to the ISA, any of which may imply
additional context that must be saved and restored on ISR entry and
exit. The current in-tree example is the Pulpino core, which has extra
registers used by ISA extensions for running loops that shouldn't get
clobbered by an ISR.
This is currently supported by including pulpino-specific definitions
in the generic architecture code. This works, but it's a bit inelegant
and is something of a layering violation. A more generic mechanism is
required to support other RISC-V SoCs with similar requirements
without cluttering the arch code too much.
Provide that by extending the semantics of the existing
CONFIG_RISCV_SOC_CONTEXT_SAVE option to allow other SoCs to allocate
space for saving and restoring their own state, promoting the
currently pulpino-specific __soc_save_context / __soc_restore_context
routines to a RISC-V arch API.
The cost of making this generic is two more instructions in each ISR
to pass the SoC specific context to these routines in a0 rather than
just assuming the stack points to the right place. This is minimal,
and should have been done anyway to keep with the ABI.
As a first (and currently only in-tree) customer, convert the Pulpino
SoC code to this new mechanism.
Signed-off-by: Marti Bolivar <marti@foundries.io>
The way that CONFIG_EXECUTION_BENCHMARKING=y is handled on this
architecture is incorrect. The goals are:
- call read_timer_start_of_isr() as close as possible to the
beginning of the ISR
- call read_timer_end_of_isr() after all preparations have
been made to call the driver-level IRQ handler, but it hasn't
been called yet
The current implementation could cause kernel crashes, though.
The read_timer_start_of_isr() call is made before saving MEPC or any
SoC-specific context. The MEPC issue is not that big of a deal, but
doing it before saving SoC context could clobber state that hasn't
been saved yet and corrupt the kernel.
One example is a pulpino style RISC-V SoC. Some Pulpino cores have
extra registers that are used for ISA extensions used to generate code
for C loops. There's no guarantee read_timer_start_of_isr() will never
have a loop inside: in fact, the RISC-V User-Level ISA v2.2 explicitly
recommends using a loop to get the 64-bit value of the "cycle" CSR. A
Pulpino-like SoC with a cycle CSR could thus naturally have a
read_timer_start_of_isr() implementation that involves loops. Saving
the loop state before reading the timer would then be needed.
Fix this issue by moving the call to read_timer_start_of_isr to after
all context saving is done. (This is a fairer comparison to Arm
Cortex-M SoCs anyway, since register stacking is performed in hardware
on Cortex M and is done before the first ISR instruction executes.)
The call to read_timer_end_of_isr() has an issue as well: it's called
after the ISR's argument has been stored in a0 and the ISR address is
in t1, but before actually calling the ISR itself.
In the standard RV32I calling convention, both t1 and a0 are caller
saved, so read_timer_end_of_isr() is within its rights to set them to
any garbage, which we'll happily treat as a function and its argument
and execute.
Avoid that possibility by saving the register values to the stack in
this configuration.
Signed-off-by: Marti Bolivar <marti@foundries.io>
The generated stub doesn't actually initialize the CPU or jump to
__start. All it does is set up the interrupt stack and jump to
_PrepC. Fix the help.
Signed-off-by: Marti Bolivar <marti@foundries.io>
If CONFIG_PRINTK=n, cause_str will not be defined, and _Fault() will
fail to build. Fix that by ifdeffing out the printk call in that case.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Some toolchains are built with multilib enabled in order to provide
multiple versions of the same library, optimized for different ABI
or architecture. They require the -march= and -mabi= options to be
passed at link time. This is important for example when linking with
newlib.
We do that by passing zephyr_ld_options the same arguments than
zephyr_compile_options. The -mabi option is passed directly while the
-march option, if defined, is passed through ${ARCH_FLAG}.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The commit enforces the use of ARM_MPU_REGION_MIN_ALIGN_AND_SIZE
in include/arch/arm/arch.h, instead of using 32 as a hard-coded
value. The symbol is also used in arm/thread.c to truncate the
thread stack size to satisfy MPU granularity. The commit does
not introduce behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit introduces a Kconfig option to define the minimum MPU
region size and alignment for ARM Cortex-M MCU architecture. The
hidden option is used by the linker to properly align linker
sections respecting the MPU requirements. Additionally, it is
used to define MPU Guard size and minimum stack alignment for
ARM Cortex-M MCUs in include/arch/arm/arch.h .
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
There were many platforms where this function was doing nothing. Just
merging its functionality with _PrepC function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This option is useful to have for a flatter hierarchy for one-off SoCs
that aren't split into family and series from the silicon vendor
perspective.
The commit saying it was going to go away is from 2 years ago; it
hasn't happened and it doesn't seem to need to happen. Just delete it.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove having ${BOARD_DIR} in the global include path for Zephyr builds.
Needed to add this to the arch/posix because of how posix "boards"
define various things like interrupt handling.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Avoid nested C++ comments inside the C comment block due to MISRA-C
rule 3.1. Keep the variables documenting possible caller saved
registers.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
The identifier looks like a mixed C/C++ comment, which is against
MISRA-C rule 3.1. As the identifier is not used, remove it altogether.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
In the MULTI_LEVEL_INTERRUPTS Kconfig we have a symbol for defining
the maximum IRQ per aggregator: MAX_IRQ_PER_AGGREGATOR
Instead of using a hard-coded value of 32 max irq per level,
let's use the value of MAX_IRQ_PER_AGGREGATOR
Signed-off-by: Michael Scott <mike@foundries.io>
If CONFIG_3RD_LEVEL_INTERRUPTS is not enabled then we see the following
error during sw_isr_table generation:
Traceback (most recent call last):
File "zephyr/arch/common/gen_isr_tables.py", line 291, in <module>
main()
File "zephyr/arch/common/gen_isr_tables.py", line 199, in main
if syms["CONFIG_3RD_LEVEL_INTERRUPTS"]:
KeyError: 'CONFIG_3RD_LEVEL_INTERRUPTS'
ninja: build stopped: subcommand failed.
