There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* K_APP_DMEM_SECTION/K_MEM_BMEM_SECTION macros now exist
to specifically define the name of the sections for data
and bss respectively.
* All boards now use the gen_app_partitions.py script, the
padding hacks for non-power-of-two arches didn't work right
in all cases. Linker scripts have been updated.
* The defined k_mem_partition is now completely initialized
at build time. The region data structures now only exist
to zero BSS.
Based on some work submitted by Adithya Baglody
<adithya.baglody@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
add the handling of APP_SHARED_MEM.
privileged threads can access all the mem
explictly defined in user mode, i.e., APP_MEM & APP_SHARED_MEM
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The various linker scripts on arc would include autoconf.h in the arch
linker script but might have CONFIG_ symbols referenced in the soc
specific linker script. Move autoconf.h inclusion to top of the soc
specific linker script out of the arch specific one so we know
autoconf.h is seen before any CONFIG_ references.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The main function is just a weak function that should be override by the
applications if they need. Just adding a nop instructions to explicitly
says that this function does nothing.
MISRA-C rule 2.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Helper macro, MPU_ALIGN() is used by script
gen_app_partitions.py, so the macro needs to be available,
if the APP Shared memory feature is to be used. This commit
defines MPU_ALIGN() in the ARC linker.ld script.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves the app_data_alignment.ld scripts
under arch/arc sub-directory, as it is not not used
at all in ARM builds. The script is still used for
ARC, whose v2 MPU also has the reuquirement for
power-of-two size alignment.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We now place the linker directives for the SW ISR table
in the common linker scripts, instead of repeating it
everywhere.
The table will be placed in RAM if dynamic interrupts are
enabled.
A dedicated section is used, as this data must not move
in between build phases.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With newer linker for ARC we can possibly get a warning like:
real-ld: warning: orphan section `.ARC.attributes' from `(foo.o)'
being placed in section `.ARC.attributes'.
Fixes#11060
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
(Previous patch set was reverted due to issue with priv_stack.
Resubmitting after fixing the faults caused by priv_stack.noinit
not at the end of RAM.)
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Fixes#10473, #10474, #10515.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The function _arc_v2_irq_unit_is_in_isr computes a Boolean
value but the function returns a integer value.
Fix the return type of the function.
This makes the zephyr api _is_in_isr() return a boolean type.
Thereby making it consistent across all the architectures.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This adds a linker flag and necessary changes to linker scripts
so that linker will warn about orphan sections.
Relates to #5534.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This allows the SoC to specify some additional linker script
fragments into the bss, data and read-only data sections.
For example, the Cypress PSOC6 has a few input sections that
must be put into bss and data sections. Without specifying
these in the linker script, they are consider orphan sections
and the placement is based on linker heuristic which is
arbitrary.
POSIX is not supported as the main linker script is
provided by the host system's binutils and we have no control
over it. Also, currently Xtensa SoCs have their own linker
scripts so there is no need to this feature.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Instead of hardcoding in linker script, use a Kconfig and deal with
dependencies in Kconfig instead of directly in the linker file.
This patch moves both:
PRIVILEGED_STACK_TEXT_AREA
and
KOBJECT_TEXT_AREA
to arch/Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Split out the arch specific syscall code to reduce include pollution
from other arch related headers. For example on ARM its possible to get
errno.h included via SoC specific headers. Which created an interesting
compile issue because of the order of syscall & errno/errno syscall
inclusion.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
Shouldn't declare this and then pull in headers, fixes
error like "util.h:41:1: error: template with C linkage"
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The entry point can and therefore should be set by linker
scripts. Whenever possible one should express things in the source
language, be it .c or .ld, and not in code generators or in the build
system.
This patch removes the flag -eCONFIG_KERNEL_ENTRY from the linker's
command line and replaces it with the linker script command
ENTRY(CONFIG_KERNEL_ENTRY)
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This is a public macro which calculates the size to be allocated for
stacks inside a stack array. This is necessitated because of some
internal padding (e.g. for MPU scenarios). This is particularly
useful when a reference to K_THREAD_STACK_ARRAY_DEFINE needs to be
made from within a struct.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
All architecture defines OCTET_TO_SIZEOFUNIT and SIZEOFUNIT_TO_OCTET
as identity functions. But the only user is tests/benchmarks/app_kernel.
It's effectively a no-op. Remove them.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
* the original stack check codes have no consideration
for userspace case. This will wrong cause possible stack
check exception.
* this commit refactors the arc stack check support to
support the usperspace.
* this commit fixes#7885. All the failed tests in #7885
are run again to verify this commit. The test results are ok
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Because the address alignment of MPUv2, the address should
not only be aligned at the start but also for the array member.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
CONFIG_UART_NSIM depends on CONFIG_NSIM, which was removed in commit
9bc69a46fa ("boards: Update arc em_starterkit support from 2.2 to
2.3"). Remove the dependency, and also remove the CONFIG_NSIM=y setting
from the test_nsim test (which should now work).
Also change the condition for EXTERN()ing _VectorTable in
include/arch/arc/v2/linker.ld to check CONFIG_UART_NSIM instead of
CONFIG_NSIM. I'm guessing the EXTERN() is there to make the symbol
visible to nSIM, though I don't know anything about it.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The original exception handling has space to optimize and
and some bugs need to be fixed.
