Fix the context array size for MPU ports
Ensure the saved context location falls within the reserved context area
rather than overlapping with the next MPU_SETTINGS structure member.
This never caused a problem because actual read/write operations
start from one word before the saved context location.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
The application writer needs to name their IRQ handler as:
1. vApplicationIRQHandler if the IRQ handler does not use FPU registers.
2. vApplicationFPUSafeIRQHandler is the IRQ handler uses FPU registers.
When the application uses vApplicationFPUSafeIRQHandler, a default
implementation of vApplicationIRQHandler is used which stores FPU
registers and then calls vApplicationFPUSafeIRQHandler.
Note that recent versions of GCC may use FP/SIMD registers to optimize 16-bytes
copy and especially when using va_start()/va_arg() functions (e.g printing some thing
in IRQ handlers may trigger usage of FPU registers)
This implementation is heavily inspired by both the ARM_CA9 port and the ARM_CRx_No_GIC
port done in [1]
[1] https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/1113
Signed-off-by: Marouen Ghodhbane <marouen.ghodhbane@nxp.com>
FPSR and FPCR are two 64-bits registers where only the lower 32 bits are defined.
Save them when doing context switch with FPU context saving enabled.
Signed-off-by: Marouen Ghodhbane <marouen.ghodhbane@nxp.com>
This is a direct backport of upstream commit [1] for aarch64 (legacy operation port)
done under [2]
The same code can be applied on the aarch SRE port to be able to enable FPU context
saving on all tasks context switch to mitigate GCC optimization to use SIMD registers
for copy.
[1] "55eceb22: Add configUSE_TASK_FPU_SUPPORT to AARCH64 port (#1048)"
[2] https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/1048
Signed-off-by: Marouen Ghodhbane <marouen.ghodhbane@nxp.com>
armv8.1-m: Add task dedicated PAC key
To harden the security, each task is assigned a dedicated PAC key, so that attackers needs to guess the all the tasks' PAC keys right to exploit the system using Return Oriented Programming.
The kernel is now updated to support the following:
* A PAC key set with a random number generated and is saved in the task's context when a task is created.
* As part of scheduling, the task's PAC key is stored/restored to/from the task's context when a task is unscheduled/scheduled from/to run.
stack-overflow-check: Introduce portGET_CURRENT_TOP_OF_STACK macro
When MPU wrapper v2 is used, the task's context is stored in TCB and `pxTopOfStack`` member of TCB points to the context location in TCB. We, therefore, need to read PSP to find the task's current top of stack.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
The function vApplicationFPUSafeIRQHandler gets the value of ICCIAR as
parameter, but a constant containing the address of ICCIAR was also
defined. Fix the name of the constant to align it with what it actually
holds.
The PACBTI is an optional hardware security feature,
the current implementation assumes that every SoC that
has Armv8.1-M architecture extension, has the PACBTI
hardware feature, which does not have to be the case.
Hence, the `portHAS_PACBTI_FEATURE` is removed
and the implementation is modified to rely on
`configENABLE_PAC` and `configENABLE_BTI` macros
that can either be set using CMake or FreeRTOSConfig.h
header file.
Enabling PAC and/or BTI on a port variant that
doesn't have the PACBTI hardware feature would be
caught by a `configASSERT` statement.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Tony Josi <tonyjosi@amazon.com>
Related to #189
Update `configMTIMECMP_BASE_ADDRESS` to be stored in a 64-bit integer.
* Change the type of `ullMachineTimerCompareRegisterBase` to `uint64_t` in `portable/GCC/RISC-V/port.c`.
* Change the type of `ullMachineTimerCompareRegisterBase` to `uint64_t` in `portable/IAR/RISC-V/port.c`.
* Update the initialization of `ullMachineTimerCompareRegisterBase` to use `configMTIMECMP_BASE_ADDRESS` in both files.
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
* copyright-checker: Add FreeRTOS Arm collab copyright
FreeRTOS Arm collab files shall have both Amazon's
and Arm's copyright headers. Hence, the copyright
checker is modified to check for both copyrights.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* armv8-m: Add support for IAR with TFM FREERTOS PORT
As the case for ARMClang, and GCC toolchains, IAR
with TFM FreeRTOS Port support is added.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* armv8-m: Do not overwrite Control register value
The current ARMv8-M FreeRTOS-Kernel Port code
implementation is modified in a way that allows
the CONTROL register's value to be retained
rather than being overwritten.
