Virtualize NVIC_SystemReset

api/inc/cmsis_nvic_virtual.h

@@ -18,6 +18,7 @@
 #define __UVISOR_API_NVIC_VIRTUAL_H__
 
 #include "api/inc/interrupts.h"
+#include "api/inc/unvic_exports.h"
 
 #define NVIC_SetPriorityGrouping    __NVIC_SetPriorityGrouping
 #define NVIC_GetPriorityGrouping    __NVIC_GetPriorityGrouping
@@ -29,5 +30,6 @@
 #define NVIC_GetActive              __NVIC_GetActive
 #define NVIC_SetPriority            vIRQ_SetPriority
 #define NVIC_GetPriority            vIRQ_GetPriority
+#define NVIC_SystemReset()          vIRQ_SystemReset(RESET_REASON_NO_REASON)
 
 #endif /* __UVISOR_API_NVIC_VIRTUAL_H__ */

api/inc/halt_exports.h

@@ -29,6 +29,7 @@
 
 typedef enum {
     USER_NOT_ALLOWED = 1,
+    DEBUG_BOX_HALT,
 } THaltUserError;
 
 typedef enum {

api/inc/interrupts.h

@@ -17,6 +17,7 @@
 #ifndef __UVISOR_API_INTERRUPTS_H__
 #define __UVISOR_API_INTERRUPTS_H__
 
+#include "api/inc/unvic_exports.h"
 #include "api/inc/uvisor_exports.h"
 #include <stdint.h>
 
@@ -60,4 +61,10 @@ UVISOR_EXTERN void vIRQ_DisableAll(void);
  * ::vIRQ_DisableAll for more information. */
 UVISOR_EXTERN void vIRQ_EnableAll(void);
 
+/** Reset the device.
+ * @warning Currently only the debug box can reset the device.
+ * @param reason[in]    Reason for rebooting. Currently not used.
+ */
+UVISOR_EXTERN void vIRQ_SystemReset(TResetReason reason);
+
 #endif /* __UVISOR_API_INTERRUPTS_H__ */

api/inc/unvic_exports.h

@@ -28,6 +28,13 @@
  * priorities available to them */
 #define UVISOR_VIRQ_MAX_PRIORITY ((uint32_t) (1 << __NVIC_PRIO_BITS) - 1 - __UVISOR_NVIC_MIN_PRIORITY)
 
+/* Reasons for rebooting */
+typedef enum {
+    RESET_REASON_NO_REASON = 0,
+    RESET_REASON_HALT,
+    __TRESETREASON_MAX /* Always keep the last element of the enum. */
+} TResetReason;
+
 /* Offset of NVIC interrupts with respect to handler 0 */
 #define NVIC_OFFSET 16
 

api/src/interrupts.c

@@ -165,3 +165,13 @@ int vIRQ_GetLevel(void)
         return UVISOR_SVC(UVISOR_SVC_ID_IRQ_LEVEL_GET, "");
     }
 }
+
+void vIRQ_SystemReset(TResetReason reason)
+{
+    if(__uvisor_mode == 0) {
+        NVIC_SystemReset();
+    }
+    else {
+        UVISOR_SVC(UVISOR_SVC_ID_DEBUG_REBOOT, "", reason);
+    }
+}

core/debug/inc/debug.h

@@ -47,7 +47,7 @@ void debug_map_addr_to_periph(uint32_t address);
 void debug_register_driver(const TUvisorDebugDriver * const driver);
 uint32_t debug_get_version(void);
 void debug_halt_error(THaltError reason);
-void debug_reboot(void);
+void debug_reboot(TResetReason reason);
 
 #define DEBUG_PRINT_HEAD(x) {\
     DPRINTF("\n***********************************************************\n");\

core/debug/src/debug.c

@@ -156,32 +156,29 @@ void debug_fault(THaltError reason, uint32_t lr, uint32_t sp)
     DEBUG_PRINT_END();
 }
 
-static void __debug_reboot(void)
+static void debug_die(void)
 {
-    UVISOR_SVC(UVISOR_SVC_ID_DEBUG_REBOOT, "");
+    UVISOR_SVC(UVISOR_SVC_ID_HALT_USER_ERR, "", DEBUG_BOX_HALT);
 }
 
-/* This function must be called as an SVCall handler.
- * All debug handlers that are required to reboot upon exit should use the
- * __debug_reboot function as return value, which triggers the SVCall. This note
- * applies to uVisor internally, as the actual debug box does not need to care
- * about this. */
-void debug_reboot(void)
+void debug_reboot(TResetReason reason)
 {
-    /* FIXME: The halt will be replaced with a proper return code. An ACL will
-     *        be created to allow single boxes to reset the device. */
     if (!g_debug_box.initialized || g_active_box != g_debug_box.box_id) {
         HALT_ERROR(NOT_ALLOWED, "This function can only be called from the context of an initialized debug box.\n\r");
     }
 
+    /* Note: Currently we do not act differently based on the reset reason. */
+    if (reason >= __TRESETREASON_MAX) {
+        HALT_ERROR(NOT_ALLOWED, "Invalid reset reason: %d.\r\n", reason);
+    }
+
     /* Reboot.
      * If called from unprivileged code, NVIC_SystemReset causes a fault. */
     NVIC_SystemReset();
 }
 
 /* FIXME: Currently it is not possible to return to a regular execution flow
- *        after the execution of the debug box handler. It is possible to
- *        reboot, though. */
+ *        after the execution of the debug box handler. */
 static void debug_deprivilege_and_return(void * debug_handler, void * return_handler,
                                          uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3)
 {
@@ -230,7 +227,7 @@ void debug_halt_error(THaltError reason)
     /* If the debug box does not exist (or it has not been initialized yet), or
      * the debug box was already called once, just loop forever. */
     if (!g_debug_box.initialized || debugged_once_before) {
-        while(1);
+        while (1);
     } else {
         /* Remember that debug_deprivilege_and_return() has been called once.
          * We'll reboot after the debug handler is run, so this will go back to
@@ -239,8 +236,8 @@ void debug_halt_error(THaltError reason)
 
         /* The following arguments are passed to the destination function:
          *   1. reason
-         * Upon return from the debug handler, the system will reboot. */
-        debug_deprivilege_and_return(g_debug_box.driver->halt_error, __debug_reboot, reason, 0, 0, 0);
+         * Upon return from the debug handler, the system will die. */
+        debug_deprivilege_and_return(g_debug_box.driver->halt_error, debug_die, reason, 0, 0, 0);
     }
 }