Shrink the name of the hidden cortex-m option for the
null-pointer dereference detection feature.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the tfm tag to the arm_thread_swap_tz test,
since the test is running with TF-M by default.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Correct thee dt overlays for the STM32 boards, so the Zephyr
image starting address is in accordance with what TF-m expects
it to be.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Decrease the submitted work delay, to ensure that the PSA
crypto operation will be preempted when the work fires. The
modification is required for devices with fast crypto
operations. Also minor corrections to the test ase name,
so it is not the same with the other arm_thread_swap test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For testing secure->non-secure thread swapping.
This also tests that the FP context is correctly preserved
when calling a secure function.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This adds code to swap_helper.S which does special handling of LR when
the interrupt came from secure. The LR value is stored to memory, and
put back into LR when swapping back to the relevant thread.
Also, add special handling of FP state when switching from secure to
non-secure, since we don't know whether the original non-secure thread
(which called a secure service) was using FP registers, so we always
store them, just in case.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
When multithreading is off, kernel source files like sem.c (samphore
implementation) are not present in the build. Some platforms by default
fetch modules or drivers that are using multithreading primitives and
because of that fails to compile when multithreading is off.
Limit the test to only qemu platforms since test is arch specific.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Extend the stress test of stacking error, to cover
the case of an active FP context.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Check that the index returned by the function that looks
for an available IRQ line is non-negative, and do not just
rely on catching this with an ASSERT. That suppresses a
Coverity out-of-bounds warning.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Flag was present only when ZLI was enabled. That resulted in additional
ifdefs needed whenever code supports ZLI and non-ZLI mode.
Removed ifdefs, added build assert to irq connections to fail at
compile time if IRQ_ZERO_LATENCY is set but ZLI is disabled. Additional
clean up made which resulted from removing the ifdef.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
In the arch/arm test suite there are tests running with
CONFIG_NO_OPTIMIZATIONS enabled, and may require a
larger idle thread stack size.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Temporarily save and restore all callee-saved registers
in the sub-routine, not only the frame pointer, to avoid
errors if compiler chooses to use them in the alternative
thread function. The callee-saved regs are restored after
the alternative thread switches back in.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test case for the null pointer dereferencing detection
feature in Cortex-M. The test case is added in arm_interrupt
test suite and the README file is updated accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_psci test suite is specific to ARM64, while
all other test suites in tests/arch/arm directory
are supported in Cortex-M architecture only. We
move arm_psci to arm64 directory, effectively,
separating tests suites for AARCH32 and AARCH64.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Clear Floating Point Status and Control Register (FPSCR),
to prevent from having the interrupt line set to pending again,
in case FPU IRQ is selected by the test as "Available IRQ line"
Fixes#31982
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Enable interrupts before switching to main()
in cortex-m builds with single-thread mode
(CONFIG_MULTITHREADING=n).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
According to comment memset() should be used instead of memcpy().
There is no need to access to address 0x0.
Fixes#28691
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Some test suites depend on determining at run-time
an available IRQ line which can then be used to execute
the test suite. This logic cannot used if the available
IRQ line is not targeting the current security state.
Therefore, filter out the _ns Cortex-m boards from
running these tests suites (i.e. when building with
CONFIG_TRUSTED_EXECUTION_NONSECURE=y) since we can not
contol the target state of the NVIC interrupt lines.
These tests suites test generic ARM features, that do
not depend on TrustZone-M configuration, so it is OK
that they are only executed on ARM platforms without
the NONSECURE configration set.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the .yaml files in Cortex-M
test suites, by grouping the common configuration
under the common: section. This considerably cleans
up the test suite configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Read a volatile status into a local variable to
discard a side effect in assertion. This fixes
an issue reported by Coverity: CID: 214210.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To improve Zephyr security, I decided to create a test
test_after_syscall_cpu_scrubs_regs
I think necessary to check upon exit of a system call back
to the calling thread, the kernel scrubs CPU registers for sensitive
data.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Provide a TZ_SAFE_ENTRY_FUNC() macro for wrapping non-secure entry
functions in calls to k_sched_lock()/k_sched_unlock()
Provide a __TZ_WRAP_FUNC() macro which helps in creating a function
that "wraps" another in a preface and postface function call.
int foo(char *arg); // Implemented somewhere else.
int __attribute__((naked)) foo_wrapped(char *arg)
{
WRAP_FUNC(bar, foo, baz);
}
is equivalent to
int foo(char *arg); // Implemented somewhere else.
int foo_wrapped(char *arg)
{
bar();
int res = foo(arg);
baz();
return res;
}
This commit also adds tests for __TZ_WRAP_FUNC().
