adafruit-mirror/zephyr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 9
zephyr/kernel/init.c
Shawn Mosley 573f32b6d2 userspace: compartmentalized app memory organization 
Summary: revised attempt at addressing issue 6290.  The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains.  Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications.  This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.

Overview: The current patch uses qualifiers to group data into
subsections.  The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.

Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main.  This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.

Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.

In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated.  This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file.  This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.

Usage:
 - Requires: app_memory/app_memdomain.h .
 - _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
 - _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
 - These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
 - To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
 - To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
 - To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
 - Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
 - After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
 - The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
  Example:
        /* create partition at top of file outside functions */
        app_mem_partition(part0);
        /* create domain */
        app_mem_domain(dom0);
        _app_dmem(dom0) int var1;
        _app_bmem(dom0) static volatile int var2;

        int main()
        {
                init_part_part0();
                init_app_memory();
                init_domain_dom0(part0);
                add_thread_dom0(k_current_get());
                ...
        }

 - If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:

        FOR_EACH(app_mem_partition, part0, part1, part2);

or, for multiple domains, similarly:

        FOR_EACH(app_mem_domain, dom0, dom1);

Similarly, the init_part_* can also be used in the macro:

        FOR_EACH(init_part, part0, part1, part2);

Testing:
 - This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board.  It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards.  These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
 - When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT.  This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
 - This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.

Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon).  In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses.  Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.

Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component.  This commit
seperates the Kconfig definition from the definition used for the
conditional code.  The change is in response to changes in the
way the build system treats definitions.  The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives.  A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM.  By addining the default linker script
the prebuild stages link properly prior to the python script running

Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
2018-07-25 12:02:01 -07:00

501 lines
13 KiB
C
Raw Blame History

/*
* Copyright (c) 2010-2014 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @file
* @brief Kernel initialization module
*
* This module contains routines that are used to initialize the kernel.
*/
#include <zephyr.h>
#include <offsets_short.h>
#include <kernel.h>
#include <misc/printk.h>
#include <misc/stack.h>
#include <random/rand32.h>
#include <linker/sections.h>
#include <toolchain.h>
#include <kernel_structs.h>
#include <device.h>
#include <init.h>
#include <linker/linker-defs.h>
#include <ksched.h>
#include <version.h>
#include <string.h>
#include <misc/dlist.h>
#include <kernel_internal.h>
#include <kswap.h>
#include <entropy.h>
#include <logging/log_ctrl.h>
/* kernel build timestamp items */
#define BUILD_TIMESTAMP "BUILD: " __DATE__ " " __TIME__
/* boot banner items */
#if defined(CONFIG_BOOT_DELAY) && CONFIG_BOOT_DELAY > 0
#define BOOT_DELAY_BANNER " (delayed boot " \
STRINGIFY(CONFIG_BOOT_DELAY) "ms)"
static const unsigned int boot_delay = CONFIG_BOOT_DELAY;
#else
#define BOOT_DELAY_BANNER ""
static const unsigned int boot_delay;
#endif
#ifdef BUILD_VERSION
#define BOOT_BANNER "Booting Zephyr OS " \
STRINGIFY(BUILD_VERSION) BOOT_DELAY_BANNER
#else
#define BOOT_BANNER "Booting Zephyr OS " \
KERNEL_VERSION_STRING BOOT_DELAY_BANNER
#endif
#if !defined(CONFIG_BOOT_BANNER)
#define PRINT_BOOT_BANNER() do { } while (0)
#else
#define PRINT_BOOT_BANNER() printk("***** " BOOT_BANNER " *****\n")
#endif
/* boot time measurement items */
#ifdef CONFIG_BOOT_TIME_MEASUREMENT
u64_t __noinit __start_time_stamp; /* timestamp when kernel starts */
u64_t __noinit __main_time_stamp; /* timestamp when main task starts */
u64_t __noinit __idle_time_stamp; /* timestamp when CPU goes idle */
#endif
/* init/main and idle threads */
#define IDLE_STACK_SIZE CONFIG_IDLE_STACK_SIZE
#define MAIN_STACK_SIZE CONFIG_MAIN_STACK_SIZE
K_THREAD_STACK_DEFINE(_main_stack, MAIN_STACK_SIZE);
K_THREAD_STACK_DEFINE(_idle_stack, IDLE_STACK_SIZE);
static struct k_thread _main_thread_s;
static struct k_thread _idle_thread_s;
k_tid_t const _main_thread = (k_tid_t)&_main_thread_s;
k_tid_t const _idle_thread = (k_tid_t)&_idle_thread_s;
/*
* storage space for the interrupt stack
*
* Note: This area is used as the system stack during kernel initialization,
* since the kernel hasn't yet set up its own stack areas. The dual purposing
* of this area is safe since interrupts are disabled until the kernel context
* switches to the init thread.
*/
K_THREAD_STACK_DEFINE(_interrupt_stack, CONFIG_ISR_STACK_SIZE);
/*
* Similar idle thread & interrupt stack definitions for the
* auxiliary CPUs. The declaration macros aren't set up to define an
* array, so do it with a simple test for up to 4 processors. Should
* clean this up in the future.
*/
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 1
K_THREAD_STACK_DEFINE(_idle_stack1, IDLE_STACK_SIZE);
static struct k_thread _idle_thread1_s;
k_tid_t const _idle_thread1 = (k_tid_t)&_idle_thread1_s;
K_THREAD_STACK_DEFINE(_interrupt_stack1, CONFIG_ISR_STACK_SIZE);
#endif
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 2
K_THREAD_STACK_DEFINE(_idle_stack2, IDLE_STACK_SIZE);
static struct k_thread _idle_thread2_s;
k_tid_t const _idle_thread2 = (k_tid_t)&_idle_thread2_s;
K_THREAD_STACK_DEFINE(_interrupt_stack2, CONFIG_ISR_STACK_SIZE);
#endif
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 3
K_THREAD_STACK_DEFINE(_idle_stack3, IDLE_STACK_SIZE);
static struct k_thread _idle_thread3_s;
k_tid_t const _idle_thread3 = (k_tid_t)&_idle_thread3_s;
K_THREAD_STACK_DEFINE(_interrupt_stack3, CONFIG_ISR_STACK_SIZE);
#endif
#ifdef CONFIG_SYS_CLOCK_EXISTS
#define initialize_timeouts() do { \
sys_dlist_init(&_timeout_q); \
} while ((0))
#else
#define initialize_timeouts() do { } while ((0))
#endif
extern void idle(void *unused1, void *unused2, void *unused3);
/* LCOV_EXCL_START */
#if defined(CONFIG_INIT_STACKS) && defined(CONFIG_PRINTK)
extern K_THREAD_STACK_DEFINE(sys_work_q_stack,
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE);
void k_call_stacks_analyze(void)
{
printk("Kernel stacks:\n");
STACK_ANALYZE("main ", _main_stack);
STACK_ANALYZE("idle ", _idle_stack);
STACK_ANALYZE("interrupt", _interrupt_stack);
STACK_ANALYZE("workqueue", sys_work_q_stack);
}
#else
void k_call_stacks_analyze(void) { }
#endif
/* LCOV_EXCL_STOP */
/**
