zephyr/arch/riscv/core/pmp.c

724 lines
21 KiB
C

/*
* Copyright (c) 2022 BayLibre, SAS
*
* SPDX-License-Identifier: Apache-2.0
*
* Physical Memory Protection (PMP) is RISC-V parlance for an MPU.
*
* The PMP is comprized of a number of entries or slots. This number depends
* on the hardware design. For each slot there is an address register and
* a configuration register. While each address register is matched to an
* actual CSR register, configuration registers are small and therefore
* several of them are bundled in a few additional CSR registers.
*
* PMP slot configurations are updated in memory to avoid read-modify-write
* cycles on corresponding CSR registers. Relevant CSR registers are always
* written in batch from their shadow copy in RAM for better efficiency.
*
* In the stackguard case we keep an m-mode copy for each thread. Each user
* mode threads also has a u-mode copy. This makes faster context switching
* as precomputed content just have to be written to actual registers with
* no additional processing.
*
* Thread-specific m-mode and u-mode PMP entries start from the PMP slot
* indicated by global_pmp_end_index. Lower slots are used by global entries
* which are never modified.
*/
#include <zephyr/kernel.h>
#include <kernel_internal.h>
#include <zephyr/linker/linker-defs.h>
#include <pmp.h>
#include <zephyr/sys/arch_interface.h>
#include <zephyr/arch/riscv/csr.h>
#define LOG_LEVEL CONFIG_MPU_LOG_LEVEL
#include <zephyr/logging/log.h>
LOG_MODULE_REGISTER(mpu);
#define PMP_DEBUG_DUMP 0
#ifdef CONFIG_64BIT
# define PR_ADDR "0x%016lx"
#else
# define PR_ADDR "0x%08lx"
#endif
#define PMP_TOR_SUPPORTED !IS_ENABLED(CONFIG_PMP_NO_TOR)
#define PMP_NA4_SUPPORTED !IS_ENABLED(CONFIG_PMP_NO_NA4)
#define PMP_NAPOT_SUPPORTED !IS_ENABLED(CONFIG_PMP_NO_NAPOT)
#define PMPCFG_STRIDE sizeof(unsigned long)
#define PMP_ADDR(addr) ((addr) >> 2)
#define NAPOT_RANGE(size) (((size) - 1) >> 1)
#define PMP_ADDR_NAPOT(addr, size) PMP_ADDR(addr | NAPOT_RANGE(size))
#define PMP_NONE 0
static void print_pmp_entries(unsigned int start, unsigned int end,
unsigned long *pmp_addr, unsigned long *pmp_cfg,
const char *banner)
{
uint8_t *pmp_n_cfg = (uint8_t *)pmp_cfg;
unsigned int index;
LOG_DBG("PMP %s:", banner);
for (index = start; index < end; index++) {
unsigned long start, end, tmp;
switch (pmp_n_cfg[index] & PMP_A) {
case PMP_TOR:
start = (index == 0) ? 0 : (pmp_addr[index - 1] << 2);
end = (pmp_addr[index] << 2) - 1;
break;
case PMP_NA4:
start = pmp_addr[index] << 2;
end = start + 3;
break;
case PMP_NAPOT:
tmp = (pmp_addr[index] << 2) | 0x3;
start = tmp & (tmp + 1);
end = tmp | (tmp + 1);
break;
default:
start = 0;
end = 0;
break;
}
if (end == 0) {
LOG_DBG("%3d: "PR_ADDR" 0x%02x", index,
pmp_addr[index],
pmp_n_cfg[index]);
} else {
LOG_DBG("%3d: "PR_ADDR" 0x%02x --> "
PR_ADDR"-"PR_ADDR" %c%c%c%s",
index, pmp_addr[index], pmp_n_cfg[index],
start, end,
(pmp_n_cfg[index] & PMP_R) ? 'R' : '-',
(pmp_n_cfg[index] & PMP_W) ? 'W' : '-',
(pmp_n_cfg[index] & PMP_X) ? 'X' : '-',
(pmp_n_cfg[index] & PMP_L) ? " LOCKED" : "");
}
}
}
static void dump_pmp_regs(const char *banner)
{
unsigned long pmp_addr[CONFIG_PMP_SLOTS];
unsigned long pmp_cfg[CONFIG_PMP_SLOTS / PMPCFG_STRIDE];
