Age | Commit message (Collapse) | Author |
|
Overview
========
The errata is worked around in the kernel without requiring toolchain
modifications. It is triggered the JMPL/RETT return from trap instruction
sequence never generated by the compiler and. There are also other
conditions that must must be true to trigger the errata, for example the
instruction that the trap returns to has to be a JMPL instruction. The
errata can only be triggered if certain data is corrected by ECC
(inflicted by radiation), thus it can not be triggered under normal
operation. For more information see:
www.gaisler.com/notes
Affected RTEMS target BSPs:
* GR712RC
* UT699
* UT700/699E
The work around is enabled by defining __FIX_LEON3_TN0018 at build time.
After applying the following GCC patch, GCC will set the define when
compiling for an affected multilib:
* GR712RC (-mcpu=leon3 -mfix-gr712rc)
* UT700/UT699E (-mpcu=leon3 -mfix-ut700)
* UT699 (-mcpu=leon -mfix-ut699)
When building for another multilib and TN0018 is still required, it
is possible to enable it on the RTEMS kernel configure line using the
TARGET_CFLAGS (-D__FIX_LEON3FT_TN0018) or other by other means.
The following GCC patch sets __FIX_LEON3FT_TN0018 for the affected RTEMS
multilibs:
---------
diff --git a/gcc/config/sparc/rtemself.h b/gcc/config/sparc/rtemself.h
index 6570590..ddec98c 100644
--- a/gcc/config/sparc/rtemself.h
+++ b/gcc/config/sparc/rtemself.h
@@ -33,6 +33,8 @@
builtin_assert ("system=rtems"); \
if (sparc_fix_b2bst) \
builtin_define ("__FIX_LEON3FT_B2BST"); \
+ if (sparc_fix_gr712rc || sparc_fix_ut700 || sparc_fix_ut699) \
+ builtin_define ("__FIX_LEON3FT_TN0018"); \
} \
while (0)
---------
Workaround Implementation
=========================
In general there are two approaches that the workaround uses:
A) avoid ECC restarting the RETT instruction
B) avoid returning from trap to a JMPL instruction
Where A) comes at a higher performance cost than B), so B) is used
where posssible. B) can be achived for certain returns from trap
handlers if trap entry is controlled by assembly, such as system calls.
A)
A special JMPL/RETT sequence where instruction cache is disabled
temporarily to avoid RETT containing ECC errors, and reading of RETT
source registers to "clean" them from incorrect ECC just before RETT
is executed.
B)
The work around prevents JMPL after system calls (TA instruction) and
modifies assembly code on return from traps jumping back to application
code. Note that for some traps the trapped instruction is always
re-executed and can therefore not trigger the errata, for example the
SAVE instruction causing window overflow or an float instruction causing
FPU disabled trap.
RTEMS SPARC traps workaround implementation:
NAME NOTE TRAP COMMENT
* window overflow 1 - 0x05 always returns to a SAVE
* window underflow 1 - 0x06 always returns to a RESTORE
* interrupt traps 2 - 0x10..1f special rett sequence workaround
* syscall 3 - 0x80 shutdown system - never returns
* ABI flush windows 2 - 0x83 special rett sequence workaround
* syscall_irqdis 4 - 0x89
* syscall_irqen 4 - 0x8A
* syscall_irqdis_fp 1 - 0x8B always jumps back to FP instruction
* syscall_lazy_fp_switch 5 - 0x04 A) jumps back to FP instruction, or to
B) _Internal_error() starting with SAVE
Notes:
1) no workaround needed because trap always returns to non-JMPL instruction
2) workaround implemented by special rett sequence
3) no workaround needed because system call never returns
4) workaround implemented by inserting NOP in system call generation. Thus
fall into 1) when workaround is enabled and no trap handler fix needed.
5) trap handler branches into both 1) and returning to _Internal_error()
which starts with a SAVE and besides since it shuts down the system that
RETT should never be in cache (only executed once) so fix not necessary
in this case.
Any custom trap handlers may also have to be updated. To simplify that,
helper work around assembly code in macros are available in a separate
include file <libcpu/grlib-tn-0018.h>.
Update #4155.
|
|
Update #4154.
|
|
Update #4154.
|
|
Not used by the driver itself, but shuold be correct if used by
application.
|
|
|
|
|
|
Allows user to set SpaceWire run clock divisor for an individual port.
|
|
|
|
Without this smp05 and smpthreadlife01 tests may fail
depending on how the boot loader initialized the GPTIMER.
Before the time counter stopped counting when reaching
zero, but tests could work since it could take 2^32 us
before stopping.
The timer driver will potentially overwrite this, but it
happens later due to the initialization order having
RTEMS_SYSINIT_CPU_COUNTER very early.
|
|
|
|
Moves drvmgr_drivers[] from amba.c to a separate file in order
to avoid the dependecy on APBUART/GPTIMER drivers. This has
an effect when user configured not to use timer or uart
in their project.
|
|
The descriptor table size is equal to its alignment and set when
configuring the HW IP through VHDL generics. This SW patch simply
probes the HW how large the RX/TX descriptor tables are and adjusts
accordingly.
