Instead of checking every time we hit the low-level context switch
path to see if the new thread has a "partner" with which it needs to
share time, just run the slice timer always and reset it from the
scheduler at the points where it has already decided a switch needs to
happen. In TICKLESS_KERNEL situations, we pay the cost of extra timer
interrupts at ~10Hz or whatever, which is low (note also that this
kind of regular wakeup architecture is required on SMP anyway so the
scheduler can "notice" threads scheduled by other CPUs). Advantages:
1. Much simpler logic. Significantly smaller code. No variance or
dependence on tickless modes or timer driver (beyond setting a
simple timeout).
2. No arch-specific assembly integration with _Swap() needed
3. Better performance on many workloads, as the accounting now happens
at most once per timer interrupt (~5 Hz) and true rescheduling and
not on every unrelated context switch and interrupt return.
4. It's SMP-safe. The previous scheme kept the slice ticks as a
global variable, which was an unnoticed bug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Before entering userspace, the MPU stack guard is
configured to guard the default (i.e. afterwards, the "user")
thread stack, as the privileged stack has not yet been set. Upon
entering userspace the MPU stack guard needs to be re-programmed
to the privileged stack, otherwise, there is a risk that the
first system call might be serviced without privileged stack
protection, if it occurs before any context-switch. This commit
fixes this issue, by calling configure_mpu_stack_guard(..) upon
userspace entering.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
MISRA-C requires that all declarations of a specific function, or
object, use the same names and type qualifiers.
MISRA-C rule 8.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added LOG_PANIC to fault handlers to ensure that log is flush and
logger processes messages in a blocking way in fault handler.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Remove the inclusion of <string.h>, if CONFIG_INIT_STACKS
is defined, because it is not required anywhere in thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Several style and typo fixes in inline comments of arm kernel
files and thread.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an inline explanatory comment in the API
for setting the non-secure stack-pointer limit registers, to
stress that the API is only applicable to Mainline ARMv8-M MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a minor bug by setting the error reason
(to, default, _NANO_ERR_HW_EXCEPTION) for errors detected
during Secure/Non-Secure stack inspection. Applicable only
to Secure firmware.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit introduces CPU_HAS_ARM_MPU and CPU_HAS_NXP_MPU options,
which indicate which flavour of MPU is supported by given SoC family.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The __reset vector is using the 'b' instruction to jump to _PrepC. 'b'
can only jump 2KB on Cortex-M0 platforms so this causes build failures
when _PrepC happens to be too far away from __reset.
To resolve this we use 'bl' instead as it can jump two thousand times
further[0].
This can also be resolved by porting the reset vector to C or by
placing the _PrepC function in a dedicated section that the linker
places next to __reset.
[0] http://infocenter.arm.com/help/topic/com.arm.doc.dui0489e/Cihfddaf.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The ARMv8-m Memory Protection Unit does not require MPU regions
to be power-of-two aligned and sized. This commit removes this
requirement when building for ARMv8-m MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
__swap function was returning -EAGAIN in some case, though its return
value was declared as unsigned int.
This commit changes this function to return int since it can return a
negative value and its return was already been propagate as int.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
As far as possible SoC-specific code should be contained to it's
directory and core systems should not be referencing specific
SoCs. This keeps the common code clean and makes it easier to maintain
out-of-tree SoCs.
To this end we move CONFIG_SOC_TI_LM3S6965_QEMU's soft-reset related
code out of arch/arm/core/cortex_m and into arch/arm/soc/ti_lm3s6965.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
_k_syscall_table is an array of function pointers and is declared as
such in C sources, this makes it an STT_OBJECT[0] in the symbol
table. But when the same symbol is declared in assembly, it is
declared to be a function, which would make the symbol an STT_FUNC.
When linking with LTO this type inconsistency results in the warning:
real-ld: Warning: type of symbol `_k_syscall_table' changed from 2 to
1 in /tmp/cc84ofK0.ltrans8.ltrans.o
To fix this warning we declare the table with GDATA instead of GTEXT,
which will change the type from 'function' to 'object'.
[0]
https://docs.oracle.com/cd/E19455-01/816-0559/chapter6-79797/index.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Move to more generic tracing hooks that can be implemented in different
ways and do not interfere with the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Define generic interface and hooks for tracing to replace
kernel_event_logger and existing tracing facilities with something more
common.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit adds an __ASSERT line in _get_region_attr_by_type,
to signal an error if the supplied MPU region type is not valid.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a UL suffix after numerical digits to ensure
the correctness of certain shift operations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements and integrates the ARMv8-M MPU driver
into the memory protection system for ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors arm_mpu.c by moving all internal function
implementation that is specific to ARMv7-M architecture to a
separate internal header file. This allows to easily extend
arm_mpu.c to support ARMv8-M by including all ARMv8-M-specific
implementation in a similar internal header.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _get_region_attr_by_conf(.) function,
so it does the following:
- it is renamed to _get_ram_region_attr_by_conf(), to reflect
that it is only used to configure RAM MPU regions.
- it gets an arm_mpu_region_attr_t object structure pointer
to fill-in with the derived region attributes.
- it takes an additional argument (the region base address),
which allows the function to have a common signature with the
ARMv8-M version of it (where the attribute derivation needs
the base address).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _get_region_attr_by_type(.) function,
so it does the following:
- it takes an arm_mpu_region_attr_t object pointer and use it
to fill-in the derived region attributes.
- it performs only the distinguishing between the different MPU
region types, hiding the actual MPU-specific implementation
in internal functions.
- it takes an additional argument (the region base address),
which allows the function to have a common signature with the
ARMv8-M version of it (where the attribute derivation needs
the base address).
- it returs 0 or succes and a negative non-zero integer
to indicate an error.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adapts the _region_init(.) function so it can use
the rasr field of the arm_mpu_region_attr structure, when it
configures the RASR register.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The choice that contains FP_HARDAPI and FP_SOFTAPI already depends on
FLOAT, so the choice symbols don't have to.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There exist two symbols that became equivalent when PR #9383 was
merged; _SYSCALL_LIMIT and K_SYSCALL_LIMIT. This patch deprecates the
redundant _SYSCALL_LIMIT symbol.
_SYSCALL_LIMIT was initally introduced because before PR #9383 was
merged K_SYSCALL_LIMIT was an enum, which couldn't be included into
assembly files. PR #9383 converted it into a define, which can be
included into assembly files, making _SYSCALL_LIMIT redundant.