#define PMPADDR_READ(x) pmp_addr[x] = csr_read(pmpaddr##x)
FOR_EACH(PMPADDR_READ, (;), 0, 1, 2, 3, 4, 5, 6, 7);
#if CONFIG_PMP_SLOTS > 8
FOR_EACH(PMPADDR_READ, (;), 8, 9, 10, 11, 12, 13, 14, 15);
#endif
#undef PMPADDR_READ
#ifdef CONFIG_64BIT
pmp_cfg[0] = csr_read(pmpcfg0);
#if CONFIG_PMP_SLOTS > 8
pmp_cfg[1] = csr_read(pmpcfg2);
#endif
#else
pmp_cfg[0] = csr_read(pmpcfg0);
pmp_cfg[1] = csr_read(pmpcfg1);
#if CONFIG_PMP_SLOTS > 8
pmp_cfg[2] = csr_read(pmpcfg2);
pmp_cfg[3] = csr_read(pmpcfg3);
#endif
#endif
print_pmp_entries(0, CONFIG_PMP_SLOTS, pmp_addr, pmp_cfg, banner);
}
/**
* @brief Set PMP shadow register values in memory
*
* Register content is built using this function which selects the most
* appropriate address matching mode automatically. Note that the special
* case start=0 size=0 is valid and means the whole address range.
*
* @param index_p Location of the current PMP slot index to use. This index
* will be updated according to the number of slots used.
* @param perm PMP permission flags
* @param start Start address of the memory area to cover
* @param size Size of the memory area to cover
* @param pmp_addr Array of pmpaddr values (starting at entry 0).
* @param pmp_cfg Array of pmpcfg values (starting at entry 0).
* @param index_limit Index value representing the size of the provided arrays.
* @return true on success, false when out of free PMP slots.
*/
static bool set_pmp_entry(unsigned int *index_p, uint8_t perm,
uintptr_t start, size_t size,
unsigned long *pmp_addr, unsigned long *pmp_cfg,
unsigned int index_limit)
{
uint8_t *pmp_n_cfg = (uint8_t *)pmp_cfg;
unsigned int index = *index_p;
bool ok = true;
__ASSERT((start & 0x3) == 0, "misaligned start address");
__ASSERT((size & 0x3) == 0, "misaligned size");
if (index >= index_limit) {
LOG_ERR("out of PMP slots");
ok = false;
} else if (PMP_TOR_SUPPORTED &&
((index == 0 && start == 0) ||
(index != 0 && pmp_addr[index - 1] == PMP_ADDR(start)))) {
/* We can use TOR using only one additional slot */
pmp_addr[index] = PMP_ADDR(start + size);
pmp_n_cfg[index] = perm | PMP_TOR;
index += 1;
} else if (PMP_NA4_SUPPORTED && size == 4) {
pmp_addr[index] = PMP_ADDR(start);
pmp_n_cfg[index] = perm | PMP_NA4;
index += 1;
} else if (PMP_NAPOT_SUPPORTED &&
((size & (size - 1)) == 0) /* power of 2 */ &&
((start & (size - 1)) == 0) /* naturally aligned */ &&
(PMP_NA4_SUPPORTED || (size != 4))) {
pmp_addr[index] = PMP_ADDR_NAPOT(start, size);
pmp_n_cfg[index] = perm | PMP_NAPOT;
index += 1;
} else if (PMP_TOR_SUPPORTED && index + 1 >= index_limit) {
LOG_ERR("out of PMP slots");
ok = false;
} else if (PMP_TOR_SUPPORTED) {
pmp_addr[index] = PMP_ADDR(start);
pmp_n_cfg[index] = 0;
index += 1;
pmp_addr[index] = PMP_ADDR(start + size);
pmp_n_cfg[index] = perm | PMP_TOR;
index += 1;
} else {
LOG_ERR("inappropriate PMP range (start=%#lx size=%#zx)", start, size);
ok = false;
}
*index_p = index;
return ok;
}
/**
* @brief Write a range of PMP entries to corresponding PMP registers
*
* PMP registers are accessed with the csr instruction which only takes an
* immediate value as the actual register. This is performed more efficiently
* in assembly code (pmp.S) than what is possible with C code.
