Commit a2cfb8431d ("arch: arm: Add code for swapping threads between
secure and non-secure") changed the mode variable in the _thread_arch to
be defined by ARM_STORE_EXC_RETURN or USERSPACE. The generated offset
define for mode was enabled by FPU_SHARING or USERSPACE. This broke
Cortex-R with FPU, but with ARM_STORE_EXC_RETURN disabled. Reconcile
the checks.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
This is a strange one: The printing code pushes a floating point
register, and is called during the mpu falt. If the floating point
registers are lazily stacked, this fp push can cause another mpu
fault to be pending during the current mpu fault, and tail chained
without returning to PendSV. Since we're already cleaning up the
fp execption reason, we might as well also clean up thisp pending,
spurious mpu exception.
Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
If an SVC was pending during the stack overflow, it will run
after the return of the memory manage fault. To the SVC's misfortune of
the SVC handler, the it's invariant, that PSP point to the
hardware-stacked context is no longer valid. When the user has a
k_sys_fatal_error_handler that tries to kill the thread that caused a
stack overflow, this manifests as the svc reading the memory of whatever
is on the stack after being adjusted by the mem manage fault handler, and
that leads to unending, spurious hard faults, locking up the system.
This patch prevents that.
Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
The incorrect sequence will cause the thread cannot be aborted in the
ISR context. The following test case failed:
tests/kernel/fatal/exception/kernel.common.stack_sentinel.
The stack sentinel detects the stack overflow as normal during a timer
ISR exit. Note that, currently, the stack overflow detection is behind
the context switch checking, and then the detection will call svc to
raise a fatal error resulting in increasing the nested counter(+1). At
this point, it needs a context switch to finally abort the thread.
However, after the fatal error handling, the program cannot do a context
switch either during the svc exit[1], or during the timer ISR exit[2].
[1] is because the svc context is in an interrupt nested state (the
nested counter is 2).
[2] is because the current point (after svc context pop out) is right
behind the switch checking.
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
ARMv8-R allows to set the vector table address using VBAR
register, so there is no need to relocate it.
Move away vector_table setting from reset.S and move it to
relocate vector table function as it's done for Cortex-M
CPU.
Signed-off-by: Julien Massot <julien.massot@iot.bzh>
The ARMv8-R processors always boot into Hyp mode (EL2)
To enter EL1:
Program the HACTLR register because it defaults
to only allowing EL2 accesses. HACTLR controls
whether EL1 can access memory region registers and CPUACTLR.
Program the SPSR before entering EL1.
Other registers default to allowing accesses at EL1 from reset.
Set VBAR to the correct location for the vector table.
Set ELR to point to the entry point of the EL1 code and call ERET.
Signed-off-by: Julien Massot <julien.massot@iot.bzh>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Change the CPU_CORTEX_R kconfig option to CPU_AARCH32_CORTEX_R to
distinguish the armv7 version from the armv8 version of Cortex-R.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
This was introduced when trying to fix a previous merge conflict. It
broke userspace tests on nucleo_l073rz.
Fixes#42627
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
These functions help the code to be more self-documenting. Use them to
make the code's intent clearer.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Replace CONFIG_CPU_CORTEX_R with CONFIG_ARMV7_R since it is clearer with
respect to the difference between v7 and v8 Cortex-R.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
When calling a syscall, the SVC routine will now elevate the thread to
privileged mode and exit the SVC setting the return address to the
syscall handler. When the thread is swapped back in, it will be running
z_do_arm_syscall in system mode. That function will run the syscall
then automatically return the thread to usr mode.
This allows running the syscall in sys mode on a thread so that we can
use syscalls that sleep without doing unnatural things. The previous
implementation would enable interrupts while still in the SVC call and
do weird things with the nesting count. An interrupt could happen
during this time when the syscall was still in the exception state, but
the nested count had been decremented too soon. Correctness of the
nested count is important for future floating point unit work.
The Cortex-R behavior now matches that of Cortex-M.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
For functions returning nothing, there is no need to document
with @return, as Doxgen complains about "documented empty
return type of ...".
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Fix the assert that checks for existence of a cycle counter.
The field is named NO CYCCNT, so when it is 1, there is no cycle
counter. But we are asserting the opposite.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
A Cortex-M specific function (sys_clock_isr()) was defined as a weak
function, so in practice it was always available when system clock was
enabled, even if no Cortex-M systick was available. This patch
introduces an auxiliary Kconfig option that, when selected, the ISR
function gets installed. External SysTick drivers can also make use of
this function, thus achieving the same functionality offered today but
in a cleaner way.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Use sys_clock_hw_cycles_per_sec() instead of
CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC to determine clock cycles.