The number of descriptors actual used are controlled by other
settings (rxDescs and txDescs) controlled by the user.
|
|
|
|
|
|
The new GRCAN_FD IP supports CAN FD standard and is mostly backwards
compatible with GRCAN SW interface. The GRCAN driver have been extended
to support the GRCANFD IP using the same driver.
Additional functions have been added that uses a new CAN FD frame
format and read/write/baud-rate functions that supports both GRCANFD
and GRCAN. To keep the SW API fully backwards compatible with GRCAN,
the old functions remain.
|
|
|
|
|
|
|
|
Reimplemented the baud-rate algorithm from scratch to cope with
GRCAN, GRCANFD and OC_CAN devices.
|
|
|
|
When the DMA table has been allocated dynamically, the IOCTL_SET_PACKETSIZE
will trigger an issue where pDev->rx and pDev->tx are not updated with
the new DMA tables base address. Instead the old pointers are used.
There is no point in reallocting the DMA tables because there is no
configuration option to it. Therefore the DMA tables allocation is
moved to a separate function never called from SET_PACKETSIZE.
|
|
|
|
This is enables the updated codec for GR740 and is backwards compatible
with all other versions of the IP.
|
|
|
|
|
|
Update #4154.
|
|
This avoids a cast in DEV_TO_COMMON().
|
|
|
|
|
|
Add a workaround for Cortex-A9 Errata 845369: A short loop including a DMB
instruction might cause a denial of service on another which executes a CP15
broadcast operation.
Close #4115.
|
|
Add a workaround for Cortex-A9 Errata 845369: Under Very Rare Timing
Circumstances Transition into Streaming Mode Might Create Data Corruption.
Update #4115.
|
|
This reverts commit 355bc37ad35a7d67a7209130171febe805c67f62.
|
|
The compiler warning was:
../../../cpukit/libmisc/rtems-fdt/rtems-fdt.c:267:5: warning:
'strncpy' specified bound depends on the length of the source argument
267 | strncpy(path, name, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
It turns out that the `strncpy()` nor the buffer `path` is needed when
one uses `strncmp()` instead of `strcmp()`. This needs some change to
the algorithm but has the advantage that `name` is never truncated
to the size of the buffer `path`.
Note:
rtems-fdt.c, rtems-fdt-shell.c and cpukit/include/rtems/rtems-fdt.h
seem to be dead code. They implement a shell command `fdt` but that
command is not part of the shell nor of any macro in
cpukit/include/rtems/shellconfig.h.
|
|
Using strlcpy() instead of strncpy():
1) Prevents the compiler warnings
2) Ensures, the string is NUL terminated.
3) Avoids that strncpy() unnecessary fills the unused part of the buffer with
0 bytes.
(Note that realpath() also returns NULL if the file does not exist - that
happens always if someone creates a new file with the editor of the shell.)
|
|
realpath() requires a buffer of size PATH_MAX and not of size
FILENAME_MAX according to 'man realpath (3)'.
|
|
This is an illegal use of strcpy() because one is not allowed to
use this function with overlapping source and destination buffers;
whereas memmove() is explicitly designed to handle such cases.
The copiler warning was:
../../../cpukit/libmisc/shell/shell.c:626:13: warning:
'strcpy' accessing between 1 and 2147483645 bytes at offsets
0 and [1, 2147483647] may overlap up to 2147483644 bytes at
offset [1, 2147483644] [-Wrestrict]
|
|
With some compiler warnings enabled, the implicit cast may trigger
a compiler warning. The explicit cast avoids this.
|
|
This patch fixes a compiler warning:
../../../testsuites/fstests/fsdosfsname01/init.c:430:19: warning:
'%s' directive output may be truncated writing up to 6424 bytes into
a region of size 257 [-Wformat-truncation=]
The buffer 'dirname' is exactly large enough so that no truncation
can ever occur. Using the return value of snprintf() is an official
supported way to suppress the warning.
I considered the comment of Joel Sherrill about not replacing snprintf():
https://lists.rtems.org/pipermail/devel/2020-September/062113.html
|
|
Simply compare the values against NULL.
|
|
|
|
|
|
|
|
|
|
This fixes warnings like this:
warning: implicit declaration of function 'rtems_interrupt_disable'
warning: implicit declaration of function 'rtems_interrupt_enable'
warning: implicit declaration of function 'rtems_interrupt_flash'
|
|
|
|
When I use the 'shell' from the fileio sample with the command below:
env QEMU_AUDIO_DRV="none" \
qemu-system-arm -no-reboot -net none -nographic -M realview-pbx-a9 \
-m 256M \
-kernel build/arm/realview_pbx_a9_qemu/testsuites/samples/fileio.exe
The executable crashes with an "BLOWN STACK!!!" as soon as I try to login
as 'root' with password. (The logins without password work fine.)