*
* Requirement: start < end && end <= CONFIG_PMP_SLOTS
*
* @param start Start of the PMP range to be written
* @param end End (exclusive) of the PMP range to be written
* @param clear_trailing_entries True if trailing entries must be turned off
* @param pmp_addr Array of pmpaddr values (starting at entry 0).
* @param pmp_cfg Array of pmpcfg values (starting at entry 0).
*/
extern void z_riscv_write_pmp_entries(unsigned int start, unsigned int end,
bool clear_trailing_entries,
const unsigned long *pmp_addr,
const unsigned long *pmp_cfg);
/**
* @brief Write a range of PMP entries to corresponding PMP registers
*
* This performs some sanity checks before calling z_riscv_write_pmp_entries().
*
* @param start Start of the PMP range to be written
* @param end End (exclusive) of the PMP range to be written
* @param clear_trailing_entries True if trailing entries must be turned off
* @param pmp_addr Array of pmpaddr values (starting at entry 0).
* @param pmp_cfg Array of pmpcfg values (starting at entry 0).
* @param index_limit Index value representing the size of the provided arrays.
*/
static void write_pmp_entries(unsigned int start, unsigned int end,
bool clear_trailing_entries,
unsigned long *pmp_addr, unsigned long *pmp_cfg,
unsigned int index_limit)
{
__ASSERT(start < end && end <= index_limit &&
index_limit <= CONFIG_PMP_SLOTS,
"bad PMP range (start=%u end=%u)", start, end);
/* Be extra paranoid in case assertions are disabled */
if (start >= end || end > index_limit) {
k_panic();
}
if (clear_trailing_entries) {
/*
* There are many config entries per pmpcfg register.
* Make sure to clear trailing garbage in the last
* register to be written if any. Remaining registers
* will be cleared in z_riscv_write_pmp_entries().
*/
uint8_t *pmp_n_cfg = (uint8_t *)pmp_cfg;
unsigned int index;
for (index = end; index % PMPCFG_STRIDE != 0; index++) {
pmp_n_cfg[index] = 0;
}
}
print_pmp_entries(start, end, pmp_addr, pmp_cfg, "register write");
#ifdef CONFIG_QEMU_TARGET
/*
* A QEMU bug may create bad transient PMP representations causing
* false access faults to be reported. Work around it by setting
* pmp registers to zero from the update start point to the end
* before updating them with new values.
* The QEMU fix is here with more details about this bug:
* https://lists.gnu.org/archive/html/qemu-devel/2022-06/msg02800.html
*/
static const unsigned long pmp_zero[CONFIG_PMP_SLOTS] = { 0, };
z_riscv_write_pmp_entries(start, CONFIG_PMP_SLOTS, false,
pmp_zero, pmp_zero);
#endif
z_riscv_write_pmp_entries(start, end, clear_trailing_entries,
pmp_addr, pmp_cfg);
}
/**
* @brief Abstract the last 3 arguments to set_pmp_entry() and
* write_pmp_entries( for m-mode.
*/
#define PMP_M_MODE(thread) \
thread->arch.m_mode_pmpaddr_regs, \
thread->arch.m_mode_pmpcfg_regs, \
ARRAY_SIZE(thread->arch.m_mode_pmpaddr_regs)
/**
* @brief Abstract the last 3 arguments to set_pmp_entry() and
* write_pmp_entries( for u-mode.
*/
#define PMP_U_MODE(thread) \
thread->arch.u_mode_pmpaddr_regs, \
thread->arch.u_mode_pmpcfg_regs, \
ARRAY_SIZE(thread->arch.u_mode_pmpaddr_regs)
/*
* This is used to seed thread PMP copies with global m-mode cfg entries
* sharing the same cfg register. Locked entries aren't modifiable but
* we could have non-locked entries here too.
