manifest: tf-m: update to 2.1.4

From 2.1.2.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

.clang-format

@@ -39,7 +39,6 @@ ForEachMacros:
   - 'FOR_EACH_IDX'
   - 'FOR_EACH_IDX_FIXED_ARG'
   - 'FOR_EACH_NONEMPTY_TERM'
-  - 'FOR_EACH_FIXED_ARG_NONEMPTY_TERM'
   - 'RB_FOR_EACH'
   - 'RB_FOR_EACH_CONTAINER'
   - 'SYS_DLIST_FOR_EACH_CONTAINER'
@@ -69,16 +68,8 @@ ForEachMacros:
   - 'Z_GENLIST_FOR_EACH_NODE'
   - 'Z_GENLIST_FOR_EACH_NODE_SAFE'
   - 'STRUCT_SECTION_FOREACH'
-  - 'STRUCT_SECTION_FOREACH_ALTERNATE'
   - 'TYPE_SECTION_FOREACH'
   - 'K_SPINLOCK'
-  - 'COAP_RESOURCE_FOREACH'
-  - 'COAP_SERVICE_FOREACH'
-  - 'COAP_SERVICE_FOREACH_RESOURCE'
-  - 'HTTP_RESOURCE_FOREACH'
-  - 'HTTP_SERVER_CONTENT_TYPE_FOREACH'
-  - 'HTTP_SERVICE_FOREACH'
-  - 'HTTP_SERVICE_FOREACH_RESOURCE'
 IfMacros:
   - 'CHECKIF'
 # Disabled for now, see bug https://github.com/zephyrproject-rtos/zephyr/issues/48520
@@ -93,10 +84,8 @@ IncludeCategories:
   - Regex: '.*'
     Priority: 3
 IndentCaseLabels: false
-IndentGotoLabels: false
 IndentWidth: 8
 InsertBraces: true
-SpaceBeforeInheritanceColon: False
 SpaceBeforeParens: ControlStatementsExceptControlMacros
 SortIncludes: Never
 UseTab: ForContinuationAndIndentation

.github/SECURITY.md

@@ -11,9 +11,9 @@ updates:
 At this time, with the latest release of v3.6, the supported
 versions are:
 
-  - v3.7: Current LTS
-  - v3.6: Prior release
-  - v2.7: Prior LTS
+  - v2.7: Current LTS
+  - v3.5: Prior release
+  - v3.6: Current release
 
 ## Reporting process
 

.github/workflows/assigner.yml

@@ -15,24 +15,36 @@ on:
     types:
     - labeled
 
+permissions:
+  contents: read
+
 jobs:
   assignment:
     name: Pull Request Assignment
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: write # to add assignees to pull requests
+      issues: write        # to add assignees to issues
 
     steps:
-    - name: Install Python dependencies
-      run: |
-        sudo pip3 install -U setuptools wheel pip
-        pip3 install -U PyGithub>=1.55 west
-
     - name: Check out source code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Set up Python
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+      with:
+        python-version: 3.12
+        cache: pip
+        cache-dependency-path: scripts/requirements-actions.txt
+
+    - name: Install Python packages
+      run: |
+        pip install -r scripts/requirements-actions.txt --require-hashes
 
     - name: Run assignment script
       env:
-        GITHUB_TOKEN: ${{ secrets.ZB_GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
         FLAGS="-v"
         FLAGS+=" -o ${{ github.event.repository.owner.login }}"

.github/workflows/backport.yml

@@ -24,8 +24,8 @@ jobs:
       )
     steps:
       - name: Backport
-        uses: zephyrproject-rtos/action-backport@v2.0.3-3
+        uses: zephyrproject-rtos/action-backport@7e74f601d11eaca577742445e87775b5651a965f # v2.0.3-3
         with:
-          github_token: ${{ secrets.ZB_GITHUB_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           issue_labels: Backport
           labels_template: '["Backport"]'

.github/workflows/backport_issue_check.yml

@@ -2,18 +2,26 @@ name: Backport Issue Check
 
 on:
   pull_request_target:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
     branches:
       - v*-branch
 
 jobs:
   backport:
     name: Backport Issue Check
+    concurrency:
+      group: backport-issue-check-${{ github.ref }}
+      cancel-in-progress: true
     runs-on: ubuntu-22.04
     if: github.repository == 'zephyrproject-rtos/zephyr'
 
     steps:
       - name: Check out source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Python dependencies
         run: |
@@ -22,7 +30,7 @@ jobs:
 
       - name: Run backport issue checker
         env:
-          GITHUB_TOKEN: ${{ secrets.ZB_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           ./scripts/release/list_backports.py \
             -o ${{ github.event.repository.owner.login }} \

.github/workflows/bsim-tests-publish.yaml

@@ -13,12 +13,12 @@ jobs:
 
     steps:
       - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v3
+        uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
         with:
           run_id: ${{ github.event.workflow_run.id }}
 
       - name: Publish BabbleSim Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
         with:
           check_name: BabbleSim Test Results
           comment_mode: off

.github/workflows/bsim-tests.yaml

@@ -34,7 +34,7 @@ jobs:
     runs-on:
       group: zephyr-runner-v2-linux-x64-4xlarge
     container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.13.20240601
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
       options: '--entrypoint /bin/bash'
     env:
       ZEPHYR_TOOLCHAIN_VARIANT: zephyr
@@ -63,7 +63,7 @@ jobs:
           git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
@@ -85,7 +85,7 @@ jobs:
           echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
 
       - name: Check common triggering files
-        uses: tj-actions/changed-files@v44
+        uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
         id: check-common-files
         with:
           files: |
@@ -100,7 +100,7 @@ jobs:
             tests/bsim/*
 
       - name: Check if Bluethooth files changed
-        uses: tj-actions/changed-files@v44
+        uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
         id: check-bluetooth-files
         with:
           files: |
@@ -109,7 +109,7 @@ jobs:
             subsys/bluetooth/
 
       - name: Check if Networking files changed
-        uses: tj-actions/changed-files@v44
+        uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
         id: check-networking-files
         with:
           files: |
@@ -122,7 +122,7 @@ jobs:
             include/zephyr/net/ieee802154*
 
       - name: Check if UART files changed
-        uses: tj-actions/changed-files@v44
+        uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
         id: check-uart-files
         with:
           files: |
@@ -168,7 +168,7 @@ jobs:
 
       - name: Upload Unit Test Results in HTML
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: HTML Unit Test Results
           if-no-files-found: ignore
@@ -176,7 +176,7 @@ jobs:
             junit.html
 
       - name: Publish Unit Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
         with:
           check_name: Bsim Test Results
           files: "junit.xml"
@@ -184,7 +184,7 @@ jobs:
 
       - name: Upload Event Details
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: event
           path: |

.github/workflows/bug_snapshot.yaml

@@ -1,67 +0,0 @@
-# Copyright (c) 2021, 2022 Nordic Semiconductor ASA
-# SPDX-License-Identifier: Apache-2.0
-
-# Make a snapshot of open bugs as a python pickle file, compressed
-# using xz. Upload the xz file to Amazon S3.
-
-name: Bug Snapshot
-
-on:
-  workflow_dispatch:
-    branches: [main]
-  schedule:
-  # Run daily at 14:05
-  - cron: '5 14 * * *'
-
-jobs:
-  make_bugs_pickle:
-    name: Make bugs pickle
-    runs-on: ubuntu-22.04
-    if: github.repository_owner == 'zephyrproject-rtos'
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Install Python dependencies
-      run: |
-        sudo pip3 install -U setuptools wheel pip
-        pip3 install -U pygithub
-
-    - name: Snapshot bugs
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        BUGS_PICKLE_FILENAME="zephyr-bugs-$(date -I).pickle.xz"
-        BUGS_PICKLE_PATH="${RUNNER_TEMP}/${BUGS_PICKLE_FILENAME}"
-
-        set -euo pipefail
-        python3 scripts/make_bugs_pickle.py | xz > ${BUGS_PICKLE_PATH}
-
-        echo "BUGS_PICKLE_FILENAME=${BUGS_PICKLE_FILENAME}" >> ${GITHUB_ENV}
-        echo "BUGS_PICKLE_PATH=${BUGS_PICKLE_PATH}" >> ${GITHUB_ENV}
-
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ vars.AWS_BUILDS_ZEPHYR_BUG_SNAPSHOT_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_BUILDS_ZEPHYR_BUG_SNAPSHOT_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
-    - name: Upload to AWS S3
-      run: |
-        REPOSITORY_NAME="${GITHUB_REPOSITORY#*/}"
-
-        PUBLISH_BUCKET="builds.zephyrproject.org"
-        PUBLISH_DOMAIN="builds.zephyrproject.io"
-        if [ "${{github.event_name}}" = "schedule" ]; then
-          PUBLISH_ROOT="${REPOSITORY_NAME}/bug-snapshot/daily"
-        else
-          PUBLISH_ROOT="${REPOSITORY_NAME}/bug-snapshot"
-        fi
-
-        PUBLISH_UPLOAD_URI="s3://${PUBLISH_BUCKET}/${PUBLISH_ROOT}/${BUGS_PICKLE_FILENAME}"
-        PUBLISH_DOWNLOAD_URI="https://${PUBLISH_DOMAIN}/${PUBLISH_ROOT}/${BUGS_PICKLE_FILENAME}"
-
-        aws s3 cp --quiet ${BUGS_PICKLE_PATH} ${PUBLISH_UPLOAD_URI}
-        echo "Bug pickle is available at: ${PUBLISH_DOWNLOAD_URI}" >> ${GITHUB_STEP_SUMMARY}