Fix the logic to look for the symbol instead of referencing it.
Signed-off-by: Michael Scott <mike@foundries.io>
The old xtensa layer had an unused/untested facility where it would
apparently try to slave a timer tick to an arbitrary interrupt. The
legacy headers were still checking the kconfigs used to enable that
even though nothing wants it and the new driver has removed them,
breaking builds on platforms like S1000 that still use the older
layer.
Don't try to finess this as these files are going away. Just make
them local preprocessor symbols and set them to the default values
they always had.
(Note: the feature doesn't sound like it would have been so bad,
actually. We should probably crib that idea of having an
"external_tick" driver, but there's no reason for it to have been
arch-specific.)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Xtensa interrupts are handled generically, by testing a set of flagged
interrupts in the INTERRUPT register. It's not possible to know
exactly which device "caused" an interrupt.
The entry code was dispatching correctly, but it was failing to test
the enable state in INTENABLE. Such an interrupt will never "fire",
but it might still be flagged, and if we happen to end up handling an
interrupt of the same priority (due to some other device) the entry
handler would incorrectly invoke the disabled interrupt.
Found by dumb luck and a comedy of errors: the recent timer driver
change swapped the counter in use, which changed the interrupt number
to one shared with the I2C driver, whose early interrupts (odd that
this device is interrupting on boot when not in use, but whatever)
would then discover the OTHER timer counter had been flagged and try
to invoke an ISR for that other counter, which was the _irq_spurious()
spurious interrupt handler.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Zephyr isn't ready to handle interrupts yet, until the
threading/scheduler are set up and we make our first context switch.
This was a semi-hidden bug: only the timer interrupt would actually
get unmasked before the system was ready, and obviously would never
have time to fire a tick before the system completed initialization.
But a combination of system load and a new version of Qemu (which
seems to be more sensitive to non-deterministic timing glitchery) has
made this visible. About 2-3% of the time when run under a full
sanitycheck, the qemu process will get swapped away for long enough
that the tick timer expires before _Cstart() has reached
enable_multithreading().
It looks like the original code was cut and pasted from another
implementation, which was expected to call into an "application"
main() routine that wanted interrupts ready.
Fixes#11182
(Note also that this code is not used for ESP-32, which has its own
startup path)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The ARMv8-M Memory Protection Unit document indicates that a DMB
instruction must be used before disabling the MPU in order to force
outstanding memory transactions.
The ARMv7-M documentation is less clear about that, and only specifies
that a DSB instruction followed by a ISB instruction must be used
before enabling the MPU, which is already the case. The ARMv7-M and
ARMv8-M MPU are relatively similar to believe the same sequence should
be used for disabling it.
This patch therefore adds a DMB instruction before disabling the MPU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In Zephyr on Cortex-M SoCs with both the ARM MPU and the cache enabled,
there are 3 possible states and associated configuration for the RAM
cache attributes:
- MPU disabled WBWA non-shareable
- MPU enabled, background RAM region WBWA non-shareable
- MPU enabled, thread RAM region WBWA shareable
In practice this means than the thread RAM region toggles from
shareable to non-shareable on each context change.
However the Cortex-M7 SoC does not support the WBWA shareable
configuration and fallback to simpler caching configuration. The
Technical Reference Manual states:
"By default, only Normal, Non-shareable memory regions can be cached
in the RAMs. Caching only takes place if the appropriate cache is
enabled and the memory type is cacheable. Shared cacheable memory
regions can be cached if CACR.SIWT is set to 1."
Similar indications can be found in the documentation from various
vendors: ST (AN4838), NXP (AN12042) and Atmel (AN15679).
It means that the thread RAM regions are either not cached (CACR.SIWT=0,
default) or WBWT cached (CACR.SIWT=1). This causes a performance issue.
In addition before switching a region from cached to non-cached and
vice-versa, the existing MPU code does not perform cache clean and/or
invalidate operations. This might cause data loss or corruption.
We should therefore change the RAM cache attributes to make them always
consistent. This patches change the thread/application RAM region from
WBWA shareable to WBWA non-shareable. This is done for all ARMv7-M SoCs
with an ARM MPU, however other SoCs (M0+, M3, M4) do not have cache, so
their behaviour should be unchanged.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
.gnu.linkonce is an internal undocumented ld feature.
Just use __weak, which does the same thing we want.
This is only done for _sw_isr_table. _irq_vector_table
is left alone due to unwanted interactions between
__weak and the ld KEEP() directive.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If dynamic interrupts are enabled, a set of trampoline stubs
are generated which transfer control to a common dynamic
interrupt handler function, which then looks up the proper
handler and parameter and then executes the interrupt.
Based on the prior x86 dynamic interrupt implementation which
was removed from the kernel some time ago, and adapted to
changes in the common interrupt handling code, build system,
and IDT generation tools.
An alternative approach could be to read the currently executing
vector out of the APIC, but this is a much slower operation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In the past the capability to install interrupts at runtime was
removed due to lack of use-cases for Zephyr's intended targets.
Now we want to support hypervisor applications like ACRN where
virtual devices are presented to the kernel using PCI enumeration,
and the interrupt configuration is not known at build time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
'b' can't jump very far on Cortex-M0 and will cause linker issues when
isr_wrapper and _IntExit are placed far away from each other.
To resolve this we use the 'bx' instruction, as it can jump much
further. Using 'bx' is not dangerous because we are jumping to thumb
mode code.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