Likewise for _SYSCALL_BAD.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This commit removes the depreciated "default n" entries from
boolean K-config options in arch/arm.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When building a Secure firmware image, instruct the linker to
generate a symbol table with the entry veneers, to allow a Non
Secure firmware image to access Secure Entry functions via the
entry veneers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds K-config options that allow the user to
signify an ARM Secure Firmware that contains Secure Entry
functions and to define the starting address of the linker
section that will contain the Secure Entry functions. It
also instructs the linker to append the NSC section if
instructed so by the user.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contribute an internal ARM API that enables the
user to confgure an ARM Security Attribution Unit region. It
also defines ARM_SAU as a K-config option to indicate that
an MCU implements the ARM SAU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a simple API to allow the TrustZone
user to block or permit Non-Secure System Reset requests.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Make GCC compile with the -mcmse compile option, if we are
building a Secure firmware. The option will make Security
Extensions for secure executables available, and will set
the corresponding compile-time indicator flag, accordingly:
(i.e. __ARM_FEATURE_CMSE=3).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Define and implement a function to read the number of
SAU regions configued for the MCU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M TrustZone
API to allow the user to select whether Secure exceptions will
have priority boosting over Non-Secure exceptions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M TrustZone
API to allow the user to configure the target state of fault
exceptions that are not banked between security states.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds and implements an ARM internal API function
to configure the Non-Secure instance of MSPLIM or PSPLIM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements the internal ARM TrustZone
API to enable or disable the Security Attribution Unit.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Define and implement an API to configure the Non-Secure instances
of core registers in ARM Cortex-M23 and Cortex-M33.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit optimizes _size_to_mpu_rasr_size(.) in the ARMv7-M
MPU driver, so it makes use of a single _builtin_clz() function
call, instead of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Uses fixup infrastructure to safely abort if we get an MPU
fault when examining a string passed in from user mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In some kernel configurations, the offset can be greater
than the maximum of 124 for ldr/str immediate offsets.
Fixes: #9113
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit adds the implementation that allows the ARM CPU
to recover from (otherwise fatal) MPU faults. A new error
reason, _NANO_ERR_RECOVERABLE, is introduced. The error
reason is used to suppress fault dump information, if the
error is actually recoverable.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does several things:
- It unifies the way the fault inspection is implemented,
irrespective of the selected fault dumping level.
- It removes the dumping of the Thread ID and faulting
instruction address, as these are now displayed by
_NanoFatalErrorHandler.
- It introduces a new debug print directive, to be used
for the highest dumping level (2).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements two changes.
- It splits out the dumping of the Secure stack information to a
separate function. Dumping will only occur if the highest dump
level has been selected.
- Forces _Fault() to invoke _NanoFatalErrorHandler, instead of
_SysFatalErrorHandler. In addition, early return statemets are
implemented in _Fault(), so the fatal error handler is only
invoked once.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the documentation of function _Fault(.),
in order to better describe the actual implementation and the
use of the function arguments.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit forces arm_mpu_init() to use the provided API
functions to enable and disable the MPU. Besides the clean-up
the commit enforces the MPU driver to use data and instruction
synchronization barriers every time the MPU is enabled. This
is aligned with the programming recommendations by ARM.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes a bug in _get_region_ap(.) by adding
parentheses to enforce the correct operator precedence.
Fixes#8864.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update _get_region_attr_by_type used to set up the user regions
on a per thread basis to match the REGION_USER_RAM_ATTR macro. Caching
attributes were set "Outer and inner write-through. No write allocate.",
this patch changes it to "Outer and inner write-back. Write and read
allocate.".
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The NXP MPU triggers a bus fault when a memory access error occurs. Add
support in the bus fault handler to dump error details from the NXP MPU,
including the port number, mode (supervisor or user), address, bus
master number, and regions.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This commit refactors internal functions in arm_mpu.c to use
bitsets and functions taken directly from ARM CMSIS instead of
hardcoded arithmetic literals. In several internal functions
some part of the implementation is abstracted further in inline
functions or convenience macros, to facilitate extending the
arm_mpu.c for ARMv8-M. In addition, the commit adds minor
improvements in internal function documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit abstracts the attribution generation for an MPU
region, determined based on a supplied configuration and the
given size, from the actual implementation, which is placed
in a separate inline function. This allows to have multiple
implementations of attribution generation for different ARM
MPU drivers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors the _region_init(..) internal MPU driver
function so it gets the region index and a struct arm_mpu_region
as aruments. The latter holds the MPU region configuration that
is to be applied to the region determined by the index argument.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the redundant HAL definition for the ARM
Cortex-M MPU registers, and modifies the ARM MPU driver
implementation to directly use the provided HAL from CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit refactors arm_core_mpu_configure_user_context() so
it can use directly arm_core_mpu_configure().
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit places all the implementation in arm_mpu.c within
build-time guards, ensuring that it is compiled-in only if the
kernel features requiring MPU are present (i.e. USERSPACE,
APPLICATION_MEMORY, or MPU_STACK_GUARDS). An exception to that
is the code required for MPU initialization, which is left out,
as MPU initialization occurs always if MPU is present.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the compile options in cmake to distinguish
between ARMv8-M Mainline MCUs with or withouth the optional DSP
extension. A new Kconfig option: ARMV8_M_DSP, is introduced, to
signify the use of an ARMv8-M MCU with DSP support.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
* We are now *much* better at not reserving unnecessary
system MPU regions based on configuration. The #defines
for intent are now an enumerated type. As a bonus, the
implementation of _get_region_index_by_type() is much
simpler. Previously we were wasting regions for stack guard
and application memory if they were not configured.
* NXP MPU doesn't reserve the last region if HW stack
protection isn't enabled.
* Certain parts of the MPU code are now properly ifdef'd
based on configuration.
* THREAD_STACK_REGION and THREAD_STACK_USER_REGION was a
confusing construction and has now been replaced with
just THREAD_STACK_REGION, which represents the MPU region
for a user mode thread stack. Supervisor mode stacks
do not require an MPU region.
* The bounds of CONFIG_APPLICATION_MEMORY never changes
and we just do it once during initialization instead of
every context switch.
* Assertions have been added to catch out-of-bounds cases.
Fixes: #7384
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Also simplify the definition of CC3220SF_DEBUG. 'default's can be other
symbols too, not just literal values. The condition for the symbol to be
visible (user-configurable) can be put directly on the prompt as well.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Set Zero Latency IRQ to priority level zero and SVCs to priority level
one when Zero Latency IRQ is enabled.
This makes Zero Zatency truly zero latency when the kernel has been
configured with userspace enabled, or when IRQ offloading is used.
Exceptions can still delay Zero Latency IRQ, but this is considered
ok since exceptions indicate a serious error, and the system needs to
recover.
Fixes: #7869
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit removes the macro definitions for MPU_RASR register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macro definitions for MPU_RBAR register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macro definitions for MPU_CTRL register
bitmasks, defined in arm_mpu.h, and modifies the MPU driver to
directly use the equivalent macros defined in ARM CMSIS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the definition and the implementation
of an API for ARM MCUs to configure and get the configuration
of the security state targeted by a given external IRQ line.
