This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replace Cortex-M3 with Cortex-M architecture family
in the header documentation of kernel_arch_data.h and
kernel_arch_func.h, which are generic header files for
the entire familty of ARM Cortex-M CPUs. The commit
adds some more minor style fixes in functions'
documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the documentation of Kconfig option:
STACK_ALIGN_DOUBLE_WORD for Cortex-M microprocessors, stating
that the option is used in ARMv7-M MCUs to enforce 8-byte
stack alignment upon exception entry.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The selection of the Cortex M systick driver to be used
as a system clock driver is controlled by
CONFIG_CORTEX_M_SYSTICK.
To replace it by another driver CONFIG_CORTEX_M_SYSTICK
must be set to 'n'. Unfortunately this also controls
the interrupt vector for the systick interrupt. It is
now routed to __reserved. More bad the interrupt vector
can not be set by IRQ_CONNECT as it is one of the hard
coded interrupts in the interrupt table.
Route the hard coded systick interrupt to z_clock_isr
and make z_clock_isr a weak symbol that can be overwritten
by an alternative systick system clock driver.
Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
This commit re-works the NXP MPU driver implementation so that
it aligns with the implementation for ARMv7-M and ARMv8-M MPU
architectures.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes obsolete ARM CORE MPU API definitions
and related implementation from arm_mpu.c, in the wake of
the transition to the new ARM MPU design.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit moves all internal implementation, relevant for
User mode, in a single place in the arm_mpu_v7_internal.h,
arm_mpu_v8_internal, and in arm_mpu.c. Additionally, the
commit cleans up internal function _get_region_attr() that
is not used any more.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the ARM Core MPU API for memory domains,
to align with the principle of de-coupling the partitioning
and the access attribution with the architecture-specific
MPU driver implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds the implementation of internal ARM MPU
function, arm_core_mpu_get_max_available_dyn_regions(),
required by _arch_mem_domain_max_partitions_get(),
according to the new architecture. The function returns
the number of the available partitions for memory domains
based on the total amount of HW regions and the
actual number of statically configured MPU regions.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the internal (ARMv7-M and ARMv8-M)
API, which allows to user to (re)configure a memory partition
at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU so it can configure the dynamic memory regions at
run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces an ARM API that allows the user to
program a set of dynamic MPU regions at run-time. The API
function is invoked every time the memory map needs to be
re-programmed (for example at thread context-switch). The
functionality is implementated in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring dynamic memory regions at run-time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM8-M MPU, so it can configure the static memory regions at
boot time, as well as mark the areas, inside which dynamic MPU
region configuration at run-time will be allowed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contains the added functionality to program the
ARM7-M MPU, so it can configure the static memory regions at
boot time.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the initialization of static memory regions
from arm_mpu_init(), since they are now initialized, directly,
by the kernel. The programming of MPU regions configured in SOC
definition is kept here.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit implements the common ARMv7-M and ARMv8-M internal
shim for configuring static memory regions at boot time. It also
adds LOG error messages, and ASSERTS, which fire if the static
MPU region configuration is not performed successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces the generic ARM (core) API, which allows
the user to program a set of static (fixed) MPU regions at boot
time. The API function is invoked upon initialization, in the
ARM-specific call of _arch_switch_to_main_thread(). The API
implementation is provided in arm_core_mpu.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces a new Kconfig option symbol,
MPU_REQUIRES_NON_OVERLAPPING_REGIONS, to signify the use of an
MPU architecture that requires the active MPU regions be
non-overlapping. This requirement concerns the standard
(unmodified) ARMv8-M MPU implementation. For that, we select
the option in the definition of ARM_MPU, if the CPU architecture
is ARMv8-M (Baseline or Mainline).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
cmsis provides intrinsic functions to configure processor special
function register like control, psp(process stack pointer). Let's use
these functions which are maintained in cmsis repository.
This patch uses cmsis function to:
- set process stack pointer(PSP)
- switch SP to PSP
- disable interrupts
It also moves stack initialization from assembly to C
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
This commit removes the local state variable nxp_mpu_enabled,
defined and used in NXP MPU driver, as it is not useful.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This patch adds all the required hooks needed in the kernel to
get the coverage reports from ARM SoCs.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch adds a required cast for the size calculation utilizing
pointer arithmetic. The stack_obj needs a cast to u32_t. This was
caught using a newer compiler.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Fix misspellings in documentation (.rst, Kconfig help text, and .h
doxygen API comments), missed during regular reviews.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
arm_core_mpu.h and arm_core_mpu.c defined and implement kernel
APIs for memory protection, respectively. Therefore, they do not
need to directly include ARM CMSIS headers, or arm_mpu.h (or
nxp_mpu.h) which are supposed to define MPU-related kernel types
and convenience macros for the specific MPU architecture. These
headers are indirectly included by including kernel.h.
Similarly, arm_mpu.h shall not need to include internal/external
headers of memory protection APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit does the following:
- it introduces additional convenience macros for representing
MPU attributions for no-cacheability, in both ARMv7-M and
ARMv8-M MPU architectures,
- it adds documentation in K_MEM_PARTITION_IS_WRITABLE/CACHEABLE
macros in all macro definitions in the different MPU variants
- it moves the type definition of k_mem_partition_attr_t inside
the architecture-specific MPU headers, so it can be defined
per-architecture. It generalizes app_mem_domain.h, to be able
to work with _any_ (struct) type of k_mem_partition_attr_t.