.github/workflows/clang.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on:
       group: zephyr-runner-v2-linux-x64-4xlarge
     container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.13.20240601
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
       options: '--entrypoint /bin/bash'
     strategy:
       fail-fast: false
@@ -49,7 +49,7 @@ jobs:
           git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -125,7 +125,7 @@ jobs:
 
       - name: Upload Unit Test Results
         if: always() && steps.twister.outputs.report_needed != 0
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: Unit Test Results (Subset ${{ matrix.platform }})
           path: twister-out/twister.xml
@@ -137,7 +137,7 @@ jobs:
     if: (success() || failure() ) && needs.clang-build.outputs.report_needed != 0
     steps:
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: artifacts
       - name: Merge Test Results
@@ -148,7 +148,7 @@ jobs:
 
       - name: Upload Unit Test Results in HTML
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: HTML Unit Test Results
           if-no-files-found: ignore
@@ -156,7 +156,7 @@ jobs:
             junit-clang.html
 
       - name: Publish Unit Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
         if: always()
         with:
           check_name: Unit Test Results

.github/workflows/codecov.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on:
       group: zephyr-runner-v2-linux-x64-4xlarge
     container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.13.20240601
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
       options: '--entrypoint /bin/bash'
     strategy:
       fail-fast: false
@@ -61,7 +61,7 @@ jobs:
           git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
 
       - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
@@ -121,7 +121,7 @@ jobs:
 
       - name: Upload Coverage Results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: Coverage Data (Subset ${{ matrix.normalized }})
           path: |
@@ -137,12 +137,12 @@ jobs:
 
     steps:
       - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: coverage/reports
 
@@ -209,7 +209,7 @@ jobs:
 
       - name: Upload Merged Coverage Results and Report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: Coverage Data and report
           path: |
@@ -220,7 +220,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: always()
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
         with:
           env_vars: OS,PYTHON
           fail_ci_if_error: false

.github/workflows/coding_guidelines.yml

@@ -8,13 +8,13 @@ jobs:
     name: Run coding guidelines checks on patch series (PR)
     steps:
     - name: Checkout the code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0
 
     - name: cache-pip
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/coding_guidelines.yml') }}

.github/workflows/compliance.yml

@@ -18,18 +18,18 @@ jobs:
         echo "$HOME/.local/bin" >> $GITHUB_PATH
 
     - name: Checkout the code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0
 
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: 3.11
 
     - name: cache-pip
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/compliance.yml') }}
@@ -38,7 +38,7 @@ jobs:
       run: |
         pip3 install setuptools
         pip3 install wheel
-        pip3 install python-magic lxml junitparser gitlint pylint pykwalify yamllint clang-format unidiff
+        pip3 install python-magic lxml junitparser gitlint pylint pykwalify yamllint
         pip3 install west
 
     - name: west setup
@@ -82,7 +82,7 @@ jobs:
         -c origin/${BASE_REF}..
 
     - name: upload-results
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       continue-on-error: true
       with:
         name: compliance.xml
@@ -94,23 +94,16 @@ jobs:
           exit 1;
         fi
 
-        warns=("ClangFormat")
         files=($(./scripts/ci/check_compliance.py -l))
-
         for file in "${files[@]}"; do
           f="${file}.txt"
           if [[ -s $f ]]; then
-            results=$(cat $f)
-            results="${results//'%'/'%25'}"
-            results="${results//$'\n'/'%0A'}"
-            results="${results//$'\r'/'%0D'}"
-
-            if [[ "${warns[@]}" =~ "${file}" ]]; then
-              echo "::warning file=${f}::$results"
-            else
-              echo "::error file=${f}::$results"
-              exit=1
-            fi
+            errors=$(cat $f)
+            errors="${errors//'%'/'%25'}"
+            errors="${errors//$'\n'/'%0A'}"
+            errors="${errors//$'\r'/'%0D'}"
+            echo "::error file=${f}::$errors"
+            exit=1
           fi
         done
 

.github/workflows/daily_test_version.yml

@@ -1,38 +0,0 @@
-# Copyright (c) 2020 Intel Corp.
-# SPDX-License-Identifier: Apache-2.0
-
-name: Publish commit for daily testing
-
-on:
-  schedule:
-  - cron: '50 22 * * *'
-  push:
-    branches:
-    - refs/tags/*
-
-jobs:
-  get_version:
-    runs-on: ubuntu-22.04
-    if: github.repository == 'zephyrproject-rtos/zephyr'
-
-    steps:
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
-    - name: install-pip
-      run: |
-        pip3 install gitpython
-
-    - name: checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    - name: Upload to AWS S3
-      run: |
-        python3 scripts/ci/version_mgr.py --update .
-        aws s3 cp versions.json s3://testing.zephyrproject.org/daily_tests/versions.json

.github/workflows/devicetree_checks.yml

@@ -35,14 +35,14 @@ jobs:
           python-version: 3.6
     steps:
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: cache-pip-linux
       if: startsWith(runner.os, 'Linux')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-pip-${{ matrix.python-version }}
@@ -50,7 +50,7 @@ jobs:
           ${{ runner.os }}-pip-${{ matrix.python-version }}
     - name: cache-pip-mac
       if: startsWith(runner.os, 'macOS')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/Library/Caches/pip
         # Trailing '-' was just to get a different cache name
@@ -59,7 +59,7 @@ jobs:
           ${{ runner.os }}-pip-${{ matrix.python-version }}-
     - name: cache-pip-win
       if: startsWith(runner.os, 'Windows')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~\AppData\Local\pip\Cache
         key: ${{ runner.os }}-pip-${{ matrix.python-version }}

.github/workflows/do_not_merge.yml

@@ -1,20 +0,0 @@
-name: Do Not Merge
-
-on:
-  pull_request:
-    types: [synchronize, opened, reopened, labeled, unlabeled]
-
-jobs:
-  do-not-merge:
-    if: ${{ contains(github.event.*.labels.*.name, 'DNM') ||
-            contains(github.event.*.labels.*.name, 'TSC') ||
-            contains(github.event.*.labels.*.name, 'Architecture Review') ||
-            contains(github.event.*.labels.*.name, 'dev-review') }}
-    name: Prevent Merging
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check for label
-        run: |
-          echo "Pull request is labeled as 'DNM', 'TSC', 'Architecture Review' or 'dev-review'."
-          echo "This workflow fails so that the pull request cannot be merged."
-          exit 1

.github/workflows/doc-build.yml

@@ -17,7 +17,7 @@ env:
   # The latest CMake available directly with apt is 3.18, but we need >=3.20
   # so we fetch that through pip.
   CMAKE_VERSION: 3.20.5
-  DOXYGEN_VERSION: 1.12.0
+  DOXYGEN_VERSION: 1.9.6
   # Job count is set to 2 less than the vCPU count of 16 because the total available RAM is 32GiB
   # and each sphinx-build process may use more than 2GiB of RAM.
   JOB_COUNT: 14
@@ -32,12 +32,12 @@ jobs:
       file_check: ${{ steps.check-doc-files.outputs.any_changed }}
     steps:
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0
     - name: Check if Documentation related files changed
-      uses: tj-actions/changed-files@v44
+      uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
       id: check-doc-files
       with:
         files: |
@@ -86,7 +86,7 @@ jobs:
         echo "${HOME}/.local/bin" >> $GITHUB_PATH
 
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0
@@ -104,7 +104,7 @@ jobs:
         git log --graph --oneline HEAD...${PR_HEAD}
 
     - name: cache-pip
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: pip-${{ hashFiles('doc/requirements.txt') }}
@@ -149,18 +149,18 @@ jobs:
 
     - name: compress-docs
       run: |
-        tar --use-compress-program="xz -T0" -cf html-output.tar.xz --directory=doc/_build html
-        tar --use-compress-program="xz -T0" -cf api-output.tar.xz --directory=doc/_build html/doxygen/html
-        tar --use-compress-program="xz -T0" -cf api-coverage.tar.xz coverage-report
+        tar cfJ html-output.tar.xz --directory=doc/_build html
+        tar cfJ api-output.tar.xz --directory=doc/_build html/doxygen/html
+        tar cfJ api-coverage.tar.xz coverage-report
 
     - name: upload-build
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: html-output
         path: html-output.tar.xz
 
     - name: upload-api-coverage
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: api-coverage
         path: api-coverage.tar.xz
@@ -180,7 +180,7 @@ jobs:
         echo "API Coverage Report will be available shortly at: ${API_COVERAGE_URL}" >> $GITHUB_STEP_SUMMARY
 
     - name: upload-pr-number
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       if: github.event_name == 'pull_request'
       with:
         name: pr_num
@@ -212,7 +212,7 @@ jobs:
         echo "ZEPHYR_RUNNER_CLOUD_POD = ${ZEPHYR_RUNNER_CLOUD_POD}"
 