*/
static unsigned long global_pmp_cfg[1];
static unsigned long global_pmp_last_addr;
/* End of global PMP entry range */
static unsigned int global_pmp_end_index;
/**
* @Brief Initialize the PMP with global entries on each CPU
*/
void z_riscv_pmp_init(void)
{
unsigned long pmp_addr[4];
unsigned long pmp_cfg[1];
unsigned int index = 0;
/* The read-only area is always there for every mode */
set_pmp_entry(&index, PMP_R | PMP_X | PMP_L,
(uintptr_t)__rom_region_start,
(size_t)__rom_region_size,
pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
#ifdef CONFIG_NULL_POINTER_EXCEPTION_DETECTION_PMP
/*
* Use a PMP slot to make region (starting at address 0x0) inaccessible
* for detecting null pointer dereferencing.
*/
set_pmp_entry(&index, PMP_NONE | PMP_L,
0,
CONFIG_NULL_POINTER_EXCEPTION_REGION_SIZE,
pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
#endif
#ifdef CONFIG_PMP_STACK_GUARD
/*
* Set the stack guard for this CPU's IRQ stack by making the bottom
* addresses inaccessible. This will never change so we do it here
* and lock it too.
*/
set_pmp_entry(&index, PMP_NONE | PMP_L,
(uintptr_t)z_interrupt_stacks[_current_cpu->id],
Z_RISCV_STACK_GUARD_SIZE,
pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
#endif
write_pmp_entries(0, index, true, pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
#ifdef CONFIG_SMP
#ifdef CONFIG_PMP_STACK_GUARD
/*
* The IRQ stack guard area is different for each CPU.
* Make sure TOR entry sharing won't be attempted with it by
* remembering a bogus address for those entries.
*/
pmp_addr[index - 1] = -1L;
#endif
/* Make sure secondary CPUs produced the same values */
if (global_pmp_end_index != 0) {
__ASSERT(global_pmp_end_index == index, "");
__ASSERT(global_pmp_cfg[0] == pmp_cfg[0], "");
__ASSERT(global_pmp_last_addr == pmp_addr[index - 1], "");
}
#endif
global_pmp_cfg[0] = pmp_cfg[0];
global_pmp_last_addr = pmp_addr[index - 1];
global_pmp_end_index = index;
if (PMP_DEBUG_DUMP) {
dump_pmp_regs("initial register dump");
}
}
/**
* @Brief Initialize the per-thread PMP register copy with global values.
*/
static inline unsigned int z_riscv_pmp_thread_init(unsigned long *pmp_addr,
unsigned long *pmp_cfg,
unsigned int index_limit)
{
ARG_UNUSED(index_limit);
/*
* Retrieve pmpcfg0 partial content from global entries.
*/
pmp_cfg[0] = global_pmp_cfg[0];
/*
* Retrieve the pmpaddr value matching the last global PMP slot.
* This is so that set_pmp_entry() can safely attempt TOR with it.
*/
pmp_addr[global_pmp_end_index - 1] = global_pmp_last_addr;
return global_pmp_end_index;
}
#ifdef CONFIG_PMP_STACK_GUARD
/**
* @brief Prepare the PMP stackguard content for given thread.
*
* This is called once during new thread creation.
*/
void z_riscv_pmp_stackguard_prepare(struct k_thread *thread)
{
unsigned int index = z_riscv_pmp_thread_init(PMP_M_MODE(thread));
uintptr_t stack_bottom;
/* make the bottom addresses of our stack inaccessible */
stack_bottom = thread->stack_info.start - K_KERNEL_STACK_RESERVED;
#ifdef CONFIG_USERSPACE
if (thread->arch.priv_stack_start != 0) {
stack_bottom = thread->arch.priv_stack_start;
} else if (z_stack_is_user_capable(thread->stack_obj)) {
stack_bottom = thread->stack_info.start - K_THREAD_STACK_RESERVED;
}
#endif
set_pmp_entry(&index, PMP_NONE,
stack_bottom, Z_RISCV_STACK_GUARD_SIZE,
PMP_M_MODE(thread));
/*
* We'll be using MPRV. Make a fallback entry with everything
* accessible as if no PMP entries were matched which is otherwise
* the default behavior for m-mode without MPRV.
*/
set_pmp_entry(&index, PMP_R | PMP_W | PMP_X,
0, 0, PMP_M_MODE(thread));
#ifdef CONFIG_QEMU_TARGET
/*
* Workaround: The above produced 0x1fffffff which is correct.
