Stack sentinel doesn't prevent corruption, it just notices when
it happens. Any memory could be in a bad state and it's more
appropriate to take the entire system down rather than just kill
the thread.
Fatal testcase will still work since it installs its own
_SysFatalErrorHandler.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).
This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.
This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.
The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.
Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The REGION bits (bit[3:0]) of MPU_RBAR register can specify the number
of the region to update if the VALID bit (bit[4]) is also set.
If the bit[3:0] of "region_addr" are not zero, might cause to update
unexpected region. This could happen since we might not declare stack
memory with specific alignment.
This patch will mask the bit[4:0] of "region_addr" to prevent updating
unexpected region.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
The kernel tracks time slice usage with the _time_slice_elapsed global.
Every time the timer interrupt goes off and the timer driver calls
_nano_sys_clock_tick_announce() with the elapsed time, this is added to
_time_slice_elapsed. If it exceeds the total time slice, the thread is
moved to the back of the queue for that priority level and
_time_slice_elapsed is reset to zero.
In a non-tickless kernel, this is the only time _time_slice_elapsed is
reset. If a thread uses up a partial time slice, and then cooperatively
switches to another thread, the next thread will inherit the remaining
time slice, causing it not to be able to run as long as it ought to.
There does exist code to properly reset the elapsed count, but it was
only compiled in a tickless kernel. Now it is built any time
CONFIG_TIMESLICING is enabled.
Issue: ZEP-2107
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add necessary Kconfig and minimal device tree in order to support
STM32F412ZG variant as found on the Nucleo STM32F412 board.
Origin: Original
Change-Id: Ic98a686f478ce551dc6101466ed0cf16924109e8
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Following migration of stm32f1xx series clock control driver to
STM32Cube LL API, cleanup stm32 code base in order to take into
account that this is the only clock driver available for stm32
family.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Following introduction of stm32cube LL based clock control driver,
remove references to former native driver.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Align stm32f1xx series clock driver to other parts of stm32 family.
Driver support both Connectivity and Density lines of stm32f1 series,
that are based on different Reset and Clock Control architectures.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
The STM32F413ZH has 1536kB of Flash and 320kB of SRAM. This
configuration is currently not supported by ST MPU driver, so fill in
the blanks.
Note: The MPU does not support region size that is not a power-of-2 (see
the SIZE field in the MPU_RASR register). This is a problem for our
1536kB Flash region, so it was rounded up to the nearest choice. This is
possible because the memory in the range 0x0818000 - 0x0FFFFFFF is
"Reserved" and thus not mapped anyway.
Change-Id: If0c3d1db564ca45e77f8b5bafa2afdbafa85b40f
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
pop {lr} instruction is not supported in ARMv6-M, fixed by
using pop {r0}; mov lr, r0; instructions.
Jira: ZEP-2222
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
We now have generic ARM M4 MPU support added to Zephyr.
Let's enable it for use with Nordic nRF52 chips.
Memory Layout was generated from Section 8.3 "Memory
Map" of nRF52 Product Specifications (for both nRF52832
and nRF52840):
0x00000000: Flash
0x10000000: Factory Information Config Registers
0x10001000: User Information Config Registers
0x20000000: SRAM
0x40000000: APB Peripherals
0x50000000: AHB Peripherals
0xE0000000: ARM M4 Private Peripheral Registers
NOT Configured:
0x60000000: External RAM
0x80000000: External RAM
0xA0000000: External Device
0xC0000000: External Device
NOTE: More work will be needed for future Nordic MWU (Memory
Watching Unit) support.
Signed-off-by: Michael Scott <michael.scott@linaro.org>
This patch add arm core MPU support to NXP MPU driver.
With this feature it is now possible to enable stack guarding on NXP
MPUs.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
The STM32L4x SoCs embeds a slightly different embedded flash controller
from the STM32F4x SoCs.
This particular controller has the following properties :
- Up to 2 512KiB banks divided in 2KiB pages
- Flash can be accessed in any sizes
- Flash must be written in 64bit aligned 64bit double-words
The drivers/flash/flash_stm32f4x.c is refactored into a new common
drivers/flash/flash_stm32.c and drivers/flash/flash_stm32l4x.c is
created with the STM32L4x specific functions.
To ease the refactoring and keep common functions, the STM32L4x flash
headers are slightly modified to match the hardware reference naming
and solve compilation issues.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Neither ASF nor CMSIS provide defines that can be processed by
the assembler. Exclude those from soc.h. Before this was done
incorrectly in board.h file.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This patch converts Atmel sam3x MCU series to use register
header files from Atmel Software Framework (ASF) library.
By using ASF different Atmel SAM MCU series can use common
device drivers.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This patch adds support for remaining Atmel SAM MCU series,
like sam3x to the common GPIO driver. After this update
full SAM MCU family should be supported by the driver.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Add configuration, dtsi and memory configuration fixup for the
STM32F469XI High Performance SoC.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This patch integrates the thread stack guard feature in the arm
Zephyr core.
Change-Id: I2022899cbc7a340be71cfaa52f79418292f93bae
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds the arm core MPU implementation.
This implementation currently supports the thread stack guard feature.
