1 /*
2 * FreeRTOS Kernel <DEVELOPMENT BRANCH>
3 * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 * Copyright 2024 Arm Limited and/or its affiliates
5 * <open-source-office@arm.com>
6 *
7 * SPDX-License-Identifier: MIT
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a copy of
10 * this software and associated documentation files (the "Software"), to deal in
11 * the Software without restriction, including without limitation the rights to
12 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
13 * the Software, and to permit persons to whom the Software is furnished to do so,
14 * subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in all
17 * copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
21 * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
22 * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
23 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
24 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 *
26 * https://www.FreeRTOS.org
27 * https://github.com/FreeRTOS
28 *
29 */
30
31 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
32 * all the API functions to use the MPU wrappers. That should only be done when
33 * task.h is included from an application file. */
34 #define MPU_WRAPPERS_INCLUDED_FROM_API_FILE
35
36 /* Scheduler includes. */
37 #include "FreeRTOS.h"
38 #include "task.h"
39
40 /* MPU includes. */
41 #include "mpu_wrappers.h"
42 #include "mpu_syscall_numbers.h"
43
44 /* Portasm includes. */
45 #include "portasm.h"
46
47 #if ( configENABLE_TRUSTZONE == 1 )
48 /* Secure components includes. */
49 #include "secure_context.h"
50 #include "secure_init.h"
51 #endif /* configENABLE_TRUSTZONE */
52
53 #undef MPU_WRAPPERS_INCLUDED_FROM_API_FILE
54
55 /**
56 * The FreeRTOS Cortex M33 port can be configured to run on the Secure Side only
57 * i.e. the processor boots as secure and never jumps to the non-secure side.
58 * The Trust Zone support in the port must be disabled in order to run FreeRTOS
59 * on the secure side. The following are the valid configuration settings:
60 *
61 * 1. Run FreeRTOS on the Secure Side:
62 * configRUN_FREERTOS_SECURE_ONLY = 1 and configENABLE_TRUSTZONE = 0
63 *
64 * 2. Run FreeRTOS on the Non-Secure Side with Secure Side function call support:
65 * configRUN_FREERTOS_SECURE_ONLY = 0 and configENABLE_TRUSTZONE = 1
66 *
67 * 3. Run FreeRTOS on the Non-Secure Side only i.e. no Secure Side function call support:
68 * configRUN_FREERTOS_SECURE_ONLY = 0 and configENABLE_TRUSTZONE = 0
69 */
70 #if ( ( configRUN_FREERTOS_SECURE_ONLY == 1 ) && ( configENABLE_TRUSTZONE == 1 ) )
71 #error TrustZone needs to be disabled in order to run FreeRTOS on the Secure Side.
72 #endif
73
74 /**
75 * Cortex-M23 does not have non-secure PSPLIM. We should use PSPLIM on Cortex-M23
76 * only when FreeRTOS runs on secure side.
77 */
78 #if ( ( portHAS_ARMV8M_MAIN_EXTENSION == 0 ) && ( configRUN_FREERTOS_SECURE_ONLY == 0 ) )
79 #define portUSE_PSPLIM_REGISTER 0
80 #else
81 #define portUSE_PSPLIM_REGISTER 1
82 #endif
83 /*-----------------------------------------------------------*/
84
85 /**
86 * @brief Prototype of all Interrupt Service Routines (ISRs).
87 */
88 typedef void ( * portISR_t )( void );
89 /*-----------------------------------------------------------*/
90
91 /**
92 * @brief Constants required to manipulate the NVIC.
93 */
94 #define portNVIC_SYSTICK_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000e010 ) )
95 #define portNVIC_SYSTICK_LOAD_REG ( *( ( volatile uint32_t * ) 0xe000e014 ) )
96 #define portNVIC_SYSTICK_CURRENT_VALUE_REG ( *( ( volatile uint32_t * ) 0xe000e018 ) )
97 #define portNVIC_SHPR3_REG ( *( ( volatile uint32_t * ) 0xe000ed20 ) )
98 #define portNVIC_SYSTICK_ENABLE_BIT ( 1UL << 0UL )
99 #define portNVIC_SYSTICK_INT_BIT ( 1UL << 1UL )
100 #define portNVIC_SYSTICK_CLK_BIT ( 1UL << 2UL )
101 #define portNVIC_SYSTICK_COUNT_FLAG_BIT ( 1UL << 16UL )
102 #define portNVIC_PEND_SYSTICK_CLEAR_BIT ( 1UL << 25UL )
103 #define portNVIC_PEND_SYSTICK_SET_BIT ( 1UL << 26UL )
104 #define portMIN_INTERRUPT_PRIORITY ( 255UL )
105 #define portNVIC_PENDSV_PRI ( portMIN_INTERRUPT_PRIORITY << 16UL )
106 #define portNVIC_SYSTICK_PRI ( portMIN_INTERRUPT_PRIORITY << 24UL )
107 /*-----------------------------------------------------------*/
108
109 /**
110 * @brief Constants required to manipulate the SCB.
111 */
112 #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
113 #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
114 #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
115 #define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
116 /*-----------------------------------------------------------*/
117
118 /**
119 * @brief Constants used to check the installation of the FreeRTOS interrupt handlers.
120 */
121 #define portVECTOR_INDEX_SVC ( 11 )
122 #define portVECTOR_INDEX_PENDSV ( 14 )
123 /*-----------------------------------------------------------*/
124
125 /**
126 * @brief Constants required to check the validity of an interrupt priority.
127 */
128 #define portNVIC_SHPR2_REG ( *( ( volatile uint32_t * ) 0xE000ED1C ) )
129 #define portFIRST_USER_INTERRUPT_NUMBER ( 16 )
130 #define portNVIC_IP_REGISTERS_OFFSET_16 ( 0xE000E3F0 )
131 #define portAIRCR_REG ( *( ( volatile uint32_t * ) 0xE000ED0C ) )
132 #define portTOP_BIT_OF_BYTE ( ( uint8_t ) 0x80 )
133 #define portMAX_PRIGROUP_BITS ( ( uint8_t ) 7 )
134 #define portPRIORITY_GROUP_MASK ( 0x07UL << 8UL )
135 #define portPRIGROUP_SHIFT ( 8UL )
136 /*-----------------------------------------------------------*/
137
138 /**
139 * @brief Constants used during system call enter and exit.
140 */
141 #define portPSR_STACK_PADDING_MASK ( 1UL << 9UL )
142 #define portEXC_RETURN_STACK_FRAME_TYPE_MASK ( 1UL << 4UL )
143 /*-----------------------------------------------------------*/
144
145 /**
146 * @brief Constants required to manipulate the FPU.
147 */
148 #define portCPACR ( ( volatile uint32_t * ) 0xe000ed88 ) /* Coprocessor Access Control Register. */
149 #define portCPACR_CP10_VALUE ( 3UL )
150 #define portCPACR_CP11_VALUE portCPACR_CP10_VALUE
151 #define portCPACR_CP10_POS ( 20UL )
152 #define portCPACR_CP11_POS ( 22UL )
153
154 #define portFPCCR ( ( volatile uint32_t * ) 0xe000ef34 ) /* Floating Point Context Control Register. */
155 #define portFPCCR_ASPEN_POS ( 31UL )
156 #define portFPCCR_ASPEN_MASK ( 1UL << portFPCCR_ASPEN_POS )
157 #define portFPCCR_LSPEN_POS ( 30UL )
158 #define portFPCCR_LSPEN_MASK ( 1UL << portFPCCR_LSPEN_POS )
159 /*-----------------------------------------------------------*/
160
161 /**
162 * @brief Offsets in the stack to the parameters when inside the SVC handler.
163 */
164 #define portOFFSET_TO_LR ( 5 )
165 #define portOFFSET_TO_PC ( 6 )
166 #define portOFFSET_TO_PSR ( 7 )
167 /*-----------------------------------------------------------*/
168
169 /**
170 * @brief Constants required to manipulate the MPU.
171 */
172 #define portMPU_TYPE_REG ( *( ( volatile uint32_t * ) 0xe000ed90 ) )
173 #define portMPU_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000ed94 ) )
174 #define portMPU_RNR_REG ( *( ( volatile uint32_t * ) 0xe000ed98 ) )
175
176 #define portMPU_RBAR_REG ( *( ( volatile uint32_t * ) 0xe000ed9c ) )
177 #define portMPU_RLAR_REG ( *( ( volatile uint32_t * ) 0xe000eda0 ) )
178
179 #define portMPU_RBAR_A1_REG ( *( ( volatile uint32_t * ) 0xe000eda4 ) )
180 #define portMPU_RLAR_A1_REG ( *( ( volatile uint32_t * ) 0xe000eda8 ) )
181
182 #define portMPU_RBAR_A2_REG ( *( ( volatile uint32_t * ) 0xe000edac ) )
183 #define portMPU_RLAR_A2_REG ( *( ( volatile uint32_t * ) 0xe000edb0 ) )
184
185 #define portMPU_RBAR_A3_REG ( *( ( volatile uint32_t * ) 0xe000edb4 ) )
186 #define portMPU_RLAR_A3_REG ( *( ( volatile uint32_t * ) 0xe000edb8 ) )
187
188 #define portMPU_MAIR0_REG ( *( ( volatile uint32_t * ) 0xe000edc0 ) )
189 #define portMPU_MAIR1_REG ( *( ( volatile uint32_t * ) 0xe000edc4 ) )
190
191 #define portMPU_RBAR_ADDRESS_MASK ( 0xffffffe0 ) /* Must be 32-byte aligned. */
192 #define portMPU_RLAR_ADDRESS_MASK ( 0xffffffe0 ) /* Must be 32-byte aligned. */
193
194 #define portMPU_RBAR_ACCESS_PERMISSIONS_MASK ( 3UL << 1UL )
195
196 #define portMPU_MAIR_ATTR0_POS ( 0UL )
197 #define portMPU_MAIR_ATTR0_MASK ( 0x000000ff )
198
199 #define portMPU_MAIR_ATTR1_POS ( 8UL )
200 #define portMPU_MAIR_ATTR1_MASK ( 0x0000ff00 )
201
202 #define portMPU_MAIR_ATTR2_POS ( 16UL )
203 #define portMPU_MAIR_ATTR2_MASK ( 0x00ff0000 )
204
205 #define portMPU_MAIR_ATTR3_POS ( 24UL )
206 #define portMPU_MAIR_ATTR3_MASK ( 0xff000000 )
207
208 #define portMPU_MAIR_ATTR4_POS ( 0UL )
209 #define portMPU_MAIR_ATTR4_MASK ( 0x000000ff )
210
211 #define portMPU_MAIR_ATTR5_POS ( 8UL )
212 #define portMPU_MAIR_ATTR5_MASK ( 0x0000ff00 )
213
214 #define portMPU_MAIR_ATTR6_POS ( 16UL )
215 #define portMPU_MAIR_ATTR6_MASK ( 0x00ff0000 )
216
217 #define portMPU_MAIR_ATTR7_POS ( 24UL )
218 #define portMPU_MAIR_ATTR7_MASK ( 0xff000000 )
219
220 #define portMPU_RLAR_ATTR_INDEX0 ( 0UL << 1UL )
221 #define portMPU_RLAR_ATTR_INDEX1 ( 1UL << 1UL )
222 #define portMPU_RLAR_ATTR_INDEX2 ( 2UL << 1UL )
223 #define portMPU_RLAR_ATTR_INDEX3 ( 3UL << 1UL )
224 #define portMPU_RLAR_ATTR_INDEX4 ( 4UL << 1UL )
225 #define portMPU_RLAR_ATTR_INDEX5 ( 5UL << 1UL )
226 #define portMPU_RLAR_ATTR_INDEX6 ( 6UL << 1UL )
227 #define portMPU_RLAR_ATTR_INDEX7 ( 7UL << 1UL )
228
229 #define portMPU_RLAR_REGION_ENABLE ( 1UL )
230
231 #if ( portARMV8M_MINOR_VERSION >= 1 )
232
233 /* Enable Privileged eXecute Never MPU attribute for the selected memory
234 * region. */
235 #define portMPU_RLAR_PRIVILEGED_EXECUTE_NEVER ( 1UL << 4UL )
236 #endif /* portARMV8M_MINOR_VERSION >= 1 */
237
238 /* Enable privileged access to unmapped region. */
239 #define portMPU_PRIV_BACKGROUND_ENABLE_BIT ( 1UL << 2UL )
240
241 /* Enable MPU. */
242 #define portMPU_ENABLE_BIT ( 1UL << 0UL )
243
244 /* Extract first address of the MPU region as encoded in the
245 * RBAR (Region Base Address Register) value. */
246 #define portEXTRACT_FIRST_ADDRESS_FROM_RBAR( rbar ) \
247 ( ( rbar ) & portMPU_RBAR_ADDRESS_MASK )
248
249 /* Extract last address of the MPU region as encoded in the
250 * RLAR (Region Limit Address Register) value. */
251 #define portEXTRACT_LAST_ADDRESS_FROM_RLAR( rlar ) \
252 ( ( ( rlar ) & portMPU_RLAR_ADDRESS_MASK ) | ~portMPU_RLAR_ADDRESS_MASK )
253
254 /* Does addr lies within [start, end] address range? */
255 #define portIS_ADDRESS_WITHIN_RANGE( addr, start, end ) \
256 ( ( ( addr ) >= ( start ) ) && ( ( addr ) <= ( end ) ) )
257
258 /* Is the access request satisfied by the available permissions? */
259 #define portIS_AUTHORIZED( accessRequest, permissions ) \
260 ( ( ( permissions ) & ( accessRequest ) ) == accessRequest )
261
262 /* Max value that fits in a uint32_t type. */
263 #define portUINT32_MAX ( ~( ( uint32_t ) 0 ) )
264
265 /* Check if adding a and b will result in overflow. */
266 #define portADD_UINT32_WILL_OVERFLOW( a, b ) ( ( a ) > ( portUINT32_MAX - ( b ) ) )
267 /*-----------------------------------------------------------*/
268
269 /**
270 * @brief The maximum 24-bit number.