This is needed for adding PACBTI support as
the special-purpose CONTROL register `PAC_EN`,
`UPAC_EN`, `BTI_EN`, and `UBTI_EN` PACBTI
enablement bits should be configured before calling
`vRestoreContextOfFirstTask()` function which currently
overwrite the value inside the CONTROL register.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* armv8.1-m: Add PACBTI support to kernel non-secure implementation
In this commit, Pointer Authentication, and Branch Target
Identification Extension (PACBTI) support is added for
Non-Secure and Non-TrustZone variants of Cortex-M85
FreeRTOS-Kernel Port.
The PACBTI support is added for Arm Compiler For
Embedded, and IAR toolchains only. The support in
the kernel is not yet enabled for GNU toolchain
due to known issues.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* Fix CI check
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
---------
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Ahmed Ismail <ahmism01@e133373.arm.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Fix compilation issue of IAR32 port
* Add new line at EOF
* Fix header check
---------
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
This PR adds support for vApplicationFPUSafeIRQHandler. The application
writer needs to name their IRQ handler as:
1. vApplicationIRQHandler if the IRQ handler does not use FPU registers.
2. vApplicationFPUSafeIRQHandler is the IRQ handler uses FPU registers.
When the application uses vApplicationFPUSafeIRQHandler, a default
implementation of vApplicationIRQHandler is used which stores FPU
registers and then calls vApplicationFPUSafeIRQHandler.
This PR makes the following improvements to the ARM_CRx_No_GIC port-
1. Remove inline assembly and move all the assembly code to the portASM.S
file.
2. Add support for configUSE_TASK_FPU_SUPPORT -
- When configUSE_TASK_FPU_SUPPORT is defined to 1, tasks are created
without floating point context. Tasks that want to use floating point, need
to call portTASK_USES_FLOATING_POINT(). This is the current behavior.
- When configUSE_TASK_FPU_SUPPORT is defined to 2, each task is created
with a floating point context.
If left undefined, configUSE_TASK_FPU_SUPPORT defaults to 1 for backward compatibility.
3. The application writer can now implement vApplicationSVCHandler to handle the
SVC calls raised within the application. SVC 0 is used for the yield kernel operation
and the application can use all the SVC calls other than 0.
Signed-off-by: kar-rahul-aws <karahulx@amazon.com>
FreeRTOS MPU: Add privileged execute never MPU attribute
A new MPU region attribute Privileged eXecute Never (PXN)
is introduced in Armv8.1-M architecture, where if an MPU
region has PXN attribute set and the processor attempts
to execute the code inside with privileged level,
the Memory Management Fault exception would be triggered,
with IACCVIOL bit in MemManage Fault State Register set
to 1. The PXN feature allows privileged software to ensure
specific application tasks (threads) to execute in
unprivileged level only.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* Fix traceMALLOC() memory count is inaccurate. (#1078)
Modify xWantedSize to the size of a free block when not split blocks.
Ensure that the sizes within traceMALLOC() and traceFREE() macros are equal.
* Create a new variable xAllocatedBlockSize for traceMALLOC()
---------
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
* Add configUSE_TASK_FPU_SUPPORT to AARCH64 port
NEON SIMD is required by standard AARCH64 and its registers are
frequently utilized by standard functions such as memcpy().
This means that even simple tasks that do not use any floating point
arithmetics may still alter the contents of the FPU registers.
For this reason it makes sense to add support for
configUSE_TASK_FPU_SUPPORT to be able to enforce FPU register saving and
restoring globally.
The implementation was largely adopted from the ARM_CA9 port. However,
the FPU registers must be placed on the stack before the critical
nesting count to match the AARCH64 portASM.S.
Currently in Armv8-M GCC/ArmClang ports, constant pool is used to
define literals needed for `ldr` instructions. However, those
constant pools are defined with `.align 4` which increases code size.