*
* @brief Clear BSS
*
* This routine clears the BSS region, so all bytes are 0.
*
* @return N/A
*/
void _bss_zero(void)
{
memset(&__bss_start, 0,
((u32_t) &__bss_end - (u32_t) &__bss_start));
#ifdef CONFIG_CCM_BASE_ADDRESS
memset(&__ccm_bss_start, 0,
((u32_t) &__ccm_bss_end - (u32_t) &__ccm_bss_start));
#endif
#ifdef CONFIG_APPLICATION_MEMORY
memset(&__app_bss_start, 0,
((u32_t) &__app_bss_end - (u32_t) &__app_bss_start));
#endif
}
#ifdef CONFIG_XIP
/**
*
* @brief Copy the data section from ROM to RAM
*
* This routine copies the data section from ROM to RAM.
*
* @return N/A
*/
void _data_copy(void)
{
memcpy(&__data_ram_start, &__data_rom_start,
((u32_t) &__data_ram_end - (u32_t) &__data_ram_start));
#ifdef CONFIG_CCM_BASE_ADDRESS
memcpy(&__ccm_data_start, &__ccm_data_rom_start,
((u32_t) &__ccm_data_end - (u32_t) &__ccm_data_start));
#endif
#ifdef CONFIG_APP_SHARED_MEM
memcpy(&_app_smem_start, &_app_smem_rom_start,
((u32_t) &_app_smem_end - (u32_t) &_app_smem_start));
#endif
#ifdef CONFIG_APPLICATION_MEMORY
memcpy(&__app_data_ram_start, &__app_data_rom_start,
((u32_t) &__app_data_ram_end - (u32_t) &__app_data_ram_start));
#endif
}
#endif
/**
*
* @brief Mainline for kernel's background thread
*
* This routine completes kernel initialization by invoking the remaining
* init functions, then invokes application's main() routine.
*
* @return N/A
*/
static void bg_thread_main(void *unused1, void *unused2, void *unused3)
{
ARG_UNUSED(unused1);
ARG_UNUSED(unused2);
ARG_UNUSED(unused3);
_sys_device_do_config_level(_SYS_INIT_LEVEL_POST_KERNEL);
#if CONFIG_STACK_POINTER_RANDOM
z_stack_adjust_initialized = 1;
#endif
if (boot_delay > 0) {
printk("***** delaying boot " STRINGIFY(CONFIG_BOOT_DELAY)
"ms (per build configuration) *****\n");
k_busy_wait(CONFIG_BOOT_DELAY * USEC_PER_MSEC);
}
PRINT_BOOT_BANNER();
/* Final init level before app starts */
_sys_device_do_config_level(_SYS_INIT_LEVEL_APPLICATION);
#ifdef CONFIG_CPLUSPLUS
/* Process the .ctors and .init_array sections */
extern void __do_global_ctors_aux(void);
extern void __do_init_array_aux(void);
__do_global_ctors_aux();
__do_init_array_aux();
#endif
_init_static_threads();
#ifdef CONFIG_SMP
smp_init();
#endif
#ifdef CONFIG_BOOT_TIME_MEASUREMENT
/* record timestamp for kernel's _main() function */
extern u64_t __main_time_stamp;
__main_time_stamp = (u64_t)k_cycle_get_32();
#endif
extern void main(void);
main();
/* Terminate thread normally since it has no more work to do */
_main_thread->base.user_options &= ~K_ESSENTIAL;
}
void __weak main(void)
{
/* NOP default main() if the application does not provide one. */
}
#if defined(CONFIG_MULTITHREADING)
static void init_idle_thread(struct k_thread *thr, k_thread_stack_t *stack)
{
#ifdef CONFIG_SMP
thr->base.is_idle = 1;
#endif
_setup_new_thread(thr, stack,
IDLE_STACK_SIZE, idle, NULL, NULL, NULL,
K_LOWEST_THREAD_PRIO, K_ESSENTIAL);
_mark_thread_as_started(thr);
}
#endif
/**
*
* @brief Initializes kernel data structures
*
* This routine initializes various kernel data structures, including
* the init and idle threads and any architecture-specific initialization.
*
* Note that all fields of "_kernel" are set to zero on entry, which may
* be all the initialization many of them require.
*
* @return N/A
*/
#ifdef CONFIG_MULTITHREADING
static void prepare_multithreading(struct k_thread *dummy_thread)
{
#ifdef CONFIG_ARCH_HAS_CUSTOM_SWAP_TO_MAIN
ARG_UNUSED(dummy_thread);
#else
/*
* Initialize the current execution thread to permit a level of
* debugging output if an exception should happen during kernel
* initialization. However, don't waste effort initializing the
* fields of the dummy thread beyond those needed to identify it as a
* dummy thread.
*/
_current = dummy_thread;
dummy_thread->base.user_options = K_ESSENTIAL;
dummy_thread->base.thread_state = _THREAD_DUMMY;
#ifdef CONFIG_THREAD_STACK_INFO
dummy_thread->stack_info.start = 0;
dummy_thread->stack_info.size = 0;
#endif
#ifdef CONFIG_USERSPACE
dummy_thread->mem_domain_info.mem_domain = 0;
#endif
#endif
/* _kernel.ready_q is all zeroes */
_sched_init();
#ifndef CONFIG_SMP
/*
* prime the cache with the main thread since:
*
* - the cache can never be NULL
* - the main thread will be the one to run first
* - no other thread is initialized yet and thus their priority fields
* contain garbage, which would prevent the cache loading algorithm
* to work as intended
*/
_ready_q.cache = _main_thread;
#endif
