uVisor: Import v0.30.0

Author: Patater

features/FEATURE_UVISOR/AUTHORS.txt

@@ -1,17 +1,25 @@
    600	Alessandro Angelino
    592	Milosch Meriac
-   155	Jaeden Amero
+   190	Jaeden Amero
     89	Niklas Hauser
+    10	Fangyi Zhou
+     6	Michael Schwarcz
      5	Irit Arkin
-     3	JaredCJR
-     3	AnotherButler
+     5	Alexander Zilberkant
+     4	Amir Cohen
      3	Hugo Vincent
+     3	AnotherButler
+     3	Roman Kuznetsov
+     3	JaredCJR
      3	Jim Huang
      2	tonyyanxuan
      2	Amanda Butler
      2	Jan Jongboom
      2	Nathan Chong
+     2	Oren Cohen
      2	Vincenzo Frascino
+     2	ccli8
+     1	Russ Butler
+     1	Jethro Hsu
      1	Aksel Skauge Mellbye
-     1	ccli8
-     1	Michael Schwarcz
+     1	Danny Shavit

features/FEATURE_UVISOR/README.md

@@ -396,7 +396,7 @@ To call the public secure entry point from any other box, you can use the `secur
 ```cpp
 /* ~/code/uvisor-example/source/main.cpp */
 
-#include "secure-box.h"
+#include "secure_box.h"
 ```
 
 Then replace the `main` function with:
@@ -451,17 +451,18 @@ Once the uVisor debug messages are enabled, your application fails. The failure
                     BUS FAULT
 ***********************************************************
 
-...
+* Active Box ID: 0
+* FAULT SYNDROME REGISTERS
 
-/* MEMORY MAP
-  Address:           0x4004800C
-  Region/Peripheral: SIM
-    Base address:    0x40047000
-    End address:     0x40048060
+  CFSR: 0x00008200
+  BFAR: 0x40048044
+  --> PRECISERR: precise data access.
 
 ...
 ```
 
+Look up the faulty address (the value of BFAR) in the target device reference manual.
+
 Once you know which peripheral is causing the fault (the `SIM` peripheral, in this example), add its entry to the ACLs list:
 
 ```C

features/FEATURE_UVISOR/VERSION.txt

@@ -1 +1 @@
-v0.29.0
+v0.30.0

features/FEATURE_UVISOR/includes/uvisor/api/inc/api.h

@@ -33,6 +33,11 @@
 UVISOR_EXTERN_C_BEGIN
 
 extern void uvisor_init(void);
+/* This method is an api method which initializes the g_semihosting_magic variable.
+ * This function will only work if called in privileged mode or from secure code,
+ * it is only intended to be called by debugger after reset.
+ */
+void debug_semihosting_enable(void);
 
 typedef struct {
     uint32_t magic;
@@ -68,17 +73,25 @@ typedef struct {
     int                (*pool_init)(uvisor_pool_t *, void *, size_t, size_t);
     int                (*pool_queue_init)(uvisor_pool_queue_t *, uvisor_pool_t *, void *, size_t, size_t);
     uvisor_pool_slot_t (*pool_allocate)(uvisor_pool_t *);
+    uvisor_pool_slot_t (*pool_try_allocate)(uvisor_pool_t *);
     void               (*pool_queue_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
+    int                (*pool_queue_try_enqueue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_free)(uvisor_pool_t *, uvisor_pool_slot_t);
+    uvisor_pool_slot_t (*pool_try_free)(uvisor_pool_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_queue_dequeue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
+    uvisor_pool_slot_t (*pool_queue_try_dequeue)(uvisor_pool_queue_t *, uvisor_pool_slot_t);
     uvisor_pool_slot_t (*pool_queue_dequeue_first)(uvisor_pool_queue_t *);
+    uvisor_pool_slot_t (*pool_queue_try_dequeue_first)(uvisor_pool_queue_t *);
     uvisor_pool_slot_t (*pool_queue_find_first)(uvisor_pool_queue_t *, TQueryFN_Ptr, void *);
+    uvisor_pool_slot_t (*pool_queue_try_find_first)(uvisor_pool_queue_t *, TQueryFN_Ptr, void *);
 
     void (*spin_init)(UvisorSpinlock * spinlock);
     bool (*spin_trylock)(UvisorSpinlock * spinlock);
     void (*spin_lock)(UvisorSpinlock * spinlock);
     void (*spin_unlock)(UvisorSpinlock * spinlock);
 
+    void (*debug_semihosting_enable)(void);
+
     OsEventObserver os_event_observer;
 } UVISOR_PACKED UvisorApi;
 

features/FEATURE_UVISOR/includes/uvisor/api/inc/debug_exports.h

@@ -17,14 +17,15 @@
 #ifndef __UVISOR_API_DEBUG_EXPORTS_H__
 #define __UVISOR_API_DEBUG_EXPORTS_H__
 
+#include "api/inc/halt_exports.h"
 #include <stdint.h>
 
 /* Debug box driver -- Version 0
  * A constant instance of this struct must be instantiated by the unprivileged
  * code to setup a debug box.*/
 typedef struct TUvisorDebugDriver {
     uint32_t (*get_version)(void);
-    void (*halt_error)(int);
+    void (*halt_error)(THaltError, const THaltInfo *);
 } TUvisorDebugDriver;
 