Signed-off-by: Michel Haber <michel-haber@hotmail.com>
Modify #ifdefs so that any code that is compiled if CONFIG_ARMV7_R is
set is also compiled if CONFIG_ARMV7_A is set.
Modify #ifdefs so that any code that is compiled if CONFIG_CPU_CORTEX_R
is set is also compiled if CONFIG_CPU_AARCH32_CORTEX_A is set.
Modify source dir inclusion in CMakeLists.txt accordingly.
Brief file descriptions have been updated to include Cortex-A whereever
only Cortex-M and Cortex-R were mentioned so far.
Signed-off-by: Immo Birnbaum <Immo.Birnbaum@weidmueller.com>
An initial implementation for memory management using the ARMv7 MMU.
A single L1 translation table for the whole 4 GB address space is al-
ways present, a configurable number of L2 page tables are linked to
the L1 table based on the static memory area configuration at boot
time, or whenever arch_mem_map/arch_mem_unmap are called at run-time.
Currently, a CPU with the Multiprocessor Extensions and execution at
PL1 are always assumed. Userspace-related features or thread stack
guard pages are not yet supported. Neither are LPAE, PXN or TEX re-
mapping. All mappings are currently assigned to the same domain. Re-
garding the permissions model, access permissions are specified using
the AP[2:1] model rather than the older AP[2:0] model, which, accor-
ding to ARM's documentation, is deprecated and should no longer be
used. The newer model adds some complexity when it comes to mapping
pages as unaccessible (the AP[2:1] model doesn't support explicit
specification of "no R, no W" permissions, it's always at least "RO"),
this is accomplished by invalidating the ID bits of the respective
page's PTE.
Includes sources, Kconfig integration, adjusted CMakeLists and the
modified linker command file (proper section alignment!).
Signed-off-by: Immo Birnbaum <Immo.Birnbaum@weidmueller.com>
The configuration bits ATCMPCEN, B0TCMPCEN and B1TCMPCEN in the ACTLR
register referenced in the function z_arm_tcm_disable_ecc are only de-
fined for Cortex-R CPUs. For Cortex-A CPUs, those bits are declared
as reserved.
Comp.: https://arm-software.github.io/CMSIS_5/Core_A/html/group__CMSIS__ACTLR.html
Signed-off-by: Immo Birnbaum <Immo.Birnbaum@weidmueller.com>
There are two macros for declaring stack arrays:
K_KERNEL_STACK_ARRAY_DEFINE:
Defines the array, allocating storage and setting the section name
K_KERNEL_STACK_ARRAY_EXTERN
Declares the name of a stack array allowing code to reference
the array which must be defined elsewhere
arch/arm/include/aarch32/cortex_m/stack.h was mis-using
K_KERNEL_STACK_ARRAY_DEFINE to declare z_interrupt_stacks by sticking
'extern' in front of the macro use. However, when this macro also set
the object file section for the symbol, having two of those caused a
conflict in the compiler due to the automatic unique name mechanism used
for sections to allow unused symbols to be discarded during linking.
This patch makes the header use the correct macro.
Signed-off-by: Keith Packard <keithp@keithp.com>
The assert log of z_priv_stacks_ram_start failed to build due to passing
&z_priv_stacks_ram_start instead of just z_priv_stacks_ram_start.
Fixes#39190
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit adds the half-precision (16-bit) floating-point
configurations to the ARM AArch32 architectures.
Enabling CONFIG_FP16 has the effect of specifying `-mfp16-format`
option (in case of GCC) which allows using the half-precision floating
point types such as `__fp16` and `_Float16`.
Note that this configuration can be used regardless of whether a
hardware FPU is available or supports half-precision operations.
When an FP16-capable FPU is not available, the compiler will
automatically provide the software emulations.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
ld linker will only resolve undefined symbols inside functions that is
actually being called.
However, not all linkers behaves this way. Certain linkers, for example
armlink, resolves all undefined symbols even if during a later stage at
the linking the function will be pruned.
Therefore `ifdef CONFIG_GEN_ISR_TABLES` has been placed to safeguard
functions that will call undefined symbols when CONFIG_GEN_ISR_TABLES=y.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
z_arm_do_syscall is only defined and used when CONFIG_USERSPACE=y.
Defining the symbol z_arm_do_syscall in assembly without a corresponding
implementation is fine for GNU ld as long as the function is not
actively called, but armlink fails to link in such cases.
