This commit implements the build-in interrupt stack protection
via the native MSPLIM register in ARMv8-M MCUs that support the
Main Extension. Main stack pointer overflows will cause Stack
Overflow UsageFaults. In addition, the commit introduces a new
config option, BUILTIN_STACK_GUARD, allowing the user to enable
and use the built-in stack protection in ARMv8-M firmware.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes the implementation of the SecureFault
handling for ARMv8-M-based Cortex-M33. The implementation is
compiled conditionally with compile-time directive
CONFIG_ARM_SECURE_FIRMWARE, which is to signify the intention to
build a Secure image on ARMv8-M with Security Extensions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the unnecessary asm inline header for ARM.
It also adapts the stack.h and exc.h to use the ARM CMSIS inline
functions to access the IPSR and MSP registers.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch fixes calculations for the top of the interrupt and main
stacks. Due to power of two alignment requirements for certain MPUs,
the guard size must be taken into account due to the guard being
counted against the initial stack size.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch fixes a couple of issues with the stack guard size and
properly constructs the STACK_ALIGN and STACK_ALIGN_SIZE definitions.
The ARM AAPCS requires that the stack pointers be 8 byte aligned. The
STACK_ALIGN_SIZE definition is meant to contain the stack pointer
alignment requirements. This is the required alignment at public API
boundaries (ie stack frames).
The STACK_ALIGN definition is the required alignment for the start
address for stack buffer storage. STACK_ALIGN is used to validate
the allocation sizes for stack buffers.
The MPU_GUARD_ALIGN_AND_SIZE definition is the minimum alignment and
size for the MPU. The minimum size and alignment just so happen to be
32 bytes for vanilla ARM MPU implementations.
When defining stack buffers, the stack guard alignment requirements
must be taken into consideration when allocating the stack memory.
The __align() must be filled in with either STACK_ALIGN_SIZE or the
align/size of the MPU stack guard. The align/size for the guard region
will be 0 when CONFIG_MPU_STACK_GUARD is not set, and 32 bytes when it
is.
The _ARCH_THREAD_STACK_XXXXXX APIs need to know the minimum alignment
requirements for the stack buffer memory and the stack guard size to
correctly allocate and reference the stack memory. This is reflected
in the macros with the use of the STACK_ALIGN definition and the
MPU_GUARD_ALIGN_AND_SIZE definition.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Put the reason code in r0 and make a SVC #2 call, which will be
propagated to _fatal_error_handler as an exception.
The _is_in_isr() implementation had to be tweaked a bit. User-generated
SVC exception no longer just used for irq_offload(); just because we are
in it does not mean we are in interrupt context. Instead, have the
irq_offload code set and clear the offload_routine global; it will be
non-NULL only if it's in use. Upcoming changes to support memory
protection (which will require system calls) will need this too.
We free up some small amount of ROM deleting _default_esf struct as it's
no longer needed.
Issue: ZEP-843
Change-Id: Ie82bd708575934cffe41e64f5c128c8704ca4e48
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The ICSR RETTOBASE bit is improperly implemented in QEMU (the polarity
is flipped) and the fix for it has not yet made it into a QEMU release,
although it is present in upstream master branch.
The symptom is that if we are not in thread mode, the system always
believes were are in a nested exception state, causing _IsInIsr() to
always return true.
Skip the nested exception check if we are building for QEMU.
This is a workaround until SDK-54 is resolved.
Issue: SDK-54
Change-Id: I06eafcc85fb76a9b23b4ba85ed6e111a08516231
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. There are few places we dont convert over to the new
types because of compatiability with ext/HALs or for ease of transition
at this point. Fixup a few of the PRI formatters so we build with newlib.
Jira: ZEP-2051
Change-Id: I7d2d3697cad04f20aaa8f6e77228f502cd9c8286
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The previous code incorrectly used the value 0xfe to clear the mem and
bus faults. It attempted to handle the address register valid bits
separately, but reversed the bit order.
Jira: ZEP-1568
Change-Id: I240d072610af9979ca93c0081ed862df08929372
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
A number of SoCs clear out the Mem/Bus/Usage and Hard Fault exceptions
during init. Lets refactor that into a common function so we don't have
to keep duplicating it over and over.
Change-Id: Ida908a9092db37447abcf3c9872f36937982f729
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace _ScbExcPrioSet with calls to NVIC_SetPriority as it handles both
interrupt and exception priorities. We don't need to shift around the
priority values for NVIC_SetPriority.
Jira: ZEP-1568
Change-Id: Iccd68733c3f7faa82b7ccb17200eef328090b6da
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The cortex-m7 is an implementation of armv7-m. Adjust the Kconfig
support for cortex-m7 to reflect this and drop the unnecessary,
explicit, conditional compilation.
Change-Id: I6ec20e69c8c83c5a80b1f714506f7f9e295b15d5
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Precursor patches have arranged that conditional compilation hanging
on CONFIG_CPU_CORTEX_M3_M4 provides support for ARMv7-M, rename the
config variable to reflect this.
Change-Id: Ifa56e3c1c04505d061b2af3aec9d8b9e55b5853d
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
Precursor patches have arranged all conditional compilation hanging on
CONFIG_CPU_CORTEX_M0_M0PLUS such that it actually represents support
for ARM ARMv6-M, rename the config variable to reflect this.
Change-Id: I553fcf3e606b350a9e823df31bac96636be1504f
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The ARM code base provides for three mutually exclusive ARM
architecture related conditional compilation choices. M0_M0PLUS,
M3_M4 and M7. Throughout the code base we have conditional
compilation gated around these three choices. Adjust the form of this
conditional compilation to adopt a uniform structure. The uniform
structure always selects code based on the definition of an
appropriate config option rather the the absence of a definition.
