All architecture defines OCTET_TO_SIZEOFUNIT and SIZEOFUNIT_TO_OCTET
as identity functions. But the only user is tests/benchmarks/app_kernel.
It's effectively a no-op. Remove them.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
This commit removes the macro definitions for MPU_RASR register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The r7 register is used as a frame pointer on ARM Thumb. As result, it
cannot be modified by the assembly code in functions using stack frame.
This commit replaces r7 by r8, which is a general purpose register.
Also it fixes#7704.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Upon return from a syscall handlers, the r1, r2, and r3 registers
could contain random kernel data that should not be leaked to user
mode. Zero these out before returning from _arm_do_syscall().
Fixes#7753.
The invocation macros need a clobber if r1, r2, or r3 are not used
to carry syscall arguments. This is a partial fix for #7754 but
there appear to be other issues.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch changes the ARM system calls to use registers for passing
or arguments. This removes the possibility of stack issues when
callers do not adhere to the AAPCS.
Fixes#6802
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Added architecture specific support for memory domain destroy
and remove partition for arm and nxp. An optimized version of
remove partition was also added.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
We need to track permission on stack memory regions like we do
with other kernel objects. We want stacks to live in a memory
area that is outside the scope of memory domain permission
management. We need to be able track what stacks are in use,
and what stacks may be used by user threads trying to call
k_thread_create().
Some special handling is needed because thread stacks appear as
variously-sized arrays of struct _k_thread_stack_element which is
just a char. We need the entire array to be considered an object,
but also properly handle arrays of stacks.
Validation of stacks also requires that the bounds of the stack
are not exceeded. Various approaches were considered. Storing
the size in some header region of the stack itself would not allow
the stack to live in 'noinit'. Having a stack object be a data
structure that points to the stack buffer would confound our
current APIs for declaring stacks as arrays or struct members.
In the end, the struct _k_object was extended to store this size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add the following application-facing memory domain APIs:
k_mem_domain_init() - to initialize a memory domain
k_mem_domain_destroy() - to destroy a memory domain
k_mem_domain_add_partition() - to add a partition into a domain
k_mem_domain_remove_partition() - to remove a partition from a domain
k_mem_domain_add_thread() - to add a thread into a domain
k_mem_domain_remove_thread() - to remove a thread from a domain
A memory domain would contain some number of memory partitions.
A memory partition is a memory region (might be RAM, peripheral
registers, flash...) with specific attributes (access permission,
e.g. privileged read/write, unprivileged read-only, execute never...).
Memory partitions would be defined by set of MPU regions or MMU tables
underneath.
A thread could only belong to a single memory domain any point in time
but a memory domain could contain multiple threads.
Threads in the same memory domain would have the same access permission
to the memory partitions belong to the memory domain.
The memory domain APIs are used by unprivileged threads to share data
to the threads in the same memory and protect sensitive data from
threads outside their domain. It is not only for improving the security
but also useful for debugging (unexpected access would cause exception).
Jira: ZEP-2281
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adjusts the ARM MPU implementation to be compliant to the
recent changes that introduced the opaque kernel data types.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch always defines the ARCH_THREAD_STACK_XXX macros/functions
regardless of the MPU_STACK_GUARD usage. Only use MPU_STACK_GUARD when
determining the minimum stack alignment.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The mimimum mpu size is 32 bytes, but requires mpu base address to be
aligned on 32 bytes to work. Define architecture thread macro when
MPU_STACK_GUARD config to allocate stack with 32 more bytes.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. This handles the remaining includes and kernel, plus
touching up various points that we skipped because of include
dependancies. We also convert the PRI printf formatters in the arch
code over to normal formatters.
Jira: ZEP-2051
Change-Id: Iecbb12601a3ee4ea936fd7ddea37788a645b08b0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This patch moves the include for the generated_dts_board.h inside of
the include/arch/arm/arch.h file. This was done to simplify the
includes required for files. Only two files will include the dts
generated include file directly: arch.h and the linker.ld
Change-Id: I2614f4fd4eeed2ab635a3264d7dac8b83f97b760
Signed-off-by: Andy Gross <andy.gross@linaro.org>
We now use CMSIS for ARM Cortex-M SoCs so we can remove the last bits of
scs and scb.
