This is another API that is being used in all timer drivers and is not
internal to the clock subsystem. Remove the leading z_ and make promote
it to a cross-subsystem API.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
In the arch/arm test suite there are tests running with
CONFIG_NO_OPTIMIZATIONS enabled, and may require a
larger idle thread stack size.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Temporarily save and restore all callee-saved registers
in the sub-routine, not only the frame pointer, to avoid
errors if compiler chooses to use them in the alternative
thread function. The callee-saved regs are restored after
the alternative thread switches back in.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
AArch64 has support for PSCI. This is especially useful for SMP because
PSCI is used to power on the secordary cores.
When the PSCI driver was introduced in Zephyr it was designed to rely on
a very PSCI-centric subsystem / interface.
There are two kinds of problems with this choice:
1. PSCI is only defined for the non-secure world and it is designed to
boot CPU cores into non-secure state (that means that PSCI is only
supposed to work if Zephyr is running in non-secure state)
2. There can be other ways or standards used to start / stop a core
different from PSCI
This patch is trying to fix the original wrong assumption by making the
interface / subsystem a generic one, called 'pm_cpu_ops', and using PSCI
only as an actual driver that is a user of this new interface /
subsystem.
For now the new subsystem is only exposing two methods: cpu_on and
cpu_off, others will probably follow according to the needs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Add a test case for the null pointer dereferencing detection
feature in Cortex-M. The test case is added in arm_interrupt
test suite and the README file is updated accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_psci test suite is specific to ARM64, while
all other test suites in tests/arch/arm directory
are supported in Cortex-M architecture only. We
move arm_psci to arm64 directory, effectively,
separating tests suites for AARCH32 and AARCH64.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Clear Floating Point Status and Control Register (FPSCR),
to prevent from having the interrupt line set to pending again,
in case FPU IRQ is selected by the test as "Available IRQ line"
Fixes#31982
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
All RAM may not be mapped. Check the mapping for the main kernel
image and the locore if it exists.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
All RAM may not be mapped. Check the mapping for the main kernel
image and the locore if it exists.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For a while now, we've had two APIC drivers. The older was preserved
initially as the new (much smaller, "new style") code didn't have
support for Quark interrupt handling. But that's long dead now. Just
remove it.
Note that this migrates the one board using this driver (acrn) to
CONFIG_APIC_TIMER instead.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add the new x86 board to the x86/info test list, and exclude it from
the cmsis_rtos_v2 test (something that seems to be needed for all 64
bit x86 architectures).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Show the page table layout for a user thread. This
may be somewhat different from a supervisor thread
especially if KPTI is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We provide an option for low-memory systems to use a single set
of page tables for all threads. This is only supported if
KPTI and SMP are disabled. This configuration saves a considerable
amount of RAM, especially if multiple memory domains are used,
at a cost of context switching overhead.
Some caching techniques are used to reduce the amount of context
switch updates; the page tables aren't updated if switching to
a supervisor thread, and the page table configuration of the last
user thread switched in is cached.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If KPTI is not enabled, then the US bit will be set for all
the default memory partitions in the _app_smem section.
The error printed when a mismatch occurs now shows the
expected flags.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adds the necessary bits to initialize TLS in the stack
area and sets up CPU registers during context switch.
Note that this does not enable TLS for all Xtensa SoC.
This is because Xtensa SoCs are highly configurable
so that each SoC can be considered a whole architecture.
So TLS needs to be enabled on the SoC level, instead of
at the arch level.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
No need to mix super short version of names with other structures
having full name. Let's follow a more relevant naming where each and
every attribute name is self-documenting then. (such as s/id/apic_id
etc...)
Also make CONFIG_ACPI usable through IS_ENABLED by enclosing exposed
functions with ifdef CONFIG_ACPI.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Enable interrupts before switching to main()
in cortex-m builds with single-thread mode
(CONFIG_MULTITHREADING=n).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
According to comment memset() should be used instead of memcpy().