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: install-pkgs
       run: |
@@ -220,7 +220,7 @@ jobs:
         apt-get install -y python3-pip python3-venv ninja-build doxygen graphviz librsvg2-bin imagemagick
 
     - name: cache-pip
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: pip-${{ hashFiles('doc/requirements.txt') }}
@@ -259,7 +259,7 @@ jobs:
 
     - name: upload-build
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: pdf-output
         if-no-files-found: ignore

.github/workflows/doc-publish-pr.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
     - name: Download artifacts
-      uses: dawidd6/action-download-artifact@v3
+      uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
       with:
         workflow: doc-build.yml
         run_id: ${{ github.event.workflow_run.id }}
@@ -32,7 +32,7 @@ jobs:
 
     - name: Check PR number
       id: check-pr
-      uses: carpentries/actions/check-valid-pr@v0.14.0
+      uses: carpentries/actions/check-valid-pr@e27aa6c531dadd357d2aa4c9a21e90849e23e963 # v0.14.0
       with:
         pr: ${{ env.PR_NUM }}
         sha: ${{ github.event.workflow_run.head_sha }}
@@ -51,7 +51,7 @@ jobs:
         fi
 
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
+      uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
       with:
         aws-access-key-id: ${{ vars.AWS_BUILDS_ZEPHYR_PR_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_BUILDS_ZEPHYR_PR_SECRET_ACCESS_KEY }}

.github/workflows/doc-publish.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Download artifacts
-      uses: dawidd6/action-download-artifact@v3
+      uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
       with:
         workflow: doc-build.yml
         run_id: ${{ github.event.workflow_run.id }}
@@ -37,7 +37,7 @@ jobs:
         fi
 
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
+      uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
       with:
         aws-access-key-id: ${{ vars.AWS_DOCS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_DOCS_SECRET_ACCESS_KEY }}

.github/workflows/errno.yml

@@ -10,7 +10,7 @@ jobs:
   check-errno:
     runs-on: ubuntu-22.04
     container:
-      image: ghcr.io/zephyrproject-rtos/ci:v0.26.13
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
 
     steps:
       - name: Apply container owner mismatch workaround
@@ -22,7 +22,7 @@ jobs:
           git config --global --add safe.directory ${GITHUB_WORKSPACE}
 
       - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Environment Setup
         run: |

.github/workflows/footprint-tracking.yml

@@ -1,95 +0,0 @@
-name: Footprint Tracking
-
-# Run every 12 hours and on tags
-on:
-  schedule:
-    - cron: '50 1/12 * * *'
-  push:
-    paths:
-      - 'VERSION'
-      - '.github/workflows/footprint-tracking.yml'
-    branches:
-      - main
-      - v*-branch
-    tags:
-      # only publish v* tags, do not care about zephyr-v* which point to the
-      # same commit
-      - 'v*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  footprint-tracking:
-    runs-on:
-      group: zephyr-runner-v2-linux-x64-4xlarge
-    if: github.repository_owner == 'zephyrproject-rtos'
-    container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.13.20240601
-      options: '--entrypoint /bin/bash'
-    strategy:
-      fail-fast: false
-    env:
-      ZEPHYR_TOOLCHAIN_VARIANT: zephyr
-    steps:
-      - name: Apply container owner mismatch workaround
-        run: |
-          # FIXME: The owner UID of the GITHUB_WORKSPACE directory may not
-          #        match the container user UID because of the way GitHub
-          #        Actions runner is implemented. Remove this workaround when
-          #        GitHub comes up with a fundamental fix for this problem.
-          git config --global --add safe.directory ${GITHUB_WORKSPACE}
-
-      - name: Print cloud service information
-        run: |
-          echo "ZEPHYR_RUNNER_CLOUD_PROVIDER = ${ZEPHYR_RUNNER_CLOUD_PROVIDER}"
-          echo "ZEPHYR_RUNNER_CLOUD_NODE = ${ZEPHYR_RUNNER_CLOUD_NODE}"
-          echo "ZEPHYR_RUNNER_CLOUD_POD = ${ZEPHYR_RUNNER_CLOUD_POD}"
-
-      - name: Update PATH for west
-        run: |
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Install packages
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y python3-venv
-          sudo pip3 install -U setuptools wheel pip gitpython
-
-      - name: checkout
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-
-      - name: Environment Setup
-        run: |
-          echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
-
-      - name: west setup
-        run: |
-          west init -l . || true
-          west config --global update.narrow true
-          west update 2>&1 1> west.update.log || west update 2>&1 1> west.update2.log
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-
-      - name: Record Footprint
-        env:
-          BASE_REF: ${{ github.base_ref }}
-        run: |
-          export ZEPHYR_BASE=${PWD}
-          ./scripts/footprint/track.py  -p scripts/footprint/plan.txt
-
-      - name: Upload footprint data
-        run: |
-          python3 -m venv .venv
-          . .venv/bin/activate
-          pip3 install awscli
-          aws s3 sync  --quiet footprint_data/ s3://testing.zephyrproject.org/footprint_data/

.github/workflows/greet_first_time_contributor.yml

@@ -12,7 +12,7 @@ jobs:
     if: github.repository == 'zephyrproject-rtos/zephyr'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: zephyrproject-rtos/action-first-interaction@v1.1.1-zephyr-5
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/hello_world_multiplatform.yaml

@@ -26,11 +26,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04, ubuntu-24.04, macos-13, macos-14, windows-2022]
+        os: [ubuntu-22.04, macos-13, macos-14, windows-2022]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: zephyr
           fetch-depth: 0
@@ -49,12 +49,12 @@ jobs:
           git log --graph --oneline HEAD...${PR_HEAD}
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: 3.11
 
       - name: Setup Zephyr project
-        uses: zephyrproject-rtos/action-zephyr-setup@v1
+        uses: zephyrproject-rtos/action-zephyr-setup@f7b70269a8eb01f70c8e710891e4c94972a2f6b4 # v1.0.6
         with:
           app-path: zephyr
           toolchains: all
@@ -68,12 +68,13 @@ jobs:
           elif [ "${{ runner.os }}" = "Windows" ]; then
             EXTRA_TWISTER_FLAGS="-P native_sim --short-build-path -O/tmp/twister-out"
           fi
-          ./scripts/twister --force-color --inline-logs -T samples/hello_world -v $EXTRA_TWISTER_FLAGS
+          ./scripts/twister --force-color --inline-logs -T samples/hello_world -T samples/cpp/hello_world -v $EXTRA_TWISTER_FLAGS
 
       - name: Upload artifacts
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           if-no-files-found: ignore
           path:
             zephyr/twister-out/*/samples/hello_world/sample.basic.helloworld/build.log
+            zephyr/twister-out/*/samples/cpp/hello_world/sample.cpp.helloworld/build.log

.github/workflows/issue_count.yml

@@ -1,54 +0,0 @@
-name: Issue Tracker
-
-on:
-  schedule:
-  - cron: '*/10 * * * *'
-
-env:
-  OUTPUT_FILE_NAME: IssuesReport.md
-  COMMITTER_EMAIL: actions@github.com
-  COMMITTER_NAME: github-actions
-  COMMITTER_USERNAME: github-actions
-
-
-jobs:
-  track-issues:
-    name: "Collect Issue Stats"
-    runs-on: ubuntu-22.04
-    if: github.repository == 'zephyrproject-rtos/zephyr'
-
-    steps:
-    - name: Download configuration file
-      run: |
-        wget -q https://raw.githubusercontent.com/$GITHUB_REPOSITORY/main/.github/workflows/issues-report-config.json
-
-    - name: install-packages
-      run: |
-        sudo apt-get update
-        sudo apt-get install discount
-
-    - uses: brcrista/summarize-issues@v4
-      with:
-        title: 'Issues Report for ${{ github.repository }}'
-        configPath: 'issues-report-config.json'
-        outputPath: ${{ env.OUTPUT_FILE_NAME }}
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: upload-stats
-      uses: actions/upload-artifact@v4
-      continue-on-error: true
-      with:
-        name: ${{ env.OUTPUT_FILE_NAME }}
-        path: ${{ env.OUTPUT_FILE_NAME }}
-
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
-    - name: Post Results
-      run: |
-        mkd2html IssuesReport.md IssuesReport.html
-        aws s3 cp --quiet IssuesReport.html s3://testing.zephyrproject.org/issues/$GITHUB_REPOSITORY/index.html

.github/workflows/license_check.yml

@@ -8,16 +8,16 @@ jobs:
     name: Scan code for licenses
     steps:
     - name: Checkout the code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         fetch-depth: 0
     - name: Scan the code
       id: scancode
-      uses: zephyrproject-rtos/action_scancode@v4
+      uses: zephyrproject-rtos/action_scancode@23ef91ce31cd4b954366a7b71eea47520da9b380 # v4
       with:
         directory-to-scan: 'scan/'
     - name: Artifact Upload
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: scancode
         path: ./artifacts

.github/workflows/manifest.yml

@@ -8,7 +8,7 @@ jobs:
     name: Manifest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: zephyrproject/zephyr
           ref: ${{ github.event.pull_request.head.sha }}
@@ -26,13 +26,12 @@ jobs:
           west init -l . || true
 
