In order to mitigate Spectre variant 2 (branch target injection), use
retpolines for indirect jumps and calls.
The newly-added hidden CONFIG_X86_NO_SPECTRE flag, which is disabled
by default, must be set by a x86 SoC if its CPU performs speculative
execution. Most targets supported by Zephyr do not, so this is
set to "y" by default.
A new setting, CONFIG_RETPOLINE, has been added to the "Security
Options" sections, and that will be enabled by default if
CONFIG_X86_NO_SPECTRE is disabled.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
A fix for this issue is in progress, meanwhile warn the user that
they may be susceptible to this problem if they enable user mode on
an x86-based target that is not known to be immune.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is intended for memory-constrained systems and will save
4K per thread, since we will no longer reserve room for or
activate a kernel stack guard page.
If CONFIG_USERSPACE is enabled, stack overflows will still be
caught in some situations:
1) User mode threads overflowing stack, since it crashes into the
kernel stack page
2) Supervisor mode threads overflowing stack, since the kernel
stack page is marked non-present for non-user threads
Stack overflows will not be caught:
1) When handling a system call
2) When the interrupt stack overflows
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Page Address Extension(PAE) page tables would be used
if this option is enabled.
JIRA:ZEP-2511
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
- _arch_user_mode_enter() implemented
- _arch_is_user_context() implemented
- _new_thread() will honor K_USER option if passed in
- System call triggering macros implemented
- _thread_entry_wrapper moved and now looks for the next function to
call in EDI
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now create a special IA hardware task for handling
double faults. This has a known good stack so that if
the kernel tries to push stack data onto an unmapped page,
we don't triple-fault and reset the system.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This enables the MMU-based stack protection feature,
which will cause a fatal error if a thread overflows
its stack in kernel mode, at a nontrivial cost in memory
(4K per thread).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Kconfig definition for enabling the memory management Unit
on x86 based platforms.
JIRA: ZEP-2093
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We reserve a specific vector in the IDT to trigger when we want to
enter a fatal exception state from software.
Disabled for drivers/build_all tests as we were up to the ROM limit
on Quark D2000.
Issue: ZEP-843
Change-Id: I4de7f025fba0691d07bcc3b3f0925973834496a0
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Updates x86 floating point support to reflect changes that have
been made in recent months.
* Many, many, many cosmetic changes (mostly revisions to comments).
* Elimination of unnecessary function aliases that were needed
to support the task and fiber versions of certain APIs.
* Elimination of run-time code to enable a thread's "FP regs"
option bit if the "SSE regs" option bit was set. The kernel
now recognizes that the thread is using the FPU as long as
either option bit is set. (If the thread has both option bits
enabled this is the same as if only the "SSE regs" bit is set.)
Change-Id: Ic12abc54b6fa78921749b546d8debf23e7ad232d
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Originally, x86 just supported APIC. Then later support
for the Mint Valley Interrupt Controller was added. This
controller is mostly similar to the APIC with some differences,
but was integrated in a somewhat hacked-up fashion.
Now we define irq_controller.h, which is a layer of abstraction
between the core arch code and the interrupt controller
implementation.
Contents of the API:
- Controllers with a fixed irq-to-vector mapping define
_IRQ_CONTROLLER_VECTOR_MAPPING(irq) to obtain a compile-time
map between the two.
- _irq_controller_program() notifies the interrupt controller
what vector will be used for a particular IRQ along with triggering
flags
- _irq_controller_isr_vector_get() reports the vector number of
the IRQ currently being serviced
- In assembly language domain, _irq_controller_eoi implements
EOI handling.
- Since triggering options can vary, some common defines for
triggering IRQ_TRIGGER_EDGE, IRQ_TRIGGER_LEVEL, IRQ_POLARITY_HIGH,
IRQ_POLARITY_LOW introduced.
Specific changes made:
- New Kconfig X86_FIXED_IRQ_MAPPING for those interrupt controllers
that have a fixed relationship between IRQ lines and IDT vectors.
- MVIC driver rewritten per the HAS instead of the tortuous methods
used to get it to behave like LOAPIC. We are no longer writing values
to reserved registers. Additional assertions added.
- Some cleanup in the loapic_timer driver to make the MVIC differences
clearer.
- Unused APIs removed, or folded into calling code when used just once.
- MVIC doesn't bother to write a -1 to the intList priority field since
it gets ignored anyway
Issue: ZEP-48
Change-Id: I071a477ea68c36e00c3d0653ce74b3583454154d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Completing the terminology change started with change 4008
by updating the Kconfig files processed to produce the
online documentation, plus header files processed by
doxygen. References to 'platform' are change to 'board'
Change-Id: Id0ed3dc1439a0ea0a4bd19d4904889cf79bec33e
Jira: ZEP-534
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Convert leading whitespace into tabs in Kconfig files. Also replaced
double spaces between config and <prompt>.
