_k_syscall_table is an array of function pointers and is declared as
such in C sources, this makes it an STT_OBJECT[0] in the symbol
table. But when the same symbol is declared in assembly, it is
declared to be a function, which would make the symbol an STT_FUNC.
When linking with LTO this type inconsistency results in the warning:
real-ld: Warning: type of symbol `_k_syscall_table' changed from 2 to
1 in /tmp/cc84ofK0.ltrans8.ltrans.o
To fix this warning we declare the table with GDATA instead of GTEXT,
which will change the type from 'function' to 'object'.
[0]
https://docs.oracle.com/cd/E19455-01/816-0559/chapter6-79797/index.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Move to more generic tracing hooks that can be implemented in different
ways and do not interfere with the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit adds an __ASSERT line in _get_region_attr_by_type,
to signal an error if the supplied MPU region type is not valid.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a UL suffix after numerical digits to ensure
the correctness of certain shift operations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements and integrates the ARMv8-M MPU driver
into the memory protection system for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors arm_mpu.c by moving all internal function
implementation that is specific to ARMv7-M architecture to a
separate internal header file. This allows to easily extend
arm_mpu.c to support ARMv8-M by including all ARMv8-M-specific
implementation in a similar internal header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _get_region_attr_by_conf(.) function,
so it does the following:
- it is renamed to _get_ram_region_attr_by_conf(), to reflect
that it is only used to configure RAM MPU regions.
- it gets an arm_mpu_region_attr_t object structure pointer
to fill-in with the derived region attributes.
- it takes an additional argument (the region base address),
which allows the function to have a common signature with the
ARMv8-M version of it (where the attribute derivation needs
the base address).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _get_region_attr_by_type(.) function,
so it does the following:
- it takes an arm_mpu_region_attr_t object pointer and use it
to fill-in the derived region attributes.
- it performs only the distinguishing between the different MPU
region types, hiding the actual MPU-specific implementation
in internal functions.
- it takes an additional argument (the region base address),
which allows the function to have a common signature with the
ARMv8-M version of it (where the attribute derivation needs
the base address).
- it returs 0 or succes and a negative non-zero integer
to indicate an error.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adapts the _region_init(.) function so it can use
the rasr field of the arm_mpu_region_attr structure, when it
configures the RASR register.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The choice that contains FP_HARDAPI and FP_SOFTAPI already depends on
FLOAT, so the choice symbols don't have to.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There exist two symbols that became equivalent when PR #9383 was
merged; _SYSCALL_LIMIT and K_SYSCALL_LIMIT. This patch deprecates the
redundant _SYSCALL_LIMIT symbol.
_SYSCALL_LIMIT was initally introduced because before PR #9383 was
merged K_SYSCALL_LIMIT was an enum, which couldn't be included into
assembly files. PR #9383 converted it into a define, which can be
included into assembly files, making _SYSCALL_LIMIT redundant.
Likewise for _SYSCALL_BAD.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This commit removes the depreciated "default n" entries from
boolean K-config options in arch/arm.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When building a Secure firmware image, instruct the linker to
generate a symbol table with the entry veneers, to allow a Non
Secure firmware image to access Secure Entry functions via the
entry veneers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds K-config options that allow the user to
signify an ARM Secure Firmware that contains Secure Entry
functions and to define the starting address of the linker
section that will contain the Secure Entry functions. It
also instructs the linker to append the NSC section if
instructed so by the user.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contribute an internal ARM API that enables the
user to confgure an ARM Security Attribution Unit region. It
also defines ARM_SAU as a K-config option to indicate that
an MCU implements the ARM SAU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a simple API to allow the TrustZone
user to block or permit Non-Secure System Reset requests.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Make GCC compile with the -mcmse compile option, if we are
building a Secure firmware. The option will make Security
Extensions for secure executables available, and will set
the corresponding compile-time indicator flag, accordingly:
(i.e. __ARM_FEATURE_CMSE=3).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Define and implement a function to read the number of
SAU regions configued for the MCU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M TrustZone
API to allow the user to select whether Secure exceptions will
have priority boosting over Non-Secure exceptions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M TrustZone
API to allow the user to configure the target state of fault
exceptions that are not banked between security states.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds and implements an ARM internal API function
to configure the Non-Secure instance of MSPLIM or PSPLIM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements the internal ARM TrustZone
API to enable or disable the Security Attribution Unit.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Define and implement an API to configure the Non-Secure instances
of core registers in ARM Cortex-M23 and Cortex-M33.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit optimizes _size_to_mpu_rasr_size(.) in the ARMv7-M
MPU driver, so it makes use of a single _builtin_clz() function
call, instead of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Uses fixup infrastructure to safely abort if we get an MPU
fault when examining a string passed in from user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In some kernel configurations, the offset can be greater
than the maximum of 124 for ldr/str immediate offsets.