* define NANO_ESF
* add the definition of NANO_ESF which is an irq_stack_frame
* add the corresponding codes in exception entry and handler
* remove _default_esf
* implement the _ARCH_EXCEPT
* use trap exception to raise exception by kernel
* add corresponding trap exception entry
* add _do_kernel_oops to handle the exception raised by
_ARCH_EXCEPT.
* add the thread context switch in exception return
* case: kernel oops may raise thread context switch
* case: some tests will re-implement SysFatalHandler to raise
thread context switch.
* as the exception and isr are handled in kernel isr stack, so
the thread context switch must be in the return of exception/isr
, and the exception handler must return, should not be decorated
with FUNC_NORETURN
* for arc, _is_in_isr should consider the case of exception
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The new thread stack layout is as follow:
|---------------------|
| user stack |
|---------------------|
| stack guard (opt.) |
|---------------------|
| privilege stack |
-----------------------
For MPUv2
* user stack is aligned to the power of 2 of user stack size
* the stack guard is 2048 bytes
* the default size of privileg stack is 256 bytes.
For user thread, the following MPU regions are needded
* one region for user stack, no need of stack guard for user stack
* one region for stack guard when stack guard is enbaled
* regions for memory domain.
For kernel thread, the stack guard region will be at the top, adn
The user stack and privilege stack will be merged.
MPUv3 is the same as V2's layout, except no need of power of 2
alignment.
* reimplement the user mode enter function. Now it's possible for
kernel thread to drop privileg to user thread.
* add a separate entry for user thread
* bug fixes in the cleanup of regs when go to user mode
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The application memory area has a requirement of address alignment,
especially when MPU requires power of 2.
Modify the linker tmemplate to apply application memory address
alignment generation
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Enable us bit to check user mode more efficienly.
US is read as zero in user mode. This will allow use mode sleep
instructions, and it enables a form of denial-of-service attack
by putting the processor in sleep mode, but since interrupt
level/mask can't be set from user space that's not worse than
executing a loop without yielding.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add the implementation of syscall
* based on 'trap_s' intruction, id = 3
* add the privilege stack
* the privilege stack is allocted with thread stack
* for the kernel thread, the privilege stack is also a
part of thread stack, the start of stack can be configured
as stack guard
* for the user thread, no stack guard, when the user stack is
overflow, it will fall into kernel memory area which requires
kernel privilege, privilege violation will be raised
* modify the linker template and add MPU_ADDR_ALIGN
* add user space corresponding codes in mpu
* the user sp aux reg will be part of thread context
* When user thread is interruptted for the 1st time, the context is
saved in user stack (U bit of IRQ_CTLR is set to 1). When nest
interrupt comes, the context is saved in thread's privilege stack
* the arc_mpu_regions.c is moved to board folder, as it's board
specific
* the above codes have been tested through tests/kernel/mem_protect/
userspace for MPU version 2
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Refering the ARM's implementation, the initial support of memory
domain in ARC is added:
* changes in MPU drivers
* changes in Kconfig
* codes to configure memory domain during thread swap
* changes in linker script template
* memory domain related macro definitions
the commited codes are simply tested through
samples/mpu/mem_domain_apis_test.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
MPU version 3 is included in em7d of em_starterkit 2.3.
The differences of MPU version 3 and version 2 are:
* different aux reg interface
* The address alignment requirement is 32 bytes
* supports secure mode
* supports SID (option)
* does not support memory region overlap
This commit adds the support MPU version 3 and also make some changes to
MPU version 2 to have an unified interface.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
In ARC's SecureShield, a new secure mode (currently only em) is added.
The secure/normal mode is orthogonal to kernel/user mode. The
differences between secure mode and normal mode are following:
* different irq stack frame. so need to change the definition of
_irq_stack_frame, assembly code.
* new aux regs, e.g, secure status(SEC_STAT), secure vector base
(VECT_BASE_S)
* interrupts and exceptions, secure mode has its own vector base;
interrupt can be configured as secure or normal through the
interrupt priority aux reg.
* secure timers. Two secure timers (secure timer 0 and timer 1) are
added.Here, for simplicity and backwards compatibility original
internal timers (timer 0 and timer1) are used as sys clock of zephyr
* on reset, the processor is in secure mode and secure vector base is
used.
Note: the mix of secure and normal mode is not supported, i.e. it's
assumed that the processor is always in secure mode.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* apply STACK_GUARD_SIZE, no extra space will be added if
MPU_STACK_GUARD is disabled
* When ARC_STACK_CHECKING is enabled, MPU_STACK_GUARD will be
disabled
* add two new api: arc_core_mpu_default and arc_core_mpu_region
to configure mpu regions
* improve arc_core_mpu_enable and arc_core_mpu_disable
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
* add arc mpu driver
* modify the corresponding kconfig and kbuild
* currently only em_starterkit 2.2's em7d configuration
has mpu feature (mpu version 2)
* as the minimum region size of arc mpu version 2 is 2048 bytes and
region size should be power of 2, the stack size of threads
(including main thread and idle thread) should be at least
2048 bytes and power of 2
* for mpu stack guard feature, a stack guard region of 2048 bytes
is generated. This brings more memory footprint
* For arc mpu version 3, the minimum region size is 32 bytes.
* the codes are tested by the mpu_stack_guard_test and stackprot
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