- it refactors the type of k_mem_partition_attr_t for ARMv8-M
to comply with the MPU register API.
- for NXP MPU, the commit moves the macros for region access
permissions' attributes inside nxp_mpu.h, to align with what
we do for ARM MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit exposes k_mem_partition_attr_t outside User Mode, so
we can use struct k_mem_partition for defining memory partitions
outside the scope of user space (for example, to describe thread
stack guards or no-cacheable MPU regions). A requirement is that
the Zephyr build supports Memory protection. To signify this, a
new hidden, all-architecture Kconfig symbol is defined (MPU). In
the wake of exposing k_mem_partition_attr_t, the commit exposes
the MPU architecture-specific access permission attribute macros
outside the User space context (for all ARCHs), so they can be
used in a more generic way.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a "nocache" read-write memory section that is configured to
not be cached. This memory section can be used to perform DMA
transfers when cache coherence issues are not optimal or can not
be solved using cache maintenance operations.
This is currently only supported on ARM Cortex M7 with MPU.
Fixes#2927
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The commit introduces a Kconfig option to define the minimum MPU
region size and alignment for ARM Cortex-M MCU architecture. The
hidden option is used by the linker to properly align linker
sections respecting the MPU requirements. Additionally, it is
used to define MPU Guard size and minimum stack alignment for
ARM Cortex-M MCUs in include/arch/arm/arch.h .
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
There were many platforms where this function was doing nothing. Just
merging its functionality with _PrepC function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Declare and define arm_mpu_config and arm_mpu_regions
structs as const, as they are not modified in run-time.
Fixes#10320
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The ARMv8-M Memory Protection Unit document indicates that a DMB
instruction must be used before disabling the MPU in order to force
outstanding memory transactions.
The ARMv7-M documentation is less clear about that, and only specifies
that a DSB instruction followed by a ISB instruction must be used
before enabling the MPU, which is already the case. The ARMv7-M and
ARMv8-M MPU are relatively similar to believe the same sequence should
be used for disabling it.
This patch therefore adds a DMB instruction before disabling the MPU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In Zephyr on Cortex-M SoCs with both the ARM MPU and the cache enabled,
there are 3 possible states and associated configuration for the RAM
cache attributes:
- MPU disabled WBWA non-shareable
- MPU enabled, background RAM region WBWA non-shareable
- MPU enabled, thread RAM region WBWA shareable
In practice this means than the thread RAM region toggles from
shareable to non-shareable on each context change.
However the Cortex-M7 SoC does not support the WBWA shareable
configuration and fallback to simpler caching configuration. The
Technical Reference Manual states:
"By default, only Normal, Non-shareable memory regions can be cached
in the RAMs. Caching only takes place if the appropriate cache is
enabled and the memory type is cacheable. Shared cacheable memory
regions can be cached if CACR.SIWT is set to 1."
Similar indications can be found in the documentation from various
vendors: ST (AN4838), NXP (AN12042) and Atmel (AN15679).
It means that the thread RAM regions are either not cached (CACR.SIWT=0,
default) or WBWT cached (CACR.SIWT=1). This causes a performance issue.
In addition before switching a region from cached to non-cached and
vice-versa, the existing MPU code does not perform cache clean and/or
invalidate operations. This might cause data loss or corruption.
We should therefore change the RAM cache attributes to make them always
consistent. This patches change the thread/application RAM region from
WBWA shareable to WBWA non-shareable. This is done for all ARMv7-M SoCs
with an ARM MPU, however other SoCs (M0+, M3, M4) do not have cache, so
their behaviour should be unchanged.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This commit moves the block of the early return before
the derivation of the stack size, to avoid unnecessary
operations if this is not a user thread.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In user mode a thread stack will include the optional
stack guard area (present if MPU_STACK_GUARD is defined.
The guard area has been originally take out of the thread
stack size calculation. For MPUs with no power-of-two size
requirement, we need to increase the size of the MPU region
for user-mode, to account for the additional guard region.
MPUs with power-of-two size requirement will, anyway, round
up the region size to the next power of two.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit introduces and implements an internal ARM
TrustZone-M API to allow the Non-Secure firmware to use
the Floating Point Unit (FPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit contributes a Kconfig symbol hierarchy which allows
the user to build Zephyr Secure and Non-Secure images on ARMv8-M
MCUs with support for Trusted Execution. However, the high-level
configuration structure is generic, thus, can be potentially
used for any platform that supports Trusted Execution.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds an inline explanatory comment in the API
for setting the non-secure stack-pointer limit registers, to
stress that the API is only applicable to Mainline ARMv8-M MCUs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit introduces CPU_HAS_ARM_MPU and CPU_HAS_NXP_MPU options,
which indicate which flavour of MPU is supported by given SoC family.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The __reset vector is using the 'b' instruction to jump to _PrepC. 'b'
can only jump 2KB on Cortex-M0 platforms so this causes build failures
when _PrepC happens to be too far away from __reset.
To resolve this we use 'bl' instead as it can jump two thousand times
further[0].
This can also be resolved by porting the reset vector to C or by
placing the _PrepC function in a dedicated section that the linker
places next to __reset.
[0] http://infocenter.arm.com/help/topic/com.arm.doc.dui0489e/Cihfddaf.html
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