Fixes: #9113
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit adds the implementation that allows the ARM CPU
to recover from (otherwise fatal) MPU faults. A new error
reason, _NANO_ERR_RECOVERABLE, is introduced. The error
reason is used to suppress fault dump information, if the
error is actually recoverable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does several things:
- It unifies the way the fault inspection is implemented,
irrespective of the selected fault dumping level.
- It removes the dumping of the Thread ID and faulting
instruction address, as these are now displayed by
_NanoFatalErrorHandler.
- It introduces a new debug print directive, to be used
for the highest dumping level (2).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements two changes.
- It splits out the dumping of the Secure stack information to a
separate function. Dumping will only occur if the highest dump
level has been selected.
- Forces _Fault() to invoke _NanoFatalErrorHandler, instead of
_SysFatalErrorHandler. In addition, early return statemets are
implemented in _Fault(), so the fatal error handler is only
invoked once.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the documentation of function _Fault(.),
in order to better describe the actual implementation and the
use of the function arguments.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit forces arm_mpu_init() to use the provided API
functions to enable and disable the MPU. Besides the clean-up
the commit enforces the MPU driver to use data and instruction
synchronization barriers every time the MPU is enabled. This
is aligned with the programming recommendations by ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug in _get_region_ap(.) by adding
parentheses to enforce the correct operator precedence.
Fixes#8864.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update _get_region_attr_by_type used to set up the user regions
on a per thread basis to match the REGION_USER_RAM_ATTR macro. Caching
attributes were set "Outer and inner write-through. No write allocate.",
this patch changes it to "Outer and inner write-back. Write and read
allocate.".
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The NXP MPU triggers a bus fault when a memory access error occurs. Add
support in the bus fault handler to dump error details from the NXP MPU,
including the port number, mode (supervisor or user), address, bus
master number, and regions.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This commit refactors internal functions in arm_mpu.c to use
bitsets and functions taken directly from ARM CMSIS instead of
hardcoded arithmetic literals. In several internal functions
some part of the implementation is abstracted further in inline
functions or convenience macros, to facilitate extending the
arm_mpu.c for ARMv8-M. In addition, the commit adds minor
improvements in internal function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit abstracts the attribution generation for an MPU
region, determined based on a supplied configuration and the
given size, from the actual implementation, which is placed
in a separate inline function. This allows to have multiple
implementations of attribution generation for different ARM
MPU drivers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _region_init(..) internal MPU driver
function so it gets the region index and a struct arm_mpu_region
as aruments. The latter holds the MPU region configuration that
is to be applied to the region determined by the index argument.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the redundant HAL definition for the ARM
Cortex-M MPU registers, and modifies the ARM MPU driver
implementation to directly use the provided HAL from CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors arm_core_mpu_configure_user_context() so
it can use directly arm_core_mpu_configure().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit places all the implementation in arm_mpu.c within
build-time guards, ensuring that it is compiled-in only if the
kernel features requiring MPU are present (i.e. USERSPACE,
APPLICATION_MEMORY, or MPU_STACK_GUARDS). An exception to that
is the code required for MPU initialization, which is left out,
as MPU initialization occurs always if MPU is present.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the compile options in cmake to distinguish
between ARMv8-M Mainline MCUs with or withouth the optional DSP
extension. A new Kconfig option: ARMV8_M_DSP, is introduced, to
signify the use of an ARMv8-M MCU with DSP support.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
* We are now *much* better at not reserving unnecessary
system MPU regions based on configuration. The #defines
for intent are now an enumerated type. As a bonus, the
implementation of _get_region_index_by_type() is much
simpler. Previously we were wasting regions for stack guard
and application memory if they were not configured.
* NXP MPU doesn't reserve the last region if HW stack
protection isn't enabled.
* Certain parts of the MPU code are now properly ifdef'd
based on configuration.
* THREAD_STACK_REGION and THREAD_STACK_USER_REGION was a
confusing construction and has now been replaced with
just THREAD_STACK_REGION, which represents the MPU region
for a user mode thread stack. Supervisor mode stacks
do not require an MPU region.
* The bounds of CONFIG_APPLICATION_MEMORY never changes
and we just do it once during initialization instead of
every context switch.
* Assertions have been added to catch out-of-bounds cases.
Fixes: #7384
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Also simplify the definition of CC3220SF_DEBUG. 'default's can be other
symbols too, not just literal values. The condition for the symbol to be
visible (user-configurable) can be put directly on the prompt as well.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
David B. Kinder