The API is only available in Secure ARM Firmware.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the implementation of the CMSE
address range permission checks based on the ARMv8-M
address range check intrinsics exlusicely for Secure state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Refactor arm_cmse_mpu_region_get(.) function, so its signature,
documentation, and implementation align with the rest of functions
for obtaining MPU, SAU and IDAU region numbers via the TT instruction.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M API
that allows the user to evaluate access permissions of memory
locations, based on the ARMv8-M Tests Target (TT, TTA)
instruction support (for Secure requests).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces additional dependencies and selection
scheme for CPU_CORTEX_M_HAS_SPLIM, for Zephyr Non-Secure builds
on ARMv8-M MCUs with Security Extensions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the ARMV8_M_SE K-config option
to signify the use of an ARMv8-M MCU with support for
Security Extensions. It also introduces dependences of
ARM_(NON)SECURE_FIRMWARE on ARMV8_M_SE.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the K-config option
ARM_NONSECURE_FIRMWARE, to indicate a Zephyr firmware image
that is intended to execute in Non-Secure state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit improves the help text description for K-config
option: ARM_SECURE_FIRMWARE.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
On Cortex-M7 CPU (at least on STM32F723), the dummy move FPU instruction
is executed before the FPU lazy state preservation is disabled. Add an
instruction synchronization barrier before it to avoid that.
At the same time, remove the data synchronization barrier after the
dummy move as it does not have any effect on RAM or registers.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This commit sets VECTOR_ADDRESS in prep_c.c directly to the
value of _vector_start for XIP images for MCUs which have the
VTOR register.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The PendSV handler sits below the priority of other OS interrupts, but
it was inspecting kernel state before masking those interrupts out!
Move the locking to the top.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This commit removes the arm_mpu_enabled status flag in the ARM
MPU driver. This flag is not needed, because the value of the
MPU_CTRL register stays the same while the MPU is enabled, and
is cleared to 0 when the MPU is disabled. Therefore, we do not
need to prevent from having the enable or the disable operation
to be called multiple times.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In _arm_mpu_config provide a more detailed description of the
effect of MPU PRIVDEFENA flag when enabling the ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ARM Cortex-M0+, M3, and M4 MCUs have a fixed number of 8 MPU
regions, if MPU support is implemented. Therefore, we can
implement _get_num_regions() to return a constant, if CPU
is one of the above Cortex variants. _get_num_regions() is
invoked often in the code, so this solution increases processing
efficiency. A sanity check is implemented in arm_mpu_init(), to
ASSERT if the number of regions provided by hardware does not
match the expected (default) value.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commits adds a dependency for ARM_MPU on !CPU_CORTEX_M0,
so an accidental selection or ARM_MPU in ARM Cortex-M0 MCUs
will signal a K-config warning.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The original implementation of CONFIG_THREAD_MONITOR would
try to leverage a thread's initial stack layout to provide
the entry function with arguments for any given thread.
This is problematic:
- Some arches do not have a initial stack layout suitable for
this
- Some arches never enabled this at all (riscv32, nios2)
- Some arches did not enable this properly
- Dropping to user mode would erase or provide incorrect
information.
Just spend a few extra bytes to store this stuff directly
in the k_thread struct and get rid of all the arch-specific
code for this.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
On ARM, the __thread_entry struct pointer used when
CONFIG_THREAD_MONITOR is enabled was pointing to the initial exception
stack frame. That's not right: even though this contains all the same
info, it's not layout-compatible with the API struct. And once the
thread starts running, the ESF gets unwound and the memory recliamed
for the stack frame of the entry function!
Stuff the __thread_entry struct into its own memory at the bottom of
the stack like the other architectures do. Fixes#7541
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The r7 register is used as a frame pointer on ARM Thumb. As result, it
cannot be modified by the assembly code in functions using stack frame.
This commit replaces r7 by r8, which is a general purpose register.
Also it fixes#7704.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit fixes some minor function documentation issues
and comments' style in the NXP_MPU driver.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit inserts sanity checks every time we are performing
a (re)-configuration of one or multiple MPU regions, ensuring
that we do not attempt to configure an invalid region number.
Particulary for arm_mpu_config(), called during pre-kernel
initialization phase, we add a system ASSERT if we attempt
to initialize more regions that what is supported by hardware.
We do this to ensure the misconfiguration is detected early and
the system boot is aborted.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an internal function to disable an MPU region.
The function includes an assert that the requested MPU region
number is a valid one. arm_mpu.c is refactor to use this
function in all cases where an MPU region needs to be disabled.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit enhaces the documentation of internal functions
in arm_mpu.c by explicitly stating that the caller needs to
ensure the validity of the supplied MPU region index. The
warning is required as these functions modify the ARM MPU_RNR
register, without checking themselves the validity of the
provided region number.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes some minor issues with coding style
and comment syntax in arm_mpu.c
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Change the zero latency interrupt priority level from 2 to 1.
This is the priority level that the kernel has reserved for the
zero latency IRQ feature by the _IRQ_PRIO_OFFSET constant.
The zero latency IRQ will now not be masked by the irq_lock function.
Update comments to reflect the priority levels reserved by the kernel.
Fixes: #8073
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Upon MemManage Exception, multiple status bits of MMFSR may be
set. This commit modifies the MPU Fault Handler, so that it can
inspect and display information from all error conditions,
instead of just the first error condition that is true.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Make MPU stack guard checks use the previously stored value
of the MemManage Fault Address Register, to ensure that the
address-under-check is valid.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Previously the directory core/cortex/mpu/ was getting included
on a hidden kconfig. Now this has been replaced with the Kconfig
CONFIG_ARM_CORE_MPU.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This commit fixes a compilation bug for an undefined variable
(mmfar), which is only conditionally defined. Instead of mmfar
we use the ARM register value directly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The metairq feature exposed the fact that all of our arch code (and a
few mistaken spots in the scheduler too) was trying to interpret
"preemptible" threads independently.
As of the scheduler rewrite, that logic is entirely within sched.c and
doing it externally is redundant. And now that "cooperative" threads
can be preempted, it's wrong and produces test failures when used with
metairq threads.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Refactor the _FaultDump of the default debug-level (2) to
provide the error code that indicates the fatal error reason.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Refactor FAULT_DUMP macro to obtain and store the fatal error
reason. Make non-default version of FAULT_DUMP (i.e. with
CONFIG_FAULT_DUMP level 1) to retrieve the default reason
for fatal errors (_NANO_ERR_HW_EXCEPTION).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Document that execution does not return from
_NanoFatalErrorHandler and _SysFatalErrorHandler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove unused context switch code from the helper assembly file that
manages the SuperVisor Call invocations (SVCs). This is no longer in use
in the code, since all calls to __swap() now go through PendSV directly.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The initial user stack pointer gets rounded to STACK_ALIGN_SIZE,
which can be much finer granularity than MPU regions. With
certain stack size values passed to k_thread_create(), the stack
pointer can be set past the defined region for the user thread's
stack, causing an immediate MPU fault.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Upon return from a syscall handlers, the r1, r2, and r3 registers
could contain random kernel data that should not be leaked to user
mode. Zero these out before returning from _arm_do_syscall().