271 *
272 * It is needed because the systick is a 24-bit counter.
273 */
274 #define portMAX_24_BIT_NUMBER ( 0xffffffUL )
275
276 /**
277 * @brief A fiddle factor to estimate the number of SysTick counts that would
278 * have occurred while the SysTick counter is stopped during tickless idle
279 * calculations.
280 */
281 #define portMISSED_COUNTS_FACTOR ( 94UL )
282 /*-----------------------------------------------------------*/
283
284 /**
285 * @brief Constants required to set up the initial stack.
286 */
287 #define portINITIAL_XPSR ( 0x01000000 )
288
289 #if ( configRUN_FREERTOS_SECURE_ONLY == 1 )
290
291 /**
292 * @brief Initial EXC_RETURN value.
293 *
294 * FF FF FF FD
295 * 1111 1111 1111 1111 1111 1111 1111 1101
296 *
297 * Bit[6] - 1 --> The exception was taken from the Secure state.
298 * Bit[5] - 1 --> Do not skip stacking of additional state context.
299 * Bit[4] - 1 --> The PE did not allocate space on the stack for FP context.
300 * Bit[3] - 1 --> Return to the Thread mode.
301 * Bit[2] - 1 --> Restore registers from the process stack.
302 * Bit[1] - 0 --> Reserved, 0.
303 * Bit[0] - 1 --> The exception was taken to the Secure state.
304 */
305 #define portINITIAL_EXC_RETURN ( 0xfffffffd )
306 #else
307
308 /**
309 * @brief Initial EXC_RETURN value.
310 *
311 * FF FF FF BC
312 * 1111 1111 1111 1111 1111 1111 1011 1100
313 *
314 * Bit[6] - 0 --> The exception was taken from the Non-Secure state.
315 * Bit[5] - 1 --> Do not skip stacking of additional state context.
316 * Bit[4] - 1 --> The PE did not allocate space on the stack for FP context.
317 * Bit[3] - 1 --> Return to the Thread mode.
318 * Bit[2] - 1 --> Restore registers from the process stack.
319 * Bit[1] - 0 --> Reserved, 0.
320 * Bit[0] - 0 --> The exception was taken to the Non-Secure state.
321 */
322 #define portINITIAL_EXC_RETURN ( 0xffffffbc )
323 #endif /* configRUN_FREERTOS_SECURE_ONLY */
324
325 /**
326 * @brief CONTROL register privileged bit mask.
327 *
328 * Bit[0] in CONTROL register tells the privilege:
329 * Bit[0] = 0 ==> The task is privileged.
330 * Bit[0] = 1 ==> The task is not privileged.
331 */
332 #define portCONTROL_PRIVILEGED_MASK ( 1UL << 0UL )
333
334 /**
335 * @brief Initial CONTROL register values.
336 */
337 #define portINITIAL_CONTROL_UNPRIVILEGED ( 0x3 )
338 #define portINITIAL_CONTROL_PRIVILEGED ( 0x2 )
339
340 /**
341 * @brief Let the user override the default SysTick clock rate. If defined by the
342 * user, this symbol must equal the SysTick clock rate when the CLK bit is 0 in the
343 * configuration register.
344 */
345 #ifndef configSYSTICK_CLOCK_HZ
346 #define configSYSTICK_CLOCK_HZ ( configCPU_CLOCK_HZ )
347 /* Ensure the SysTick is clocked at the same frequency as the core. */
348 #define portNVIC_SYSTICK_CLK_BIT_CONFIG ( portNVIC_SYSTICK_CLK_BIT )
349 #else
350 /* Select the option to clock SysTick not at the same frequency as the core. */
351 #define portNVIC_SYSTICK_CLK_BIT_CONFIG ( 0 )
352 #endif
353
354 /**
355 * @brief Let the user override the pre-loading of the initial LR with the
356 * address of prvTaskExitError() in case it messes up unwinding of the stack
357 * in the debugger.
358 */
359 #ifdef configTASK_RETURN_ADDRESS
360 #define portTASK_RETURN_ADDRESS configTASK_RETURN_ADDRESS
361 #else
362 #define portTASK_RETURN_ADDRESS prvTaskExitError
363 #endif
364
365 /**
366 * @brief If portPRELOAD_REGISTERS then registers will be given an initial value
367 * when a task is created. This helps in debugging at the cost of code size.
368 */
369 #define portPRELOAD_REGISTERS 1
370
371 /**
372 * @brief A task is created without a secure context, and must call
373 * portALLOCATE_SECURE_CONTEXT() to give itself a secure context before it makes
374 * any secure calls.
375 */
376 #define portNO_SECURE_CONTEXT 0
377
378 /**
379 * @brief Constants required to check and configure PACBTI security feature implementation.
380 */
381 #if ( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
382
383 #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
384
385 #define portCONTROL_UPAC_EN ( 1UL << 7UL )
386 #define portCONTROL_PAC_EN ( 1UL << 6UL )
387 #define portCONTROL_UBTI_EN ( 1UL << 5UL )
388 #define portCONTROL_BTI_EN ( 1UL << 4UL )
389
390 #endif /* configENABLE_PAC == 1 || configENABLE_BTI == 1 */
391 /*-----------------------------------------------------------*/
392
393 /**
394 * @brief Used to catch tasks that attempt to return from their implementing
395 * function.
396 */
397 static void prvTaskExitError( void );
398
399 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
400
401 /**
402 * @brief Extract MPU region's access permissions from the Region Base Address
403 * Register (RBAR) value.
404 *
405 * @param ulRBARValue RBAR value for the MPU region.
406 *
407 * @return uint32_t Access permissions.
408 */
409 static uint32_t prvGetRegionAccessPermissions( uint32_t ulRBARValue ) PRIVILEGED_FUNCTION;
410 #endif /* configENABLE_MPU == 1 && configUSE_MPU_WRAPPERS_V1 == 0 */
411
412 #if ( configENABLE_MPU == 1 )
413
414 /**
415 * @brief Setup the Memory Protection Unit (MPU).
416 */
417 static void prvSetupMPU( void ) PRIVILEGED_FUNCTION;
418 #endif /* configENABLE_MPU */
419
420 #if ( configENABLE_FPU == 1 )
421
422 /**
423 * @brief Setup the Floating Point Unit (FPU).
424 */
425 static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
426 #endif /* configENABLE_FPU */
427
428 #if ( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
429
430 /**
431 * @brief Configures PACBTI features.
432 *
433 * This function configures the Pointer Authentication, and Branch Target
434 * Identification security features as per the user configuration. It returns
435 * the value of the special purpose CONTROL register accordingly, and optionally
436 * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
437 * architecture based) target supports PACBTI security feature.
438 *
439 * @param xWriteControlRegister Used to control whether the special purpose
440 * CONTROL register should be updated or not.
441 *
442 * @return CONTROL register value according to the configured PACBTI option.
443 */
444 static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
445
446 #endif /* configENABLE_PAC == 1 || configENABLE_BTI == 1 */
447
448 /**
449 * @brief Setup the timer to generate the tick interrupts.
450 *
451 * The implementation in this file is weak to allow application writers to
452 * change the timer used to generate the tick interrupt.
453 */
454 void vPortSetupTimerInterrupt( void ) PRIVILEGED_FUNCTION;
455
456 /**
457 * @brief Checks whether the current execution context is interrupt.
458 *
459 * @return pdTRUE if the current execution context is interrupt, pdFALSE
460 * otherwise.
461 */
462 BaseType_t xPortIsInsideInterrupt( void );
463
464 /**
465 * @brief Yield the processor.
466 */
467 void vPortYield( void ) PRIVILEGED_FUNCTION;
468
469 /**
470 * @brief Enter critical section.
471 */
472 void vPortEnterCritical( void ) PRIVILEGED_FUNCTION;
473
474 /**
475 * @brief Exit from critical section.
476 */
477 void vPortExitCritical( void ) PRIVILEGED_FUNCTION;
478
479 /**
480 * @brief SysTick handler.
481 */
482 void SysTick_Handler( void ) PRIVILEGED_FUNCTION;
483
484 /**
485 * @brief C part of SVC handler.
486 */
487 portDONT_DISCARD void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) PRIVILEGED_FUNCTION;
488
489 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
490
491 /**
492 * @brief Sets up the system call stack so that upon returning from
493 * SVC, the system call stack is used.
494 *
495 * @param pulTaskStack The current SP when the SVC was raised.
496 * @param ulLR The value of Link Register (EXC_RETURN) in the SVC handler.
497 * @param ucSystemCallNumber The system call number of the system call.
498 */
499 void vSystemCallEnter( uint32_t * pulTaskStack,
500 uint32_t ulLR,
501 uint8_t ucSystemCallNumber ) PRIVILEGED_FUNCTION;
502
503 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
504
505 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
506
507 /**
508 * @brief Raise SVC for exiting from a system call.
509 */
510 void vRequestSystemCallExit( void ) __attribute__( ( naked ) ) PRIVILEGED_FUNCTION;
511
512 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
513
514 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
515
516 /**
517 * @brief Sets up the task stack so that upon returning from
518 * SVC, the task stack is used again.
519 *
520 * @param pulSystemCallStack The current SP when the SVC was raised.
521 * @param ulLR The value of Link Register (EXC_RETURN) in the SVC handler.
522 */
523 void vSystemCallExit( uint32_t * pulSystemCallStack,
524 uint32_t ulLR ) PRIVILEGED_FUNCTION;
525
526 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
527
528 #if ( configENABLE_MPU == 1 )
529
530 /**
531 * @brief Checks whether or not the calling task is privileged.
532 *
533 * @return pdTRUE if the calling task is privileged, pdFALSE otherwise.
534 */
535 BaseType_t xPortIsTaskPrivileged( void ) PRIVILEGED_FUNCTION;
536
537 #endif /* configENABLE_MPU == 1 */
538 /*-----------------------------------------------------------*/
539
540 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
541
542 /**
543 * @brief This variable is set to pdTRUE when the scheduler is started.
544 */
545 PRIVILEGED_DATA static BaseType_t xSchedulerRunning = pdFALSE;
546
547 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
548
549 /**
550 * @brief Each task maintains its own interrupt status in the critical nesting
551 * variable.
552 */
553 PRIVILEGED_DATA static volatile uint32_t ulCriticalNesting = 0xaaaaaaaaUL;
554
555 #if ( configENABLE_TRUSTZONE == 1 )
556
557 /**
558 * @brief Saved as part of the task context to indicate which context the
559 * task is using on the secure side.
560 */
561 PRIVILEGED_DATA portDONT_DISCARD volatile SecureContextHandle_t xSecureContext = portNO_SECURE_CONTEXT;
562 #endif /* configENABLE_TRUSTZONE */
563
564 /**
565 * @brief Used by the portASSERT_IF_INTERRUPT_PRIORITY_INVALID() macro to ensure
566 * FreeRTOS API functions are not called from interrupts that have been assigned
567 * a priority above configMAX_SYSCALL_INTERRUPT_PRIORITY.
568 */
569 #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) )
570
571 static uint8_t ucMaxSysCallPriority = 0;
572 static uint32_t ulMaxPRIGROUPValue = 0;
573 static const volatile uint8_t * const pcInterruptPriorityRegisters = ( const volatile uint8_t * ) portNVIC_IP_REGISTERS_OFFSET_16;
574
575 #endif /* #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) ) */
576
577 #if ( configUSE_TICKLESS_IDLE == 1 )
578
579 /**
580 * @brief The number of SysTick increments that make up one tick period.
581 */
582 PRIVILEGED_DATA static uint32_t ulTimerCountsForOneTick = 0;
583
584 /**
585 * @brief The maximum number of tick periods that can be suppressed is
586 * limited by the 24 bit resolution of the SysTick timer.
587 */
588 PRIVILEGED_DATA static uint32_t xMaximumPossibleSuppressedTicks = 0;
589
590 /**
591 * @brief Compensate for the CPU cycles that pass while the SysTick is
592 * stopped (low power functionality only).