Increasing the stack size of the affected thread a bit solves the issue.
Hence, I suggest this patch.
My config.ini was
[arm/realview_pbx_a9_qemu]
RTEMS_DEBUG = True
RTEMS_NETWORKING = True
RTEMS_POSIX_API = True
RTEMS_SMP = True
BUILD_TESTS = True
RTEMS origin.master at a479686c112144119866391ceb21c48be6a3eca9
Close #4143
|
|
The shell has an 'fdisk' command which has sub-commands 'mount' and 'unmount'.
These two sub-commands have a bug which causes them to be not able
to mount anything. This proposed patch removes the buggy file
cpukit/libblock/src/bdpart-mount.c and the mount/unmount commands
from 'fdisk' as bug fix. The 'fdisk' command itself is not removed.
The reasons for removing the sub-commands (instead of fixing the issue) are:
1) The bug has been introduced on 2010-May-31 with commit
29e92b090c8bc35745aa5c89231ce806bcb11e57. Since ten years no one
can use this feature, nor has anybody complained about it.
2) Besides of the 'fdisk' 'mount' sub-command, the shell has the
usual 'mount' and 'unmount' commands which can serve as
substitutes.
3) There are additional minor issues (see further down) which needed to
be addressed when the file will be kept.
What follows below is the precise bug description.
The bug is in function rtems_bdpart_mount() which is only be used
by the 'fdisk' shell command to mount all partitions of a disk with a
single command:
> fdisk DISK_NAME mount
> mounts the file system of each partition of the disk
>
> fdisk DISK_NAME unmount
> unmounts the file system of each partition of the disk
The whole command does not work because in file
cpukit/libblock/src/bdpart-mount.c line 103 specifies the file system type
of each partition to be "msdos". Yet, "msdos" does not exist. The name
must be "dosfs".
Beside of this fundamental problem, there are more issues with the code
in bdpart-mount.c:
1) The function returns RTEMS_SUCCESSFUL despite the mount always fails.
2) The reason for errors is not written to the terminal.
3) The directory '/mnt' is created but not deleted later on (failure or not).
3) There is no documentation about this special 'fdisk' feature in the
RTEMS Shell Guide ('fdisk' is mentioned but its documentation is a
bit short):
https://docs.rtems.org/branches/master/shell/
file_and_directory.html#fdisk-format-disk
4) Only "msdos" formatted partitions can be mounted and all partitions
are mounted read-only. This is hard coded and cannot be changed by
options. Moreover, there is no information about this to the user of
the shell (i.e. using 'fdisk' mount requires insider knowledge).
How to reproduce:
1) For testing, I use the 'testsuites/samples/fileio.exe' sample with qemu:
> cd rtems
> env QEMU_AUDIO_DRV="none" qemu-system-arm -net none -nographic \
> -M realview-pbx-a9 -m 256M -kernel \
> build/arm/realview_pbx_a9_qemu/testsuites/samples/fileio.exe
2) Type any key to stop the timer and enter the sample tool.
Type 's' to enter the shell, login as 'root' with the password
shown in the terminal.
3) Type the following shell commands (they create a RAM disk,
partition it, register it, format it and try to mount it):
> mkrd
> fdisk /dev/rda fat32 16 write mbr
> fdisk /dev/rda register
> mkdos /dev/rda1
> fdisk /dev/rda mount
4) The last line above is the command which fails - without an error
message. There exists a '/mnt' directory but no '/mnt/rda1' directory
as it should be:
> ls -la /mnt
5) If you change line 103 of 'cpukit/libblock/src/bdpart-mount.c'
from "msdos" to "dosfs", compile and build the executable and
re-run the above test, '/mnt/rda1' exists (but the file system
is mounted read-only).
Close #4131
|
|
This is actually an illegal use of strcpy() because one is not allowed to
use this function with overlapping source and destination buffers; whereas
memmove() is explicitly designed to handle such cases.
The compiler warning was:
../../../cpukit/libmisc/monitor/mon-editor.c:342:15: warning:
'strcpy' accessing 1 byte at offsets [0, 75] and [0, 75] overlaps
1 byte at offset [0, 74] [-Wrestrict]
|
|
This fixes the following compiler warning:
testsuites/psxtests/psxndbm01/init.c:221:3: warning: 'strncpy' output truncated
before terminating nul copying 5 bytes from a string of the same length
221 | strncpy( test_strings, "Hello", 5 );
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition, the comments from Sebastian Huber on an old version of
such a patch have been taken into account:
1) The use of `sizeof()` in `key.dsize = sizeof( test_strings );` is wrong.
2) There is no need to allocate the string. One can simply use a string
constant.
(See https://lists.rtems.org/pipermail/devel/2020-August/061418.html)
|
|
The qsort() in sparse_disk_get_new_block() may move the appended key
which invalidates the pointer.
Close #4142.
|