       - name: Manifest
-        uses: zephyrproject-rtos/action-manifest@v1.3.1
+        uses: zephyrproject-rtos/action-manifest@v1.2.2
         with:
-          github-token: ${{ secrets.ZB_GITHUB_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           manifest-path: 'west.yml'
           checkout-path: 'zephyrproject/zephyr'
           use-tree-checkout: 'true'
-          check-impostor-commits: 'true'
           label-prefix: 'manifest-'
           verbosity-level: '1'
           labels: 'manifest'

.github/workflows/pr_metadata_check.yml

@@ -0,0 +1,49 @@
+name: PR Metadata Check
+
+on:
+  pull_request:
+    types:
+      - synchronize
+      - opened
+      - reopened
+      - labeled
+      - unlabeled
+      - edited
+
+permissions:
+  contents: read
+
+jobs:
+  do-not-merge:
+    name: Prevent Merging
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: 3.12
+          cache: pip
+          cache-dependency-path: scripts/requirements-actions.txt
+
+      - name: Install Python dependencies
+        run: |
+          pip install -r scripts/requirements-actions.txt --require-hashes
+
+      - name: Run the check script
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          ./scripts/ci/do_not_merge.py -p "${{ github.event.pull_request.number }}"
+
+  empty_pr_description:
+    if: ${{ github.event.pull_request.body == '' }}
+    name: PR Description
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check for PR description
+        run: |
+          echo "Pull request description cannot be empty."
+          exit 1

.github/workflows/pylib_tests.yml

@@ -29,14 +29,14 @@ jobs:
         os: [ubuntu-22.04]
     steps:
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: cache-pip-linux
       if: startsWith(runner.os, 'Linux')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-pip-${{ matrix.python-version }}

.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
   release:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
@@ -21,12 +21,12 @@ jobs:
           echo "TRIMMED_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
 
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v1
+        uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
         with:
           args: spdx -o zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
 
       - name: upload-results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         continue-on-error: true
         with:
           name: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
@@ -38,7 +38,7 @@ jobs:
 
       - name: Create Release
         id: create_release
-        uses: actions/create-release@v1
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -50,7 +50,7 @@ jobs:
 
       - name: Upload Release Assets
         id: upload-release-asset
-        uses: actions/upload-release-asset@v1
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/scorecards.yml

@@ -1,61 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecards supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '43 7 * * 6'
-  push:
-    branches:
-      - main
-
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed for Code scanning upload
-      security-events: write
-      # Needed for GitHub OIDC token if publish_results is true
-      id-token: write
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # Publish results to OpenSSF REST API for easy access by consumers.
-          # - Allows the repository to include the Scorecard badge.
-          # - See https://github.com/ossf/scorecard-action#publishing-results.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable
-      # uploads of run results in SARIF format to the repository Actions tab.
-      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard (optional).
-      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
-        with:
-          sarif_file: results.sarif

.github/workflows/scripts_tests.yml

@@ -29,7 +29,7 @@ jobs:
         os: [ubuntu-20.04]
     steps:
       - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -46,13 +46,13 @@ jobs:
           git log --graph --oneline HEAD...${PR_HEAD}
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: cache-pip-linux
         if: startsWith(runner.os, 'Linux')
-        uses: actions/cache@v4
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ matrix.python-version }}

.github/workflows/stale-workflow-queue-cleanup.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
     - name: Delete stale queued workflow runs
-      uses: MajorScruffy/delete-old-workflow-runs@v0.3.0
+      uses: MajorScruffy/delete-old-workflow-runs@78b5af714fefaefdf74862181c467b061782719e # v0.3.0
       with:
         repository: ${{ github.repository }}
         # Remove any workflow runs in "queued" state for more than 1 day

.github/workflows/stats_merged_prs.yml

@@ -1,24 +0,0 @@
-name: Merged PR stats
-
-on:
-  pull_request_target:
-    branches:
-      - main
-      - v*-branch
-    types: [closed]
-jobs:
-  record_merged:
-    if: github.event.pull_request.merged == true && github.repository == 'zephyrproject-rtos/zephyr'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: PR event
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ELASTICSEARCH_KEY: ${{ secrets.ELASTICSEARCH_KEY }}
-          ELASTICSEARCH_SERVER: "https://elasticsearch.zephyrproject.io:443"
-          PR_STAT_ES_INDEX: ${{ vars.PR_STAT_ES_INDEX }}
-        run: |
-          pip3 install pygithub elasticsearch
-          python3 ./scripts/ci/stats/merged_prs.py --pull-request ${{ github.event.pull_request.number }} --repo ${{ github.repository }}

.github/workflows/twister.yaml

@@ -6,7 +6,7 @@ on:
       - main
       - v*-branch
       - collab-*
-  pull_request_target:
+  pull_request:
     branches:
       - main
       - v*-branch
@@ -25,7 +25,7 @@ jobs:
     runs-on:
       group: zephyr-runner-v2-linux-x64-4xlarge
     container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.14.20240823
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
       options: '--entrypoint /bin/bash'
     outputs:
       subset: ${{ steps.output-services.outputs.subset }}
@@ -56,22 +56,22 @@ jobs:
           echo "ZEPHYR_RUNNER_CLOUD_POD = ${ZEPHYR_RUNNER_CLOUD_POD}"
 
       - name: Clone cached Zephyr repository
-        if: github.event_name == 'pull_request_target'
+        if: github.event_name == 'pull_request'
         continue-on-error: true
         run: |
           git clone --shared /repo-cache/zephyrproject/zephyr .
           git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
 
       - name: Checkout
-        if: github.event_name == 'pull_request_target'
-        uses: actions/checkout@v4
+        if: github.event_name == 'pull_request'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
           persist-credentials: false
 
       - name: Environment Setup
-        if: github.event_name == 'pull_request_target'
+        if: github.event_name == 'pull_request'
         run: |
           git config --global user.email "bot@zephyrproject.org"
           git config --global user.name "Zephyr Bot"
@@ -87,7 +87,7 @@ jobs:
           echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
 
       - name: Generate Test Plan with Twister
-        if: github.event_name == 'pull_request_target'
+        if: github.event_name == 'pull_request'
         id: test-plan
         run: |
           export ZEPHYR_BASE=${PWD}
@@ -103,7 +103,7 @@ jobs:
       - name: Determine matrix size
         id: output-services
         run: |
-          if [ "${{github.event_name}}" = "pull_request_target" ]; then
+          if [ "${{github.event_name}}" = "pull_request" ]; then
             if [ -n "${TWISTER_NODES}" ]; then
               subset="[$(seq -s',' 1 ${TWISTER_NODES})]"
             else
@@ -129,7 +129,7 @@ jobs:
     needs: twister-build-prep
     if: needs.twister-build-prep.outputs.size != 0
     container:
-      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.26.14.20240823
+      image: ghcr.io/zephyrproject-rtos/ci:v0.26.18
       options: '--entrypoint /bin/bash'
     strategy:
       fail-fast: false
@@ -172,7 +172,7 @@ jobs:
           git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -180,7 +180,7 @@ jobs:
 
       - name: Environment Setup
         run: |
-          if [ "${{github.event_name}}" = "pull_request_target" ]; then
+          if [ "${{github.event_name}}" = "pull_request" ]; then
             git config --global user.email "bot@zephyrproject.org"
             git config --global user.name "Zephyr Builder"
             rm -fr ".git/rebase-apply"
@@ -188,7 +188,6 @@ jobs:
             git log  --pretty=oneline | head -n 10
           fi
           echo "$HOME/.local/bin" >> $GITHUB_PATH
-          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
 
           west init -l . || true
           west config manifest.group-filter -- +ci,+optional
@@ -202,8 +201,6 @@ jobs:
         run: |
           cmake --version
           gcc --version
-          cargo --version
-          rustup target list --installed
           ls -la
           echo "github.ref: ${{ github.ref }}"
           echo "github.base_ref: ${{ github.base_ref }}"
@@ -239,7 +236,7 @@ jobs:
             fi
           fi
 
-      - if: github.event_name == 'pull_request_target'
+      - if: github.event_name == 'pull_request'
         name: Run Tests with Twister (Pull Request)
         run: |
           rm -f testplan.json
@@ -274,7 +271,7 @@ jobs:
 
       - name: Upload Unit Test Results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: Unit Test Results (Subset ${{ matrix.subset }})
           if-no-files-found: ignore
@@ -296,7 +293,7 @@ jobs:
 
       - if: matrix.subset == 1 && github.event_name == 'push'
         name: Upload the list of Python packages
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: Frozen PIP package set
           path: |
@@ -304,9 +301,6 @@ jobs:
 
   twister-test-results:
     name: "Publish Unit Tests Results"
-    env:
-      ELASTICSEARCH_KEY: ${{ secrets.ELASTICSEARCH_KEY }}
-      ELASTICSEARCH_SERVER: "https://elasticsearch.zephyrproject.io:443"
     needs: twister-build
     runs-on: ubuntu-22.04
     # the build-and-test job might be skipped, we don't need to run this job then
@@ -316,30 +310,16 @@ jobs:
       # Needed for opensearch and upload script
       - if: github.event_name == 'push' || github.event_name == 'schedule'
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: artifacts
 
