The compiler generates errors of the form
error: "CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT" is not defined,
evaluates to 0 [-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_ZERO_LATENCY_IRQS" is not defined, evaluates to 0
[-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_IRQ_OFFLOAD" is not defined, evaluates to 0
[-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The compiler generates errors of the form
error: "CONFIG_USERSPACE" is not defined, evaluates to 0 [-Werror=undef]
when -Wundef is used and the config option was turned off. Change
check to if defined().
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Make _get_num_regions() return a constant representing the
number of HW MPU regions, defined in DTS, if such define
is available. This removes the need of evaluating the
number of regions at run-time. The ASSERT in arm_mpu_init()
is expanded, to cover that case, where the number of
regions is taken from DTS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In z_NanoFatalErrorHandler() we want to print the name
of the thread that has faulted, when building with
CONFIG_THREAD_NAME. This commit adds this functionality
for the Arm architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The typeof definitions in tz.h and cmse.h are not required
any more, as the ARM GCC toolchain intrinsics have been
modified to use __typeof__ directly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In kernel_arch_init() we initialize the ARM core (interrupt
setup, fault init, etc.) so we can also move z_clearfaults()
in the same function and skip invoking it in the SoC init
functions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
With -O0 optimizion, gcc compiler doesn't inline "static inline"
marked function. So when function call return from function
set_and_switch_to_psp which is to switch sp from MSP to PSP, the
ending "mov sp, r7" instruction will overwrite the just updated
sp value(PSP) with the beginning stack pointer(should be MSP)
stored in r7 register, so the switch doesn't happen. And it causes
unpredictable problems in the initialization process, the backward
analysis for this problem can be found on Github issue #15794.
Fixes: #15794.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
This commit fixes a build error, when building with
CONFIG_ARM_SECURE_FIRMWARE=y. The error was introduced
in #15930 (6f19d0), where we added internal structure
to the exception stack frame struct.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When compiling the kernel with CONFIG_SYS_CLOCK_TICKS_PER_SEC=0,
the CONFIG_SYS_CLOCK_EXISTS internal variable is unset.
This completely disables timer handling in the kernel, but a couple of
spots missed the required conditional compilation.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The ARM Cortex-M Exception Stack Frame (ESF) may consist of
several stack frame contexts (basic state context, additional
state context, FP context, etc.). To reflect these structural
properties, this commit re-factors the ESF, splitting out the
basic stack frame, holding the state context, into its own
struct container. The commit does not introduce behavioral
changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When some header are included into C++ source file, this kind of
compilations errors are generated:
error: invalid conversion from 'void*'
to 'u32_t*' {aka 'unsigned int*'} [-fpermissive]
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Initialize the Floating Point Status and Control Register when in
Unshared FP Registers mode (In Shared FP Registers mode, FPSCR is
initialized at thread creation for threads that make use of the FP).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the activation of the FP context
in ARM system boot. There is no need to do this, since
the FP context will be activated in the presence of
floating point instructions. We update the reference
documentation accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not sharing the
FP context among different threads, so we do not need to
include the FP high registers bank in the thread.arch
container.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Unshared FP register mode we are not stacking the
FP context in exception entries, so we do not need to
include the FP registers bank in the exception stack
frame structure.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under unshared FP registers mode the FP register bank is
meant to be used by a single thread context. Therefore,
there is no need for automatic stacking of the FP register
bank at exception entries, or context switch, as the
registers are not expected to be shared among multiple
contexts.
Under unshared FP registers mode we only need to clear the
FPSCR register once, before jumping to main(). However, we
initialize the FPSCR already at boot in case FP operations
need to be performed during boot.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In ARM builds with FP services (CONFIG_FLOAT=y) but without user
mode support (CONFIG_USERSPACE=n) we do not need and should not
enable full-access to the FP co-processor. Instead, we should
enabled access by privileged code only.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update the name of mem-domain API function to add a partition
so that it complies with the 'z_' prefix convention. Correct
the function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When performing thread context-switch it is not necessary to
have IRQs locked while saving the current thread's callee-saved
(and possibly floating point) registers. We only need to lock
the interrupts when accessing the thread ready queue cache.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit renames the symbol CPU_HAS_SYSTICK to
CPU_CORTEX_M_HAS_SYSTICK, to look similar to all
other CPU_CORTEX_M_HAS_ options, and moves the
K-config symbol definition from arm/core/Kconfig to
arm/core/cortex_m/Kconfig.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ARM SysTick timer is implemented by default in ARMv7-M
and Mainline ARMv8-M processors, so we include the
corresponding Kconfig symbol in arch/arm/core/cortex-M/Kconfig
and remove the selections from the Cortex-M SOCs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The struct _caller_saved is not used. Most architectures put
automatically the registers onto stack, in others architectures the
exception code does it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The struct _kernel_ach exists only because ARC' s port needed it, in
all other ports this was defined as an empty struct. Turns out that
this struct is not required even for ARC anymore, this is a legacy
code from nanokernel time.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The nxp mpu uses the logical OR of access permissions when multiple
region descriptors apply to a given memory access. This means that we
must partition the sram into two non-overlapping regions to implement
the mpu stack guard. This partitioning gets reconfigured at every
context switch, and if an interrupt occurs during this time, it can
cause a fault because we do not have a valid mpu region descriptor for
the sram.
This scenario was observed on frdm_k64f in tests/posix/common before
commit 2895da02a4, which changed timing.