593 */
594 PRIVILEGED_DATA static uint32_t ulStoppedTimerCompensation = 0;
595 #endif /* configUSE_TICKLESS_IDLE */
596 /*-----------------------------------------------------------*/
597
598 #if ( configUSE_TICKLESS_IDLE == 1 )
599
vPortSuppressTicksAndSleep(TickType_t xExpectedIdleTime)600 __attribute__( ( weak ) ) void vPortSuppressTicksAndSleep( TickType_t xExpectedIdleTime )
601 {
602 uint32_t ulReloadValue, ulCompleteTickPeriods, ulCompletedSysTickDecrements, ulSysTickDecrementsLeft;
603 TickType_t xModifiableIdleTime;
604
605 /* Make sure the SysTick reload value does not overflow the counter. */
606 if( xExpectedIdleTime > xMaximumPossibleSuppressedTicks )
607 {
608 xExpectedIdleTime = xMaximumPossibleSuppressedTicks;
609 }
610
611 /* Enter a critical section but don't use the taskENTER_CRITICAL()
612 * method as that will mask interrupts that should exit sleep mode. */
613 __asm volatile ( "cpsid i" ::: "memory" );
614 __asm volatile ( "dsb" );
615 __asm volatile ( "isb" );
616
617 /* If a context switch is pending or a task is waiting for the scheduler
618 * to be unsuspended then abandon the low power entry. */
619 if( eTaskConfirmSleepModeStatus() == eAbortSleep )
620 {
621 /* Re-enable interrupts - see comments above the cpsid instruction
622 * above. */
623 __asm volatile ( "cpsie i" ::: "memory" );
624 }
625 else
626 {
627 /* Stop the SysTick momentarily. The time the SysTick is stopped for
628 * is accounted for as best it can be, but using the tickless mode will
629 * inevitably result in some tiny drift of the time maintained by the
630 * kernel with respect to calendar time. */
631 portNVIC_SYSTICK_CTRL_REG = ( portNVIC_SYSTICK_CLK_BIT_CONFIG | portNVIC_SYSTICK_INT_BIT );
632
633 /* Use the SysTick current-value register to determine the number of
634 * SysTick decrements remaining until the next tick interrupt. If the
635 * current-value register is zero, then there are actually
636 * ulTimerCountsForOneTick decrements remaining, not zero, because the
637 * SysTick requests the interrupt when decrementing from 1 to 0. */
638 ulSysTickDecrementsLeft = portNVIC_SYSTICK_CURRENT_VALUE_REG;
639
640 if( ulSysTickDecrementsLeft == 0 )
641 {
642 ulSysTickDecrementsLeft = ulTimerCountsForOneTick;
643 }
644
645 /* Calculate the reload value required to wait xExpectedIdleTime
646 * tick periods. -1 is used because this code normally executes part
647 * way through the first tick period. But if the SysTick IRQ is now
648 * pending, then clear the IRQ, suppressing the first tick, and correct
649 * the reload value to reflect that the second tick period is already
650 * underway. The expected idle time is always at least two ticks. */
651 ulReloadValue = ulSysTickDecrementsLeft + ( ulTimerCountsForOneTick * ( xExpectedIdleTime - 1UL ) );
652
653 if( ( portNVIC_INT_CTRL_REG & portNVIC_PEND_SYSTICK_SET_BIT ) != 0 )
654 {
655 portNVIC_INT_CTRL_REG = portNVIC_PEND_SYSTICK_CLEAR_BIT;
656 ulReloadValue -= ulTimerCountsForOneTick;
657 }
658
659 if( ulReloadValue > ulStoppedTimerCompensation )
660 {
661 ulReloadValue -= ulStoppedTimerCompensation;
662 }
663
664 /* Set the new reload value. */
665 portNVIC_SYSTICK_LOAD_REG = ulReloadValue;
666
667 /* Clear the SysTick count flag and set the count value back to
668 * zero. */
669 portNVIC_SYSTICK_CURRENT_VALUE_REG = 0UL;
670
671 /* Restart SysTick. */
672 portNVIC_SYSTICK_CTRL_REG |= portNVIC_SYSTICK_ENABLE_BIT;
673
674 /* Sleep until something happens. configPRE_SLEEP_PROCESSING() can
675 * set its parameter to 0 to indicate that its implementation contains
676 * its own wait for interrupt or wait for event instruction, and so wfi
677 * should not be executed again. However, the original expected idle
678 * time variable must remain unmodified, so a copy is taken. */
679 xModifiableIdleTime = xExpectedIdleTime;
680 configPRE_SLEEP_PROCESSING( xModifiableIdleTime );
681
682 if( xModifiableIdleTime > 0 )
683 {
684 __asm volatile ( "dsb" ::: "memory" );
685 __asm volatile ( "wfi" );
686 __asm volatile ( "isb" );
687 }
688
689 configPOST_SLEEP_PROCESSING( xExpectedIdleTime );
690
691 /* Re-enable interrupts to allow the interrupt that brought the MCU
692 * out of sleep mode to execute immediately. See comments above
693 * the cpsid instruction above. */
694 __asm volatile ( "cpsie i" ::: "memory" );
695 __asm volatile ( "dsb" );
696 __asm volatile ( "isb" );
697
698 /* Disable interrupts again because the clock is about to be stopped
699 * and interrupts that execute while the clock is stopped will increase
700 * any slippage between the time maintained by the RTOS and calendar
701 * time. */
702 __asm volatile ( "cpsid i" ::: "memory" );
703 __asm volatile ( "dsb" );
704 __asm volatile ( "isb" );
705
706 /* Disable the SysTick clock without reading the
707 * portNVIC_SYSTICK_CTRL_REG register to ensure the
708 * portNVIC_SYSTICK_COUNT_FLAG_BIT is not cleared if it is set. Again,
709 * the time the SysTick is stopped for is accounted for as best it can
710 * be, but using the tickless mode will inevitably result in some tiny
711 * drift of the time maintained by the kernel with respect to calendar
712 * time*/
713 portNVIC_SYSTICK_CTRL_REG = ( portNVIC_SYSTICK_CLK_BIT_CONFIG | portNVIC_SYSTICK_INT_BIT );
714
715 /* Determine whether the SysTick has already counted to zero. */
716 if( ( portNVIC_SYSTICK_CTRL_REG & portNVIC_SYSTICK_COUNT_FLAG_BIT ) != 0 )
717 {
718 uint32_t ulCalculatedLoadValue;
719
720 /* The tick interrupt ended the sleep (or is now pending), and
721 * a new tick period has started. Reset portNVIC_SYSTICK_LOAD_REG
722 * with whatever remains of the new tick period. */
723 ulCalculatedLoadValue = ( ulTimerCountsForOneTick - 1UL ) - ( ulReloadValue - portNVIC_SYSTICK_CURRENT_VALUE_REG );
724
725 /* Don't allow a tiny value, or values that have somehow
726 * underflowed because the post sleep hook did something
727 * that took too long or because the SysTick current-value register
728 * is zero. */
729 if( ( ulCalculatedLoadValue <= ulStoppedTimerCompensation ) || ( ulCalculatedLoadValue > ulTimerCountsForOneTick ) )
730 {
731 ulCalculatedLoadValue = ( ulTimerCountsForOneTick - 1UL );
732 }
733
734 portNVIC_SYSTICK_LOAD_REG = ulCalculatedLoadValue;
735
736 /* As the pending tick will be processed as soon as this
737 * function exits, the tick value maintained by the tick is stepped
738 * forward by one less than the time spent waiting. */
739 ulCompleteTickPeriods = xExpectedIdleTime - 1UL;
740 }
741 else
742 {
743 /* Something other than the tick interrupt ended the sleep. */
744
745 /* Use the SysTick current-value register to determine the
746 * number of SysTick decrements remaining until the expected idle
747 * time would have ended. */
748 ulSysTickDecrementsLeft = portNVIC_SYSTICK_CURRENT_VALUE_REG;
749 #if ( portNVIC_SYSTICK_CLK_BIT_CONFIG != portNVIC_SYSTICK_CLK_BIT )
750 {
751 /* If the SysTick is not using the core clock, the current-
752 * value register might still be zero here. In that case, the
753 * SysTick didn't load from the reload register, and there are
754 * ulReloadValue decrements remaining in the expected idle
755 * time, not zero. */
756 if( ulSysTickDecrementsLeft == 0 )
757 {
758 ulSysTickDecrementsLeft = ulReloadValue;
759 }
760 }
761 #endif /* portNVIC_SYSTICK_CLK_BIT_CONFIG */
762
763 /* Work out how long the sleep lasted rounded to complete tick
764 * periods (not the ulReload value which accounted for part
765 * ticks). */
766 ulCompletedSysTickDecrements = ( xExpectedIdleTime * ulTimerCountsForOneTick ) - ulSysTickDecrementsLeft;
767
768 /* How many complete tick periods passed while the processor
769 * was waiting? */
770 ulCompleteTickPeriods = ulCompletedSysTickDecrements / ulTimerCountsForOneTick;
771
772 /* The reload value is set to whatever fraction of a single tick
773 * period remains. */
774 portNVIC_SYSTICK_LOAD_REG = ( ( ulCompleteTickPeriods + 1UL ) * ulTimerCountsForOneTick ) - ulCompletedSysTickDecrements;
775 }
776
777 /* Restart SysTick so it runs from portNVIC_SYSTICK_LOAD_REG again,
778 * then set portNVIC_SYSTICK_LOAD_REG back to its standard value. If
779 * the SysTick is not using the core clock, temporarily configure it to
780 * use the core clock. This configuration forces the SysTick to load
781 * from portNVIC_SYSTICK_LOAD_REG immediately instead of at the next
782 * cycle of the other clock. Then portNVIC_SYSTICK_LOAD_REG is ready
783 * to receive the standard value immediately. */
784 portNVIC_SYSTICK_CURRENT_VALUE_REG = 0UL;
785 portNVIC_SYSTICK_CTRL_REG = portNVIC_SYSTICK_CLK_BIT | portNVIC_SYSTICK_INT_BIT | portNVIC_SYSTICK_ENABLE_BIT;
786 #if ( portNVIC_SYSTICK_CLK_BIT_CONFIG == portNVIC_SYSTICK_CLK_BIT )
787 {
788 portNVIC_SYSTICK_LOAD_REG = ulTimerCountsForOneTick - 1UL;
789 }
790 #else
791 {
792 /* The temporary usage of the core clock has served its purpose,
793 * as described above. Resume usage of the other clock. */
794 portNVIC_SYSTICK_CTRL_REG = portNVIC_SYSTICK_CLK_BIT | portNVIC_SYSTICK_INT_BIT;
795
796 if( ( portNVIC_SYSTICK_CTRL_REG & portNVIC_SYSTICK_COUNT_FLAG_BIT ) != 0 )
797 {
798 /* The partial tick period already ended. Be sure the SysTick
799 * counts it only once. */
800 portNVIC_SYSTICK_CURRENT_VALUE_REG = 0;
801 }
802
803 portNVIC_SYSTICK_LOAD_REG = ulTimerCountsForOneTick - 1UL;
804 portNVIC_SYSTICK_CTRL_REG = portNVIC_SYSTICK_CLK_BIT_CONFIG | portNVIC_SYSTICK_INT_BIT | portNVIC_SYSTICK_ENABLE_BIT;
805 }
806 #endif /* portNVIC_SYSTICK_CLK_BIT_CONFIG */
807
808 /* Step the tick to account for any tick periods that elapsed. */
809 vTaskStepTick( ulCompleteTickPeriods );
810
811 /* Exit with interrupts enabled. */
812 __asm volatile ( "cpsie i" ::: "memory" );
813 }
814 }
815
816 #endif /* configUSE_TICKLESS_IDLE */
817 /*-----------------------------------------------------------*/
818
vPortSetupTimerInterrupt(void)819 __attribute__( ( weak ) ) void vPortSetupTimerInterrupt( void ) /* PRIVILEGED_FUNCTION */
820 {
821 /* Calculate the constants required to configure the tick interrupt. */
822 #if ( configUSE_TICKLESS_IDLE == 1 )
823 {
824 ulTimerCountsForOneTick = ( configSYSTICK_CLOCK_HZ / configTICK_RATE_HZ );
825 xMaximumPossibleSuppressedTicks = portMAX_24_BIT_NUMBER / ulTimerCountsForOneTick;
826 ulStoppedTimerCompensation = portMISSED_COUNTS_FACTOR / ( configCPU_CLOCK_HZ / configSYSTICK_CLOCK_HZ );
827 }
828 #endif /* configUSE_TICKLESS_IDLE */
829
830 /* Stop and reset SysTick.
831 *
832 * QEMU versions older than 7.0.0 contain a bug which causes an error if we
833 * enable SysTick without first selecting a valid clock source. We trigger
834 * the bug if we change clock sources from a clock with a zero clock period
835 * to one with a nonzero clock period and enable Systick at the same time.
836 * So we configure the CLKSOURCE bit here, prior to setting the ENABLE bit.