Fixes#7753.
The invocation macros need a clobber if r1, r2, or r3 are not used
to carry syscall arguments. This is a partial fix for #7754 but
there appear to be other issues.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit contributes the implementation of the
CMSE address range permission checks based on the
ARMv8-M address range check intrinsics.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Select CPU_CORTEX_M_HAS_CMSE in ARMV8_M arhitectures.
Option ARMV8_M_BASELINE is introduced for this purpose,
so that CMSE API is enabled for both Cortex-M23 and
Cortex-M33 MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit defines and implements an internal ARMv8-M API
that allows the user to evaluate access permissions of memory
locations, based on the ARMv8-M Test Target (TT) instruction
support.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the ability to call platform specific code as the first thing we do.
This is needed because on some platforms we might have to figure out how
to deal with starting up secondary cores and need to do that as the
first thing we do.
Signed-off-by: Stanislav Poboril <stanislav.poboril@nxp.com>
Normally a syscall would check the current privilege level and then
decide to go to _impl_<syscall> directly or go through a
_handler_<syscall>.
__ZEPHYR_SUPERVISOR__ is a compiler optimization flag which will
make all the system calls from the arch files directly link
to the _impl_<syscall>. Thereby reducing the overhead of checking the
privileges.
In the previous implementation all the source files would be compiled
by zephyr_source() rule. This means that zephyr_* is a catchall CMake
library for source files that can be built purely with the include
paths, defines, and other compiler flags that all zephyr source
files uses. This states that adding one extra compiler flag for only
one complete directory would fail.
This limitation can be overcome by using zephyr_libray* APIs. This
creates a library for the required directories and it also supports
directory level properties.
Hence we use zephyr_library* to create a new library with
macro _ZEPHYR_SUPERVISOR_ for the optimization.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Distinguish between the integrity signatures depending on whether the
ARM MCU implements the Floating-Point Extension or not.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit partially reworks the fault dump implementation
of faults in non-secure state that target Secure state. In
particular, the return address to secure state is logged along
with the non-secure address which caused the non-secure fault
(that targets the Secure state).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements consistency checks for the core registers
in ARMv6-M, ARMv7-M, and ARMv8-M architectures, ensuring that
the user cannot accidentally select registers that are not
implemented by the selected Cortex-M processor.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit improves the help text of the ARMV7_M_ARMV8_M_MAINLINE
K-config option.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a Context Synchronization Point immediately
after the reset handler switches to use the Process Stack
Pointer, during initialization.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The loop that checks the MPU region permissions incorrectly
iterates from (num_region + 1) to 1. This should be
(num_region - 1) to 0. This results in the wrong regions
being checked and possible overflow for any implementation
that uses the max region value of 0xFF.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit activates the built-in stack guard on the main_thread
before jumping to it upon system initialization. Stack guard is
activated if BUILTIN_STACK_GUARD is enabled by the user. The
commit also activates built-in thread stack guards at every
context switch, if BUILTIN_STACK_GUARD enabled by the user.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Ignore stack pointer limit checking during a HardFault or NMI
exception, to allow for the Fault handling function to execute
properly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the build-in interrupt stack protection
via the native MSPLIM register in ARMv8-M MCUs that support the
Main Extension. Main stack pointer overflows will cause Stack
Overflow UsageFaults. In addition, the commit introduces a new
config option, BUILTIN_STACK_GUARD, allowing the user to enable
and use the built-in stack protection in ARMv8-M firmware.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Improve the help text of ARM k-config option
CPU_CORTEX_M_HAS_PROGRAMMABLE_FAULT_PRIOS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Now that other work has eliminated the two cases where we had to do a
reschedule "but yield even if we are cooperative", we can squash both
down to a single _reschedule() function which does almost exactly what
legacy _Swap() did, but wrapped as a proper scheduler API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a somewhat promiscuous pattern in the kernel where IPC
mechanisms would do something that might effect the current thread
choice, then check _must_switch_threads() (or occasionally
__must_switch_threads -- don't ask, the distinction is being replaced
by real English words), sometimes _is_in_isr() (but not always, even
in contexts where that looks like it would be a mistake), and then
call _Swap() if everything is OK, otherwise releasing the irq_lock().
Sometimes this was done directly, sometimes via the inverted test,
sometimes (poll, heh) by doing the test when the thread state was
modified and then needlessly passing the result up the call stack to
the point of the _Swap().
And some places were just calling _reschedule_threads(), which did all
this already.
Unify all this madness. The old _reschedule_threads() function has
split into two variants: _reschedule_yield() and
_reschedule_noyield(). The latter is the "normal" one that respects
the cooperative priority of the current thread (i.e. it won't switch
out even if there is a higher priority thread ready -- the current
thread has to pend itself first), the former is used in the handful of
places where code was doing a swap unconditionally, just to preserve
precise behavior across the refactor. I'm not at all convinced it
should exist...
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Contrary to ARMv7-M, in ARMv8-M MCUs with the Main Extension,
BusFault Status Register bits are sticky and must be cleared.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch changes the ARM system calls to use registers for passing
or arguments. This removes the possibility of stack issues when
callers do not adhere to the AAPCS.
Fixes#6802
Signed-off-by: Andy Gross <andy.gross@linaro.org>
During the transition of privilege levels while performing syscalls,
the ARM documentation recommends flushing the pipeline to avoid
pre-fetched instructions from being executed with the previous
privilege level.
The manual says:
4.16 CONTROL register
(...) after programming the CONTROL register, an ISB instruction
should be used.
(...) This is not implemented in the Cortex M0 processor.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
srd bits start at bit 8, not bit 5.