-      - if: github.event_name == 'push' || github.event_name == 'schedule'
-        name: Upload to opensearch
-        run: |
-          pip3 install elasticsearch
-          # set run date on upload to get consistent and unified data across the matrix.
-          run_date=`date --iso-8601=minutes`
-          if [ "${{github.event_name}}" = "push" ]; then
-            python3 ./scripts/ci/upload_test_results_es.py -r ${run_date} \
-              --index zephyr-main-ci-push-1 artifacts/*/*/twister.json
-          elif [ "${{github.event_name}}" = "schedule" ]; then
-            python3 ./scripts/ci/upload_test_results_es.py -r ${run_date} \
-              --index zephyr-main-ci-weekly-1 artifacts/*/*/twister.json
-          fi
-
       - name: Merge Test Results
         run: |
           pip3 install junitparser junit2html
@@ -348,7 +328,7 @@ jobs:
 
       - name: Upload Unit Test Results in HTML
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: HTML Unit Test Results
           if-no-files-found: ignore
@@ -356,7 +336,7 @@ jobs:
             junit.html
 
       - name: Publish Unit Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
         with:
           check_name: Unit Test Results
           files: "**/twister.xml"

.github/workflows/twister_tests.yml

@@ -36,34 +36,31 @@ jobs:
         os: [ubuntu-22.04]
     steps:
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: ${{ matrix.python-version }}
-    - name: cache-pip-linux
-      if: startsWith(runner.os, 'Linux')
-      uses: actions/cache@v4
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-pip-${{ matrix.python-version }}
-        restore-keys: |
-          ${{ runner.os }}-pip-${{ matrix.python-version }}
-    - name: install-packages
+        cache: pip
+        cache-dependency-path: scripts/requirements-actions.txt
+
+    - name: Install Python packages
       run: |
-        pip3 install -r scripts/requirements-base.txt -r scripts/requirements-build-test.txt -r scripts/requirements-run-test.txt
+        pip install -r scripts/requirements-actions.txt --require-hashes
+
     - name: Run pytest for twisterlib
       env:
-        ZEPHYR_BASE: ./
         ZEPHYR_TOOLCHAIN_VARIANT: zephyr
       run: |
+        export ZEPHYR_BASE=${PWD}
         echo "Run twister tests"
         PYTHONPATH=./scripts/tests pytest ./scripts/tests/twister
     - name: Run pytest for pytest-twister-harness
       env:
-        ZEPHYR_BASE: ./
         ZEPHYR_TOOLCHAIN_VARIANT: zephyr
         PYTHONPATH: ./scripts/pylib/pytest-twister-harness/src:${PYTHONPATH}
       run: |
+        export ZEPHYR_BASE=${PWD}
         echo "Run twister tests"
         pytest ./scripts/pylib/pytest-twister-harness/tests

.github/workflows/twister_tests_blackbox.yml

@@ -15,65 +15,52 @@ on:
     - 'scripts/tests/twister_blackbox/**'
     - '.github/workflows/twister_tests_blackbox.yml'
 
+permissions:
+  contents: read
+
 jobs:
   twister-tests:
     name: Twister Black Box Tests
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
-        python-version: ['3.10', '3.11', '3.12']
-        os: [ubuntu-22.04]
-    container:
-      image: ghcr.io/zephyrproject-rtos/ci:v0.26.13
-
+        python-version: ['3.10', '3.11', '3.12', '3.13']
     steps:
-    - name: Apply Container Owner Mismatch Workaround
-      run: |
-        # FIXME: The owner UID of the GITHUB_WORKSPACE directory may not
-        #        match the container user UID because of the way GitHub
-        #        Actions runner is implemented. Remove this workaround when
-        #        GitHub comes up with a fundamental fix for this problem.
-        git config --global --add safe.directory ${GITHUB_WORKSPACE}
-
     - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Environment Setup
-      run: |
-        echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-        west init -l . || true
-        # we do not depend on any hals, tools or bootloader, save some time and space...
-        west config manifest.group-filter -- -hal,-tools,-bootloader
-        west config --global update.narrow true
-        west update --path-cache /github/cache/zephyrproject 2>&1 1> west.update.log || west update --path-cache /github/cache/zephyrproject 2>&1 1> west.update.log || ( rm -rf ../modules ../bootloader ../tools && west update --path-cache /github/cache/zephyrproject)
-        west forall -c 'git reset --hard HEAD'
-
-        echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        path: zephyr
+        fetch-depth: 0
 
     - name: Set Up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: ${{ matrix.python-version }}
+        cache: pip
+        cache-dependency-path: scripts/requirements-actions.txt
 
-    - name: Go Into Venv
-      shell: bash
+    - name: install-packages
+      working-directory: zephyr
       run: |
-        python3 -m pip install --user virtualenv
-        python3 -m venv env
-        source env/bin/activate
-        echo "$(which python)"
+        pip install -r scripts/requirements-actions.txt --require-hashes
+        sudo apt-get update -y
+        sudo apt-get install -y lcov
 
-    - name: Install Packages
-      run: |
-        python3 -m pip install -U -r scripts/requirements-base.txt -r scripts/requirements-build-test.txt -r scripts/requirements-run-test.txt
+    - name: Setup Zephyr project
+      uses: zephyrproject-rtos/action-zephyr-setup@f7b70269a8eb01f70c8e710891e4c94972a2f6b4 # v1.0.6
+      with:
+        app-path: zephyr
+        sdk-version: 0.16.9
+        toolchains: all
 
     - name: Run Pytest For Twister Black Box Tests
+      working-directory: zephyr
       shell: bash
       env:
         ZEPHYR_BASE: ./
         ZEPHYR_TOOLCHAIN_VARIANT: zephyr
       run: |
+        export ZEPHYR_SDK_INSTALL_DIR=${{ github.workspace }}/zephyr-sdk
         echo "Run twister tests"
         source zephyr-env.sh
-        PYTHONPATH="./scripts/tests" pytest ./scripts/tests/twister_blackbox
+        PYTHONPATH="./scripts/tests" pytest ./scripts/tests/twister_blackbox/

.github/workflows/west_cmds.yml

@@ -38,14 +38,14 @@ jobs:
           python-version: 3.6
     steps:
     - name: checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: cache-pip-linux
       if: startsWith(runner.os, 'Linux')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-pip-${{ matrix.python-version }}
@@ -53,7 +53,7 @@ jobs:
           ${{ runner.os }}-pip-${{ matrix.python-version }}
     - name: cache-pip-mac
       if: startsWith(runner.os, 'macOS')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/Library/Caches/pip
         # Trailing '-' was just to get a different cache name
@@ -62,7 +62,7 @@ jobs:
           ${{ runner.os }}-pip-${{ matrix.python-version }}-
     - name: cache-pip-win
       if: startsWith(runner.os, 'Windows')
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~\AppData\Local\pip\Cache
         key: ${{ runner.os }}-pip-${{ matrix.python-version }}

.gitignore

@@ -59,18 +59,6 @@ venv
 .clangd
 new.info
 
-# Cargo drops lock files in projects to capture resolved dependencies.
-# We don't want to record these.
-Cargo.lock
-
-# Cargo encourages a .cargo/config.toml file to symlink to a generated
-# file.  Don't save these.
-.cargo/
-
-# Normal west builds will place the Rust target directory under the build directory.  However,
-# sometimes IDEs and such will litter these target directories as well.
-target/
-
 # CI output
 compliance.xml
 _error.types
@@ -88,7 +76,6 @@ tags
 BinaryFiles.txt
 BoardYml.txt
 Checkpatch.txt
-ClangFormat.txt
 DevicetreeBindings.txt
 GitDiffCheck.txt
 Gitlint.txt

.mailmap

@@ -61,7 +61,6 @@ Lixin Guo <lixinx.guo@intel.com>
 Łukasz Mazur <lukasz.mazur@hidglobal.com>
 Manuel Argüelles <manuel.arguelles@nxp.com>
 Manuel Argüelles <manuel.arguelles@nxp.com> <manuel.arguelles@coredumplabs.com>
-Manuel Argüelles <manuel.arguelles@nxp.com> <marguelles.dev@gmail.com>
 Marc Herbert <marc.herbert@intel.com> <46978960+marc-hb@users.noreply.github.com>
 Marin Jurjević <marin.jurjevic@hotmail.com>
 Mariusz Ryndzionek <mariusz.ryndzionek@firmwave.com>