Change-Id: I8b3795ebaf1ebad38aaddc2ed2f05535ead2c09a
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch add arm core MPU support to ARM MPU driver.
Change-Id: I5a61da4615ae687bf42f1c9947e291ebfd2d2c1d
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds the arm core MPU interface, a common way to access the
pu functionalities by the arm zephyr kernel.
The interface can be divided in two parts:
- a core part that will be implemented by the arm_core_mpu driver and
used directly by the kernel
- a driver part that will be implemented by the mpu drivers and used by
the arm_core_mpu driver
Change-Id: I590bd284abc40d98b06fdf1efb5800903313aa00
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds initial MPU support to NXP K6x family.
The boot configuration prevents the following security issues:
* Prevent to read at an address that is reserved in the memory map.
* Prevent to write into the boot Flash/ROM.
* Prevent from running code located in SRAM.
This driver has been tested on FRDM-K64F.
Change-Id: I907168fff0c6028f1c665f1d3c224cbeec31be32
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Now that all ARM platforms have a device tree we can move selecting of
HAS_DTS up and remove any !HAS_DTS cases, as well as setting in all the
defconfigs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add defines and pinmux arrays to support more UARTs on STM32F4.
Change-Id: Ib06c549bdb2b3d7065554a0a6d1a3d15441b29c9
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
It is useless to include the pinmux for a peripheral if it is not
enabled in the Kconfig. This is unnecessary and it increases the size of
the binary.
Define macros that will default to void if the associated Kconfig is not
enabled.
Change-Id: I0857fcef335c75b8bb6d537fd859f93d5be4a228
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Clean-up the pinmux arrays as a preparatory work before adding more
pinmuxes.
This is achieved by the following two actions:
- Define the PAD macro to simplify the [x - 1] = y construct
- Reorder the declartions by bank / pin to make it easier to
locate a pin among a high number of other pins, while minimizing the
risk of conflict when two people add a new declaration for two
different pins
Change-Id: I1ca0cc4f48bcd8cfd35b331e9821935f5c855876
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Add necessary Kconfig and minimal device tree in order to support
STM32F413xH variants as found on the Nucleo STM32F413 board.
Origin: Original
Change-Id: I60230c240d6acb610f16a02c62048d448476e9c5
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
The bitfield determining the I/O direction already defines the pin
as either input or output, cannot be none or both at the same time
This issue was reported by Coverity
Coverity-CID: 151970
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Not all the boards (for instance the Nuclo F412) use USART1 or USART2.
Let each board enable these USARTs when really used.
Change-Id: Idfe79c724bd7b1ab154310b4a8234b52eef2298d
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Commit 87893ddf7a ("soc: stm32f429zi: rename SOC config flag") renamed
SOC_STM32F429XX to SOC_STM32F429XI but the text of the option should be
changed as well to reflect this restriction in scope.
Change-Id: I2627b59f805e73d6c8a3534e0feec71a4269c9ab
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Commit 599149dfb8 ("soc: stm32f407xg: rename SOC config flag") renamed
SOC_STM32F407XX to SOC_STM32F407XG but the text of the option should be
changed as well to reflect this restriction in scope.
Change-Id: Id03529452f5ec7d7ffee214b152c4aa555e1208a
Signed-off-by: Florian Vaussard <florian.vaussard@heig-vd.ch>
Rename SOC_STM32F407XX to SOC_STM32F407XG to keep flash
size information.
Aim is to be able to distinguish flash size variants of
the SoC when needed (for instance in dts/arm/st/mem.h file).
Change-Id: I0afa16e86b7c99b9e685004f96beeb888f9e7568
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Rename SOC_STM32F429XX to SOC_STM32F429XI to keep flash
size information.
Aim is to be able to distinguish flash size variants of
the SoC when needed (for instance in dts/arm/st/mem.h file)
Change-Id: Id188b7703d2bce0a3ded09132ff0f205efa9c143
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Rename SOC_STM32L476XX to SOC_STM32L476XG to keep flash
size information.
Aim is to be able to distinguish flash size variants of
the SoC when needed (for instance in dts/arm/st/mem.h file)
Change-Id: I834bb5b83c24c39e90c0492a2b22a7c7802de361
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
The xC tag in the SoC reference indicates the flash size, use it in the
configuration to permit selection of correct flash size for dts.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This patch enables the generation of the ARM CMSDK UART base address
from the device tree.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This places a sentinel value at the lowest 4 bytes of a stack
memory region and checks it at various intervals, including when
servicing interrupts or context switching.
This is implemented on all arches except ARC, which supports stack
bounds checking directly in hardware.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unline k_thread_spawn(), the struct k_thread can live anywhere and not
in the thread's stack region. This will be useful for memory protection
scenarios where private kernel structures for a thread are not
accessible by that thread, or we want to allow the thread to use all the
stack space we gave it.
This requires a change to the internal _new_thread() API as we need to
provide a separate pointer for the k_thread.
By default, we still create internal threads with the k_thread in stack
memory. Forthcoming patches will change this, but we first need to make
it easier to define k_thread memory of variable size depending on
whether we need to store coprocessor state or not.
Change-Id: I533bbcf317833ba67a771b356b6bbc6596bf60f5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Andrew Boie