The SOC code can set whether it's known that the CPU
is immune, don't default to turning this off.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Retpolines were never completely implemented, even on x86.
Move this particular Kconfig to only concern itself with
the assembly code, and don't default it on ever since we
prefer SSBD instead.
We can restore the common kernel-wide CONFIG_RETPOLINE once
we have an end-to-end implementation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
PAE page tables (the only kind we support) have 512
entries per page directory, not 1024.
Fixes: #13838
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit introduces a generic arch/arm function to evaluate
thread stack corruption. The function shall be used upon
occurrence of MemManage and Bus Faults.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an explanatory note in the places
where we manually adjust the PSP after stacking Bus
and MemManage errors, stressing that this is due to
the fact that interrupt tail-chaining cannot always
be guaranteed by the processor.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit removes a redundant check for imprecise bus fault,
when a precise bus fault has occurred, now that we have
re-worked the BusFault handler to iterate through all possible
bus errors.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the logic, based on which we assess
thread stack corruptions upon BusFault exceptions triggered
by the NXP MPU module. BusFaults rely on calling external
function to assess whether a thread stack corruption due to
overflow has occurred. Upon detection of stack corruption,
the current stack pointer is manually adjusted upwards, to
prevent un-stacking errors from firing up upon returning from
the exception.
Additionally, the commit allows to be checking for all different
types of BusFault occurrences that are reported through BFSR,
without stopping after having spotted the first BusFault type.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the logic, based on which we assess
thread stack corruptions upon MemManageFault exceptions.
Furthermore, it takes out all kernel-related logic and relies
on calling external function 'evaluate_thread_stack_corruption'
to assess whether a thread stack overflow has occurred. Upon
detection of stack corruption, the current stack pointer is
manually adjusted upwards, to prevent un-stacking errors from
firing up upon returning from the exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the debug message on UsageFaults
related to Stack overflow, stating that the context
area is not valid. An inline comment is added, with
more detailed explanation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes two Constant Expression Result errors,
in the NXP MPU driver due to incompatible integer types.
Fixes#13836.
Fixes#13865.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes several essential inline comments in the
core assembly code for ARM, improving code readability.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit applies the same fixes, concering the Constant
Expression Result errors identified in the ARMv7-M and the
NXP MPU drivers, into the ARMv8-M MPU implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes two Constant Expression Result errors,
in the ARMv7-M MPU driver due to incompatible integer types.
Fixes#13844.
Fixes#13854.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit aligns the implementation of arm_core_mpu_disable()
function in NXP MPU with the implementation in the ARM MPU
module, by introducing a Data Memory Barrier, (DMB) instead of
a DSB instruction. This is in accordance with the ARM guidelines
of using the memory protection unit.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Some more were added since the cleanup pass in June 2018. See e.g.
commit 2d50da70a1 ("drivers: ipm: Kconfig: Remove redundant 'default n'
properties") for a motivation. It also avoids people wondering whether
or not they need to put in 'default n'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
CPU_LPS_n name used to indicate a low power state is cryptic and
incorrect. The low power states act on the whole SoC and not exclusively
on the CPU. This patch renames CPU_LPS_n states to LOW_POWER_n. Also
HAS_ pattern for Kconfig options is used in favor of a non standard
_SUPPORTED. Naming of deep sleep states was adjusted accordingly.
Following is a detailed list of string replacements used:
s/SYS_POWER_STATE_CPU_LPS_(\d)_SUPPORTED/HAS_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_CPU_LPS_(\d)/SYS_POWER_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_DEEP_SLEEP_(\d)_SUPPORTED/HAS_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit removes dependency on SYS_POWER_LOW_POWER_STATES_SUPPORTED,
SYS_POWER_DEEP_SLEEP_STATES_SUPPORTED Kconfig options. Power management
SYS_POWER_LOW_POWER_STATES, SYS_POWER_DEEP_SLEEP_STATES options depend
now directly on specific power states supported by the given SoC. This
simplifies maintenance of SoC Kconfig files.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
We don't need the build system to pull out the mmu
region specifiers from the kernel binary when the
script can just as easily do this itself.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having to enable ramfunc support manually, just make it
transparently available to users, keeping the MPU region disabled if not
used to not waste a MPU region. This however wastes 24 bytes of code
area when the MPU is disabled and 48 bytes when it is enabled, and
probably a dozen of CPU cycles during boot. I believe it is something
acceptable.