 /* Number of handlers in the debug box driver */

features/FEATURE_UVISOR/includes/uvisor/api/inc/halt_exports.h

@@ -53,4 +53,52 @@ typedef enum {
     __THALTERROR_MAX /* always keep as the last element of the enum */
 } THaltError;
 
+/** A basic exception frame
+ *
+ * This struct contains the registers always saved during an exception in the
+ * order they are placed in the memory.
+ * If FPU state is also saved it's placed after this register block.
+ * On ARMv8-M in certain cases an additional state context may be placed on
+ * the stack before this block.
+ */
+typedef struct {
+    uint32_t r0;
+    uint32_t r1;
+    uint32_t r2;
+    uint32_t r3;
+    uint32_t r12;
+    uint32_t lr;
+    uint32_t retaddr;
+    uint32_t retpsr;
+} UVISOR_PACKED exception_frame_t;
+
+/* A pointer to this structure will be given to halt_error() handler
+ * of the debug box driver. */
+typedef struct {
+    /* A basic exception stack frame that is always present with a valid stack. */
+    exception_frame_t stack_frame;
+
+    /* A few registers that may be useful for debug. */
+    uint32_t lr;
+    uint32_t control;
+    uint32_t ipsr;
+
+    /* Fault status registers. */
+    uint32_t mmfar;
+    uint32_t bfar;
+    uint32_t cfsr;
+    uint32_t hfsr;
+    uint32_t dfsr;
+    uint32_t afsr;
+
+    /* Bitmask telling which of the above regions are valid. */
+    uint32_t valid_data;
+} UVISOR_PACKED THaltInfo;
+
+/* Bitmask to specify which HaltInfo regions are valid. */
+typedef enum {
+    HALT_INFO_STACK_FRAME = 0x1,
+    HALT_INFO_REGISTERS   = 0x2
+} THaltInfoValidMask;
+
 #endif /* __UVISOR_API_HALT_EXPORTS_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/priv_sys_hooks_exports.h

@@ -33,7 +33,7 @@ typedef struct {
     void (*priv_svc_0)(void);
     void (*priv_pendsv)(void);
     void (*priv_systick)(void);
-    uint32_t (*priv_os_suspend)(void);
+    int32_t (*priv_os_suspend)(void);
     int (*priv_uvisor_semaphore_post)(UvisorSemaphore * semaphore);
 } UvisorPrivSystemHooks;
 

features/FEATURE_UVISOR/includes/uvisor/api/inc/uvisor_exports.h

@@ -77,11 +77,19 @@
 /** Static Assertion Macro
  *
  * This macro works from both inside and outside function scope.
- *
- * FIXME This is currently not implemented. This issue is tracked at
- * https://github.com/ARMmbed/uvisor/issues/288
- */
-#define UVISOR_STATIC_ASSERT(cond, msg)
+ * The implementations differ due to compilation differences, C++ static_assert
+ * is known from C++11 (__cplusplus > 199711L) while mbed-os compiles with c++98,
+ * and C _Static_assert is known from GCC version 4.6.0. */ 
+#define GCC_VERSION (__GNUC__ * 10000 \
+                     + __GNUC_MINOR__ * 100 \
+                     + __GNUC_PATCHLEVEL__)
+#if (__cplusplus > 199711L)
+#define UVISOR_STATIC_ASSERT(cond, msg) static_assert(cond, #msg)
+#elif (!__cplusplus && GCC_VERSION > 40600)
+#define UVISOR_STATIC_ASSERT(cond, msg) _Static_assert(cond, #msg)
+#else
+#define UVISOR_STATIC_ASSERT(cond, msg) typedef char STATIC_ASSERT_##msg[(cond)?1:-1]
+#endif
 
 /* convert macro argument to string */
 /* note: this needs one level of indirection, accomplished with the helper macro

features/FEATURE_UVISOR/includes/uvisor/api/inc/vmpu_exports.h

@@ -243,7 +243,8 @@ typedef struct {
 #if defined(UVISOR_PRESENT) && UVISOR_PRESENT == 1
 static UVISOR_FORCEINLINE int vmpu_bits(uint32_t size)
 {
-    return 32 - __builtin_clz(size);
+    /* If size is 0, the result of __builtin_clz is undefined */
+    return (0 == size) ? 0: 32 - __builtin_clz(size);
 }
 #endif /* defined(UVISOR_PRESENT) && UVISOR_PRESENT == 1 */
 

features/FEATURE_UVISOR/source/rtx/box_init.c

@@ -29,7 +29,7 @@
 extern void SVC_Handler(void);
 extern void PendSV_Handler(void);
 extern void SysTick_Handler(void);
-extern uint32_t svcRtxKernelLock(void);
+extern int32_t svcRtxKernelLock(void);
 
 UVISOR_SET_PRIV_SYS_HOOKS(SVC_Handler, PendSV_Handler, SysTick_Handler, svcRtxKernelLock, __uvisor_semaphore_post);
 

features/FEATURE_UVISOR/targets/TARGET_UVISOR_SUPPORTED/TARGET_ARM_BEETLE_SOC/TARGET_DEBUG/TARGET_M3/libconfiguration_beetle_cortex_m3_0x20000000_0x140.a

@@ -1 +1 @@
-209b261bb6d34b657fb699eb22669eb5c9055219
+e3b1385c7facc7fdab472440293c4c87ed2b2999