* But there is a QEMU bug that prevents it from interpreting this
* value correctly. Hardcode the special case used by QEMU to
* bypass this bug for now. The QEMU fix is here:
* https://lists.gnu.org/archive/html/qemu-devel/2022-04/msg00961.html
*/
thread->arch.m_mode_pmpaddr_regs[index-1] = -1L;
#endif
/* remember how many entries we use */
thread->arch.m_mode_pmp_end_index = index;
}
/**
* @brief Write PMP stackguard content to actual PMP registers
*
* This is called on every context switch.
*/
void z_riscv_pmp_stackguard_enable(struct k_thread *thread)
{
LOG_DBG("pmp_stackguard_enable for thread %p", thread);
/*
* Disable (non-locked) PMP entries for m-mode while we update them.
* While at it, also clear MSTATUS_MPP as it must be cleared for
* MSTATUS_MPRV to be effective later.
*/
csr_clear(mstatus, MSTATUS_MPRV | MSTATUS_MPP);
/* Write our m-mode MPP entries */
write_pmp_entries(global_pmp_end_index, thread->arch.m_mode_pmp_end_index,
false /* no need to clear to the end */,
PMP_M_MODE(thread));
if (PMP_DEBUG_DUMP) {
dump_pmp_regs("m-mode register dump");
}
/* Activate our non-locked PMP entries in m-mode */
csr_set(mstatus, MSTATUS_MPRV);
}
#endif /* CONFIG_PMP_STACK_GUARD */
#ifdef CONFIG_USERSPACE
/**
* @brief Initialize the usermode portion of the PMP configuration.
*
* This is called once during new thread creation.
*/
void z_riscv_pmp_usermode_init(struct k_thread *thread)
{
/* Only indicate that the u-mode PMP is not prepared yet */
thread->arch.u_mode_pmp_end_index = 0;
}
/**
* @brief Prepare the u-mode PMP content for given thread.
*
* This is called once before making the transition to usermode.
*/
void z_riscv_pmp_usermode_prepare(struct k_thread *thread)
{
unsigned int index = z_riscv_pmp_thread_init(PMP_U_MODE(thread));
LOG_DBG("pmp_usermode_prepare for thread %p", thread);
/* Map the usermode stack */
set_pmp_entry(&index, PMP_R | PMP_W,
thread->stack_info.start, thread->stack_info.size,
PMP_U_MODE(thread));
thread->arch.u_mode_pmp_domain_offset = index;
thread->arch.u_mode_pmp_end_index = index;
thread->arch.u_mode_pmp_update_nr = 0;
}
/**
* @brief Convert partition information into PMP entries
*/
static void resync_pmp_domain(struct k_thread *thread,
struct k_mem_domain *domain)
{
unsigned int index = thread->arch.u_mode_pmp_domain_offset;
int p_idx, remaining_partitions;
bool ok;
k_spinlock_key_t key = k_spin_lock(&z_mem_domain_lock);
remaining_partitions = domain->num_partitions;
for (p_idx = 0; remaining_partitions > 0; p_idx++) {
struct k_mem_partition *part = &domain->partitions[p_idx];
if (part->size == 0) {
/* skip empty partition */
continue;
}
remaining_partitions--;
if (part->size < 4) {
/* * 4 bytes is the minimum we can map */
LOG_ERR("non-empty partition too small");
__ASSERT(false, "");
continue;
}
ok = set_pmp_entry(&index, part->attr.pmp_attr,
part->start, part->size, PMP_U_MODE(thread));
__ASSERT(ok,
"no PMP slot left for %d remaining partitions in domain %p",
remaining_partitions + 1, domain);
}
thread->arch.u_mode_pmp_end_index = index;
thread->arch.u_mode_pmp_update_nr = domain->arch.pmp_update_nr;
k_spin_unlock(&z_mem_domain_lock, key);
}
/**
* @brief Write PMP usermode content to actual PMP registers
*
* This is called on every context switch.
*/
void z_riscv_pmp_usermode_enable(struct k_thread *thread)
{
struct k_mem_domain *domain = thread->mem_domain_info.mem_domain;
LOG_DBG("pmp_usermode_enable for thread %p with domain %p", thread, domain);
if (thread->arch.u_mode_pmp_end_index == 0) {
/* z_riscv_pmp_usermode_prepare() has not been called yet */
return;
}
if (thread->arch.u_mode_pmp_update_nr != domain->arch.pmp_update_nr) {
/*
* Resynchronize our PMP entries with
* the latest domain partition information.