Safegaurd GTEXT(z_arm_do_syscall) so the symbol is only referenced when
actively used, that is when CONFIG_USERSPACE=y.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each section,
and sometimes even size and LMA start symbols.
Generally, start and end symbols uses the following pattern, as:
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
However, this pattern is not followed consistently.
To allow for linker script generation and ensure consistent naming of
symbols then the following pattern is introduced consistently to allow
for cleaner linker script generation.
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
Section size symbol: __foo_size
Section LMA start symbol: __foo_load_start
This commit aligns the symbols for _ramfunc_ram/rom to other symbols and
in such a way they follow consistent pattern which allows for linker
script and scatter file generation.
The symbols are named according to the section name they describe.
Section name is `ramfunc`
The following symbols are aligned in this commit:
- _ramfunc_ram_start -> __ramfunc_start
- _ramfunc_ram_end -> __ramfunc_end
- _ramfunc_ram_size -> __ramfunc_size
- _ramfunc_rom_start -> __ramfunc_load_start
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Related to github #22290. Getting interrupt during mpu buffer validate
is corrupting index register. Fix applied to ARC is to disable
interrupts during the buffer validate operation.
Signed-off-by: Phil Erwin <phil.erwin@lexmark.com>
Cortex-A/R does not have hardware supported nested interrupts, but it is
easily emulatable using the nesting level stored in the kernel
structure.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Add functionality based on Cortex-M that enables recovery from a data
abort using zephyr's exception recovery framework. If there is a
registered z_exc_handle for a function, then use its fixup address if
that function aborts.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
With the addition of userspace support, Cortex-R needs to use SVC calls
to handle oops exceptions. Add that support by defining ARCH_EXCEPT to
do a svc call.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
The user thread cannot be trusted so do not use the stack pointer it
passes in. Use the thread's privilege stack when in privileged modes to
make sure a user thread does not trick the svc/isr handlers into writing
to memory it should not.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
This commit adds the ARMv8.1-M M-Profile Vector Extension (MVE)
configurations as well as the compiler flags to enable it.
The M-Profile Vector Extension consists of the MVE-I and MVE-F
instruction sets which are integer and floating-point vector
instruction sets, respectively.
The MVE-I instruction set is a superset of the ARM DSP instruction
set (ARMv7E-M) and therefore depends on ARMV8_M_DSP, and the MVE-F
instruction set is a superset of the ARM MVE-I instruction set and
therefore depends on ARMV8_1_M_MVEI.
The SoCs that implement the MVE instruction set should select the
following configurations:
select ARMV8_M_DSP
select ARMV8_1_M_MVEI
select ARMV8_1_M_MVEF (if floating-point MVE is supported)
The GCC compiler flags for the MVE instruction set are specified
through the `-mcpu` flag.
In case of the Cortex-M55 (the only supported processor type for
ARMv8.1-M at the time of writing), the `-mcpu=cortex-m55` flag, by
default, enables all the supported extensions which are DSP, MVE-I and
MVE-F.
The extensions that are not supported can be specified by appending
`+no(ext)` to the `-mcpu=cortex-m55` flag:
-mcpu=cortex-m55 Cortex-M55 with DSP + MVE-I + MVE-F
-mcpu=cortex-m55+nomve.fp Cortex-M55 with DSP + MVE-I
-mcpu=cortex-m55+nomve Cortex-M55 with DSP
-mcpu=cortex-m55+nodsp Cortex-M55 without any extensions
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The TLS global pointer is only set during context switch.
So for the first switch to main thread, the TLS pointer
is NULL which would cause access violation when trying
to access any thread local variables in main thread.
Fix it by setting it before going into main thread.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Cleanup an #ifdef statement in swap_helper.S; use
ARMV6_M_ARMV8_M_BASELINE instead of listing all
Cortex-M baseline implementation variants. This
fixes an issue with Cortex-M23 whose Kconfig
define was not included in the original list.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When inside an escalated HardFault, we would like to get
more information about the reason for this escalation. We
first check if the reason for thise escalation is an SVC,
which occurs within a priority level that does not allow
it to trigger (e.g. fault or another SVC). If this is true
we set the error reason according to the provided argument.
Only when this is not a synchronous SVC that caused the HF,
do we check the other reasons for HF escalation (e.g. a BF
inside a previous BF).
We also add a case for a debug event, to complete going through
the available flags in HFSR.
Finally we ASSERT if we cannot find the reason for the escalation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Move the assessment of a synchronous SVC error into a
separate function. This commit does not introduce any
behavioral changes.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