CMakeLists.txt

@@ -1613,14 +1613,11 @@ endif()
 
 if(CONFIG_BUILD_OUTPUT_ADJUST_LMA)
   math(EXPR adjustment "${CONFIG_BUILD_OUTPUT_ADJUST_LMA}" OUTPUT_FORMAT DECIMAL)
-  set(args_adjustment ${CONFIG_BUILD_OUTPUT_ADJUST_LMA_SECTIONS})
-  list(TRANSFORM args_adjustment PREPEND $<TARGET_PROPERTY:bintools,elfconvert_flag_lma_adjust>)
-  list(TRANSFORM args_adjustment APPEND +${adjustment})
   list(APPEND
     post_build_commands
     COMMAND $<TARGET_PROPERTY:bintools,elfconvert_command>
             $<TARGET_PROPERTY:bintools,elfconvert_flag_final>
-            ${args_adjustment}
+            $<TARGET_PROPERTY:bintools,elfconvert_flag_lma_adjust>${adjustment}
             $<TARGET_PROPERTY:bintools,elfconvert_flag_infile>${KERNEL_ELF_NAME}
             $<TARGET_PROPERTY:bintools,elfconvert_flag_outfile>${KERNEL_ELF_NAME}
     )
@@ -2136,15 +2133,12 @@ endif()
 set(llext_edk_file ${PROJECT_BINARY_DIR}/${CONFIG_LLEXT_EDK_NAME}.tar.xz)
 
 # TODO maybe generate flags for C CXX ASM
-zephyr_get_compile_definitions_for_lang(C zephyr_defs)
 zephyr_get_compile_options_for_lang(C zephyr_flags)
 
 # Filter out non LLEXT and LLEXT_EDK flags - and add required ones
-llext_filter_zephyr_flags(LLEXT_REMOVE_FLAGS ${zephyr_flags} llext_filt_flags)
-llext_filter_zephyr_flags(LLEXT_EDK_REMOVE_FLAGS ${llext_filt_flags} llext_filt_flags)
+llext_filter_zephyr_flags(LLEXT_REMOVE_FLAGS ${zephyr_flags} llext_edk_cflags)
+llext_filter_zephyr_flags(LLEXT_EDK_REMOVE_FLAGS ${llext_edk_cflags} llext_edk_cflags)
 
-set(llext_edk_cflags ${zephyr_defs} -DLL_EXTENSION_BUILD)
-list(APPEND llext_edk_cflags ${llext_filt_flags})
 list(APPEND llext_edk_cflags ${LLEXT_APPEND_FLAGS})
 list(APPEND llext_edk_cflags ${LLEXT_EDK_APPEND_FLAGS})
 
@@ -2168,7 +2162,7 @@ add_custom_command(
         -DAPPLICATION_SOURCE_DIR=${APPLICATION_SOURCE_DIR}
         -DINTERFACE_INCLUDE_DIRECTORIES="$<TARGET_PROPERTY:zephyr_interface,INTERFACE_INCLUDE_DIRECTORIES>"
         -Dllext_edk_file=${llext_edk_file}
-        -Dllext_edk_cflags="${llext_edk_cflags}"
+        -Dllext_cflags="${llext_edk_cflags}"
         -Dllext_edk_name=${CONFIG_LLEXT_EDK_NAME}
         -DWEST_TOPDIR=${WEST_TOPDIR}
         -DZEPHYR_BASE=${ZEPHYR_BASE}

CODEOWNERS

@@ -41,7 +41,6 @@
 /soc/riscv/riscv-privileged/gd32vf103/     @soburi
 /soc/starfive/jh71xx/ 			  @pfarwsi
 /soc/riscv/riscv-privileged/niosv/         @sweeaun
-/boards/adafruit/feather_nrf52840/        @jacobw
 /boards/ene/                              @ene-steven
 /boards/arm/96b_argonkey/                 @avisconti
 /boards/arm/96b_avenger96/                @Mani-Sadhasivam
@@ -188,7 +187,6 @@
 /drivers/dai/intel/ssp/                   @kv2019i @marcinszkudlinski @abonislawski
 /drivers/dai/intel/dmic/                  @marcinszkudlinski @abonislawski
 /drivers/dai/intel/alh/                   @abonislawski
-/drivers/dma/dma_dw_axi.c                 @pbalsundar
 /drivers/dma/*dw*                         @tbursztyka
 /drivers/dma/*dw_common*                  @abonislawski
 /drivers/dma/*sam0*                       @Sizurka
@@ -328,6 +326,7 @@
 /drivers/serial/uart_altera.c             @gohshunjing
 /drivers/serial/*ns16550*                 @dcpleung @nashif @gdengi
 /drivers/serial/*nrfx*                    @anangl
+/drivers/serial/uart_liteuart.c           @mateusz-holenko @kgugala @pgielda
 /drivers/serial/Kconfig.mcux_iuart        @Mani-Sadhasivam
 /drivers/serial/uart_mcux_iuart.c         @Mani-Sadhasivam
 /drivers/serial/Kconfig.rtt               @carlescufi @pkral78
@@ -368,6 +367,7 @@
 /drivers/timer/*rcar_cmt*                 @aaillet
 /drivers/timer/*esp32_sys*                @uLipe
 /drivers/timer/*sam0_rtc*                 @bendiscz
+/drivers/timer/*arcv2*                    @ruuddw
 /drivers/timer/*xtensa*                   @dcpleung
 /drivers/timer/*rv32m1_lptmr*             @mbolivar
 /drivers/timer/*nrf_rtc*                  @anangl
@@ -395,6 +395,7 @@
 /drivers/wifi/eswifi/                     @loicpoulain @nandojve
 /drivers/wifi/winc1500/                   @kludentwo
 /drivers/virtualization/		  @tbursztyka
+/dts/arc/                                 @abrodkin @ruuddw @iriszzw @evgeniy-paltsev
 /dts/arm/acsip/                           @NorthernDean
 /dts/arm/aspeed/                          @aspeeddylan
 /dts/arm/atmel/                           @galak @nandojve

Kconfig.constants

@@ -1,19 +0,0 @@
-# Constant variables to be used across Kconfig options
-
-# Copyright (c) 2024 basalte bv
-# SPDX-License-Identifier: Apache-2.0
-
-INT8_MIN := -128
-INT16_MIN := -32768
-INT32_MIN := -2147483648
-INT64_MIN := -9223372036854775808
-
-INT8_MAX := 127
-INT16_MAX := 32767
-INT32_MAX := 2147483647
-INT64_MAX := 9223372036854775807
-
-UINT8_MAX := 255
-UINT16_MAX := 65535
-UINT32_MAX := 4294967295
-UINT64_MAX := 18446744073709551615

Kconfig.zephyr

@@ -5,8 +5,6 @@
 # Copyright (c) 2023 Nordic Semiconductor ASA
 # SPDX-License-Identifier: Apache-2.0
 
-source "Kconfig.constants"
-
 osource "${APPLICATION_SOURCE_DIR}/VERSION"
 
 # Include Kconfig.defconfig files first so that they can override defaults and
@@ -822,23 +820,6 @@ config BUILD_OUTPUT_ADJUST_LMA
 	    default "$(dt_chosen_reg_addr_hex,$(DT_CHOSEN_IMAGE_M4))-\
 	             $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_FLASH))"
 
-config BUILD_OUTPUT_ADJUST_LMA_SECTIONS
-	def_string "*"
-	depends on BUILD_OUTPUT_ADJUST_LMA!=""
-	help
-	  This determines the output sections to which the above LMA adjustment
-	  will be applied.
-	  The value can be the name of a section in the final ELF, like "text".
-	  It can also be a pattern with wildcards, such as "*bss", which could
-	  match more than one section name. Multiple such patterns can be given
-	  as a ";"-separated list. It's possible to supply a 'negative' pattern
-	  starting with "!", to exclude sections matched by a preceding pattern.
-
-	  By default, all sections will have their LMA adjusted. The following
-	  example excludes one section produced by the code relocation feature:
-	  config BUILD_OUTPUT_ADJUST_LMA_SECTIONS
-	    default "*;!.extflash_text_reloc"
-
 config BUILD_OUTPUT_INFO_HEADER
 	bool "Create a image information header"
 	help
@@ -949,8 +930,6 @@ config DEPRECATED
 	help
 	  Symbol that must be selected by a feature or module if it is
 	  considered to be deprecated.
-	  When adding this to an option, remember to follow the instructions in
-	  https://docs.zephyrproject.org/latest/develop/api/api_lifecycle.html#deprecated
 
 config WARN_DEPRECATED
 	bool

MAINTAINERS.yml

@@ -120,7 +120,6 @@ ACPI:
     - include/zephyr/acpi/
     - tests/lib/acpi/
     - dts/bindings/acpi/
-    - include/zephyr/dt-bindings/acpi/
   labels:
     - "area: ACPI"
   tests:
@@ -130,16 +129,14 @@ ARC arch:
   status: maintained
   maintainers:
     - ruuddw
-    - evgeniy-paltsev
   collaborators:
     - abrodkin
+    - evgeniy-paltsev
   files:
     - arch/arc/
     - include/zephyr/arch/arc/
-    - drivers/timer/*arcv2*
-    - drivers/interrupt_controller/*arcv2*
     - tests/arch/arc/
-    - dts/arc/
+    - dts/arc/synopsys/
     - dts/bindings/arc/
     - doc/hardware/arch/arc-support-status.rst
   labels:
@@ -205,7 +202,6 @@ ARM Platforms:
     - soc/arm/fvp_aemv8*/
     - dts/arm/armv*.dtsi
     - dts/bindings/arm/arm*.yaml
-    - drivers/interrupt_controller/intc_gic*
   labels:
     - "platform: ARM"
 