_setup_new_thread(_main_thread, _main_stack,
MAIN_STACK_SIZE, bg_thread_main,
NULL, NULL, NULL,
CONFIG_MAIN_THREAD_PRIORITY, K_ESSENTIAL);
_mark_thread_as_started(_main_thread);
_ready_thread(_main_thread);
#ifdef CONFIG_MULTITHREADING
init_idle_thread(_idle_thread, _idle_stack);
_kernel.cpus[0].idle_thread = _idle_thread;
#endif
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 1
init_idle_thread(_idle_thread1, _idle_stack1);
_kernel.cpus[1].idle_thread = _idle_thread1;
_kernel.cpus[1].id = 1;
_kernel.cpus[1].irq_stack = K_THREAD_STACK_BUFFER(_interrupt_stack1)
+ CONFIG_ISR_STACK_SIZE;
#endif
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 2
init_idle_thread(_idle_thread2, _idle_stack2);
_kernel.cpus[2].idle_thread = _idle_thread2;
_kernel.cpus[2].id = 2;
_kernel.cpus[2].irq_stack = K_THREAD_STACK_BUFFER(_interrupt_stack2)
+ CONFIG_ISR_STACK_SIZE;
#endif
#if defined(CONFIG_SMP) && CONFIG_MP_NUM_CPUS > 3
init_idle_thread(_idle_thread3, _idle_stack3);
_kernel.cpus[3].idle_thread = _idle_thread3;
_kernel.cpus[3].id = 3;
_kernel.cpus[3].irq_stack = K_THREAD_STACK_BUFFER(_interrupt_stack3)
+ CONFIG_ISR_STACK_SIZE;
#endif
initialize_timeouts();
}
static void switch_to_main_thread(void)
{
#ifdef CONFIG_ARCH_HAS_CUSTOM_SWAP_TO_MAIN
_arch_switch_to_main_thread(_main_thread, _main_stack, MAIN_STACK_SIZE,
bg_thread_main);
#else
/*
* Context switch to main task (entry function is _main()): the
* current fake thread is not on a wait queue or ready queue, so it
* will never be rescheduled in.
*/
_Swap(irq_lock());
#endif
}
#endif /* CONFIG_MULTITHREDING */
u32_t z_early_boot_rand32_get(void)
{
#ifdef CONFIG_ENTROPY_HAS_DRIVER
struct device *entropy = device_get_binding(CONFIG_ENTROPY_NAME);
int rc;
u32_t retval;
if (entropy == NULL) {
goto sys_rand32_fallback;
}
/* Try to see if driver provides an ISR-specific API */
rc = entropy_get_entropy_isr(entropy, (u8_t *)&retval,
sizeof(retval), ENTROPY_BUSYWAIT);
if (rc == -ENOTSUP) {
/* Driver does not provide an ISR-specific API, assume it can
* be called from ISR context
*/
rc = entropy_get_entropy(entropy, (u8_t *)&retval,
sizeof(retval));
}
if (rc >= 0) {
return retval;
}
/* Fall through to fallback */
sys_rand32_fallback:
#endif
/* FIXME: this assumes sys_rand32_get() won't use any synchronization
* primitive, like semaphores or mutexes. It's too early in the boot
* process to use any of them. Ideally, only the path where entropy
* devices are available should be built, this is only a fallback for
* those devices without a HWRNG entropy driver.
*/
return sys_rand32_get();
}
#ifdef CONFIG_STACK_CANARIES
extern uintptr_t __stack_chk_guard;
#endif /* CONFIG_STACK_CANARIES */
/**
*
* @brief Initialize kernel
*
* This routine is invoked when the system is ready to run C code. The
* processor must be running in 32-bit mode, and the BSS must have been
* cleared/zeroed.
*
* @return Does not return
*/
FUNC_NORETURN void _Cstart(void)
{
#ifdef CONFIG_MULTITHREADING
#ifdef CONFIG_ARCH_HAS_CUSTOM_SWAP_TO_MAIN
struct k_thread *dummy_thread = NULL;
#else
/* Normally, kernel objects are not allowed on the stack, special case
* here since this is just being used to bootstrap the first _Swap()
*/
char dummy_thread_memory[sizeof(struct k_thread)];
struct k_thread *dummy_thread = (struct k_thread *)&dummy_thread_memory;
memset(dummy_thread_memory, 0, sizeof(dummy_thread_memory));
#endif
#endif
/*
* The interrupt library needs to be initialized early since a series
* of handlers are installed into the interrupt table to catch
* spurious interrupts. This must be performed before other kernel
* subsystems install bonafide handlers, or before hardware device
* drivers are initialized.
*/
_IntLibInit();
if (IS_ENABLED(CONFIG_LOG)) {
log_core_init();
}
/* perform any architecture-specific initialization */
kernel_arch_init();
/* perform basic hardware initialization */
_sys_device_do_config_level(_SYS_INIT_LEVEL_PRE_KERNEL_1);
_sys_device_do_config_level(_SYS_INIT_LEVEL_PRE_KERNEL_2);
#ifdef CONFIG_STACK_CANARIES
__stack_chk_guard = z_early_boot_rand32_get();
#endif
#ifdef CONFIG_MULTITHREADING
prepare_multithreading(dummy_thread);
switch_to_main_thread();
#else
bg_thread_main(NULL, NULL, NULL);
while (1) {
}
#endif
/*
* Compiler can't tell that the above routines won't return and issues
* a warning unless we explicitly tell it that control never gets this
* far.
*/
CODE_UNREACHABLE;
}
Reference in a new issue View git blame Copy permalink