Removing the extensive use of #else ensures that when support for
other ARM architecture versions is added we get hard compilation
failures rather than attempting to compile inappropriate code for the
added architecture with unexpected runtime consequences.
Adopting this uniform structure makes it straight forward to replace
the adhoc CPU_CORTEX_M3_M4 and CPU_CORTEX_M0_M0PLUS configuration
variables with ones that directly represent the actual underlying ARM
architectures we provide support for. This change also paves the way
for folding adhoc conditional compilation related to CPU_CORTEX_M7
directly in support for ARMv7-M.
This change is mechanical in nature involving two transforms:
1)
#if !defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
is transformed to:
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
#elif defined(CONFIG_CPU_CORTEX_M3_M4) || defined(CONFIG_CPU_CORTEX_M7)
...
2)
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
#else
...
#endif
is transformed to:
#if defined(CONFIG_CPU_CORTEX_M0_M0PLUS)
...
#elif defined(CONFIG_CPU_CORTEX_M3_M4) || defined(CONFIG_CPU_CORTEX_M7)
...
#else
#error Unknown ARM architecture
#endif
Change-Id: I7229029b174da3a8b3c6fb2eec63d776f1d11e24
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
The Cortex-M0(+) and in general processors that support only the ARMv6-M
instruction set have a reduced set of registers and fields compared to
the ARMv7-M compliant processors.
This change goes through all core registers and disables or removes
everything that is not part of the ARMv6-M architecture when compiling
for Cortex-M0.
Jira: ZEP-1497
Change-id: I13e2637bb730e69d02f2a5ee687038dc69ad28a8
Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The Cortex-M3/4 kernel was reserving priorities 0 and 1 for itself, but
was not registering any exception on priority 0. Only reserve priority 0
and use it for SVC and fault exceptions instead of priority 1.
Change-Id: Iff2405e27fd4bed4e49ab90ec2ae984f2c0a83a6
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
There was a lot of duplication between architectures for the definition
of threads and the "nanokernel" guts. These have been consolidated.
Now, a common file kernel/unified/include/kernel_structs.h holds the
common definitions. Architectures provide two files to complement it:
kernel_arch_data.h and kernel_arch_func.h. The first one contains at
least the struct _thread_arch and struct _kernel_arch data structures,
as well as the struct _callee_saved and struct _caller_saved register
layouts. The second file contains anything that needs what is provided
by the common stuff in kernel_structs.h. Those two files are only meant
to be included in kernel_structs.h in very specific locations.
The thread data structure has been separated into three major parts:
common struct _thread_base and struct k_thread, and arch-specific struct
_thread_arch. The first and third ones are included in the second.
The struct s_NANO data structure has been split into two: common struct
_kernel and arch-specific struct _kernel_arch. The latter is included in
the former.
Offsets files have also changed: nano_offsets.h has been renamed
kernel_offsets.h and is still included by the arch-specific offsets.c.
Also, since the thread and kernel data structures are now made of
sub-structures, offsets have to be added to make up the full offset.
Some of these additions have been consolidated in shorter symbols,
available from kernel/unified/include/offsets_short.h, which includes an
arch-specific offsets_arch_short.h. Most of the code include
offsets_short.h now instead of offsets.h.
Change-Id: I084645cb7e6db8db69aeaaf162963fe157045d5a
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Not disabling SysTick as it is optional by the spec.
SVC not used as there is no priority-based interrupt masking (only
PendSV is used).
Largely based on a previous work done by Euan Mutch <euan@abelon.com>.
Jira: ZEP-783
Change-Id: I38e29bfcf0624c1aea5f9fd7a74230faa1b59e8b
Signed-off-by: Ricardo Salveti <ricardo.salveti@linaro.org>
Adds extern "C" { } blocks to header files so that they can be
safely used by C++ source files.
Change-Id: Ia4db0c36a5dac5d3de351184a297d2af0df64532
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Removed old style file description and documnetation and apply
doxygen synatx.
Change-Id: I3ac9f06d4f574bf3c79c6f6044cec3a7e2f6e4c8
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Software interrupts or system calls aren't really appropriate for
zephyr, but we have an ongoing need in our test code to run a
function with arguments synchronously in interrupt context.
This patch introduces irq_offload() which allows us to do this without
separate initialization or having to manage fake IRQs in the
interrupt controller.
ARM assembly code contributed by Benjamin Walsh
<benjamin.walsh@windriver.com>
ARC is not yet implemented but will be in a subsequent patch.
irq_test_common.h has been removed and all test cases updated to
use the new API.
Change-Id: I9af99ed31b62bc7eb340e32cf65e3d11354d1ec7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The \NOMANUAL tag is a remnant from days of yore and is no longer
needed or useful. Cleaning up the code references to this.
Change-Id: I1b8cc9c9560d1dbb711f05fa63fd23386789875c
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Change-Id: I6da43e41f9c6efee577b70513ec368ae3cce0144
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Change all the Intel and Wind River code license from BSD-3 to Apache 2.
Change-Id: Id8be2c1c161a06ea8a0b9f38e17660e11dbb384b
Signed-off-by: Javier B Perez Hernandez <javier.b.perez.hernandez@linux.intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
All supported platforms have descending stack (growth direction is
down). To avoid confusion just remove not needed stack direction
defines.
If new platform with stack direction up is added is should be
configured by adding Kconfig option eg STACK_GROWS_UP and
CONFIG_STACK_GROWS_UP should be used in code that depends on
stack growth direction.
Change-Id: I786ff1ab28d8f8bad3f6d1bbe64defc0e81d1707
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Ioannis Glaropoulos