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
It should be nrfx_power_clock_irq_handler, not nrfx_clock_irq_handler.
The latter is only present as a function if both nrfx CLOCK and POWER
drivers are used and it is then called from the actual IRQ handler,
which is always named nrfx_power_clock_irq_handler (also when only
the nrfx CLOCK driver is used as in case of this test).
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Remove special handling of the ARM Cortex-M1 DesignStart FPGA reference
design running on the Digilent Arty after CONFIG_NUM_IRQS was reduced
from 8 to 7.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
We add a simple test-case for verifying the behavior of the
Cortex-M IRQ target state management. We add an additional
test only for TrustZone-enabled Cortex-M targets running
in Secure mode. We explicitly exclude ARMv8-M platforms that
enable Non-Secure FW build by default from running the test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update the driver implementation to use nrfx_clock and nrfx_power
drivers. Update also revisions of the hal_nordic and nrf_hw_models
modules, so that it is actually possible to use those drivers.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
To debug hard-to-reproduce faults/panics, it's helpful to get the full
register state at the time a fault occurred. This enables recovering
full backtraces and the state of local variables at the time of a
crash.
This PR introduces a new Kconfig option, CONFIG_EXTRA_EXCEPTION_INFO,
to facilitate this use case. The option enables the capturing of the
callee-saved register state (r4-r11 & exc_return) during a fault. The
info is forwarded to `k_sys_fatal_error_handler` in the z_arch_esf_t
parameter. From there, the data can be saved for post-mortem analysis.
To test the functionality a new unit test was added to
tests/arch/arm_interrupt which verifies the register contents passed
in the argument match the state leading up to a crash.
Signed-off-by: Chris Coleman <chris@memfault.com>
Add support for the Cortex-M1 ARM DesignStart FPGA reference design
running on the Digilent Arty development board.
This board uses IRQ 7 (the last IRQ) as a level-detect non-interrupt
signal to determine whether the V2C-DAPLINK shield is installed. This
IRQ line is always pending when the shield is not installed. Use IRQ 6
instead.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
The Data Tightly Coupled Memory (DTCM) of the Cortex-M1 present in the
Cortex-M1 ARM DesignStart FPGA implementation is No-Execute (NX), so
__ramfunc linked in the DTCM will cause a hard fault when executed.
Use the Xilinx Block RAM (bram0) present in the reference design for
demonstrating __ramfunc instead.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Add a test that verifies basic ARCH-level functionality
when building Zephyr without support for multithreading.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test suite to validate the Software Vector Relaying
feature for Cortex-M architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit fixes Cortex-M header inclusions from the deprecated paths.
The Cortex-M headers were relocated from `include/arch/arm/cortex_m` to
`include/arch/arm/aarch32/cortex_m` by the refactoring done in the
commit d048faacf2.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
... because it is (required).
This makes a difference when building with CMake and forgetting
ZEPHYR_BASE or not registering Zephyr in the CMake package registry.
In this particular case, REQUIRED turns this harmless looking log
statement:
-- Could NOT find Zephyr (missing: Zephyr_DIR)
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
-- Check for working C compiler: /usr/bin/cc
-- ...
-- ...
-- ...
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Error at CMakeLists.txt:8 (target_sources):
Cannot specify sources for target "app" which is not built by
this project.
... into this louder, clearer, faster and (last but not least) final
error:
CMake Error at CMakeLists.txt:5 (find_package):
Could not find a package configuration file provided by "Zephyr" with
any of the following names:
ZephyrConfig.cmake
zephyr-config.cmake
Add the installation prefix of "Zephyr" to CMAKE_PREFIX_PATH or set
"Zephyr_DIR" to a directory containing one of the above files. If
"Zephyr" provides a separate development package or SDK, be sure it
has been installed.
-- Configuring incomplete, errors occurred!
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Enhance the sample console output of the arm_interrupt
test, to reflect recent changes in test context as well
as kernel fault handling log output format.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