Change-Id: I341c718ecf4143529b477c239bbde88e18f37062
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are two major issues with the kconfig:
() Some of the config options have incorrect dependencies inside help
under menuconfig. For example, CONFIG_GPIO depends on BOARD_GALILEO.
() Since the SoC and board specific kconfig files are parsed first,
the help screen would say, for example, CONFIG_SPI is defined at
arch/arm/soc/fsl_frdm_k64f/Kconfig. This is incorrect because
the actual config is defined in drivers/spi/Kconfig.
These cause great confusion to users of menuconfig/xconfig.
To fix these, the SoC and board defaults are now to be parsed last.
Note that the position swapping of defaults in this patch is due to
the fact the the default parsed last will be used.
And, spi_test is broken due to the fact that it requires
CONFIG_SPI_INTEL_PORT_1, but never enables it anywhere. This is
bypassed for now.
Origin: refactored and edited from existing files
Change-Id: I2a4b1ae5be4d27e68c960aa47d91ef350f2d500f
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Changed names of Kconfig flags, variables, functions, files and
return codes consistent with names used in the RFC. Updated
relevant comments to match the changes.
Origin: Original
Change-Id: Ie7941032d7ad7af61fc02928f74538745e7966e8
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The SoC selections for each architecture are moved to the top level
in menuconfig and xconfig. This makes it more intuitive to select
architecture -> SoC -> then board, avoiding an additional trip to
go into the architecture menu to select SoC.
Change-Id: I57a78a09adfc4bb12423915b6ad14ceb74381a2b
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
It makes no sense to allow enabling support for floating point
registers when the CPU has no FPU.
Change-Id: If51187033fc84957721d87fa6e79ef31124f4b14
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
These options should be selected by individual SoC automatically,
and should not be visible options. Or else it would be possible to
select Quark SoCs and telling Kconfig it is from Atom family (which
is incorrect).
Change-Id: I17a6cf713378333e0e7942aa49b381b5eb9526b5
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Remove CPU_MIGHT_SUPPORT_CLFLUSH as excessive.
Removal the flag requires adding per-SoC cnfiguration,
as some Quark models support clflush instruction, but
some do not, even on compiler level.
Change-Id: I655cba00c629db55d1813c199a2fe08b2d60ef4f
Signed-off-by: Dmitriy Korovkin <dmitriy.korovkin@windriver.com>
That implementation is not galileo-specific, but rather a generic way of
rebooting an x86 target. Needs SoC support.
Change-Id: I9c3374a8ab57a624d9d9b7090260c5b11fe4e773
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
It's not a function and requires all its arguments to be build-time
constants. Make this more obvious to the end user to ease confusion.
Change-Id: I64107cf4d9db9f0e853026ce78e477060570fe6f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This option misunderstands how XIP works. The IDT is ALWAYS in ROM,
the question is whether crt0 will copy it into RAM or not. You can't
save ROM space in this way.
Change-Id: I58025e3d71ead35730d0a5026213299b4fcb5eb9
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If we are not doing any dynamic interrupts or exceptions, we
can put the IDT in ROM and save a considerable amount of RAM,
up to 2K if the IDT is the default size of 256 entries.
The _interrupt_vectors_allocated table can also be put in ROM
if we're not using any dynamic interrupts.
We introduce a new Kconfig option to force the IDT to be in RAM
for situations where no dynamic IRQs are used, but ROM footprint
needs to be conserved.
Change-Id: I38c9f1a8837b4db9f3dea1caa008374a26cbbf1d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Change terminology and use SoC instead of platform. An SoC provides
features and default configurations available with an SoC. A board
implements the SoC and adds more features and IP block specific to the
board to extend the SoC functionality such as sensors and debugging
features.
Change-Id: I15e8d78a6d4ecd5cfb3bc25ced9ba77e5ea1122f
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add support for compilers conforming to the IAMCU calling convention
as documented by
https://github.com/hjl-tools/x86-psABI/wiki/iamcu-psABI-0.7.pdf
Change-Id: I6fd9d5bede0538b2049772e3850a5940c5dd911e
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
The APIC by default uses vector 0xFF for the spurious interrupt
vector as described in the x86 CPU manual volume 3 section 10.9.
Make this its own config option defaulting to 32.
MVIC doesn't have a spurious interrupt vector, and due to the
fixed IRQ-to-vector mapping for this controller, continue
to use the last available entry.
Change-Id: I29bd09df700629dc0d15b30a6ae590b0df1ef890
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Software interrupts or system calls aren't really appropriate for
zephyr, but we have an ongoing need in our test code to run a
function with arguments synchronously in interrupt context.
This patch introduces irq_offload() which allows us to do this without
separate initialization or having to manage fake IRQs in the
interrupt controller.