There is no need to access to address 0x0.
Fixes#28691
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
For boards with (relatively) large memory, the test which dumps
page tables takes a long time to finish. The default timeout of
sanitycheck is not enough for those boards. UP Squared board is
such a board. So limits to pagetable dumping to boards with
less than 32MB.
Fixes#28548
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
To improve Zephyr security, I decided to create a test
to check upon exit of a system call back to the calling thread,
the kernel scrubs CPU registers for sensitive data.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Some test suites depend on determining at run-time
an available IRQ line which can then be used to execute
the test suite. This logic cannot used if the available
IRQ line is not targeting the current security state.
Therefore, filter out the _ns Cortex-m boards from
running these tests suites (i.e. when building with
CONFIG_TRUSTED_EXECUTION_NONSECURE=y) since we can not
contol the target state of the NVIC interrupt lines.
These tests suites test generic ARM features, that do
not depend on TrustZone-M configuration, so it is OK
that they are only executed on ARM platforms without
the NONSECURE configration set.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the .yaml files in Cortex-M
test suites, by grouping the common configuration
under the common: section. This considerably cleans
up the test suite configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Read a volatile status into a local variable to
discard a side effect in assertion. This fixes
an issue reported by Coverity: CID: 214210.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To improve Zephyr security, I decided to create a test
test_after_syscall_cpu_scrubs_regs
I think necessary to check upon exit of a system call back
to the calling thread, the kernel scrubs CPU registers for sensitive
data.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Provide a TZ_SAFE_ENTRY_FUNC() macro for wrapping non-secure entry
functions in calls to k_sched_lock()/k_sched_unlock()
Provide a __TZ_WRAP_FUNC() macro which helps in creating a function
that "wraps" another in a preface and postface function call.
int foo(char *arg); // Implemented somewhere else.
int __attribute__((naked)) foo_wrapped(char *arg)
{
WRAP_FUNC(bar, foo, baz);
}
is equivalent to
int foo(char *arg); // Implemented somewhere else.
int foo_wrapped(char *arg)
{
bar();
int res = foo(arg);
baz();
return res;
}
This commit also adds tests for __TZ_WRAP_FUNC().
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
It should be nrfx_power_clock_irq_handler, not nrfx_clock_irq_handler.
The latter is only present as a function if both nrfx CLOCK and POWER
drivers are used and it is then called from the actual IRQ handler,
which is always named nrfx_power_clock_irq_handler (also when only
the nrfx CLOCK driver is used as in case of this test).
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
We no longer plan to support a split address space with
the kernel in high memory and per-process address spaces.
Because of this, we can simplify some things. System RAM
is now always identity mapped at boot.
We no longer require any virtual-to-physical translation
for page tables, and can remove the dual-mapping logic
from the page table generation script since we won't need
to transition the instruction point off of physical
addresses.
CONFIG_KERNEL_VM_BASE and CONFIG_KERNEL_VM_LIMIT
have been removed. The kernel's address space always
starts at CONFIG_SRAM_BASE_ADDRESS, of a fixed size
specified by CONFIG_KERNEL_VM_SIZE.
Driver MMIOs and other uses of k_mem_map() are still
virtually mapped, and the later introduction of demand
paging will result in only a subset of system RAM being
a fixed identity mapping instead of all of it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
In order to be possible to debug usermode threads need to be able
issue breakpoint and debug exceptions. To do this it is necessary to
set DPL bits to, at least, the same CPL level.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Remove special handling of the ARM Cortex-M1 DesignStart FPGA reference
design running on the Digilent Arty after CONFIG_NUM_IRQS was reduced
from 8 to 7.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
We add a simple test-case for verifying the behavior of the
Cortex-M IRQ target state management. We add an additional
test only for TrustZone-enabled Cortex-M targets running
in Secure mode. We explicitly exclude ARMv8-M platforms that
enable Non-Secure FW build by default from running the test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