837 * This workaround avoids the bug in QEMU versions older than 7.0.0. */
838 portNVIC_SYSTICK_CTRL_REG = portNVIC_SYSTICK_CLK_BIT_CONFIG;
839 portNVIC_SYSTICK_CURRENT_VALUE_REG = 0UL;
840
841 /* Configure SysTick to interrupt at the requested rate. */
842 portNVIC_SYSTICK_LOAD_REG = ( configSYSTICK_CLOCK_HZ / configTICK_RATE_HZ ) - 1UL;
843 portNVIC_SYSTICK_CTRL_REG = portNVIC_SYSTICK_CLK_BIT_CONFIG | portNVIC_SYSTICK_INT_BIT | portNVIC_SYSTICK_ENABLE_BIT;
844 }
845 /*-----------------------------------------------------------*/
846
prvTaskExitError(void)847 static void prvTaskExitError( void )
848 {
849 volatile uint32_t ulDummy = 0UL;
850
851 /* A function that implements a task must not exit or attempt to return to
852 * its caller as there is nothing to return to. If a task wants to exit it
853 * should instead call vTaskDelete( NULL ). Artificially force an assert()
854 * to be triggered if configASSERT() is defined, then stop here so
855 * application writers can catch the error. */
856 configASSERT( ulCriticalNesting == ~0UL );
857 portDISABLE_INTERRUPTS();
858
859 while( ulDummy == 0 )
860 {
861 /* This file calls prvTaskExitError() after the scheduler has been
862 * started to remove a compiler warning about the function being
863 * defined but never called. ulDummy is used purely to quieten other
864 * warnings about code appearing after this function is called - making
865 * ulDummy volatile makes the compiler think the function could return
866 * and therefore not output an 'unreachable code' warning for code that
867 * appears after it. */
868 }
869 }
870 /*-----------------------------------------------------------*/
871
872 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
873
prvGetRegionAccessPermissions(uint32_t ulRBARValue)874 static uint32_t prvGetRegionAccessPermissions( uint32_t ulRBARValue ) /* PRIVILEGED_FUNCTION */
875 {
876 uint32_t ulAccessPermissions = 0;
877
878 if( ( ulRBARValue & portMPU_RBAR_ACCESS_PERMISSIONS_MASK ) == portMPU_REGION_READ_ONLY )
879 {
880 ulAccessPermissions = tskMPU_READ_PERMISSION;
881 }
882
883 if( ( ulRBARValue & portMPU_RBAR_ACCESS_PERMISSIONS_MASK ) == portMPU_REGION_READ_WRITE )
884 {
885 ulAccessPermissions = ( tskMPU_READ_PERMISSION | tskMPU_WRITE_PERMISSION );
886 }
887
888 return ulAccessPermissions;
889 }
890
891 #endif /* configENABLE_MPU == 1 && configUSE_MPU_WRAPPERS_V1 == 0 */
892 /*-----------------------------------------------------------*/
893
894 #if ( configENABLE_MPU == 1 )
895
prvSetupMPU(void)896 static void prvSetupMPU( void ) /* PRIVILEGED_FUNCTION */
897 {
898 #if defined( __ARMCC_VERSION )
899
900 /* Declaration when these variable are defined in code instead of being
901 * exported from linker scripts. */
902 extern uint32_t * __privileged_functions_start__;
903 extern uint32_t * __privileged_functions_end__;
904 extern uint32_t * __syscalls_flash_start__;
905 extern uint32_t * __syscalls_flash_end__;
906 extern uint32_t * __unprivileged_flash_start__;
907 extern uint32_t * __unprivileged_flash_end__;
908 extern uint32_t * __privileged_sram_start__;
909 extern uint32_t * __privileged_sram_end__;
910 #else /* if defined( __ARMCC_VERSION ) */
911 /* Declaration when these variable are exported from linker scripts. */
912 extern uint32_t __privileged_functions_start__[];
913 extern uint32_t __privileged_functions_end__[];
914 extern uint32_t __syscalls_flash_start__[];
915 extern uint32_t __syscalls_flash_end__[];
916 extern uint32_t __unprivileged_flash_start__[];
917 extern uint32_t __unprivileged_flash_end__[];
918 extern uint32_t __privileged_sram_start__[];
919 extern uint32_t __privileged_sram_end__[];
920 #endif /* defined( __ARMCC_VERSION ) */
921
922 /* The only permitted number of regions are 8 or 16. */
923 configASSERT( ( configTOTAL_MPU_REGIONS == 8 ) || ( configTOTAL_MPU_REGIONS == 16 ) );
924
925 /* MAIR0 - Index 0. */
926 portMPU_MAIR0_REG |= ( ( portMPU_NORMAL_MEMORY_BUFFERABLE_CACHEABLE << portMPU_MAIR_ATTR0_POS ) & portMPU_MAIR_ATTR0_MASK );
927 /* MAIR0 - Index 1. */
928 portMPU_MAIR0_REG |= ( ( portMPU_DEVICE_MEMORY_nGnRE << portMPU_MAIR_ATTR1_POS ) & portMPU_MAIR_ATTR1_MASK );
929
930 /* Setup privileged flash as Read Only so that privileged tasks can
931 * read it but not modify. */
932 portMPU_RNR_REG = portPRIVILEGED_FLASH_REGION;
933 portMPU_RBAR_REG = ( ( ( uint32_t ) __privileged_functions_start__ ) & portMPU_RBAR_ADDRESS_MASK ) |
934 ( portMPU_REGION_NON_SHAREABLE ) |
935 ( portMPU_REGION_PRIVILEGED_READ_ONLY );
936 portMPU_RLAR_REG = ( ( ( uint32_t ) __privileged_functions_end__ ) & portMPU_RLAR_ADDRESS_MASK ) |
937 ( portMPU_RLAR_ATTR_INDEX0 ) |
938 ( portMPU_RLAR_REGION_ENABLE );
939
940 /* Setup unprivileged flash as Read Only by both privileged and
941 * unprivileged tasks. All tasks can read it but no-one can modify. */
942 portMPU_RNR_REG = portUNPRIVILEGED_FLASH_REGION;
943 portMPU_RBAR_REG = ( ( ( uint32_t ) __unprivileged_flash_start__ ) & portMPU_RBAR_ADDRESS_MASK ) |
944 ( portMPU_REGION_NON_SHAREABLE ) |
945 ( portMPU_REGION_READ_ONLY );
946 portMPU_RLAR_REG = ( ( ( uint32_t ) __unprivileged_flash_end__ ) & portMPU_RLAR_ADDRESS_MASK ) |
947 ( portMPU_RLAR_ATTR_INDEX0 ) |
948 ( portMPU_RLAR_REGION_ENABLE );
949
950 /* Setup unprivileged syscalls flash as Read Only by both privileged
951 * and unprivileged tasks. All tasks can read it but no-one can modify. */
952 portMPU_RNR_REG = portUNPRIVILEGED_SYSCALLS_REGION;
953 portMPU_RBAR_REG = ( ( ( uint32_t ) __syscalls_flash_start__ ) & portMPU_RBAR_ADDRESS_MASK ) |
954 ( portMPU_REGION_NON_SHAREABLE ) |
955 ( portMPU_REGION_READ_ONLY );
956 portMPU_RLAR_REG = ( ( ( uint32_t ) __syscalls_flash_end__ ) & portMPU_RLAR_ADDRESS_MASK ) |
957 ( portMPU_RLAR_ATTR_INDEX0 ) |
958 ( portMPU_RLAR_REGION_ENABLE );
959
960 /* Setup RAM containing kernel data for privileged access only. */
961 portMPU_RNR_REG = portPRIVILEGED_RAM_REGION;
962 portMPU_RBAR_REG = ( ( ( uint32_t ) __privileged_sram_start__ ) & portMPU_RBAR_ADDRESS_MASK ) |
963 ( portMPU_REGION_NON_SHAREABLE ) |
964 ( portMPU_REGION_PRIVILEGED_READ_WRITE ) |
965 ( portMPU_REGION_EXECUTE_NEVER );
966 portMPU_RLAR_REG = ( ( ( uint32_t ) __privileged_sram_end__ ) & portMPU_RLAR_ADDRESS_MASK ) |
967 ( portMPU_RLAR_ATTR_INDEX0 ) |
968 ( portMPU_RLAR_REGION_ENABLE );
969
970 /* Enable mem fault. */
971 portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_MEM_FAULT_ENABLE_BIT;
972
973 /* Enable MPU with privileged background access i.e. unmapped
974 * regions have privileged access. */
975 portMPU_CTRL_REG |= ( portMPU_PRIV_BACKGROUND_ENABLE_BIT | portMPU_ENABLE_BIT );
976 }
977
978 #endif /* configENABLE_MPU */
979 /*-----------------------------------------------------------*/
980
981 #if ( configENABLE_FPU == 1 )
982
prvSetupFPU(void)983 static void prvSetupFPU( void ) /* PRIVILEGED_FUNCTION */
984 {
985 #if ( configENABLE_TRUSTZONE == 1 )
986 {
987 /* Enable non-secure access to the FPU. */
988 SecureInit_EnableNSFPUAccess();
989 }
990 #endif /* configENABLE_TRUSTZONE */
991
992 /* CP10 = 11 ==> Full access to FPU i.e. both privileged and
993 * unprivileged code should be able to access FPU. CP11 should be
994 * programmed to the same value as CP10. */
995 *( portCPACR ) |= ( ( portCPACR_CP10_VALUE << portCPACR_CP10_POS ) |
996 ( portCPACR_CP11_VALUE << portCPACR_CP11_POS )
997 );
998
999 /* ASPEN = 1 ==> Hardware should automatically preserve floating point
1000 * context on exception entry and restore on exception return.
1001 * LSPEN = 1 ==> Enable lazy context save of FP state. */
1002 *( portFPCCR ) |= ( portFPCCR_ASPEN_MASK | portFPCCR_LSPEN_MASK );
1003 }
1004
1005 #endif /* configENABLE_FPU */
1006 /*-----------------------------------------------------------*/
1007
vPortYield(void)1008 void vPortYield( void ) /* PRIVILEGED_FUNCTION */
1009 {
1010 /* Set a PendSV to request a context switch. */
1011 portNVIC_INT_CTRL_REG = portNVIC_PENDSVSET_BIT;
1012
1013 /* Barriers are normally not required but do ensure the code is
1014 * completely within the specified behaviour for the architecture. */
1015 __asm volatile ( "dsb" ::: "memory" );
1016 __asm volatile ( "isb" );
1017 }
1018 /*-----------------------------------------------------------*/
1019
vPortEnterCritical(void)1020 void vPortEnterCritical( void ) /* PRIVILEGED_FUNCTION */
1021 {
1022 portDISABLE_INTERRUPTS();
1023 ulCriticalNesting++;
1024
1025 /* Barriers are normally not required but do ensure the code is
1026 * completely within the specified behaviour for the architecture. */
1027 __asm volatile ( "dsb" ::: "memory" );
1028 __asm volatile ( "isb" );
1029 }
1030 /*-----------------------------------------------------------*/
1031
vPortExitCritical(void)1032 void vPortExitCritical( void ) /* PRIVILEGED_FUNCTION */
1033 {
1034 configASSERT( ulCriticalNesting );
1035 ulCriticalNesting--;
1036
1037 if( ulCriticalNesting == 0 )
1038 {
1039 portENABLE_INTERRUPTS();
1040 }
1041 }
1042 /*-----------------------------------------------------------*/
1043
SysTick_Handler(void)1044 void SysTick_Handler( void ) /* PRIVILEGED_FUNCTION */
1045 {
1046 uint32_t ulPreviousMask;
1047
1048 ulPreviousMask = portSET_INTERRUPT_MASK_FROM_ISR();
1049 traceISR_ENTER();
1050 {
1051 /* Increment the RTOS tick. */
1052 if( xTaskIncrementTick() != pdFALSE )
1053 {
1054 traceISR_EXIT_TO_SCHEDULER();
1055 /* Pend a context switch. */
1056 portNVIC_INT_CTRL_REG = portNVIC_PENDSVSET_BIT;
1057 }
1058 else
1059 {
1060 traceISR_EXIT();
1061 }
1062 }
1063 portCLEAR_INTERRUPT_MASK_FROM_ISR( ulPreviousMask );
1064 }
1065 /*-----------------------------------------------------------*/
1066
vPortSVCHandler_C(uint32_t * pulCallerStackAddress)1067 void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTION portDONT_DISCARD */
1068 {
1069 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 1 ) )
1070 #if defined( __ARMCC_VERSION )
1071
1072 /* Declaration when these variable are defined in code instead of being
1073 * exported from linker scripts. */
1074 extern uint32_t * __syscalls_flash_start__;
1075 extern uint32_t * __syscalls_flash_end__;
1076 #else
1077 /* Declaration when these variable are exported from linker scripts. */
1078 extern uint32_t __syscalls_flash_start__[];
1079 extern uint32_t __syscalls_flash_end__[];
1080 #endif /* defined( __ARMCC_VERSION ) */
1081 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 1 ) */
1082
1083 uint32_t ulPC;
1084
1085 #if ( configENABLE_TRUSTZONE == 1 )
1086 uint32_t ulR0, ulR1;
1087 extern TaskHandle_t pxCurrentTCB;
1088 #if ( configENABLE_MPU == 1 )
1089 uint32_t ulControl, ulIsTaskPrivileged;
1090 #endif /* configENABLE_MPU */
1091 #endif /* configENABLE_TRUSTZONE */
1092 uint8_t ucSVCNumber;
1093
1094 /* Register are stored on the stack in the following order - R0, R1, R2, R3,
1095 * R12, LR, PC, xPSR. */
1096 ulPC = pulCallerStackAddress[ portOFFSET_TO_PC ];
1097 ucSVCNumber = ( ( uint8_t * ) ulPC )[ -2 ];
1098
1099 switch( ucSVCNumber )
1100 {
1101 #if ( configENABLE_TRUSTZONE == 1 )
1102 case portSVC_ALLOCATE_SECURE_CONTEXT:
1103
1104 /* R0 contains the stack size passed as parameter to the
1105 * vPortAllocateSecureContext function. */
1106 ulR0 = pulCallerStackAddress[ 0 ];
1107
1108 #if ( configENABLE_MPU == 1 )
1109 {
1110 /* Read the CONTROL register value. */
1111 __asm volatile ( "mrs %0, control" : "=r" ( ulControl ) );
1112
1113 /* The task that raised the SVC is privileged if Bit[0]
1114 * in the CONTROL register is 0. */
1115 ulIsTaskPrivileged = ( ( ulControl & portCONTROL_PRIVILEGED_MASK ) == 0 );
1116
1117 /* Allocate and load a context for the secure task. */
1118 xSecureContext = SecureContext_AllocateContext( ulR0, ulIsTaskPrivileged, pxCurrentTCB );
1119 }
1120 #else /* if ( configENABLE_MPU == 1 ) */
1121 {
1122 /* Allocate and load a context for the secure task. */
1123 xSecureContext = SecureContext_AllocateContext( ulR0, pxCurrentTCB );
1124 }
1125 #endif /* configENABLE_MPU */
1126
1127 configASSERT( xSecureContext != securecontextINVALID_CONTEXT_ID );
1128 SecureContext_LoadContext( xSecureContext, pxCurrentTCB );
1129 break;
1130
1131 case portSVC_FREE_SECURE_CONTEXT:
1132
1133 /* R0 contains TCB being freed and R1 contains the secure
1134 * context handle to be freed. */
1135 ulR0 = pulCallerStackAddress[ 0 ];
1136 ulR1 = pulCallerStackAddress[ 1 ];
1137
1138 /* Free the secure context. */
1139 SecureContext_FreeContext( ( SecureContextHandle_t ) ulR1, ( void * ) ulR0 );
1140 break;
1141 #endif /* configENABLE_TRUSTZONE */
1142
1143 case portSVC_START_SCHEDULER:
1144 #if ( configENABLE_TRUSTZONE == 1 )
1145 {
1146 /* De-prioritize the non-secure exceptions so that the
1147 * non-secure pendSV runs at the lowest priority. */
1148 SecureInit_DePrioritizeNSExceptions();
1149
1150 /* Initialize the secure context management system. */
1151 SecureContext_Init();
1152 }
1153 #endif /* configENABLE_TRUSTZONE */
1154
1155 #if ( configENABLE_FPU == 1 )
1156 {
1157 /* Setup the Floating Point Unit (FPU). */
1158 prvSetupFPU();
1159 }
1160 #endif /* configENABLE_FPU */
1161
1162 /* Setup the context of the first task so that the first task starts
1163 * executing. */
1164 vRestoreContextOfFirstTask();
1165 break;
1166
1167 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 1 ) )
1168 case portSVC_RAISE_PRIVILEGE:
1169
1170 /* Only raise the privilege, if the svc was raised from any of
1171 * the system calls. */
1172 if( ( ulPC >= ( uint32_t ) __syscalls_flash_start__ ) &&
1173 ( ulPC <= ( uint32_t ) __syscalls_flash_end__ ) )
1174 {
1175 vRaisePrivilege();
1176 }
1177 break;
1178 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 1 ) */
1179
1180 #if ( configENABLE_MPU == 1 )
1181 case portSVC_YIELD:
1182 vPortYield();
1183 break;
1184 #endif /* configENABLE_MPU == 1 */
1185
1186 default:
1187 /* Incorrect SVC call. */
1188 configASSERT( pdFALSE );
1189 }
1190 }
1191 /*-----------------------------------------------------------*/
1192
1193 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
1194
vSystemCallEnter(uint32_t * pulTaskStack,uint32_t ulLR,uint8_t ucSystemCallNumber)1195 void vSystemCallEnter( uint32_t * pulTaskStack,
1196 uint32_t ulLR,
1197 uint8_t ucSystemCallNumber ) /* PRIVILEGED_FUNCTION */
1198 {
1199 extern TaskHandle_t pxCurrentTCB;
1200 extern UBaseType_t uxSystemCallImplementations[ NUM_SYSTEM_CALLS ];
1201 xMPU_SETTINGS * pxMpuSettings;
1202 uint32_t * pulSystemCallStack;
1203 uint32_t ulStackFrameSize, ulSystemCallLocation, i;
1204
1205 #if defined( __ARMCC_VERSION )
1206
1207 /* Declaration when these variable are defined in code instead of being
1208 * exported from linker scripts. */
1209 extern uint32_t * __syscalls_flash_start__;
1210 extern uint32_t * __syscalls_flash_end__;
1211 #else
1212 /* Declaration when these variable are exported from linker scripts. */
1213 extern uint32_t __syscalls_flash_start__[];
1214 extern uint32_t __syscalls_flash_end__[];
1215 #endif /* #if defined( __ARMCC_VERSION ) */
1216
1217 ulSystemCallLocation = pulTaskStack[ portOFFSET_TO_PC ];
1218 pxMpuSettings = xTaskGetMPUSettings( pxCurrentTCB );
1219
1220 /* Checks:
1221 * 1. SVC is raised from the system call section (i.e. application is
1222 * not raising SVC directly).