*/
resync_pmp_domain(thread, domain);
}
#ifdef CONFIG_PMP_STACK_GUARD
/* Make sure m-mode PMP usage is disabled before we reprogram it */
csr_clear(mstatus, MSTATUS_MPRV);
#endif
/* Write our u-mode MPP entries */
write_pmp_entries(global_pmp_end_index, thread->arch.u_mode_pmp_end_index,
true /* must clear to the end */,
PMP_U_MODE(thread));
if (PMP_DEBUG_DUMP) {
dump_pmp_regs("u-mode register dump");
}
}
int arch_mem_domain_max_partitions_get(void)
{
int available_pmp_slots = CONFIG_PMP_SLOTS;
/* remove those slots dedicated to global entries */
available_pmp_slots -= global_pmp_end_index;
/*
* User thread stack mapping:
* 1 slot if CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT=y,
* most likely 2 slots otherwise.
*/
available_pmp_slots -=
IS_ENABLED(CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT) ? 1 : 2;
/*
* Each partition may require either 1 or 2 PMP slots depending
* on a couple factors that are not known in advance. Even when
* arch_mem_domain_partition_add() is called, we can't tell if a
* given partition will fit in the remaining PMP slots of an
* affected thread if it hasn't executed in usermode yet.
*
* Give the most optimistic answer here (which should be pretty
* accurate if CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT=y) and be
* prepared to deny availability in resync_pmp_domain() if this
* estimate was too high.
*/
return available_pmp_slots;
}
int arch_mem_domain_init(struct k_mem_domain *domain)
{
domain->arch.pmp_update_nr = 0;
return 0;
}
int arch_mem_domain_partition_add(struct k_mem_domain *domain,
uint32_t partition_id)
{
/* Force resynchronization for every thread using this domain */
domain->arch.pmp_update_nr += 1;
return 0;
}
int arch_mem_domain_partition_remove(struct k_mem_domain *domain,
uint32_t partition_id)
{
/* Force resynchronization for every thread using this domain */
domain->arch.pmp_update_nr += 1;
return 0;
}
int arch_mem_domain_thread_add(struct k_thread *thread)
{
/* Force resynchronization for this thread */
thread->arch.u_mode_pmp_update_nr = 0;
return 0;
}
int arch_mem_domain_thread_remove(struct k_thread *thread)
{
return 0;
}
#define IS_WITHIN(inner_start, inner_size, outer_start, outer_size) \
((inner_start) >= (outer_start) && (inner_size) <= (outer_size) && \
((inner_start) - (outer_start)) <= ((outer_size) - (inner_size)))
int arch_buffer_validate(void *addr, size_t size, int write)
{
uintptr_t start = (uintptr_t)addr;
int ret = -1;
/* Check if this is on the stack */
if (IS_WITHIN(start, size,
_current->stack_info.start, _current->stack_info.size)) {
return 0;
}
/* Check if this is within the global read-only area */
if (!write) {
uintptr_t ro_start = (uintptr_t)__rom_region_start;
size_t ro_size = (size_t)__rom_region_size;
if (IS_WITHIN(start, size, ro_start, ro_size)) {
return 0;
}
}
/* Look for a matching partition in our memory domain */
struct k_mem_domain *domain = _current->mem_domain_info.mem_domain;
int p_idx, remaining_partitions;
k_spinlock_key_t key = k_spin_lock(&z_mem_domain_lock);
remaining_partitions = domain->num_partitions;
for (p_idx = 0; remaining_partitions > 0; p_idx++) {
struct k_mem_partition *part = &domain->partitions[p_idx];
if (part->size == 0) {
/* unused partition */
continue;
}
remaining_partitions--;
if (!IS_WITHIN(start, size, part->start, part->size)) {
/* unmatched partition */
continue;
}
/* partition matched: determine access result */
if ((part->attr.pmp_attr & (write ? PMP_W : PMP_R)) != 0) {
ret = 0;
}
break;
}
k_spin_unlock(&z_mem_domain_lock, key);
return ret;
}
#endif /* CONFIG_USERSPACE */