@@ -301,6 +297,46 @@ Binary Descriptors:
   tests:
     - bindesc
 
+Bluetooth:
+  status: maintained
+  maintainers:
+    - jhedberg
+  collaborators:
+    - hermabe
+    - Vudentz
+    - asbjornsabo
+    - sjanc
+  files:
+    - doc/connectivity/bluetooth/
+    - include/zephyr/bluetooth/
+    - samples/bluetooth/
+    - subsys/bluetooth/
+    - subsys/bluetooth/common/
+    - tests/bluetooth/
+    - tests/bsim/bluetooth/
+  files-exclude:
+    - include/zephyr/bluetooth/mesh/
+    - subsys/bluetooth/controller/
+    - subsys/bluetooth/host/
+    - subsys/bluetooth/mesh/
+    - samples/bluetooth/mesh/
+    - subsys/bluetooth/audio/
+    - include/zephyr/bluetooth/audio/
+    - tests/bsim/bluetooth/audio/
+    - tests/bsim/bluetooth/host/
+    - tests/bsim/bluetooth/ll/
+    - tests/bluetooth/controller/
+    - tests/bluetooth/host*/
+    - tests/bluetooth/mesh_*/
+    - tests/bluetooth/mesh/
+    - tests/bluetooth/audio/
+    - tests/bsim/bluetooth/mesh/
+    - tests/bluetooth/shell/audio*
+  labels:
+    - "area: Bluetooth"
+  tests:
+    - bluetooth
+
 Bluetooth HCI:
   status: maintained
   maintainers:
@@ -317,8 +353,6 @@ Bluetooth HCI:
     - include/zephyr/drivers/bluetooth/
     - drivers/bluetooth/
     - samples/bluetooth/hci_*/
-    - tests/bsim/bluetooth/hci_uart/
-    - dts/bindings/bluetooth/
   labels:
     - "area: Bluetooth Host"
     - "area: Bluetooth"
@@ -338,20 +372,9 @@ Bluetooth controller:
     - wopu-ot
     - erbr-ot
   files:
-    - doc/connectivity/bluetooth/bluetooth-ctlr-arch.rst
-    - doc/connectivity/bluetooth/img/ctlr*
-    - doc/connectivity/bluetooth/api/controller.rst
-    - include/zephyr/bluetooth/controller.h
-    - subsys/bluetooth/common/
     - subsys/bluetooth/controller/
-    - subsys/bluetooth/crypto/
-    - subsys/bluetooth/shell/ll.c
-    - subsys/bluetooth/shell/ll.h
-    - subsys/bluetooth/shell/ticker.c
     - tests/bluetooth/controller/
     - tests/bsim/bluetooth/ll/
-    - tests/bluetooth/ctrl*/
-    - tests/bluetooth/ll_settings/
   labels:
     - "area: Bluetooth Controller"
     - "area: Bluetooth"
@@ -370,62 +393,14 @@ Bluetooth Host:
     - sjanc
     - theob-pro
   files:
-    - doc/connectivity/bluetooth/
-    - include/zephyr/bluetooth/
-    - samples/bluetooth/
-    - subsys/bluetooth/common/
-    - subsys/bluetooth/crypto/
     - subsys/bluetooth/host/
-    - subsys/bluetooth/lib/
     - subsys/bluetooth/services/
     - subsys/bluetooth/shell/
-    - subsys/bluetooth/CMakeLists.txt
-    - subsys/bluetooth/Kconfig*
-    - tests/bluetooth/
-    - tests/bsim/bluetooth/
+    - tests/bluetooth/host*/
+    - tests/bsim/bluetooth/host/
   files-exclude:
     - subsys/bluetooth/host/classic/
-    - include/zephyr/bluetooth/audio/
     - include/zephyr/bluetooth/classic/
-    - include/zephyr/bluetooth/mesh/
-    - include/zephyr/bluetooth/iso.h
-    - include/zephyr/bluetooth/controller.h
-    - include/zephyr/bluetooth/mesh.h
-    - include/zephyr/bluetooth/testing.h
-    - doc/connectivity/bluetooth/bluetooth-ctlr-arch.rst
-    - doc/connectivity/bluetooth/autopts/
-    - doc/connectivity/bluetooth/img/ctlr*
-    - doc/connectivity/bluetooth/api/audio/
-    - doc/connectivity/bluetooth/api/mesh/
-    - doc/connectivity/bluetooth/api/shell/iso.rst
-    - doc/connectivity/bluetooth/api/controller.rst
-    - samples/bluetooth/bap*/
-    - samples/bluetooth/cap*/
-    - samples/bluetooth/hap*/
-    - samples/bluetooth/hci_*/
-    - samples/bluetooth/pbp*/
-    - samples/bluetooth/tmap*/
-    - samples/bluetooth/*_iso/
-    - samples/bluetooth/iso_*/
-    - samples/bluetooth/mesh*/
-    - subsys/bluetooth/shell/bredr.c
-    - subsys/bluetooth/shell/iso.c
-    - subsys/bluetooth/shell/ll.c
-    - subsys/bluetooth/shell/ll.h
-    - subsys/bluetooth/shell/ticker.c
-    - subsys/bluetooth/Kconfig.iso
-    - tests/bluetooth/audio/
-    - tests/bluetooth/controller/
-    - tests/bluetooth/ctrl*/
-    - tests/bluetooth/ll_settings/
-    - tests/bluetooth/mesh*/
-    - tests/bluetooth/qualification/
-    - tests/bluetooth/tester/
-    - tests/bsim/bluetooth/audio/
-    - tests/bsim/bluetooth/audio_samples/
-    - tests/bsim/bluetooth/hci_uart/
-    - tests/bsim/bluetooth/ll/
-    - tests/bsim/bluetooth/mesh/
   labels:
     - "area: Bluetooth Host"
     - "area: Bluetooth"
@@ -442,16 +417,12 @@ Bluetooth Mesh:
     - akredalen
     - HaavardRei
     - omkar3141
-    - KyraLengfeld
   files:
-    - doc/connectivity/bluetooth/api/mesh/
-    - include/zephyr/bluetooth/mesh/
-    - include/zephyr/bluetooth/mesh.h
-    - include/zephyr/bluetooth/testing.h
-    - samples/bluetooth/mesh*/
     - subsys/bluetooth/mesh/
+    - include/zephyr/bluetooth/mesh/
     - tests/bluetooth/mesh*/
     - tests/bsim/bluetooth/mesh/
+    - samples/bluetooth/mesh/
   labels:
     - "area: Bluetooth Mesh"
     - "area: Bluetooth"
@@ -503,9 +474,7 @@ Bluetooth Classic:
     - jhedberg
     - sjanc
   files:
-    - subsys/bluetooth/common/
     - subsys/bluetooth/host/classic/
-    - subsys/bluetooth/shell/bredr.c
     - include/zephyr/bluetooth/classic/
   labels:
     - "area: Bluetooth Classic"
@@ -513,42 +482,6 @@ Bluetooth Classic:
   tests:
     - bluetooth
 
-Bluetooth ISO:
-  status: maintained
-  maintainers:
-    - Thalley
-  collaborators:
-    - jhedberg
-  files:
-    - include/zephyr/bluetooth/iso.h
-    - doc/connectivity/bluetooth/api/shell/iso.rst
-    - samples/bluetooth/*_iso/
-    - samples/bluetooth/iso_*/
-    - subsys/bluetooth/shell/iso.c
-    - subsys/bluetooth/Kconfig.iso
-  labels:
-    - "area: Bluetooth ISO"
-    - "area: Bluetooth"
-  tests:
-    - bluetooth
-
-Bluetooth Qualification:
-  status: maintained
-  maintainers:
-    - sjanc
-  collaborators:
-    - Thalley
-    - jhedberg
-  files:
-    - doc/connectivity/bluetooth/autopts/
-    - tests/bluetooth/qualification/
-    - tests/bluetooth/tester/
-  labels:
-    - "area: Bluetooth Qualification"
-    - "area: Bluetooth"
-  tests:
-    - bluetooth
-
 Bootloaders:
   status: odd fixes
   files:
@@ -808,18 +741,6 @@ Debug:
   tests:
     - debug
 
-"Debug: Profiling: Perf":
-  status: odd fixes
-  files:
-    - doc/services/profiling/perf.rst
-    - samples/subsys/profiling/perf/
-    - scripts/profiling/stackcollapse.py
-    - subsys/profiling/perf/
-  labels:
-    - "area: Profiling / Perf"
-  tests:
-    - debug.profiling.perf
-
 "Debug: Symtab":
   status: maintained
   maintainers:
@@ -888,8 +809,6 @@ Devicetree:
   collaborators:
     - decsny
     - galak
-  files-regex:
-    - dts/bindings/.*zephyr.*
   files:
     - scripts/dts/
     - dts/common/
@@ -899,9 +818,6 @@ Devicetree:
     - scripts/kconfig/kconfigfunctions.py
     - doc/build/kconfig/preprocessor-functions.rst
     - include/zephyr/devicetree.h
-    - include/zephyr/dt-bindings/dt-util.h
-    - dts/binding-template.yaml
-    - dts/bindings/base/
   files-exclude:
     - dts/common/nordic/
   labels:
@@ -909,6 +825,17 @@ Devicetree:
   tests:
     - libraries.devicetree
 