1223 * 2. pxMpuSettings->xSystemCallStackInfo.pulTaskStack must be NULL as
1224 * it is non-NULL only during the execution of a system call (i.e.
1225 * between system call enter and exit).
1226 * 3. System call is not for a kernel API disabled by the configuration
1227 * in FreeRTOSConfig.h.
1228 * 4. We do not need to check that ucSystemCallNumber is within range
1229 * because the assembly SVC handler checks that before calling
1230 * this function.
1231 */
1232 if( ( ulSystemCallLocation >= ( uint32_t ) __syscalls_flash_start__ ) &&
1233 ( ulSystemCallLocation <= ( uint32_t ) __syscalls_flash_end__ ) &&
1234 ( pxMpuSettings->xSystemCallStackInfo.pulTaskStack == NULL ) &&
1235 ( uxSystemCallImplementations[ ucSystemCallNumber ] != ( UBaseType_t ) 0 ) )
1236 {
1237 pulSystemCallStack = pxMpuSettings->xSystemCallStackInfo.pulSystemCallStack;
1238
1239 #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) )
1240 {
1241 if( ( ulLR & portEXC_RETURN_STACK_FRAME_TYPE_MASK ) == 0UL )
1242 {
1243 /* Extended frame i.e. FPU in use. */
1244 ulStackFrameSize = 26;
1245 __asm volatile (
1246 " vpush {s0} \n" /* Trigger lazy stacking. */
1247 " vpop {s0} \n" /* Nullify the affect of the above instruction. */
1248 ::: "memory"
1249 );
1250 }
1251 else
1252 {
1253 /* Standard frame i.e. FPU not in use. */
1254 ulStackFrameSize = 8;
1255 }
1256 }
1257 #else /* if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */
1258 {
1259 ulStackFrameSize = 8;
1260 }
1261 #endif /* configENABLE_FPU || configENABLE_MVE */
1262
1263 /* Make space on the system call stack for the stack frame. */
1264 pulSystemCallStack = pulSystemCallStack - ulStackFrameSize;
1265
1266 /* Copy the stack frame. */
1267 for( i = 0; i < ulStackFrameSize; i++ )
1268 {
1269 pulSystemCallStack[ i ] = pulTaskStack[ i ];
1270 }
1271
1272 /* Store the value of the Link Register before the SVC was raised.
1273 * It contains the address of the caller of the System Call entry
1274 * point (i.e. the caller of the MPU_<API>). We need to restore it
1275 * when we exit from the system call. */
1276 pxMpuSettings->xSystemCallStackInfo.ulLinkRegisterAtSystemCallEntry = pulTaskStack[ portOFFSET_TO_LR ];
1277
1278 /* Store the value of the PSPLIM register before the SVC was raised.
1279 * We need to restore it when we exit from the system call. */
1280 #if ( portUSE_PSPLIM_REGISTER == 1 )
1281 {
1282 __asm volatile ( "mrs %0, psplim" : "=r" ( pxMpuSettings->xSystemCallStackInfo.ulStackLimitRegisterAtSystemCallEntry ) );
1283 }
1284 #endif
1285
1286 /* Use the pulSystemCallStack in thread mode. */
1287 __asm volatile ( "msr psp, %0" : : "r" ( pulSystemCallStack ) );
1288 #if ( portUSE_PSPLIM_REGISTER == 1 )
1289 {
1290 __asm volatile ( "msr psplim, %0" : : "r" ( pxMpuSettings->xSystemCallStackInfo.pulSystemCallStackLimit ) );
1291 }
1292 #endif
1293
1294 /* Start executing the system call upon returning from this handler. */
1295 pulSystemCallStack[ portOFFSET_TO_PC ] = uxSystemCallImplementations[ ucSystemCallNumber ];
1296
1297 /* Raise a request to exit from the system call upon finishing the
1298 * system call. */
1299 pulSystemCallStack[ portOFFSET_TO_LR ] = ( uint32_t ) vRequestSystemCallExit;
1300
1301 /* Remember the location where we should copy the stack frame when we exit from
1302 * the system call. */
1303 pxMpuSettings->xSystemCallStackInfo.pulTaskStack = pulTaskStack + ulStackFrameSize;
1304
1305 /* Record if the hardware used padding to force the stack pointer
1306 * to be double word aligned. */
1307 if( ( pulTaskStack[ portOFFSET_TO_PSR ] & portPSR_STACK_PADDING_MASK ) == portPSR_STACK_PADDING_MASK )
1308 {
1309 pxMpuSettings->ulTaskFlags |= portSTACK_FRAME_HAS_PADDING_FLAG;
1310 }
1311 else
1312 {
1313 pxMpuSettings->ulTaskFlags &= ( ~portSTACK_FRAME_HAS_PADDING_FLAG );
1314 }
1315
1316 /* We ensure in pxPortInitialiseStack that the system call stack is
1317 * double word aligned and therefore, there is no need of padding.
1318 * Clear the bit[9] of stacked xPSR. */
1319 pulSystemCallStack[ portOFFSET_TO_PSR ] &= ( ~portPSR_STACK_PADDING_MASK );
1320
1321 /* Raise the privilege for the duration of the system call. */
1322 __asm volatile (
1323 " mrs r0, control \n" /* Obtain current control value. */
1324 " movs r1, #1 \n" /* r1 = 1. */
1325 " bics r0, r1 \n" /* Clear nPRIV bit. */
1326 " msr control, r0 \n" /* Write back new control value. */
1327 ::: "r0", "r1", "memory"
1328 );
1329 }
1330 }
1331
1332 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
1333 /*-----------------------------------------------------------*/
1334
1335 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
1336
vRequestSystemCallExit(void)1337 void vRequestSystemCallExit( void ) /* __attribute__( ( naked ) ) PRIVILEGED_FUNCTION */
1338 {
1339 __asm volatile ( "svc %0 \n" ::"i" ( portSVC_SYSTEM_CALL_EXIT ) : "memory" );
1340 }
1341
1342 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
1343 /*-----------------------------------------------------------*/
1344
1345 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
1346
vSystemCallExit(uint32_t * pulSystemCallStack,uint32_t ulLR)1347 void vSystemCallExit( uint32_t * pulSystemCallStack,
1348 uint32_t ulLR ) /* PRIVILEGED_FUNCTION */
1349 {
1350 extern TaskHandle_t pxCurrentTCB;
1351 xMPU_SETTINGS * pxMpuSettings;
1352 uint32_t * pulTaskStack;
1353 uint32_t ulStackFrameSize, ulSystemCallLocation, i;
1354
1355 #if defined( __ARMCC_VERSION )
1356
1357 /* Declaration when these variable are defined in code instead of being
1358 * exported from linker scripts. */
1359 extern uint32_t * __privileged_functions_start__;
1360 extern uint32_t * __privileged_functions_end__;
1361 #else
1362 /* Declaration when these variable are exported from linker scripts. */
1363 extern uint32_t __privileged_functions_start__[];
1364 extern uint32_t __privileged_functions_end__[];
1365 #endif /* #if defined( __ARMCC_VERSION ) */
1366
1367 ulSystemCallLocation = pulSystemCallStack[ portOFFSET_TO_PC ];
1368 pxMpuSettings = xTaskGetMPUSettings( pxCurrentTCB );
1369
1370 /* Checks:
1371 * 1. SVC is raised from the privileged code (i.e. application is not
1372 * raising SVC directly). This SVC is only raised from
1373 * vRequestSystemCallExit which is in the privileged code section.
1374 * 2. pxMpuSettings->xSystemCallStackInfo.pulTaskStack must not be NULL -
1375 * this means that we previously entered a system call and the
1376 * application is not attempting to exit without entering a system
1377 * call.
