The ARM Cortex-M Exception Stack Frame (ESF) may consist of
several stack frame contexts (basic state context, additional
state context, FP context, etc.). To reflect these structural
properties, this commit re-factors the ESF, splitting out the
basic stack frame, holding the state context, into its own
struct container. The commit does not introduce behavioral
changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not stacking the
FP context in exception entries, so we do not need to
include the FP registers bank in the exception stack
frame structure.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The size of the ROM region is now rounded up to the
nearest power of two; we no longer assume that RAM
is in a different part of memory.
Fixes: #15558
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Right now only numerical values are printed which must
be looked up in the Designware ARCv2 ISA Programmer's
Reference, which is not public.
Add a non-default Kconfig to print more information at
the expense of footprint, and enable it for all the simulator
targets.
We only print code/parameter details for machine check and
protection violations, more may be added later as desired.
This should cover all the exceptions we commonly encounter
for memory protection.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* fix the stack allocation and initialization
for mpu stack guard when USERSPACE is not configured
* fixes#15163
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Rename reserved function names in arch/ subdirectory. The Python
script gen_priv_stacks.py was updated to follow the 'z_' prefix
naming.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Rename reserved function names in drivers/ subdirectory. Update
function macros concatenatenating function names with '##'. As
there is a conflict between the existing gpio_sch_manage_callback()
and _gpio_sch_manage_callback() names, leave the latter unmodified.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Unlike the others, this macro was not taking into
account minimum MPU region sizes by filtering through
STACK_SIZE_ALIGN().
Fixes: #15130
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA defines a serie of essential types, boolean, signed/unsigned
integers, float, ... and operations must respect these essential types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This is used to have each arch canonically state how much
room in the stack object is reserved for non-thread use.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The ARM Cortex-M 321 application note is stressing that if
we disable interrupts by executing CPSID i(f), or by MSR
instructions (on PRIMASK, FAULTMASK registers), there is no
requirement to add barrier instructions after disabling
interupts. However, in ARMv7-M (and ARMv8-M Mainline) we use
BASEPRI, instead. Therefore, if we need the effect of disabling
interrupts to be recongnized immediately we should add barrier
instructions. This commit adds DSB and ISB barriers when
disabling interrupt using BASEPRI in the generic
arm _irq_lock() function as well as in the PendSV handler,
where we need to access kernel globals right after the interrups
are disabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
(OPTIONAL) was a vestiage from the initial import of the Zephyr code
base and we dont utilize it with the GNU linker. Additionally, the way
(OPTIONAL) gets defined to nothing creates a linker script that lld
(from llvm) doesn't like.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
* separate the ARC MPU driver into 2 parts
* arc_mpu_v2_internal.h for ARC MPUv2
* arc_mpu_v3_internal.h for ARC MPUv3
* For ARC MPUv2, keep the main design, but update and optimize the code
* For ARC MPUv3, implement mpu region split to supprt MPU region overlap
* misc updates and bug fixes
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The clang ARM assembler is a bit stricter than GNU as. Change mov to
movs for ARMv6 case of Z_ARCH_EXCEPT.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit enhances the documentation of z_arch_buffer_validate
describing the cases where the validation is performed
successfully, as well as the cases where the result is
undefined.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
During testing with sorting section by alignment with qemu_nios2,
if rodata section is not aligned on 4-byte boundary and its size
not of multiple of 4, it would never boot correctly. So align
the rodata here. This is in preparation to enable the linker
option to sort sections by alignment.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The app_smem.ld is also being used by architectures other than ARM.
So move the linker script out of include/arch/arm and into
include/linker.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The ARM Cortex-M 321 application note is stressing that
when enabling interrupts by executing CPSIE i(f), or by MSR
instructions (on PRIMASK, FAULTMASK, or BASEPRI registers),
there is a need for synchronization barrier instructions,
if there is a requirement for the effect of enabling
interrupts to be recongnized immediately. _arch_irq_unlock()
is invoked in several places, therefore, we add the
barriers to make the interrupt enabling function
applicable to all usage scenarios.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This commit corrects and improves the documentation for the
convenience macro _ARCH_THREAD_STACK_SIZEOF(sym). It stresses
that the returned size is guaranteed to match the amount of
stack that is available for the thread, that is, excluding any
areas not directly usable, e.g. a Stack Guard.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the MPU region re-programming functions,
to take as argument an array of pointers to memory partition
structures, instead of the whole array of the partitions. In
this way the stack usage can be minimized, if the actual
partition information is kept in statically allocated memory.
instead of the map itself.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The GCOV section is programmed as a static MPU region, only
in builds with support for User Mode, otherwise it is not
programmed into an MPU region at all. To reflect this in the
linker, the MPU-alignment for GCOV section is enforced only
under CONFIG_USERSPACE=y. Otherwise, single-word alignment
is enforced.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Retpolines were never completely implemented, even on x86.