To date we are not using sub-regions so this problem was
undetected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Upcoming Nordic ICs that share many of the peripherals and architecture
with the currently supported nRF5x ones are no longer part of the nRF5
family. In order to accomodate that, rename the SoC family from nrf5 to
nrf, so that it can contain all of the members of the wider Nordic
family.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit introduces the ARM_SECURE_FIRMWARE k-option,
which indicates that we are building an ARM Secure application.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the implementation of the SecureFault
handling for ARMv8-M-based Cortex-M33. The implementation is
compiled conditionally with compile-time directive
CONFIG_ARM_SECURE_FIRMWARE, which is to signify the intention to
build a Secure image on ARMv8-M with Security Extensions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit conditionally selects the ARMV7_M_ARMV8_M_FP option
in ARMv7-M/ARMv8-M Mainline processors, when the Floating Point
Extension is implemented (CPU_HAS_FPU is selected).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the Stack Overflow UsageFault dumping
for ARMv8-M implementations that support the Main Extension.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the ARMV8_M_MAINLINE K-config option. The
option signifies the use of an ARMv8-M CPU supporting the Main
Extension. ARMv8-M Main Extension includes additional features
that are not present in the ARMv7-M architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit forces CPU_CORTEX_M_HAS_PROGRAMMABLE_FAULT_PRIOS to
depend on ARMV7_M_ARMV8_M_MAINLINE. This allows the user to get
a build warning if he manually selects
CPU_CORTEX_M_HAS_PROGRAMMABLE_FAULT_PRIOS for a CPU that does
not implement either ARMv7-M or ARMv8-M Mainline.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Clean up Kconfig so each SoC just selects the specific Cortex-M
implementaiton rather than having to select both CORTEX_M and
CORTEX_{M0, M3, M4, etc.}.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit adds the missing fault dumping for MemManage or Bus
fault occuring during floating-point lazy state preservation. In
addition, it introduces a Kconfig option for the ARMv7-M/ARMv8-M
Floating Point Extension.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the macros for ARM fault flags from
include/arch/arm/cortex_m/cmsis.h header, since they are
defined in the respective core_cmXX.h header files. It also
modifies fault.c to use the updated fault macros taken directly
from ARM CMSIS headers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch reworks the current ARM __swap() function into a C function.
Due to some issues with using svc calls withing fault handlers, we
needed to change the way we initiate a swap by removing the dependence
on svc #0.
Before __swap() is called, the system has already done an irq_lock().
Upon return from __swap(), the equivalent of an irq_lock() is done due
to restoration of the key value from the irq_lock preceeding the call.
For ARM V6M (M0/M0+), the pendsv bit is toggled and the irqs are
enabled. There is no priority masking in v6m, so it's just a global
enable. For ARM V7M, the priority mask has to be set to 0x0 to allow
for the pendsv IRQ to be taken. This is done for both via a call to
irq_unlock(0).
After this unlock, a pendsv irq will be taken, either at the tail end
of the current irq handling if we are in handler mode, or immediately
due to the pendsv being asserted (no other outstanding irqs). The next
thread will be scheduled.
Upon return from the context switch to the original
thread, the priority mask will already be correct due to the pendsv
processing.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
MPU_STACK_GUARD option has a direct dependence on ARM_CORE_MPU.
Therefore, it is not required to have a conditional selection
of the option (if ARM_CORE_MPU) in ARM_STACK_PROTECTION.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In ARMv7-M (and ARMv8-M) architecture it is
implementation defined whether separate MMFAR and BFAR are
implemented. This commit ensures that we always get the true
faulting address displayed in case of MemManage- or BusFault.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The xtensa-asm2 work included a patch that added nano_internal.h
includes in lots of places that needed to have _Swap defined, because
it had to break a cycle and this no longer got pulled in from the arch
headers.
Unfortunately those new includes created new and more amusing cycles
elsewhere which led to breakage on other platforms.
Break out the _Swap definition (only) into a separate header and use
that instead. Cleaner. Seems not to have any more hidden gotchas.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The old ARMV6_M Kconfig option has been removed, and so to correctly set
the dependencies for SW_VECTOR_RELAY we need to use the new
ARMV6_M_ARMV8_M_BASELINE.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This patch adds support for userspace on ARM architectures. Arch
specific calls for transitioning threads to user mode, system calls,
and associated handlers.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch adds a configure_mpu_user_context API and implements
the required function placeholders in the NXP and ARM MPU files.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This commit defines the Kconfig options for
ARM Cortex-M23 and Cortex-M33 CPUs. It also
udpates the generic memory map for M23 and M33
implementations.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Whenever a Cortex-M0+ supports the VTOR register it makes no sense to
use the software vector relay mechanism. Therefore change the logic so
that SW_VECTOR_RELAY does not get enabled whenever a VTOR register is
present, but enable it if an M0+ has no VTOR.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This patch adds the generation and incorporation of privileged stack
regions that are used by ARM user mode threads. This patch adds the
infrastructure for privileged stacks. Later patches will utilize the
generated stacks and helper functions.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Some ARMv6-M Cortex-M0+-based SOCs have VTOR register
and can relocate vector table just as ARMv7-M ones.
Vector table relocation path should be choosed
by VTOR presence, not by arch.
Signed-off-by: Ilya Tagunov <tagunil@gmail.com>
Rename the nano_internal.h to kernel_internal.h and modify the
header file name accordingly wherever it is used.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Currently in zephyr the support for the arm userspace has not be
merged. But the Kconfig always sets the userspace flag and causes a
build failure. This is blocking the test cases for userspace.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Add a new Kconfig option, BOOTLOADER_MCUBOOT, that automatically sets
the required options necessary to make the resulting image bootable by
the MCUboot open source bootloader. This includes the text section
offset and the vector relay table for Cortex-M0, and in the future it
might also add the DTS overlay required to link at slot0 offset in
flash.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
For SoCs that don't support vector table relocation in hardware, may not
support bootloader like mcuboot.
We introduce a way to relocate vector table in software by forwarding
the control of incoming IRQs to a new vector table which address is save
at fixed SRAM address.
User can change the data in that fixed SRAM address in order to relocate
vector table in software way.
Signed-off-by: Ding Tao <miyatsu@qq.com>
Cortex-M0 do not have the Vector Table Base Address Offset Register, so
Cortex-M0 vector table address can not be changed.
But in some Cortex-M0 SoCs like STM32F0 series, they have some mechanism
that can remap the vector table address to the start address of SRAM.
Use this flag to indicates whether current Cortex-M0 SoC support such a
remap or not.
Signed-off-by: Ding Tao <miyatsu@qq.com>
When asserts are enabled we run into an issue with newlib and types of
printf style formatters not matching. The easy fix to this is to cast
the uint32_t to u32_t to make things consistent with or without newlib
enabled.
This fixes#5645
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Was ARM specific and could not be used by other architectures.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Add an architecure specfic code for the memory domain
configuration. This is needed to support a memory domain API
k_mem_domain_add_thread.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Implement API to validate user buffer. This API will iterate
all MPU regions to check if the given buffer is user accessible
or not. For #3832.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
Unlike other NXP SoCs currently in Zephyr, the mimxrt1052 has the ARM
MPU rather than the NXP MPU. Start out by enabling it with a simple set
of memory regions for "flash" (ITCM), "ram" (DTCM), and the peripheral
buses. More regions will need to be added when we implement support for
external memories.