1378 */
1379 if( ( ulSystemCallLocation >= ( uint32_t ) __privileged_functions_start__ ) &&
1380 ( ulSystemCallLocation <= ( uint32_t ) __privileged_functions_end__ ) &&
1381 ( pxMpuSettings->xSystemCallStackInfo.pulTaskStack != NULL ) )
1382 {
1383 pulTaskStack = pxMpuSettings->xSystemCallStackInfo.pulTaskStack;
1384
1385 #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) )
1386 {
1387 if( ( ulLR & portEXC_RETURN_STACK_FRAME_TYPE_MASK ) == 0UL )
1388 {
1389 /* Extended frame i.e. FPU in use. */
1390 ulStackFrameSize = 26;
1391 __asm volatile (
1392 " vpush {s0} \n" /* Trigger lazy stacking. */
1393 " vpop {s0} \n" /* Nullify the affect of the above instruction. */
1394 ::: "memory"
1395 );
1396 }
1397 else
1398 {
1399 /* Standard frame i.e. FPU not in use. */
1400 ulStackFrameSize = 8;
1401 }
1402 }
1403 #else /* if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */
1404 {
1405 ulStackFrameSize = 8;
1406 }
1407 #endif /* configENABLE_FPU || configENABLE_MVE */
1408
1409 /* Make space on the task stack for the stack frame. */
1410 pulTaskStack = pulTaskStack - ulStackFrameSize;
1411
1412 /* Copy the stack frame. */
1413 for( i = 0; i < ulStackFrameSize; i++ )
1414 {
1415 pulTaskStack[ i ] = pulSystemCallStack[ i ];
1416 }
1417
1418 /* Use the pulTaskStack in thread mode. */
1419 __asm volatile ( "msr psp, %0" : : "r" ( pulTaskStack ) );
1420
1421 /* Return to the caller of the System Call entry point (i.e. the
1422 * caller of the MPU_<API>). */
1423 pulTaskStack[ portOFFSET_TO_PC ] = pxMpuSettings->xSystemCallStackInfo.ulLinkRegisterAtSystemCallEntry;
1424 /* Ensure that LR has a valid value.*/
1425 pulTaskStack[ portOFFSET_TO_LR ] = pxMpuSettings->xSystemCallStackInfo.ulLinkRegisterAtSystemCallEntry;
1426
1427 /* Restore the PSPLIM register to what it was at the time of
1428 * system call entry. */
1429 #if ( portUSE_PSPLIM_REGISTER == 1 )
1430 {
1431 __asm volatile ( "msr psplim, %0" : : "r" ( pxMpuSettings->xSystemCallStackInfo.ulStackLimitRegisterAtSystemCallEntry ) );
1432 }
1433 #endif
1434
1435 /* If the hardware used padding to force the stack pointer
1436 * to be double word aligned, set the stacked xPSR bit[9],
1437 * otherwise clear it. */
1438 if( ( pxMpuSettings->ulTaskFlags & portSTACK_FRAME_HAS_PADDING_FLAG ) == portSTACK_FRAME_HAS_PADDING_FLAG )
1439 {
1440 pulTaskStack[ portOFFSET_TO_PSR ] |= portPSR_STACK_PADDING_MASK;
1441 }
1442 else
1443 {
1444 pulTaskStack[ portOFFSET_TO_PSR ] &= ( ~portPSR_STACK_PADDING_MASK );
1445 }
1446
1447 /* This is not NULL only for the duration of the system call. */
1448 pxMpuSettings->xSystemCallStackInfo.pulTaskStack = NULL;
1449
1450 /* Drop the privilege before returning to the thread mode. */
1451 __asm volatile (
1452 " mrs r0, control \n" /* Obtain current control value. */
1453 " movs r1, #1 \n" /* r1 = 1. */
1454 " orrs r0, r1 \n" /* Set nPRIV bit. */
1455 " msr control, r0 \n" /* Write back new control value. */
1456 ::: "r0", "r1", "memory"
1457 );
1458 }
1459 }
1460
1461 #endif /* ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
1462 /*-----------------------------------------------------------*/
1463
1464 #if ( configENABLE_MPU == 1 )
1465
xPortIsTaskPrivileged(void)1466 BaseType_t xPortIsTaskPrivileged( void ) /* PRIVILEGED_FUNCTION */
1467 {
1468 BaseType_t xTaskIsPrivileged = pdFALSE;
1469 const xMPU_SETTINGS * xTaskMpuSettings = xTaskGetMPUSettings( NULL ); /* Calling task's MPU settings. */
1470
1471 if( ( xTaskMpuSettings->ulTaskFlags & portTASK_IS_PRIVILEGED_FLAG ) == portTASK_IS_PRIVILEGED_FLAG )
1472 {
1473 xTaskIsPrivileged = pdTRUE;
1474 }
1475
1476 return xTaskIsPrivileged;
1477 }
1478
1479 #endif /* configENABLE_MPU == 1 */
1480 /*-----------------------------------------------------------*/
1481
1482 #if ( configENABLE_MPU == 1 )
1483
pxPortInitialiseStack(StackType_t * pxTopOfStack,StackType_t * pxEndOfStack,TaskFunction_t pxCode,void * pvParameters,BaseType_t xRunPrivileged,xMPU_SETTINGS * xMPUSettings)1484 StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
1485 StackType_t * pxEndOfStack,
1486 TaskFunction_t pxCode,
1487 void * pvParameters,
1488 BaseType_t xRunPrivileged,
1489 xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
1490 {
1491 uint32_t ulIndex = 0;
1492 uint32_t ulControl = 0x0;
1493
1494 xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
1495 ulIndex++;
1496 xMPUSettings->ulContext[ ulIndex ] = 0x05050505; /* r5. */
1497 ulIndex++;
1498 xMPUSettings->ulContext[ ulIndex ] = 0x06060606; /* r6. */
1499 ulIndex++;
1500 xMPUSettings->ulContext[ ulIndex ] = 0x07070707; /* r7. */
1501 ulIndex++;
1502 xMPUSettings->ulContext[ ulIndex ] = 0x08080808; /* r8. */
1503 ulIndex++;
1504 xMPUSettings->ulContext[ ulIndex ] = 0x09090909; /* r9. */
1505 ulIndex++;
1506 xMPUSettings->ulContext[ ulIndex ] = 0x10101010; /* r10. */
1507 ulIndex++;
1508 xMPUSettings->ulContext[ ulIndex ] = 0x11111111; /* r11. */
1509 ulIndex++;
1510
1511 xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pvParameters; /* r0. */
1512 ulIndex++;
1513 xMPUSettings->ulContext[ ulIndex ] = 0x01010101; /* r1. */
1514 ulIndex++;
1515 xMPUSettings->ulContext[ ulIndex ] = 0x02020202; /* r2. */
1516 ulIndex++;
1517 xMPUSettings->ulContext[ ulIndex ] = 0x03030303; /* r3. */
1518 ulIndex++;
1519 xMPUSettings->ulContext[ ulIndex ] = 0x12121212; /* r12. */
1520 ulIndex++;
1521 xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portTASK_RETURN_ADDRESS; /* LR. */
1522 ulIndex++;
1523 xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxCode; /* PC. */
1524 ulIndex++;
1525 xMPUSettings->ulContext[ ulIndex ] = portINITIAL_XPSR; /* xPSR. */
1526 ulIndex++;
1527
1528 #if ( configENABLE_TRUSTZONE == 1 )
1529 {
1530 xMPUSettings->ulContext[ ulIndex ] = portNO_SECURE_CONTEXT; /* xSecureContext. */
1531 ulIndex++;
1532 }
1533 #endif /* configENABLE_TRUSTZONE */
1534 xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) ( pxTopOfStack - 8 ); /* PSP with the hardware saved stack. */
1535 ulIndex++;
1536 xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
1537 ulIndex++;
1538
1539 #if ( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
1540 {
1541 /* Check PACBTI security feature configuration before pushing the
1542 * CONTROL register's value on task's TCB. */
1543 ulControl = prvConfigurePACBTI( pdFALSE );
1544 }
1545 #endif /* configENABLE_PAC == 1 || configENABLE_BTI == 1 */
1546
1547 if( xRunPrivileged == pdTRUE )
1548 {
1549 xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
1550 xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
1551 ulIndex++;
1552 }
1553 else
1554 {
1555 xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
1556 xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
1557 ulIndex++;
1558 }
1559
1560 xMPUSettings->ulContext[ ulIndex ] = portINITIAL_EXC_RETURN; /* LR (EXC_RETURN). */
1561 ulIndex++;
1562
1563 #if ( configUSE_MPU_WRAPPERS_V1 == 0 )
1564 {
1565 /* Ensure that the system call stack is double word aligned. */
1566 xMPUSettings->xSystemCallStackInfo.pulSystemCallStack = &( xMPUSettings->xSystemCallStackInfo.ulSystemCallStackBuffer[ configSYSTEM_CALL_STACK_SIZE - 1 ] );
1567 xMPUSettings->xSystemCallStackInfo.pulSystemCallStack = ( uint32_t * ) ( ( uint32_t ) ( xMPUSettings->xSystemCallStackInfo.pulSystemCallStack ) &
1568 ( uint32_t ) ( ~( portBYTE_ALIGNMENT_MASK ) ) );
1569
1570 xMPUSettings->xSystemCallStackInfo.pulSystemCallStackLimit = &( xMPUSettings->xSystemCallStackInfo.ulSystemCallStackBuffer[ 0 ] );
1571 xMPUSettings->xSystemCallStackInfo.pulSystemCallStackLimit = ( uint32_t * ) ( ( ( uint32_t ) ( xMPUSettings->xSystemCallStackInfo.pulSystemCallStackLimit ) +
1572 ( uint32_t ) ( portBYTE_ALIGNMENT - 1 ) ) &
1573 ( uint32_t ) ( ~( portBYTE_ALIGNMENT_MASK ) ) );
1574
1575 /* This is not NULL only for the duration of a system call. */
1576 xMPUSettings->xSystemCallStackInfo.pulTaskStack = NULL;
1577 }
1578 #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */
1579
1580 #if ( configENABLE_PAC == 1 )
1581 {
1582 uint32_t ulTaskPacKey[ 4 ], i;
1583
1584 vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) );
1585
1586 for( i = 0; i < 4; i++ )
1587 {
1588 xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ];
1589 ulIndex++;
1590 }
1591 }
1592 #endif /* configENABLE_PAC */
1593
1594 return &( xMPUSettings->ulContext[ ulIndex ] );
1595 }
1596
1597 #else /* configENABLE_MPU */
1598
pxPortInitialiseStack(StackType_t * pxTopOfStack,StackType_t * pxEndOfStack,TaskFunction_t pxCode,void * pvParameters)1599 StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
1600 StackType_t * pxEndOfStack,
1601 TaskFunction_t pxCode,
1602 void * pvParameters ) /* PRIVILEGED_FUNCTION */
1603 {
1604 /* Simulate the stack frame as it would be created by a context switch
1605 * interrupt. */
1606 #if ( portPRELOAD_REGISTERS == 0 )
1607 {
1608 pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
1609 *pxTopOfStack = portINITIAL_XPSR; /* xPSR. */
1610 pxTopOfStack--;
1611 *pxTopOfStack = ( StackType_t ) pxCode; /* PC. */
1612 pxTopOfStack--;
1613 *pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR. */
1614 pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
1615 *pxTopOfStack = ( StackType_t ) pvParameters; /* R0. */
1616 pxTopOfStack -= 9; /* R11..R4, EXC_RETURN. */
1617 *pxTopOfStack = portINITIAL_EXC_RETURN;
1618 pxTopOfStack--;
1619 *pxTopOfStack = ( StackType_t ) pxEndOfStack; /* Slot used to hold this task's PSPLIM value. */
1620
1621 #if ( configENABLE_TRUSTZONE == 1 )
1622 {
1623 pxTopOfStack--;
1624 *pxTopOfStack = portNO_SECURE_CONTEXT; /* Slot used to hold this task's xSecureContext value. */
1625 }
1626 #endif /* configENABLE_TRUSTZONE */
1627 }
1628 #else /* portPRELOAD_REGISTERS */
1629 {
1630 pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
1631 *pxTopOfStack = portINITIAL_XPSR; /* xPSR. */
1632 pxTopOfStack--;
1633 *pxTopOfStack = ( StackType_t ) pxCode; /* PC. */
1634 pxTopOfStack--;
1635 *pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR. */
1636 pxTopOfStack--;
1637 *pxTopOfStack = ( StackType_t ) 0x12121212UL; /* R12. */
1638 pxTopOfStack--;
1639 *pxTopOfStack = ( StackType_t ) 0x03030303UL; /* R3. */
1640 pxTopOfStack--;
1641 *pxTopOfStack = ( StackType_t ) 0x02020202UL; /* R2. */
1642 pxTopOfStack--;
1643 *pxTopOfStack = ( StackType_t ) 0x01010101UL; /* R1. */
1644 pxTopOfStack--;
1645 *pxTopOfStack = ( StackType_t ) pvParameters; /* R0. */
1646 pxTopOfStack--;
1647 *pxTopOfStack = ( StackType_t ) 0x11111111UL; /* R11. */
1648 pxTopOfStack--;
1649 *pxTopOfStack = ( StackType_t ) 0x10101010UL; /* R10. */
1650 pxTopOfStack--;
1651 *pxTopOfStack = ( StackType_t ) 0x09090909UL; /* R09. */
1652 pxTopOfStack--;
1653 *pxTopOfStack = ( StackType_t ) 0x08080808UL; /* R08. */
1654 pxTopOfStack--;
1655 *pxTopOfStack = ( StackType_t ) 0x07070707UL; /* R07. */
1656 pxTopOfStack--;
1657 *pxTopOfStack = ( StackType_t ) 0x06060606UL; /* R06. */
1658 pxTopOfStack--;
1659 *pxTopOfStack = ( StackType_t ) 0x05050505UL; /* R05. */
1660 pxTopOfStack--;
1661 *pxTopOfStack = ( StackType_t ) 0x04040404UL; /* R04. */
1662 pxTopOfStack--;
1663 *pxTopOfStack = portINITIAL_EXC_RETURN; /* EXC_RETURN. */
1664 pxTopOfStack--;
1665 *pxTopOfStack = ( StackType_t ) pxEndOfStack; /* Slot used to hold this task's PSPLIM value. */
1666
1667 #if ( configENABLE_TRUSTZONE == 1 )
1668 {
1669 pxTopOfStack--;
1670 *pxTopOfStack = portNO_SECURE_CONTEXT; /* Slot used to hold this task's xSecureContext value. */
1671 }
1672 #endif /* configENABLE_TRUSTZONE */
1673 }
1674 #endif /* portPRELOAD_REGISTERS */
1675
1676 #if ( configENABLE_PAC == 1 )
1677 {
1678 uint32_t ulTaskPacKey[ 4 ], i;
1679
1680 vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) );
1681
1682 for( i = 0; i < 4; i++ )
1683 {
1684 pxTopOfStack--;
1685 *pxTopOfStack = ulTaskPacKey[ i ];
1686 }
1687 }
1688 #endif /* configENABLE_PAC */
1689
1690 return pxTopOfStack;
1691 }
1692
1693 #endif /* configENABLE_MPU */
1694 /*-----------------------------------------------------------*/
1695
xPortStartScheduler(void)1696 BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
1697 {
1698 /* An application can install FreeRTOS interrupt handlers in one of the
1699 * following ways:
1700 * 1. Direct Routing - Install the functions SVC_Handler and PendSV_Handler
1701 * for SVCall and PendSV interrupts respectively.
1702 * 2. Indirect Routing - Install separate handlers for SVCall and PendSV
1703 * interrupts and route program control from those handlers to
1704 * SVC_Handler and PendSV_Handler functions.
1705 *
1706 * Applications that use Indirect Routing must set
1707 * configCHECK_HANDLER_INSTALLATION to 0 in their FreeRTOSConfig.h. Direct
1708 * routing, which is validated here when configCHECK_HANDLER_INSTALLATION
1709 * is 1, should be preferred when possible. */
1710 #if ( configCHECK_HANDLER_INSTALLATION == 1 )
1711 {
1712 const portISR_t * const pxVectorTable = portSCB_VTOR_REG;
1713
1714 /* Validate that the application has correctly installed the FreeRTOS
1715 * handlers for SVCall and PendSV interrupts. We do not check the
1716 * installation of the SysTick handler because the application may
1717 * choose to drive the RTOS tick using a timer other than the SysTick
1718 * timer by overriding the weak function vPortSetupTimerInterrupt().
1719 *
1720 * Assertion failures here indicate incorrect installation of the
1721 * FreeRTOS handlers. For help installing the FreeRTOS handlers, see
1722 * https://www.freertos.org/Why-FreeRTOS/FAQs.