Note that when XIP is used, code is already in RAM, so the __ramfunc
keyword does nothing, but does not generate an error.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The linker file defines the __ramfunc_ram_size symbols to get the size
of the __ramfunc_ram section. Use that instead of computing the value at
runtime from the start and end symbols. This saves 16 bytes of code with
CONFIG_RAM_FUNCTION=y.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Using __ramfunc to places a function in RAM instead of Flash.
Code that for example reprograms flash at runtime can't execute
from flash, in that case must placing code into RAM.
This commit create a new section named '.ramfunc' in link scripts,
all functions has __ramfunc keyword saved in thats sections and
will load from flash to sram after the system booted.
Fixes: #10253
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
This commit fixes a bug that was always propagating the
default error reason (_NANO_ERR_HW_EXCEPTION) to the
system fatal error handler for (strictly) Secure and
for Non-Secure FW builds on ARMv8-M.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Include the EXC_RETURN payload flag macro definitions into
compilation when building for Non-Secure firmware, too.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug for ARM builds with no USERSPACE support
where the MPU stack guard had been erroneously placed, i.e. not
at the beginning of the stack object. This was eating 32-bytes
off of the thread stack. In addition to that, the commit adds a
usefull ASSERT statement for builds with USERSPACE, which checks
that the start of the guard matches the beginning of the entire
stack object.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Its possible that memcpy is marked to check that a NULL value is passed
to it. The instance of memcpy in relocate_vector_table its valid that
we're are copying to 0/NULL. So supress the possible warning generated
by gcc -Wnonnull.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
With this commit we clear the BusFault Status Register error
bits, after processing the fault, for all ARM architecture
variants and implementations (not only for ARMv8-M mainline).
That is a fix, since the bits are sticky in the ARMv7-M
variants, as well. The commit fixes, additionally, a typo
in the spelling of BFSR.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
128 already gets exceeded in a lot of cases, and the binaries
with the new SDK are very slightly larger. Just kick this up
to 256 and get rid of all the exceptions.
Fixes: #13594
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Incremental builds have been broken in x86 due to a misconfigured
dependency. mmu_tables.bin is always generated, even for "nothing to
do" builds.
We fix this by removing the stray dependency on user_mmu_tables.bin
when not CONFIG_X86_KPTI.
Steps to reproduce:
Build any sample twice with qemu_x86 and observe that the second build
regenerates mmu_tables.bin.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This commit adds the logic to indicate that a Non-Secure fault
exception has been triggered due to a processor fault that has,
in fact, occurred in the Secure state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes the way we determine where the stacked
frame lies for (strictly) ARMv8-M Non-Secure firmware. It
introduces no changes to the default ARMv8-M behavior (i.e.
ARMv7-M compatible).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Some of power states used numerical suffix while otthers not.
This commit adds proper suffix to all power state names.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
f
The same pattern is used five times In the x86 build scripts and the
same code has been copied and modified the same amount of times. This
has resulted in a system that is difficult to make changes to.
To enforce consistency and improve maintainability we refactor the
code into a function.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
In general, to have correct dependencies, one must not only depend on
files, but also a wrapper target for the file. This is done for some
of the files in arch/x86/CMakeLists.txt, but not all.
To be consistent with how dependency management is done we add wrapper
targets and add dependencies to them.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames irq_vectors_alloc_data.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames gdt.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames user_mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is needed, because an interrupt can happen after the main/static
MPU region is disabled and before it is re-enabled.
This region gets implicitly disabled inside the _region_init call, when
its configuration registers change:
SYSMPU->WORD[index][0] = region_base;
SYSMPU->WORD[index][1] = region_end;
SYSMPU->WORD[index][2] = region_attr;
SYSMPU->WORD[index][3] = SYSMPU_WORD_VLD_MASK;
The TRM says this about the WORD0, WORD1 and WORD2 registers:
Writes to this register clear the region descriptor’s valid bit
(RGDn_WORD3[VLD]).
And thus if an interrupt happens after writing to WORD0 and before
writing VLD to WORD3 again, the code executes with enabled and yet
misconfigured MPU.
Fixes#13482
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