Tested with:
- samples/mpu/mpu_stack_guard_test
- tests/kernel/mem_protect/protection
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
Added architecture specific support for memory domain destroy
and remove partition for arm and nxp. An optimized version of
remove partition was also added.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This adds CONFIG_EXECUTE_XOR_WRITE, which is enabled by default on
systems that support controlling whether a page can contain executable
code. This is also known as W^X[1].
Trying to add a memory domain with a page that is both executable and
writable, either for supervisor mode threads, or for user mode threads,
will result in a kernel panic.
There are few cases where a writable page should also be executable
(JIT compilers, which are most likely out of scope for Zephyr), so an
option is provided to disable the check.
Since the memory domain APIs are executed in supervisor mode, a
determined person could bypass these checks with ease. This is seen
more as a way to avoid people shooting themselves in the foot.
[1] https://en.wikipedia.org/wiki/W%5EX
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Some SOCs (e.g. STM32F0) can map the flash to address 0 and
the flash base address at the same time. Prevent writing to
duplicate flash address which stops the SOC.
Allow Cortex M SOCs to create their own vector table relocation
function.
Provide a relocation function for STM32F0x SOCs.
Fixes#3923
Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Added architecture specific support for memory domain destroy
and remove partition for arm and nxp. An optimized version of
remove partition was also added.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Currently this is defined as a k_thread_stack_t pointer.
However this isn't correct, stacks are defined as arrays. Extern
references to k_thread_stack_t doesn't work properly as the compiler
treats it as a pointer to the stack array and not the array itself.
Declaring as an unsized array of k_thread_stack_t doesn't work
well either. The least amount of confusion is to leave out the
pointer/array status completely, use pointers for function prototypes,
and define K_THREAD_STACK_EXTERN() to properly create an extern
reference.
The definitions for all functions and struct that use
k_thread_stack_t need to be updated, but code that uses them should
be unchanged.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add the following application-facing memory domain APIs:
k_mem_domain_init() - to initialize a memory domain
k_mem_domain_destroy() - to destroy a memory domain
k_mem_domain_add_partition() - to add a partition into a domain
k_mem_domain_remove_partition() - to remove a partition from a domain
k_mem_domain_add_thread() - to add a thread into a domain
k_mem_domain_remove_thread() - to remove a thread from a domain
A memory domain would contain some number of memory partitions.
A memory partition is a memory region (might be RAM, peripheral
registers, flash...) with specific attributes (access permission,
e.g. privileged read/write, unprivileged read-only, execute never...).
Memory partitions would be defined by set of MPU regions or MMU tables
underneath.
A thread could only belong to a single memory domain any point in time
but a memory domain could contain multiple threads.
Threads in the same memory domain would have the same access permission
to the memory partitions belong to the memory domain.
The memory domain APIs are used by unprivileged threads to share data
to the threads in the same memory and protect sensitive data from
threads outside their domain. It is not only for improving the security
but also useful for debugging (unexpected access would cause exception).
Jira: ZEP-2281
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
In various places, a private _thread_entry_t, or the full prototype
were being used. Be consistent and use the same typedef everywhere.
Signen-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In benchmark test (test_info) while making function call regs
r0 - r4 are modified into called function. Due to this value
inside r3 is getting lost.
This patch saves and restore the value in r0-r4 regs while making
function calls from assembly language.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
The API/Variable names in timing_info looks very speicific to
platform (like systick etc), whereas these variabled are used
across platforms (nrf/arm/quark).
So this patch :-
1. changing API/Variable names to generic one.
2. Creating some of Macros whose implimentation is platform
depenent.
Jira: ZEP-2314
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch removes the redundant stack alignment check being done. The
stack definition macros enforce the alignment requirements via the
__align() directives.
In addition, fix the rounding down of the psp to be correct. The
actual initial stack pointer is the end of the stack minus the size of
the __esf structure. Rounding down after the subtraction will get us
to the correct offset.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
An abnormal crash was encountered in ARMv6-M SoCs that don't have flash
starting at 0. With Zephyr OS the reason for this crash is that, on
ARMv6-M the system requires an exception vector table at the 0 address.
We implement the relocate_vector_table function to move the vector table
code to address 0 on systems which don't have the start of code already
at 0.
[kumar.gala: reworderd commit message, tweaked how we check if we need
to copy vector table]
Signed-off-by: Xiaorui Hu <xiaorui.hu@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This patch adjusts the ARM MPU implementation to be compliant to the
recent changes that introduced the opaque kernel data types.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
The mimimum mpu size is 32 bytes, but requires mpu base address to be
aligned on 32 bytes to work. Define architecture thread macro when
MPU_STACK_GUARD config to allocate stack with 32 more bytes.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
This patch adds the allow flash write CONFIG option to the ARM MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
This patch adds the allow flash write CONFIG option to the NXP MPU
configuration in privileged mode.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
Currently Thread time slice is getting reset at end of timer
interrupt. Due to which equal priority threads behind current thread
in ready_q are not getting chance to run and leading to starvation.
This patch handles time slice in _ExcExit section context switch is
required.
Jira: ZEP-2444
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Enabled the boot_time test on ARM SoCs, set __start_time_stamp on ARM
since we don't have a free running counter similar to TSC on x86.
Also moved to printing the values out as %u to increase the range of
values.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Both the ARM and NXP MPU drivers incorrectly calculated the region index
by assuming the region type (e.g., THREAD_STACK_GUARD_REGION) was
zero-indexed, when in reality it is one-indexed. This had the effect of
wasting one region.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The NXP MPU requires special handling of region descriptor 0 to
guarantee that the debugger has access to the entire address space. It
does not allow writes from the core to affect the start or end
addresses, or the permissions associated with the debugger.
The original implementation of this driver attempted to work around
region descriptor 0, resulting in an off-by-1 error caught by Coverity.
Instead, define region descriptor 0 explicitly in the mpu_regions array,
and add some asserts to ensure that one doesn't try to change its start
or end addresses. This has an added benefit such that more permissions
can be enabled in region 0 if desired, whereas the previous
implementation always forced all writable permissions to be cleared.
Coverity-CID: 170473
Jira: ZEP-2258
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The original implementation of _get_num_regions() parsed the CESR[NRGD]
register field to determine the number of mpu region descriptors
implemented in hardware. There was a possible path in the code to return
zero, which would cause underflow later on in arm_core_mpu_configure().
Coverity complained despite an assert to catch this condition. Instead,
use a preprocessor macro from mcux that defines the number of mpu region
descriptors.
Coverity-CID: 169811
Jira: ZEP-2208
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Stack sentinel doesn't prevent corruption, it just notices when
it happens. Any memory could be in a bad state and it's more
appropriate to take the entire system down rather than just kill
the thread.
Fatal testcase will still work since it installs its own
_SysFatalErrorHandler.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).
This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.
This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.
The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.
Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The REGION bits (bit[3:0]) of MPU_RBAR register can specify the number
of the region to update if the VALID bit (bit[4]) is also set.
If the bit[3:0] of "region_addr" are not zero, might cause to update
unexpected region. This could happen since we might not declare stack
memory with specific alignment.
This patch will mask the bit[4:0] of "region_addr" to prevent updating
unexpected region.
Signed-off-by: Chunlin Han <chunlin.han@linaro.org>
The kernel tracks time slice usage with the _time_slice_elapsed global.
Every time the timer interrupt goes off and the timer driver calls
_nano_sys_clock_tick_announce() with the elapsed time, this is added to
_time_slice_elapsed. If it exceeds the total time slice, the thread is
moved to the back of the queue for that priority level and
_time_slice_elapsed is reset to zero.
In a non-tickless kernel, this is the only time _time_slice_elapsed is
reset. If a thread uses up a partial time slice, and then cooperatively
switches to another thread, the next thread will inherit the remaining
time slice, causing it not to be able to run as long as it ought to.
There does exist code to properly reset the elapsed count, but it was
only compiled in a tickless kernel. Now it is built any time
CONFIG_TIMESLICING is enabled.
Issue: ZEP-2107
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
pop {lr} instruction is not supported in ARMv6-M, fixed by
using pop {r0}; mov lr, r0; instructions.
Jira: ZEP-2222
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
We now have generic ARM M4 MPU support added to Zephyr.
Let's enable it for use with Nordic nRF52 chips.
Memory Layout was generated from Section 8.3 "Memory
Map" of nRF52 Product Specifications (for both nRF52832
and nRF52840):
0x00000000: Flash
0x10000000: Factory Information Config Registers
0x10001000: User Information Config Registers
0x20000000: SRAM
0x40000000: APB Peripherals
0x50000000: AHB Peripherals
0xE0000000: ARM M4 Private Peripheral Registers
NOT Configured:
0x60000000: External RAM
0x80000000: External RAM
0xA0000000: External Device
0xC0000000: External Device
NOTE: More work will be needed for future Nordic MWU (Memory
Watching Unit) support.
Signed-off-by: Michael Scott <michael.scott@linaro.org>
This patch add arm core MPU support to NXP MPU driver.
With this feature it is now possible to enable stack guarding on NXP
MPUs.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch integrates the thread stack guard feature in the arm
Zephyr core.
Change-Id: I2022899cbc7a340be71cfaa52f79418292f93bae
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds the arm core MPU implementation.
This implementation currently supports the thread stack guard feature.
Change-Id: I8b3795ebaf1ebad38aaddc2ed2f05535ead2c09a
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch add arm core MPU support to ARM MPU driver.
Change-Id: I5a61da4615ae687bf42f1c9947e291ebfd2d2c1d
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds the arm core MPU interface, a common way to access the
pu functionalities by the arm zephyr kernel.
The interface can be divided in two parts:
- a core part that will be implemented by the arm_core_mpu driver and
used directly by the kernel
- a driver part that will be implemented by the mpu drivers and used by
the arm_core_mpu driver
Change-Id: I590bd284abc40d98b06fdf1efb5800903313aa00
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds initial MPU support to NXP K6x family.
The boot configuration prevents the following security issues:
* Prevent to read at an address that is reserved in the memory map.
* Prevent to write into the boot Flash/ROM.
* Prevent from running code located in SRAM.
This driver has been tested on FRDM-K64F.
Change-Id: I907168fff0c6028f1c665f1d3c224cbeec31be32
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Now that all ARM platforms have a device tree we can move selecting of
HAS_DTS up and remove any !HAS_DTS cases, as well as setting in all the
defconfigs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This places a sentinel value at the lowest 4 bytes of a stack
memory region and checks it at various intervals, including when
servicing interrupts or context switching.
This is implemented on all arches except ARC, which supports stack
bounds checking directly in hardware.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unline k_thread_spawn(), the struct k_thread can live anywhere and not
in the thread's stack region. This will be useful for memory protection
scenarios where private kernel structures for a thread are not
accessible by that thread, or we want to allow the thread to use all the
stack space we gave it.
This requires a change to the internal _new_thread() API as we need to
provide a separate pointer for the k_thread.
By default, we still create internal threads with the k_thread in stack
memory. Forthcoming patches will change this, but we first need to make
it easier to define k_thread memory of variable size depending on
whether we need to store coprocessor state or not.
Change-Id: I533bbcf317833ba67a771b356b6bbc6596bf60f5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adds event based scheduling logic to the kernel. Updates
management of timeouts, timers, idling etc. based on
time tracked at events rather than periodic ticks. Provides
interfaces for timers to announce and get next timer expiry
based on kernel scheduling decisions involving time slicing
of threads, timeouts and idling. Uses wall time units instead
of ticks in all scheduling activities.
The implementation involves changes in the following areas
1. Management of time in wall units like ms/us instead of ticks
The existing implementation already had an option to configure
number of ticks in a second. The new implementation builds on
top of that feature and provides option to set the size of the
scheduling granurality to mili seconds or micro seconds. This
allows most of the current implementation to be reused. Due to
this re-use and co-existence with tick based kernel, the names
of variables may contain the word "tick". However, in the
tickless kernel implementation, it represents the currently
configured time unit, which would be be mili seconds or
micro seconds. The APIs that take time as a parameter are not
impacted and they continue to pass time in mili seconds.
2. Timers would not be programmed in periodic mode
generating ticks. Instead they would be programmed in one
shot mode to generate events at the time the kernel scheduler
needs to gain control for its scheduling activities like
timers, timeouts, time slicing, idling etc.
3. The scheduler provides interfaces that the timer drivers
use to announce elapsed time and get the next time the scheduler
needs a timer event. It is possible that the scheduler may not
need another timer event, in which case the system would wait
for a non-timer event to wake it up if it is idling.
4. New APIs are defined to be implemented by timer drivers. Also
they need to handler timer events differently. These changes
have been done in the HPET timer driver. In future other timers
that support tickles kernel should implement these APIs as well.
These APIs are to re-program the timer, update and announce
elapsed time.
5. Philosopher and timer_api applications have been enabled to
test tickless kernel. Separate configuration files are created
which define the necessary CONFIG flags. Run these apps using
following command
make pristine && make BOARD=qemu_x86 CONF_FILE=prj_tickless.conf qemu
Jira: ZEP-339 ZEP-1946 ZEP-948
Change-Id: I7d950c31bf1ff929a9066fad42c2f0559a2e5983
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Future tickless kernel patches would be inserting some
code before call to Swap. To enable this it will create
a mcro named as the current _Swap which would call first
the tickless kernel code and then call the real __swap()
Jira: ZEP-339
Change-Id: Id778bfcee4f88982c958fcf22d7f04deb4bd572f
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
This patch adds initial MPU support to ARM Beetle.
