Read a volatile status into a local variable to
discard a side effect in assertion. This fixes
an issue reported by Coverity: CID: 214210.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To improve Zephyr security, I decided to create a test
test_after_syscall_cpu_scrubs_regs
I think necessary to check upon exit of a system call back
to the calling thread, the kernel scrubs CPU registers for sensitive
data.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Provide a TZ_SAFE_ENTRY_FUNC() macro for wrapping non-secure entry
functions in calls to k_sched_lock()/k_sched_unlock()
Provide a __TZ_WRAP_FUNC() macro which helps in creating a function
that "wraps" another in a preface and postface function call.
int foo(char *arg); // Implemented somewhere else.
int __attribute__((naked)) foo_wrapped(char *arg)
{
WRAP_FUNC(bar, foo, baz);
}
is equivalent to
int foo(char *arg); // Implemented somewhere else.
int foo_wrapped(char *arg)
{
bar();
int res = foo(arg);
baz();
return res;
}
This commit also adds tests for __TZ_WRAP_FUNC().
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
It should be nrfx_power_clock_irq_handler, not nrfx_clock_irq_handler.
The latter is only present as a function if both nrfx CLOCK and POWER
drivers are used and it is then called from the actual IRQ handler,
which is always named nrfx_power_clock_irq_handler (also when only
the nrfx CLOCK driver is used as in case of this test).
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
We no longer plan to support a split address space with
the kernel in high memory and per-process address spaces.
Because of this, we can simplify some things. System RAM
is now always identity mapped at boot.
We no longer require any virtual-to-physical translation
for page tables, and can remove the dual-mapping logic
from the page table generation script since we won't need
to transition the instruction point off of physical
addresses.
CONFIG_KERNEL_VM_BASE and CONFIG_KERNEL_VM_LIMIT
have been removed. The kernel's address space always
starts at CONFIG_SRAM_BASE_ADDRESS, of a fixed size
specified by CONFIG_KERNEL_VM_SIZE.
Driver MMIOs and other uses of k_mem_map() are still
virtually mapped, and the later introduction of demand
paging will result in only a subset of system RAM being
a fixed identity mapping instead of all of it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In order to be possible to debug usermode threads need to be able
issue breakpoint and debug exceptions. To do this it is necessary to
set DPL bits to, at least, the same CPL level.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Remove special handling of the ARM Cortex-M1 DesignStart FPGA reference
design running on the Digilent Arty after CONFIG_NUM_IRQS was reduced
from 8 to 7.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
We add a simple test-case for verifying the behavior of the
Cortex-M IRQ target state management. We add an additional
test only for TrustZone-enabled Cortex-M targets running
in Secure mode. We explicitly exclude ARMv8-M platforms that
enable Non-Secure FW build by default from running the test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Update the driver implementation to use nrfx_clock and nrfx_power
drivers. Update also revisions of the hal_nordic and nrf_hw_models
modules, so that it is actually possible to use those drivers.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
To debug hard-to-reproduce faults/panics, it's helpful to get the full
register state at the time a fault occurred. This enables recovering
full backtraces and the state of local variables at the time of a
crash.
This PR introduces a new Kconfig option, CONFIG_EXTRA_EXCEPTION_INFO,
to facilitate this use case. The option enables the capturing of the
callee-saved register state (r4-r11 & exc_return) during a fault. The
info is forwarded to `k_sys_fatal_error_handler` in the z_arch_esf_t
parameter. From there, the data can be saved for post-mortem analysis.
To test the functionality a new unit test was added to
tests/arch/arm_interrupt which verifies the register contents passed
in the argument match the state leading up to a crash.
Signed-off-by: Chris Coleman <chris@memfault.com>
For the moment, we validate the flags on all RAM pages,
ensure that NULL is never mapped, and show that dumping
page tables doesn't crash.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test covers private interfaces that don't exist any more.
This will be replaced by tests of arch_mem_map() that are not
x86-specific.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test is against infrastructure that no longer exists.
It will be replaced by generic tests for the mapping APIs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add support for the Cortex-M1 ARM DesignStart FPGA reference design
running on the Digilent Arty development board.
This board uses IRQ 7 (the last IRQ) as a level-detect non-interrupt
signal to determine whether the V2C-DAPLINK shield is installed. This
IRQ line is always pending when the shield is not installed. Use IRQ 6
instead.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
The Data Tightly Coupled Memory (DTCM) of the Cortex-M1 present in the
Cortex-M1 ARM DesignStart FPGA implementation is No-Execute (NX), so
__ramfunc linked in the DTCM will cause a hard fault when executed.
Use the Xilinx Block RAM (bram0) present in the reference design for
demonstrating __ramfunc instead.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Add a test that verifies basic ARCH-level functionality
when building Zephyr without support for multithreading.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test suite to validate the Software Vector Relaying
feature for Cortex-M architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes Cortex-M header inclusions from the deprecated paths.