1723 *
1724 * Systems with a configurable address for the interrupt vector table
1725 * can also encounter assertion failures or even system faults here if
1726 * VTOR is not set correctly to point to the application's vector table. */
1727 configASSERT( pxVectorTable[ portVECTOR_INDEX_SVC ] == SVC_Handler );
1728 configASSERT( pxVectorTable[ portVECTOR_INDEX_PENDSV ] == PendSV_Handler );
1729 }
1730 #endif /* configCHECK_HANDLER_INSTALLATION */
1731
1732 #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) )
1733 {
1734 volatile uint32_t ulImplementedPrioBits = 0;
1735 volatile uint8_t ucMaxPriorityValue;
1736
1737 /* Determine the maximum priority from which ISR safe FreeRTOS API
1738 * functions can be called. ISR safe functions are those that end in
1739 * "FromISR". FreeRTOS maintains separate thread and ISR API functions to
1740 * ensure interrupt entry is as fast and simple as possible.
1741 *
1742 * First, determine the number of priority bits available. Write to all
1743 * possible bits in the priority setting for SVCall. */
1744 portNVIC_SHPR2_REG = 0xFF000000;
1745
1746 /* Read the value back to see how many bits stuck. */
1747 ucMaxPriorityValue = ( uint8_t ) ( ( portNVIC_SHPR2_REG & 0xFF000000 ) >> 24 );
1748
1749 /* Use the same mask on the maximum system call priority. */
1750 ucMaxSysCallPriority = configMAX_SYSCALL_INTERRUPT_PRIORITY & ucMaxPriorityValue;
1751
1752 /* Check that the maximum system call priority is nonzero after
1753 * accounting for the number of priority bits supported by the
1754 * hardware. A priority of 0 is invalid because setting the BASEPRI
1755 * register to 0 unmasks all interrupts, and interrupts with priority 0
1756 * cannot be masked using BASEPRI.
1757 * See https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
1758 configASSERT( ucMaxSysCallPriority );
1759
1760 /* Check that the bits not implemented in hardware are zero in
1761 * configMAX_SYSCALL_INTERRUPT_PRIORITY. */
1762 configASSERT( ( configMAX_SYSCALL_INTERRUPT_PRIORITY & ( uint8_t ) ( ~( uint32_t ) ucMaxPriorityValue ) ) == 0U );
1763
1764 /* Calculate the maximum acceptable priority group value for the number
1765 * of bits read back. */
1766 while( ( ucMaxPriorityValue & portTOP_BIT_OF_BYTE ) == portTOP_BIT_OF_BYTE )
1767 {
1768 ulImplementedPrioBits++;
1769 ucMaxPriorityValue <<= ( uint8_t ) 0x01;
1770 }
1771
1772 if( ulImplementedPrioBits == 8 )
1773 {
1774 /* When the hardware implements 8 priority bits, there is no way for
1775 * the software to configure PRIGROUP to not have sub-priorities. As
1776 * a result, the least significant bit is always used for sub-priority
1777 * and there are 128 preemption priorities and 2 sub-priorities.
1778 *
1779 * This may cause some confusion in some cases - for example, if
1780 * configMAX_SYSCALL_INTERRUPT_PRIORITY is set to 5, both 5 and 4
1781 * priority interrupts will be masked in Critical Sections as those
1782 * are at the same preemption priority. This may appear confusing as
1783 * 4 is higher (numerically lower) priority than
1784 * configMAX_SYSCALL_INTERRUPT_PRIORITY and therefore, should not
1785 * have been masked. Instead, if we set configMAX_SYSCALL_INTERRUPT_PRIORITY
1786 * to 4, this confusion does not happen and the behaviour remains the same.
1787 *
1788 * The following assert ensures that the sub-priority bit in the
1789 * configMAX_SYSCALL_INTERRUPT_PRIORITY is clear to avoid the above mentioned
1790 * confusion. */
1791 configASSERT( ( configMAX_SYSCALL_INTERRUPT_PRIORITY & 0x1U ) == 0U );
1792 ulMaxPRIGROUPValue = 0;
1793 }
1794 else
1795 {
1796 ulMaxPRIGROUPValue = portMAX_PRIGROUP_BITS - ulImplementedPrioBits;
1797 }
1798
1799 /* Shift the priority group value back to its position within the AIRCR
1800 * register. */
1801 ulMaxPRIGROUPValue <<= portPRIGROUP_SHIFT;
1802 ulMaxPRIGROUPValue &= portPRIORITY_GROUP_MASK;
1803 }
1804 #endif /* #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) ) */
1805
1806 /* Make PendSV and SysTick the lowest priority interrupts, and make SVCall
1807 * the highest priority. */
1808 portNVIC_SHPR3_REG |= portNVIC_PENDSV_PRI;
1809 portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
1810 portNVIC_SHPR2_REG = 0;
1811
1812 #if ( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
1813 {
1814 /* Set the CONTROL register value based on PACBTI security feature
1815 * configuration before starting the first task. */
1816 ( void ) prvConfigurePACBTI( pdTRUE );
1817 }
1818 #endif /* configENABLE_PAC == 1 || configENABLE_BTI == 1 */
1819
1820 #if ( configENABLE_MPU == 1 )
1821 {
1822 /* Setup the Memory Protection Unit (MPU). */
1823 prvSetupMPU();
1824 }
1825 #endif /* configENABLE_MPU */
1826
1827 /* Start the timer that generates the tick ISR. Interrupts are disabled
1828 * here already. */
1829 vPortSetupTimerInterrupt();
1830
1831 /* Initialize the critical nesting count ready for the first task. */
1832 ulCriticalNesting = 0;
1833
1834 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
1835 {
1836 xSchedulerRunning = pdTRUE;
1837 }
1838 #endif /* ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
1839
1840 /* Start the first task. */
1841 vStartFirstTask();
1842
1843 /* Should never get here as the tasks will now be executing. Call the task
1844 * exit error function to prevent compiler warnings about a static function
1845 * not being called in the case that the application writer overrides this
1846 * functionality by defining configTASK_RETURN_ADDRESS. Call
1847 * vTaskSwitchContext() so link time optimization does not remove the
1848 * symbol. */
1849 vTaskSwitchContext();
1850 prvTaskExitError();
1851
1852 /* Should not get here. */
1853 return 0;
1854 }
1855 /*-----------------------------------------------------------*/
1856
vPortEndScheduler(void)1857 void vPortEndScheduler( void ) /* PRIVILEGED_FUNCTION */
1858 {
1859 /* Not implemented in ports where there is nothing to return to.
1860 * Artificially force an assert. */
1861 configASSERT( ulCriticalNesting == 1000UL );
1862 }
1863 /*-----------------------------------------------------------*/
1864
1865 #if ( configENABLE_MPU == 1 )
1866
vPortStoreTaskMPUSettings(xMPU_SETTINGS * xMPUSettings,const struct xMEMORY_REGION * const xRegions,StackType_t * pxBottomOfStack,configSTACK_DEPTH_TYPE uxStackDepth)1867 void vPortStoreTaskMPUSettings( xMPU_SETTINGS * xMPUSettings,
1868 const struct xMEMORY_REGION * const xRegions,
1869 StackType_t * pxBottomOfStack,
1870 configSTACK_DEPTH_TYPE uxStackDepth )
1871 {
1872 uint32_t ulRegionStartAddress, ulRegionEndAddress, ulRegionNumber;
1873 int32_t lIndex = 0;
1874
1875 #if defined( __ARMCC_VERSION )
1876
1877 /* Declaration when these variable are defined in code instead of being
1878 * exported from linker scripts. */
1879 extern uint32_t * __privileged_sram_start__;
1880 extern uint32_t * __privileged_sram_end__;
1881 #else
1882 /* Declaration when these variable are exported from linker scripts. */
1883 extern uint32_t __privileged_sram_start__[];
1884 extern uint32_t __privileged_sram_end__[];
1885 #endif /* defined( __ARMCC_VERSION ) */
1886
1887 /* Setup MAIR0. */
1888 xMPUSettings->ulMAIR0 = ( ( portMPU_NORMAL_MEMORY_BUFFERABLE_CACHEABLE << portMPU_MAIR_ATTR0_POS ) & portMPU_MAIR_ATTR0_MASK );
1889 xMPUSettings->ulMAIR0 |= ( ( portMPU_DEVICE_MEMORY_nGnRE << portMPU_MAIR_ATTR1_POS ) & portMPU_MAIR_ATTR1_MASK );
1890
1891 /* This function is called automatically when the task is created - in
1892 * which case the stack region parameters will be valid. At all other
1893 * times the stack parameters will not be valid and it is assumed that
1894 * the stack region has already been configured. */
1895 if( uxStackDepth > 0 )
1896 {
1897 ulRegionStartAddress = ( uint32_t ) pxBottomOfStack;
1898 ulRegionEndAddress = ( uint32_t ) pxBottomOfStack + ( uxStackDepth * ( configSTACK_DEPTH_TYPE ) sizeof( StackType_t ) ) - 1;
1899
1900 /* If the stack is within the privileged SRAM, do not protect it
1901 * using a separate MPU region. This is needed because privileged
1902 * SRAM is already protected using an MPU region and ARMv8-M does
1903 * not allow overlapping MPU regions. */
1904 if( ( ulRegionStartAddress >= ( uint32_t ) __privileged_sram_start__ ) &&
1905 ( ulRegionEndAddress <= ( uint32_t ) __privileged_sram_end__ ) )
1906 {
1907 xMPUSettings->xRegionsSettings[ 0 ].ulRBAR = 0;
1908 xMPUSettings->xRegionsSettings[ 0 ].ulRLAR = 0;
1909 }
1910 else
1911 {
1912 /* Define the region that allows access to the stack. */
1913 ulRegionStartAddress &= portMPU_RBAR_ADDRESS_MASK;
1914 ulRegionEndAddress &= portMPU_RLAR_ADDRESS_MASK;
1915
1916 xMPUSettings->xRegionsSettings[ 0 ].ulRBAR = ( ulRegionStartAddress ) |
1917 ( portMPU_REGION_NON_SHAREABLE ) |
1918 ( portMPU_REGION_READ_WRITE ) |
1919 ( portMPU_REGION_EXECUTE_NEVER );
1920
1921 xMPUSettings->xRegionsSettings[ 0 ].ulRLAR = ( ulRegionEndAddress ) |
1922 ( portMPU_RLAR_ATTR_INDEX0 ) |
1923 ( portMPU_RLAR_REGION_ENABLE );
1924 }
1925 }
1926
1927 /* User supplied configurable regions. */
1928 for( ulRegionNumber = 1; ulRegionNumber <= portNUM_CONFIGURABLE_REGIONS; ulRegionNumber++ )
1929 {
1930 /* If xRegions is NULL i.e. the task has not specified any MPU
1931 * region, the else part ensures that all the configurable MPU
1932 * regions are invalidated. */
1933 if( ( xRegions != NULL ) && ( xRegions[ lIndex ].ulLengthInBytes > 0UL ) )
1934 {
1935 /* Translate the generic region definition contained in xRegions
1936 * into the ARMv8 specific MPU settings that are then stored in
1937 * xMPUSettings. */
1938 ulRegionStartAddress = ( ( uint32_t ) xRegions[ lIndex ].pvBaseAddress ) & portMPU_RBAR_ADDRESS_MASK;
1939 ulRegionEndAddress = ( uint32_t ) xRegions[ lIndex ].pvBaseAddress + xRegions[ lIndex ].ulLengthInBytes - 1;
1940 ulRegionEndAddress &= portMPU_RLAR_ADDRESS_MASK;
1941
1942 /* Start address. */
1943 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRBAR = ( ulRegionStartAddress ) |
1944 ( portMPU_REGION_NON_SHAREABLE );
1945
1946 /* RO/RW. */
1947 if( ( xRegions[ lIndex ].ulParameters & tskMPU_REGION_READ_ONLY ) != 0 )
1948 {
1949 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRBAR |= ( portMPU_REGION_READ_ONLY );
1950 }
1951 else
1952 {
1953 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRBAR |= ( portMPU_REGION_READ_WRITE );
1954 }
1955
1956 /* XN. */
1957 if( ( xRegions[ lIndex ].ulParameters & tskMPU_REGION_EXECUTE_NEVER ) != 0 )
1958 {
1959 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRBAR |= ( portMPU_REGION_EXECUTE_NEVER );
1960 }
1961
1962 /* End Address. */
1963 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRLAR = ( ulRegionEndAddress ) |
1964 ( portMPU_RLAR_REGION_ENABLE );
1965
1966 /* PXN. */
1967 #if ( portARMV8M_MINOR_VERSION >= 1 )
1968 {
1969 if( ( xRegions[ lIndex ].ulParameters & tskMPU_REGION_PRIVILEGED_EXECUTE_NEVER ) != 0 )
1970 {
1971 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRLAR |= ( portMPU_RLAR_PRIVILEGED_EXECUTE_NEVER );
1972 }
1973 }
1974 #endif /* portARMV8M_MINOR_VERSION >= 1 */
1975
1976 /* Normal memory/ Device memory. */
1977 if( ( xRegions[ lIndex ].ulParameters & tskMPU_REGION_DEVICE_MEMORY ) != 0 )
1978 {
1979 /* Attr1 in MAIR0 is configured as device memory. */
1980 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRLAR |= portMPU_RLAR_ATTR_INDEX1;
1981 }
1982 else
1983 {
1984 /* Attr0 in MAIR0 is configured as normal memory. */
1985 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRLAR |= portMPU_RLAR_ATTR_INDEX0;
1986 }
1987 }
1988 else
1989 {
1990 /* Invalidate the region. */
1991 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRBAR = 0UL;
1992 xMPUSettings->xRegionsSettings[ ulRegionNumber ].ulRLAR = 0UL;
1993 }
1994
1995 lIndex++;