The boot configuration prevents the following security issues:
* Prevent to read at an address that is reserved in the memory map.
* Prevent to write into the boot Flash/ROM.
* Prevent from running code located in SRAM.
Change-Id: I64f1001369896fffb0647de6be605a95161c4695
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch adds an initial driver for the ARM MPU.
This driver has been tested on ARM Beetle and STM32F4.
Change-Id: I2bc4031961ec5a1d569929249237646f4a349f16
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This patch add the Memory Protection Unit parameter to the arm core
configuration.
Change-Id: Ifee8cdd5738391a6f182e8d0382d27eeb8c546ba
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
Signed-off-by: Marc Moreno <marc.morenoberengue@linaro.org>
Put the reason code in r0 and make a SVC #2 call, which will be
propagated to _fatal_error_handler as an exception.
The _is_in_isr() implementation had to be tweaked a bit. User-generated
SVC exception no longer just used for irq_offload(); just because we are
in it does not mean we are in interrupt context. Instead, have the
irq_offload code set and clear the offload_routine global; it will be
non-NULL only if it's in use. Upcoming changes to support memory
protection (which will require system calls) will need this too.
We free up some small amount of ROM deleting _default_esf struct as it's
no longer needed.
Issue: ZEP-843
Change-Id: Ie82bd708575934cffe41e64f5c128c8704ca4e48
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unlike assertions, these APIs are active at all times. The kernel will
treat these errors in the same way as fatal CPU exceptions. Ultimately,
the policy of what to do with these errors is implemented in
_SysFatalErrorHandler.
If the archtecture supports it, a real CPU exception can be triggered
which will provide a complete register dump and PC value when the
problem occurs. This will provide more helpful information than a fake
exception stack frame (_default_esf) passed to the arch-specific exception
handling code.
Issue: ZEP-843
Change-Id: I8f136905c05bb84772e1c5ed53b8e920d24eb6fd
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For exceptions where we are just going to abort the current thread, we
need to exit handler mode properly so that PendSV can run and perform a
context switch. For ARM architecture this means that the fatal error
handling code path can indeed return if we were 1) in handler mode and
2) only wish to abort the current thread.
Fixes a very long-standing bug where a thread that generates an
exception, and should only abort the thread, instead takes down the
entire system.
Issue: ZEP-2052
Change-Id: Ib356a34a6fda2e0f8aff39c4b3270efceb81e54d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We do the same thing on all arch's right now for thread_monitor_init so
lets put it in a common place. This also should fix an issue on xtensa
when thread monitor can be enabled (reference to _nanokernel.threads).
Change-Id: If2f26c1578aa1f18565a530de4880ae7bd5a0da2
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We do a bit of the same stuff on all the arch's to setup a new thread.
So lets put that code in a common place so we unify it for everyone and
reduce some duplicated code.
Change-Id: Ic04121bfd6846aece16aa7ffd4382bdcdb6136e3
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are a few places that we used an naked unsigned type, lets be
explicit and make it 'unsigned int'.
Change-Id: I33fcbdec4a6a1c0b1a2defb9a5844d282d02d80e
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. This handles the remaining includes and kernel, plus
touching up various points that we skipped because of include
dependancies. We also convert the PRI printf formatters in the arch
code over to normal formatters.
Jira: ZEP-2051
Change-Id: Iecbb12601a3ee4ea936fd7ddea37788a645b08b0
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. There are few places we dont convert over to the new
types because of compatiability with ext/HALs or for ease of transition
at this point. Fixup a few of the PRI formatters so we build with newlib.
Jira: ZEP-2051
Change-Id: I7d2d3697cad04f20aaa8f6e77228f502cd9c8286
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a start to move away from the C99 {u}int{8,16,32,64}_t types to
Zephyr defined u{8,16,32,64}_t and s{8,16,32,64}_t. This allows Zephyr
to define the sized types in a consistent manor across all the
architectures we support and not conflict with what various compilers
and libc might do with regards to the C99 types.
We introduce <zephyr/types.h> as part of this and have it include
<stdint.h> for now until we transition all the code away from the C99
types.
We go with u{8,16,32,64}_t and s{8,16,32,64}_t as there are some
existing variables defined u8 & u16 as well as to be consistent with
Zephyr naming conventions.
Jira: ZEP-2051
Change-Id: I451fed0623b029d65866622e478225dfab2c0ca8
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Fix doxygen comment typos used to generate API docs
Change-Id: I94df2e3a2bda248824ed2aeff3dd0eb743f0bf3e
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Instead of FLASH_LOAD_OFFSET being something specific to cortex-m, add
it generally to misc/Kconfig, along with a hidden config
HAS_LOAD_OFFSET which can be selected by the architectures as they add
support for the functionality.
Change-Id: I256ff8cf4e9b8493b26354c3b93fe1f7017d4887
Signed-off-by: David Brown <david.brown@linaro.org>
This patch updates the ARM core to use struct k_thread instead of struct
tcs. Struct tcs has been deprecated with Zephyr 1.6.
Change-Id: I1219add0bbcca4b963ffe02cd4519eca355c7719
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@linaro.org>
This directory now handles all of Cortex-M0, Cortex-M3/M4. So, just
consistently use "Cortex-M" (as used by number of files already)
without refering to a particular subarch. Also, consistently (letter
casing) spell it as "Cortex-M". A typo is fixed too.
Change-Id: I42ee09abc9a503381bca4ae437c83a8f48816ebc
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Currently, ARM Cortex-M image ROMs are linked starting at the flash
device's base address (CONFIG_FLASH_BASE_ADDRESS). This prevents XIP
Zephyr applications from being linked to run from elsewhere on the
flash device. Linking Zephyr applications to run from elsewhere can be
necessary when running under a bootloader (i.e., booting into a Zephyr
application from a bootloader, not using Zephyr as a bootloader).
To enable this use case, add a new config option: FLASH_LOAD_OFFSET.
This option directs the linker to treat ROM as if it started that many
bytes from the base of flash on Cortex-M targets. The option defaults
to zero to preserve backwards compatibility.
Change-Id: I64f82aee257c19c2451f9789b0ab56999775b761
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This replaces the hard-coded vector table, as well as the
software ISR table created by the linker. Now both are generated
in build via script.
Issue: ZEP-1038, ZEP-1165
Change-Id: Ie6faaf8f7ea3a7a25ecb542f6cf7740836ad7da3
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch moves the include for the generated_dts_board.h inside of
the include/arch/arm/arch.h file. This was done to simplify the
includes required for files. Only two files will include the dts
generated include file directly: arch.h and the linker.ld
Change-Id: I2614f4fd4eeed2ab635a3264d7dac8b83f97b760
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Andy Ross