ARM assembly code contributed by Benjamin Walsh
<benjamin.walsh@windriver.com>
ARC is not yet implemented but will be in a subsequent patch.
irq_test_common.h has been removed and all test cases updated to
use the new API.
Change-Id: I9af99ed31b62bc7eb340e32cf65e3d11354d1ec7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Do not depend on host architecture and use architecture definition
from the defconfig file of the board.
Change-Id: Idb3dd42524f26bd167a34d6eb024d4d9816e9730
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Do not depend on environment variables and use a kconfig variable
for defining the architecture.
In addition, remove the X86_32 variable, it just duplicates X86 for
not good reason, at least until start supporting MCUs with 64bit.
Change-Id: Ia001db81ed007e6a43f34506fed9be1345b88a4b
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move platform related data and definition to the platform
directory and include it using:
arch/<arch>/platforms/*/Kconfig.platform
This way we will able to add a platform as a directory of
content without the need to change and Kconfig files.
Platforms can then be included by reference (using repo or
git submodules and does not need to be part of the zephyr
project)
Change-Id: I5e71f5394c22edb346f7d61d9448b8e1c68e1f9b
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The Intel Quark microcontroller D2000, is a low power, battery-operated,
32-bit microcontroller. Within its small footprint, the Intel Quark
microcontroller D2000 includes an Intel Quark ultra-low-power core
running at 32 MHz, with 32k integrated flash and 8k OTP SRAM.
Change-Id: I6ba121996edb0b5fbe596bd6ef3d6e3979ff73e9
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This module is based on the standard Local APIC and IO APIC source modules.
This modules combines these modules into one source module that exports the
same APIs defined by the Local APIC and IO APIC header modules. These
routine have been adapted for the Quark D2000 Interrupt Controller which has
a cutdown implementation of the Local APIC & IO APIC register sets.
Change-Id: Ic80aa78918483663d76054ebadefa08d8a3f188a
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This cause problems with some configurations using hex.
Change-Id: I680c40d46e1fdf3da714f6412c8dda0e1ebb44f9
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We already had this kconfig defined as hex for arc. Make it
readable and change the variable to hex to comply with what
we had already.
Change-Id: Ib8bc72f27d1b97ba2c886201ec29fb13aa4fa429
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
CONFIG_RAM_SIZE
CONFIG_ROM_SIZE
Available to x86 based platform configurations.
Change-Id: I3dda770a9063e3c717023b1a83761f32caa2c590
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
This was only needed on legacy platforms which are no longer
supported.
Change-Id: I4a3312f3698c4fc8bbf0df4610af7b69a9056f80
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This had bit-rotted to the point where it was breaking the build
and was only needed on legacy platforms that are no longer
supported.
Change-Id: I4fcfc38bacac58761fba475701e0c27d7b8b7a27
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We are interested in supporting some XIP x86 platforms which are
unable to fetch CPU instructions from system RAM. This requires
refactoring our dynamic IRQ/exc code which currently synthesizes
assembly language instructions to create IRQ stubs on-the-fly.
Instead, a new approach is taken. Given that the configuration at
build time specifies the number of required stubs, use this
to generate a build time a set of tiny stub functions which simply
push a 'stub id' and then call common dynamic interrupt code.
The handler function and handler argument is saved in a table keyed by
this stub id.
CONFIG_EOI_HANDLER_SUPPORTED removed, the code hasn't been conditionally
compiled for some time and in all cases we call _loapic_eoi() when
finished with an interrupt.
Some other out-of-date verbiage in comments related to supporting
non-APIC removed.
Previously, when dynamic exceptions were created a pointer would
be passed in by the caller reserving ram for the stub code. Since
this is no longer feasible, two new Kconfig options have been added.
CONFIG_NUM_DYNAMIC_EXC_STUBS and CONFIG_NUM_DYNAMIC_EXC_NO_ERR_STUBS
control how many stubs are created for exceptions that push
an error code, and no error code, respectively.
SW Interrupts are no longer triggered by "int <vector>" hard-coded
assembly instructions. Instead this is done by sending a self-directed
inter-processor interrupt from the LOAPIC, using a new API
loapic_int_vect_trigger(). In this way we get rid of dynamically
generated code in irq_test_common.h.
All interrupts call _loapic_eoi() when finished, since this is now
the right thing to do for all IRQs, including SW interrupts.
_irq_handler_set() for x86 no longer requires the old function pointer
to be supplied.
Change-Id: I78993d3d00dd153c9051c518b417cce8d3acee9e
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Detect the presence of CLFLUSH instruction and cache line size at
runtime. It is still possible to set them manually via kconfig options
if the values are known.
Change-Id: I00bda1de4c5c241826ead6f43b887b99a963cc7b
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>