Move this particular Kconfig to only concern itself with
the assembly code, and don't default it on ever since we
prefer SSBD instead.
We can restore the common kernel-wide CONFIG_RETPOLINE once
we have an end-to-end implementation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having to enable ramfunc support manually, just make it
transparently available to users, keeping the MPU region disabled if not
used to not waste a MPU region. This however wastes 24 bytes of code
area when the MPU is disabled and 48 bytes when it is enabled, and
probably a dozen of CPU cycles during boot. I believe it is something
acceptable.
Note that when XIP is used, code is already in RAM, so the __ramfunc
keyword does nothing, but does not generate an error.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Using __ramfunc to places a function in RAM instead of Flash.
Code that for example reprograms flash at runtime can't execute
from flash, in that case must placing code into RAM.
This commit create a new section named '.ramfunc' in link scripts,
all functions has __ramfunc keyword saved in thats sections and
will load from flash to sram after the system booted.
Fixes: #10253
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Slightly enhance the build-time ASSERT rule for memory
partitions sanity on ARMv8-M platforms, to check,
additionally, for proper (32-byte) alignment of the start
address.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames irq_vectors_alloc_data.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames gdt.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames user_mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The arch/x86/CMakeLists.txt build scripts names five sections that are
generated from .bin files. Two of them are named the same as the .bin
file, and the other three are named inconsistently.
To be consistent, we will rename the three that are named inconistenly
to align with the two that are named as the .bin file.
Being consistent simplifies the system and fosters code-reuse.
This patch renames mmu_tables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Upon hard/soft irq or exception entry/exit, handle transitions
off or onto the trampoline stack, which is the only stack that
can be used on the kernel side when the shadow page table
is active. We swap page tables when on this stack.
Adjustments to page tables are now as follows:
- Any adjustments for stack memory access now are always done
to the user page tables
- Any adjustments for memory domains are now always done to
the user page tables
- With KPTI, resetting a page now clears the present bit
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If kernel page table isolation is enabled, we generate a second
set of page tables. These tables, except for the shared page, have
all non-user pages marked as non-present.
The MMU generation script has been refactored:
- Debugging output has been make significantly simpler and less
verbose
- Useless globals removed or adjusted
- MMU region list is validated as it is read
- Some tuples unpacked into individual variables to make the
code easier to read.
- Useless command line option for output binary endian-ness
remobved
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
KPTI requires that there exist one kernel page marked
'present', because switching between the kernel and the
shadow page tables is not done automatically and certain
other CPU data structures must always be in a present page.
Move IDT, GDT, all TSS to this page, and set up a small
trampoline stack as a safe landing area when doing
privilege level transitions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Since we know do DTS before Kconfig we should try and remove dts from
creating Kconfig namespaced symbols and leave that to Kconfig. So
rename CONFIG_CCM_<FOO> to DT_CCM_<FOO>.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
CONFIG_APPLICATION_MEMORY doesn't exist anymore, so the bit of code in
arm_core_mpu_dev.h related to it is dead and should be removed.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* K_APP_DMEM_SECTION/K_MEM_BMEM_SECTION macros now exist
to specifically define the name of the sections for data
and bss respectively.
* All boards now use the gen_app_partitions.py script, the
padding hacks for non-power-of-two arches didn't work right
in all cases. Linker scripts have been updated.
* The defined k_mem_partition is now completely initialized
at build time. The region data structures now only exist
to zero BSS.
Based on some work submitted by Adithya Baglody
<adithya.baglody@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is a separate data section which needs to be copied into
RAM.
Most arches just use the kernel's _data_copy(), but x86 has its
own optimized copying code.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ioannis Glaropoulos