Jira: ZEP-1568
Change-Id: I0c7c45b0321dc402ed594e9faffb5109922edcf0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Coverted:
_ScbMemFaultMmfarReset
_ScbBusFaultBfarReset
_ScbUsageFaultAllFaultsReset
To use direct CMSIS register access.
Also removed scb.h and references as there is no longer any code in it.
Jira: ZEP-1568
Change-Id: I469f6af39d1bd41db712454b0b3e5ab331979033
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Kill of nvic.h and use either CMSIS helper functions for NVIC or direct
NVIC register access via CMSIS for IRQ handling code.
Jira: ZEP-1568
Change-Id: If21910b9293121efe85c3c9076a1c2b475ef91ef
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
That module is not used anymore: it was introduced pre-Zephyr to add
some kind of awareness when debugging ARM Cortex-M3 code with GDB but
was never really used by anyone. It has bitrotted, and with the recent
move of the tTCS and tNANO data structures to common _kernel and
k_thread, it does not even compile anymore.
Jira: ZEP-1284, ZEP-951
Change-Id: Ic9afed00f4229324fe5d2aa97dc6f1c935953244
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The nmi_on_reset.S functions are used by all ARM platforms. It
makes no sense to repeat the same code for all platforms. Moving
the code from each SOC implementation to arch/arm/core.
The same treatment for the NMI_INIT() macro. Moving it from a per
SOC implementation to the include/arch/arm/cortex_m/nmi.h.
Change-Id: I574d8880a44046cc7b9e1b635e80d6e83657b8c1
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
On ARM, GPRs are often known by two names. E.g. the stack pointer is
both 'sp' and 'r13', the first parameter to a function 'a1' and 'r0',
etc. This macro allows defining them in a data structure, e.g. in the
ESF, without having to create a union, use the correct type, etc: it is
less error-prone and makes for shorter code.
sys_define_gpr_with_alias(name1, name2)
Change-Id: Ie4a6caa1ac23f26be4f7f0e05e9265f2655062cc
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Removed old style file description and documnetation and apply
doxygen synatx.
Change-Id: I3ac9f06d4f574bf3c79c6f6044cec3a7e2f6e4c8
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
ARM targets now have access to the address types 'paddr_t' and 'vaddr_t'.
Change-Id: Ic7225647f3776d4afa853cf2c4a19699b656866a
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Change-Id: I6da43e41f9c6efee577b70513ec368ae3cce0144
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Change all the Intel and Wind River code license from BSD-3 to Apache 2.
Change-Id: Id8be2c1c161a06ea8a0b9f38e17660e11dbb384b
Signed-off-by: Javier B Perez Hernandez <javier.b.perez.hernandez@linux.intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The inline versions are renamed to remove the _inline suffix, and the
non-inline versions are removed from the code base.
Change-Id: Iee2e6adcfb5da1fe0a978a05aa854e10ae82a8b8
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The change replaces multiple asterisks to ** at
the beginning of comments and adds a space before
the asterisks at the beginning of lines.
Change-Id: I7656bde3bf4d9a31e38941e43b580520432dabc1
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Makes name more consistent with other CPU_CORTEX_M* options.
Change-Id: I65968cb300207ba0de6231d9a67f2720be77b6ba
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
These files now have no useful content.
Change-Id: If5d2df361eb8769ca38c4ae63f68a5681b3ad85b
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Since cputype.h no longer has any meaningful content it can be
eliminated, along with the arch-specific files it incorporated.
(This means that the arch-specific nanokernel public APIs are
now referenced only via cpu.h and its derivatives.)
Change-Id: I7f35b6c3c6c092d61c372ff85d73e49414474938
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Moves these macros to the main public API include file for each
supported architecture, since the <arch>type.h include file is
to be eliminated.
Change-Id: Ia87b9c0bed1501bcce7f363bd4155f7ef642376a
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
The "__stack" tag is to be used to align an array (to STACK_ALIGN) for stack
use by either a fiber or task.
Change-Id: I5828f3ee1b09b0b5ba894ea30689d179de347494
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Renaming the directory include/nanokernel to be include/arch, which
better reflects the real nature of the directory and the contents
inside.
Change-Id: I2bc33ebc6715e2f0403227a558279fdf52398ade
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Yasushi SHOJI