In this case, we couldn't even print fault information to the console
and the hardware would reset. It looked a lot like a watchdog reset,
unless you attached a debugger to see the fault.
A similar problem was fixed in commit
ec424b7a45, but this change temporarily
disabled the mpu.
Fix both cases by locking interrupts during the critical sections, as
this is more secure than disabling the mpu.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This macro is slated for complete removal, as it's not possible
on arches with an MPU stack guard to know the true buffer bounds
without also knowing the runtime state of its associated thread.
As removing this completely would be invasive to where we are
in the 1.14 release, demote to a private kernel Z_ API instead.
The current way that the macro is being used internally will
not cause any undue harm, we just don't want any external code
depending on it.
The final work to remove this (and overhaul stack specification in
general) will take place in 1.15 in the context of #14269Fixes: #14766
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename reserved function names in arch/ subdirectory. The Python
script gen_priv_stacks.py was updated to follow the 'z_' prefix
naming.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Rename reserved function names in drivers/ subdirectory. Update
function macros concatenatenating function names with '##'. As
there is a conflict between the existing gpio_sch_manage_callback()
and _gpio_sch_manage_callback() names, leave the latter unmodified.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This commit initializes the thread.mode variable, right before
dropping thread privilege level to user mode. This is required,
as we need to know the privilege level of the thread, in case
we need to context-switch it -out and -in again (e.g. in case
an interrupt triggers a context-switch).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The arch.mode status flag is always inline with the actual
thread execution privilege leve. Therefore, we do not need
to be saving-off the thread's mode every time we intend to
context switch-out the thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the thread.mode variable, in system
calls, whenever we modify the execution privilege level.
We need to do this, in order to be able to properly handle
context-switching triggered by ISRs, while doing the system
calls. The commit ensures that a context-switch, triggered
by an ISR during or after,a system call will preserve the
right privilege level.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
MISRA defines a serie of essential types, boolean, signed/unsigned
integers, float, ... and operations must respect these essential types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
BIT macro uses an unsigned int avoiding implementation-defined behavior
when shifting signed types.
MISRA-C rule 10.1
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This adds a compiler option -fno-inline for code coverage on
architectures which supports doing code coverage. This also
modifies the ALWAYS_INLINE macro to not do any inlining. This
needs to be done so code coverage can count the number of
executions to the correct lines.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Field stack_info.size is supposed to hold the actual writable
thread stack area, above what is pointed to by stack_info.start.
Therefore, in all MPU architectures we can program the Thread
Stack MPU region as starting from thread->stack_obj and with
size equal to stack_info.size plus the (possible) difference
between stack_obj and stack_info.start.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Consider a stack buffer at address 0x10000 with size 1024.
If a thread is created with this stack object, the resulting
fields in thread.stack_info ended up being a base address of
0x10020 with size 1024. The guard size needed to be subtracted
from the size in order for the bounds to be correct.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
FPU's control and status register (FPCSR) for a thread is not
initialized. Random values are written to this register and this leads
to failure on fp_sharing test.
FPCSR register is set to 0 according to the value of FPDSCR.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
Fix the type of struct field index to int, to avoid
loss of precision, in case the variable holds the value
-EINVAL (in the case of errors in MPU configuration).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In arm_core_mpu_mem_partition_config_update() we must fix the
index value of the start of the for loop, to address the case
when dynamic MPU regions are programmed in index values lower
than static_regions_num. (This might occur in ARMv8-M MPU,
depending on the order of programming the map of the
dynamic regions in run-time). We introduce function
_get_dyn_region_min_index(), and provide the implementation in
arm_mpu_v8_internal.h and arm_mpu_v7_internal.h (trivial).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In this commit we fix the implementation of internal function
_mpu_buffer_validate(), so it can work in the presence of a
security attribution unit (SAU, or IDAU). The fast validation
based on the CMSE address range check intrinsic is performed
first: if it fails, then a second, MPU-only check is performed
for ARMV8-M platforms that have TEE capabilities (i.e. SAU/IDAU
units).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Enhance the documentation for internal ARMv8-M MPU
function _mpu_buffer_validate().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an explanatory comment in ARM __swap()
function, stressing when, exactly, context-switch is
expected to occur, when we pend the PendSV exception.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The ARM Cortex-M 321 application note is stressing that if
we disable interrupts by executing CPSID i(f), or by MSR
instructions (on PRIMASK, FAULTMASK registers), there is no
requirement to add barrier instructions after disabling
interupts. However, in ARMv7-M (and ARMv8-M Mainline) we use
BASEPRI, instead. Therefore, if we need the effect of disabling
interrupts to be recongnized immediately we should add barrier
instructions. This commit adds DSB and ISB barriers when
disabling interrupt using BASEPRI in the generic
arm _irq_lock() function as well as in the PendSV handler,
where we need to access kernel globals right after the interrups
are disabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The clang ARM assembler is a bit stricter than GNU as. Change mov to
movs for ARMv6 case of z_arch_switch_to_main_thread.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit partially reverts the changes introduced in
(bbe1a19786), where the PSP
modification, the interrupt enabling, and the branch to main
thread were refactored in C functions. This introduced an issue
with stack usage when compiling without any optimization.
Reverting to use assembly functions to jump to main thread
ensures, now, that the pointer to main() is preserved intact
while changing the PSP and passed correctly to z_thread_entry().
Fixes#14471.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Bradley Bolen