The Cortex-M headers were relocated from `include/arch/arm/cortex_m` to
`include/arch/arm/aarch32/cortex_m` by the refactoring done in the
commit d048faacf2.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
... because it is (required).
This makes a difference when building with CMake and forgetting
ZEPHYR_BASE or not registering Zephyr in the CMake package registry.
In this particular case, REQUIRED turns this harmless looking log
statement:
-- Could NOT find Zephyr (missing: Zephyr_DIR)
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
-- Check for working C compiler: /usr/bin/cc
-- ...
-- ...
-- ...
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Error at CMakeLists.txt:8 (target_sources):
Cannot specify sources for target "app" which is not built by
this project.
... into this louder, clearer, faster and (last but not least) final
error:
CMake Error at CMakeLists.txt:5 (find_package):
Could not find a package configuration file provided by "Zephyr" with
any of the following names:
ZephyrConfig.cmake
zephyr-config.cmake
Add the installation prefix of "Zephyr" to CMAKE_PREFIX_PATH or set
"Zephyr_DIR" to a directory containing one of the above files. If
"Zephyr" provides a separate development package or SDK, be sure it
has been installed.
-- Configuring incomplete, errors occurred!
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Enhance the sample console output of the arm_interrupt
test, to reflect recent changes in test context as well
as kernel fault handling log output format.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We add a test case to verify that the Cortex-M fault
handling is able to catch stacking errors explicitly
due to exception entry frame stacking (that is, when
the Cortex-M MCU does not report Data Access Violation
MemManage fault with a valid MMFAR value, but only a
Stacking MemManage fault). We update the README file
accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This makes the up_squared board default to x86_64.
This also adds a new board, up_squared_32, for when 32-bit
is desired.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This commit renames the `arch.arm.swap.common.fp_sharing` tests to
`arch.arm.swap.common.fpu_sharing`, in order to align with the recent
`CONFIG_FP_SHARING` to `CONFIG_FPU_SHARING` renaming.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit renames the Kconfig `FP_SHARING` symbol to `FPU_SHARING`,
since this symbol specifically refers to the hardware FPU sharing
support by means of FPU context preservation, and the "FP" prefix is
not fully descriptive of that; leaving room for ambiguity.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit renames the Kconfig `FLOAT` symbol to `FPU`, since this
symbol only indicates that the hardware Floating Point Unit (FPU) is
used and does not imply and/or indicate the general availability of
toolchain-level floating point support (i.e. this symbol is not
selected when building for an FPU-less platform that supports floating
point operations through the toolchain-provided software floating point
library).
Moreover, given that the symbol that indicates the availability of FPU
is named `CPU_HAS_FPU`, it only makes sense to use "FPU" in the name of
the symbol that enables the FPU.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
We add a simple test case to verify the behavior
of z_arm_exc_spurious handler. We use the SysTick
interrupt for that so the test is enabled for
platforms that have but do not use the SysTick.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds a filter to restrict the `arch/arm/arm_runtime_nmi`
test to the ARM Cortex-M platforms only, since this test currently
does not support the Cortex-A and Cortex-R platforms.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Remove a side effect in an assertion check of the
expected reason after spurious interrupt handling.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This reverts commit 8739517107.
Pull Request #23437 was merged by mistake with an invalid manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
The set of interrupt stacks is now expressed as an array. We
also define the idle threads and their associated stacks this
way. This allows for iteration in cases where we have multiple
CPUs.
There is now a centralized declaration in kernel_internal.h.
On uniprocessor systems, z_interrupt_stacks has one element
and can be used in the same way as _interrupt_stack.
The IRQ stack for CPU 0 is now set in init.c instead of in
arch code.
The extern definition of the main thread stack is now removed,
this doesn't need to be in a header.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We extend the interrupt test for ARM Cortex-M so that
it can test the behavior of the spurious ISR handler.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Under Sharing FP registers mode we would like to verify the
correct preservation of FPSCR during thread context switch.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a simple test-suite which verifies the
internal (ARCH) implementation for user mode syscalls, as well
as the stack limit checking mechanism for ARMv8-M MCUS.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Distinguish between nRF51/nRF52 and nRF53 platforms in the
inline comments when definining the built-time asserts for
the test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The commit fixes the test for nRF5340-based platforms by
customizing the ISR offset and the IRQ vector table.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Interrupt routing on x86-64 is done entirely at runtime,
we should skip all 64-bit targets not just QEMU.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Ioannis Glaropoulos