1996 }
1997 }
1998
1999 #endif /* configENABLE_MPU */
2000 /*-----------------------------------------------------------*/
2001
2002 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
2003
xPortIsAuthorizedToAccessBuffer(const void * pvBuffer,uint32_t ulBufferLength,uint32_t ulAccessRequested)2004 BaseType_t xPortIsAuthorizedToAccessBuffer( const void * pvBuffer,
2005 uint32_t ulBufferLength,
2006 uint32_t ulAccessRequested ) /* PRIVILEGED_FUNCTION */
2007
2008 {
2009 uint32_t i, ulBufferStartAddress, ulBufferEndAddress;
2010 BaseType_t xAccessGranted = pdFALSE;
2011 const xMPU_SETTINGS * xTaskMpuSettings = xTaskGetMPUSettings( NULL ); /* Calling task's MPU settings. */
2012
2013 if( xSchedulerRunning == pdFALSE )
2014 {
2015 /* Grant access to all the kernel objects before the scheduler
2016 * is started. It is necessary because there is no task running
2017 * yet and therefore, we cannot use the permissions of any
2018 * task. */
2019 xAccessGranted = pdTRUE;
2020 }
2021 else if( ( xTaskMpuSettings->ulTaskFlags & portTASK_IS_PRIVILEGED_FLAG ) == portTASK_IS_PRIVILEGED_FLAG )
2022 {
2023 xAccessGranted = pdTRUE;
2024 }
2025 else
2026 {
2027 if( portADD_UINT32_WILL_OVERFLOW( ( ( uint32_t ) pvBuffer ), ( ulBufferLength - 1UL ) ) == pdFALSE )
2028 {
2029 ulBufferStartAddress = ( uint32_t ) pvBuffer;
2030 ulBufferEndAddress = ( ( ( uint32_t ) pvBuffer ) + ulBufferLength - 1UL );
2031
2032 for( i = 0; i < portTOTAL_NUM_REGIONS; i++ )
2033 {
2034 /* Is the MPU region enabled? */
2035 if( ( xTaskMpuSettings->xRegionsSettings[ i ].ulRLAR & portMPU_RLAR_REGION_ENABLE ) == portMPU_RLAR_REGION_ENABLE )
2036 {
2037 if( portIS_ADDRESS_WITHIN_RANGE( ulBufferStartAddress,
2038 portEXTRACT_FIRST_ADDRESS_FROM_RBAR( xTaskMpuSettings->xRegionsSettings[ i ].ulRBAR ),
2039 portEXTRACT_LAST_ADDRESS_FROM_RLAR( xTaskMpuSettings->xRegionsSettings[ i ].ulRLAR ) ) &&
2040 portIS_ADDRESS_WITHIN_RANGE( ulBufferEndAddress,
2041 portEXTRACT_FIRST_ADDRESS_FROM_RBAR( xTaskMpuSettings->xRegionsSettings[ i ].ulRBAR ),
2042 portEXTRACT_LAST_ADDRESS_FROM_RLAR( xTaskMpuSettings->xRegionsSettings[ i ].ulRLAR ) ) &&
2043 portIS_AUTHORIZED( ulAccessRequested,
2044 prvGetRegionAccessPermissions( xTaskMpuSettings->xRegionsSettings[ i ].ulRBAR ) ) )
2045 {
2046 xAccessGranted = pdTRUE;
2047 break;
2048 }
2049 }
2050 }
2051 }
2052 }
2053
2054 return xAccessGranted;
2055 }
2056
2057 #endif /* #if ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) */
2058 /*-----------------------------------------------------------*/
2059
xPortIsInsideInterrupt(void)2060 BaseType_t xPortIsInsideInterrupt( void )
2061 {
2062 uint32_t ulCurrentInterrupt;
2063 BaseType_t xReturn;
2064
2065 /* Obtain the number of the currently executing interrupt. Interrupt Program
2066 * Status Register (IPSR) holds the exception number of the currently-executing
2067 * exception or zero for Thread mode.*/
2068 __asm volatile ( "mrs %0, ipsr" : "=r" ( ulCurrentInterrupt )::"memory" );
2069
2070 if( ulCurrentInterrupt == 0 )
2071 {
2072 xReturn = pdFALSE;
2073 }
2074 else
2075 {
2076 xReturn = pdTRUE;
2077 }
2078
2079 return xReturn;
2080 }
2081 /*-----------------------------------------------------------*/
2082
2083 #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) )
2084
vPortValidateInterruptPriority(void)2085 void vPortValidateInterruptPriority( void )
2086 {
2087 uint32_t ulCurrentInterrupt;
2088 uint8_t ucCurrentPriority;
2089
2090 /* Obtain the number of the currently executing interrupt. */
2091 __asm volatile ( "mrs %0, ipsr" : "=r" ( ulCurrentInterrupt )::"memory" );
2092
2093 /* Is the interrupt number a user defined interrupt? */
2094 if( ulCurrentInterrupt >= portFIRST_USER_INTERRUPT_NUMBER )
2095 {
2096 /* Look up the interrupt's priority. */
2097 ucCurrentPriority = pcInterruptPriorityRegisters[ ulCurrentInterrupt ];
2098
2099 /* The following assertion will fail if a service routine (ISR) for
2100 * an interrupt that has been assigned a priority above
2101 * configMAX_SYSCALL_INTERRUPT_PRIORITY calls an ISR safe FreeRTOS API
2102 * function. ISR safe FreeRTOS API functions must *only* be called
2103 * from interrupts that have been assigned a priority at or below
2104 * configMAX_SYSCALL_INTERRUPT_PRIORITY.
2105 *
2106 * Numerically low interrupt priority numbers represent logically high
2107 * interrupt priorities, therefore the priority of the interrupt must
2108 * be set to a value equal to or numerically *higher* than
2109 * configMAX_SYSCALL_INTERRUPT_PRIORITY.
2110 *
2111 * Interrupts that use the FreeRTOS API must not be left at their
2112 * default priority of zero as that is the highest possible priority,
2113 * which is guaranteed to be above configMAX_SYSCALL_INTERRUPT_PRIORITY,
2114 * and therefore also guaranteed to be invalid.
2115 *
2116 * FreeRTOS maintains separate thread and ISR API functions to ensure
2117 * interrupt entry is as fast and simple as possible.
2118 *
2119 * The following links provide detailed information:
2120 * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html
2121 * https://www.freertos.org/Why-FreeRTOS/FAQs */
2122 configASSERT( ucCurrentPriority >= ucMaxSysCallPriority );
2123 }
2124
2125 /* Priority grouping: The interrupt controller (NVIC) allows the bits
2126 * that define each interrupt's priority to be split between bits that
2127 * define the interrupt's pre-emption priority bits and bits that define
2128 * the interrupt's sub-priority. For simplicity all bits must be defined
2129 * to be pre-emption priority bits. The following assertion will fail if
2130 * this is not the case (if some bits represent a sub-priority).
2131 *
2132 * If the application only uses CMSIS libraries for interrupt
2133 * configuration then the correct setting can be achieved on all Cortex-M
2134 * devices by calling NVIC_SetPriorityGrouping( 0 ); before starting the
2135 * scheduler. Note however that some vendor specific peripheral libraries
2136 * assume a non-zero priority group setting, in which cases using a value
2137 * of zero will result in unpredictable behaviour. */
2138 configASSERT( ( portAIRCR_REG & portPRIORITY_GROUP_MASK ) <= ulMaxPRIGROUPValue );
2139 }
2140
2141 #endif /* #if ( ( configASSERT_DEFINED == 1 ) && ( portHAS_ARMV8M_MAIN_EXTENSION == 1 ) ) */
2142 /*-----------------------------------------------------------*/
2143
2144 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) && ( configENABLE_ACCESS_CONTROL_LIST == 1 ) )
2145
vPortGrantAccessToKernelObject(TaskHandle_t xInternalTaskHandle,int32_t lInternalIndexOfKernelObject)2146 void vPortGrantAccessToKernelObject( TaskHandle_t xInternalTaskHandle,
2147 int32_t lInternalIndexOfKernelObject ) /* PRIVILEGED_FUNCTION */
2148 {
2149 uint32_t ulAccessControlListEntryIndex, ulAccessControlListEntryBit;
2150 xMPU_SETTINGS * xTaskMpuSettings;
2151
2152 ulAccessControlListEntryIndex = ( ( uint32_t ) lInternalIndexOfKernelObject / portACL_ENTRY_SIZE_BITS );
2153 ulAccessControlListEntryBit = ( ( uint32_t ) lInternalIndexOfKernelObject % portACL_ENTRY_SIZE_BITS );
2154
2155 xTaskMpuSettings = xTaskGetMPUSettings( xInternalTaskHandle );
2156
2157 xTaskMpuSettings->ulAccessControlList[ ulAccessControlListEntryIndex ] |= ( 1U << ulAccessControlListEntryBit );
2158 }
2159
2160 #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) && ( configENABLE_ACCESS_CONTROL_LIST == 1 ) ) */
2161 /*-----------------------------------------------------------*/
2162
2163 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) && ( configENABLE_ACCESS_CONTROL_LIST == 1 ) )
2164
vPortRevokeAccessToKernelObject(TaskHandle_t xInternalTaskHandle,int32_t lInternalIndexOfKernelObject)2165 void vPortRevokeAccessToKernelObject( TaskHandle_t xInternalTaskHandle,
2166 int32_t lInternalIndexOfKernelObject ) /* PRIVILEGED_FUNCTION */
2167 {
2168 uint32_t ulAccessControlListEntryIndex, ulAccessControlListEntryBit;
2169 xMPU_SETTINGS * xTaskMpuSettings;
2170
2171 ulAccessControlListEntryIndex = ( ( uint32_t ) lInternalIndexOfKernelObject / portACL_ENTRY_SIZE_BITS );
2172 ulAccessControlListEntryBit = ( ( uint32_t ) lInternalIndexOfKernelObject % portACL_ENTRY_SIZE_BITS );
2173
2174 xTaskMpuSettings = xTaskGetMPUSettings( xInternalTaskHandle );
2175
2176 xTaskMpuSettings->ulAccessControlList[ ulAccessControlListEntryIndex ] &= ~( 1U << ulAccessControlListEntryBit );
2177 }
2178
2179 #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) && ( configENABLE_ACCESS_CONTROL_LIST == 1 ) ) */
2180 /*-----------------------------------------------------------*/
2181
2182 #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) )
2183
2184 #if ( configENABLE_ACCESS_CONTROL_LIST == 1 )
2185
xPortIsAuthorizedToAccessKernelObject(int32_t lInternalIndexOfKernelObject)2186 BaseType_t xPortIsAuthorizedToAccessKernelObject( int32_t lInternalIndexOfKernelObject ) /* PRIVILEGED_FUNCTION */
2187 {
2188 uint32_t ulAccessControlListEntryIndex, ulAccessControlListEntryBit;
2189 BaseType_t xAccessGranted = pdFALSE;
2190 const xMPU_SETTINGS * xTaskMpuSettings;
2191
2192 if( xSchedulerRunning == pdFALSE )
2193 {
2194 /* Grant access to all the kernel objects before the scheduler
2195 * is started. It is necessary because there is no task running
2196 * yet and therefore, we cannot use the permissions of any
2197 * task. */
2198 xAccessGranted = pdTRUE;
2199 }
2200 else
2201 {
2202 xTaskMpuSettings = xTaskGetMPUSettings( NULL ); /* Calling task's MPU settings. */
2203
2204 ulAccessControlListEntryIndex = ( ( uint32_t ) lInternalIndexOfKernelObject / portACL_ENTRY_SIZE_BITS );
2205 ulAccessControlListEntryBit = ( ( uint32_t ) lInternalIndexOfKernelObject % portACL_ENTRY_SIZE_BITS );
2206
2207 if( ( xTaskMpuSettings->ulTaskFlags & portTASK_IS_PRIVILEGED_FLAG ) == portTASK_IS_PRIVILEGED_FLAG )
2208 {
2209 xAccessGranted = pdTRUE;
2210 }
2211 else
2212 {
2213 if( ( xTaskMpuSettings->ulAccessControlList[ ulAccessControlListEntryIndex ] & ( 1U << ulAccessControlListEntryBit ) ) != 0 )
2214 {
2215 xAccessGranted = pdTRUE;
2216 }
2217 }
2218 }
2219
2220 return xAccessGranted;
2221 }
2222
2223 #else /* #if ( configENABLE_ACCESS_CONTROL_LIST == 1 ) */
2224
xPortIsAuthorizedToAccessKernelObject(int32_t lInternalIndexOfKernelObject)2225 BaseType_t xPortIsAuthorizedToAccessKernelObject( int32_t lInternalIndexOfKernelObject ) /* PRIVILEGED_FUNCTION */
2226 {
2227 ( void ) lInternalIndexOfKernelObject;
2228
2229 /* If Access Control List feature is not used, all the tasks have
2230 * access to all the kernel objects. */
2231 return pdTRUE;
2232 }
2233
2234 #endif /* #if ( configENABLE_ACCESS_CONTROL_LIST == 1 ) */
2235
2236 #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
2237 /*-----------------------------------------------------------*/
2238
2239 #if ( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
2240
prvConfigurePACBTI(BaseType_t xWriteControlRegister)2241 static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
2242 {
2243 uint32_t ulControl = 0x0;
2244
2245 /* Ensure that PACBTI is implemented. */
2246 configASSERT( portID_ISAR5_REG != 0x0 );
2247
2248 /* Enable UsageFault exception. */
2249 portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
2250
2251 #if ( configENABLE_PAC == 1 )
2252 {
2253 ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
2254 }
2255 #endif
2256
2257 #if ( configENABLE_BTI == 1 )
2258 {
2259 ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
2260 }
2261 #endif
2262
2263 if( xWriteControlRegister == pdTRUE )
2264 {
2265 __asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
2266 }
2267
2268 return ulControl;
2269 }
2270
2271 #endif /* configENABLE_PAC == 1 || configENABLE_BTI == 1 */
2272 /*-----------------------------------------------------------*/
2273