Instead of defining the constant pool with `.align 4`, let the
compiler hanlde the constant pool and the required alignment.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Co-authored-by: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Update alignment in ARM_CR5 port.
This is the same patch as 553caa18ce
provided by Richard Barry for issue #426 (ARM_CA9).
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
* Add in a removed check for if a task is attempting to read a variable from a location it has write access to in xPortIsAuthorizedToAccessBuffer.
* Add in a portDONT_DISCARD symbol as well.
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/mpu_wrappers_v2_asm.S
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/mpu_wrappers_v2_asm.S
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/mpu_wrappers_v2_asm.S
* Remove duplicate pop instruction from portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/mpu_wrappers_v2_asm.S
* Run the copy_files.py script to update the ARMv8M ports to remove the duplicate pop instruction in mpu_wrappers_v2_asm
* Remove duplicate pop instruction from portable/GCC/ARM_CM3_MPU/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/GCC/ARM_CM4_MPU/mpu_wrappers_v2_asm.c
* Remove duplicate pop instruction from portable/IAR/ARM_CM4F_MPU/mpu_wrappers_v2_asm.S
* Remove duplicate pop instruction from portable/RVDS/ARM_CM4_MPU/mpu_wrappers_v2_asm.c
---------
Co-authored-by: Rahul Kar <118818625+kar-rahul-aws@users.noreply.github.com>
* Rename Arm_AARCH64 to ARM_AARCH64
* Rename Arm_AARCH64_SRE to ARM_AARCH64_SRE
* Update cmake for ARM port folder capitalization
* Update in portable/CmakeLists.txt
* Use capitalization name in port README.md
---------
Co-authored-by: Ching-Hsin Lee <chinglee@amazon.com>
Add a check for configENABLE_MVE to M23, M33 ports
configENABLE_MVE is only applicable to Cortex-M55 and Cortex-M85 ports.
It must not be defined to 1 for other ARMv8_m ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
The number of MPU regions is not configurable for Cortex-M3 port and
therefore, it is misleading to have configTOTAL_MPU_REGIONS in
portmacro.h.
It was added in PR #952.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
According to the MSP430 EABI [1] section 3.3,
Arguments are assigned, in declared order, to the first available
register single, pair, or quad from the following list into which it
fits (with the following special exceptions). For MSP430 and
MSP430X, the argument registers are: R12, R13, R14, R15
Therefore, pvParameters should be passed in R12, as it is the first
argument, not R15. Keep passing the parameter in R15 for the
MSP430 EABI, if anyone is still using it.
[1] https://www.ti.com/lit/an/slaa534a/slaa534a.pdf
* MicroblazeV9: Add support for 64 bit microblaze
* MicroblazeV9: Add support for generation of run time task stats
* MicroblazeV9: Add default implementation for callback functions
---------
Signed-off-by: Mubin Usman Sayyed <mubin.usman.sayyed@xilinx.com>
* Allow access to any buffer in xPortIsAuthorizedToAccessBuffer if xSchedulerRunning is set to pdFALSE
* Allow access to any buffer in xPortIsAuthorizedToAccessBuffer if xSchedulerRunning is set to pdFALSE in the copied ARMv8M Port Files
* Add runtime check to see if the target even has a MPU
* Add missing extern symbols for __ARMCC_VERSION support
* Add default for configTOTAL_MPU_REGIONS and change a runtime assert to compile time error
* Simplify check and link to reference documentation
Co-authored-by: Soren Ptak <ptaksoren@gmail.com>
---------
Co-authored-by: Soren Ptak <ptaksoren@gmail.com>
Co-authored-by: jasonpcarroll <23126711+jasonpcarroll@users.noreply.github.com>
Gaurav-Aggarwal-AWS
Marouen Ghodhbane
Ahmed Ismail
creiter64
Saiiijchan
Rahul Kar
Ryan
Vishwanath Martur
ActoryOu
Kody Stribrny
K.Kashi
Florian La Roche
Oliver Mueller
Ryzee119
Tomas Galbicka
耀眼的大神
haydenridd
StefanBalt
Devaraj Ranganna
Soren Ptak
Eric Jackson
Forty-Bot
Phillip Stevens
Mubin Sayyed
IsaacDynamo