+Devicetree Bindings:
+  status: odd fixes
+  collaborators:
+    - decsny
+    - galak
+  files:
+    - include/zephyr/dt-bindings/
+    - dts/binding-template.yaml
+  labels:
+    - "area: Devicetree Binding"
+
 Disk:
   status: maintained
   maintainers:
@@ -925,9 +852,6 @@ Disk:
     - tests/subsys/sd/
     - tests/drivers/disk/
     - include/zephyr/sd/
-    - dts/bindings/sd/
-    - dts/bindings/mmc/
-    - dts/bindings/disk/
   labels:
     - "area: Disk Access"
   tests:
@@ -941,7 +865,6 @@ Display drivers:
   files:
     - drivers/display/
     - dts/bindings/display/
-    - include/zephyr/dt-bindings/display/
     - include/zephyr/drivers/display.h
     - include/zephyr/display/
     - include/zephyr/drivers/display.h
@@ -980,6 +903,7 @@ Documentation:
     - doc/index-tex.rst
     - doc/index.rst
     - doc/kconfig.rst
+    - doc/known-warnings.txt
     - doc/templates/sample.tmpl
     - doc/templates/board.tmpl
     - boards/index.rst
@@ -1010,8 +934,8 @@ Documentation Infrastructure:
 Release Notes:
   status: maintained
   maintainers:
-    - dkalowsk
-    - mmahadevan108
+    - nashif
+    - aescolar
   collaborators:
     - kartben
   files:
@@ -1151,7 +1075,6 @@ Release Notes:
   files:
     - drivers/clock_control/
     - dts/bindings/clock/
-    - include/zephyr/dt-bindings/clock/
     - include/zephyr/drivers/clock_control.h
     - include/zephyr/dt-bindings/clock/
     - tests/drivers/clock_control/
@@ -1228,8 +1151,6 @@ Release Notes:
   files:
     - drivers/dac/
     - include/zephyr/drivers/dac.h
-    - dts/bindings/dac/
-    - include/zephyr/dt-bindings/dac/
     - tests/drivers/dac/
     - samples/drivers/dac/
     - doc/hardware/peripherals/dac.rst
@@ -1253,8 +1174,6 @@ Release Notes:
     - drivers/dai/
     - doc/hardware/peripherals/audio/dai.rst
     - include/zephyr/drivers/dai.h
-    - include/zephyr/dt-bindings/dai/
-    - dts/bindings/dai/
   labels:
     - "area: DAI"
 
@@ -1279,8 +1198,6 @@ Release Notes:
     - drivers/dma/
     - tests/drivers/dma/
     - include/zephyr/drivers/dma/
-    - dts/bindings/dma/
-    - include/zephyr/dt-bindings/dma/
     - doc/hardware/peripherals/dma.rst
     - include/zephyr/drivers/dma.h
     - include/zephyr/dt-bindings/dma/
@@ -1327,8 +1244,6 @@ Release Notes:
   status: maintained
   maintainers:
     - ceolin
-  collaborators:
-    - tomi-font
   files:
     - drivers/entropy/
     - include/zephyr/drivers/entropy.h
@@ -1386,7 +1301,6 @@ Release Notes:
   files:
     - drivers/flash/
     - dts/bindings/flash_controller/
-    - include/zephyr/dt-bindings/flash_controller/
     - include/zephyr/drivers/flash.h
     - samples/drivers/flash_shell/
     - samples/drivers/soc_flash_nrf/
@@ -1442,7 +1356,6 @@ Release Notes:
   files:
     - doc/hardware/peripherals/gpio.rst
     - drivers/gpio/
-    - dts/bindings/gpio/
     - include/zephyr/drivers/gpio/
     - include/zephyr/drivers/gpio.h
     - include/zephyr/dt-bindings/gpio/
@@ -1465,8 +1378,6 @@ Release Notes:
     - drivers/gnss/
     - include/zephyr/drivers/gnss.h
     - include/zephyr/drivers/gnss/
-    - dts/bindings/gnss/
-    - include/zephyr/dt-bindings/gnss/
     - tests/drivers/build_all/gnss/
     - tests/drivers/gnss/
   labels:
@@ -1474,22 +1385,6 @@ Release Notes:
   tests:
     - drivers.gnss
 
-"Drivers: Haptics":
-  status: maintained
-  maintainers:
-    - rriveramcrus
-  files:
-    - drivers/haptics/
-    - dts/bindings/haptics/
-    - include/zephyr/drivers/haptics.h
-    - doc/hardware/peripherals/haptics.rst
-    - tests/drivers/build_all/haptics/
-    - samples/drivers/haptics/
-  labels:
-    - "area: Haptics"
-  tests:
-    - drivers.haptics
-
 "Drivers: HW Info":
   status: maintained
   maintainers:
@@ -1608,8 +1503,6 @@ Release Notes:
     - drivers/memc/
     - samples/drivers/memc/
     - tests/drivers/memc/
-    - include/zephyr/dt-bindings/memory-controller/
-    - dts/bindings/memory-controllers/
   labels:
     - "area: MEMC"
   tests:
@@ -1674,7 +1567,6 @@ Release Notes:
     - drivers/reset/
     - include/zephyr/drivers/reset.h
     - dts/bindings/reset/
-    - include/zephyr/dt-bindings/reset/
 
 "Interrupt Handling":
   status: odd fixes
@@ -1745,7 +1637,6 @@ Release Notes:
     - doc/hardware/peripherals/led.rst
     - tests/drivers/build_all/led/
     - dts/bindings/led/
-    - include/zephyr/dt-bindings/led/
   labels:
     - "area: LED"
   tests:
@@ -1802,10 +1693,10 @@ Release Notes:
 "Drivers: Regulators":
   status: maintained
   maintainers:
-    - gmarull
+    - aasinclair
   collaborators:
     - danieldegrasse
-    - aasinclair
+    - gmarull
   files:
     - drivers/regulator/
     - include/zephyr/drivers/regulator/
@@ -1862,7 +1753,6 @@ Release Notes:
     - include/zephyr/drivers/pcie/
     - doc/hardware/peripherals/pcie.rst
     - dts/bindings/pcie/
-    - include/zephyr/dt-bindings/pcie/
   labels:
     - "area: PCI"
 
@@ -1948,7 +1838,6 @@ Release Notes:
   files:
     - drivers/pwm/
     - dts/bindings/pwm/
-    - include/zephyr/dt-bindings/pwm/
     - tests/drivers/pwm/
     - include/zephyr/*/pwms.h
     - doc/hardware/peripherals/pwm.rst
@@ -2049,7 +1938,6 @@ Release Notes:
     - include/zephyr/drivers/spi.h
     - tests/drivers/spi/
     - dts/bindings/spi/
-    - include/zephyr/dt-bindings/spi/
     - doc/hardware/peripherals/spi.rst
   labels:
     - "area: SPI"
@@ -2066,7 +1954,6 @@ Release Notes:
     - drivers/timer/
     - include/zephyr/drivers/timer/
     - dts/bindings/timer/
-    - include/zephyr/dt-bindings/timer/
   labels:
     - "area: Timer"
 
@@ -2149,27 +2036,6 @@ Release Notes:
   labels:
     - "area: Wi-Fi"
 
-"Drivers: Wi-Fi as nRF Wi-Fi":
-  status: maintained
-  maintainers:
-    - krish2718
-    - jukkar
-  files:
-    - drivers/wifi/nrfwifi/
-    - dts/bindings/wifi/nordic,nrf70.yaml
-    - dts/bindings/wifi/nordic,nrf70-qspi.yaml
-    - dts/bindings/wifi/nordic,nrf70-spi.yaml
-    - dts/bindings/wifi/nordic,nrf70-coex.yaml
-    - dts/bindings/wifi/nordic,nrf7002-qspi.yaml
-    - dts/bindings/wifi/nordic,nrf7002-spi.yaml
-    - dts/bindings/wifi/nordic,nrf7000-qspi.yaml
-    - dts/bindings/wifi/nordic,nrf7000-spi.yaml
-    - dts/bindings/wifi/nordic,nrf7001-qspi.yaml
-    - dts/bindings/wifi/nordic,nrf7001-spi.yaml
-    - boards/shields/nrf7002ek/
-  labels:
-    - "area: Wi-Fi"
-
 "Drivers: Memory Management":
   status: maintained
   maintainers:
@@ -2193,7 +2059,6 @@ Release Notes:
   files:
     - drivers/mipi_dbi/
     - dts/bindings/mipi-dbi/
-    - include/zephyr/dt-bindings/mipi_dbi/
   labels:
     - "area: Display Controller"
 
@@ -2299,8 +2164,6 @@ Google Platforms:
   maintainers:
     - fabiobaltieri
     - keith-zephyr
-  collaborators:
-    - duda-patryk
   files:
     - boards/google/
     - samples/boards/google_*/
@@ -2359,7 +2222,6 @@ IPC:
     - tests/subsys/ipc/
     - doc/services/ipc/
     - dts/bindings/ipc/
-    - include/zephyr/dt-bindings/ipc_service/
   description: >-
     Inter-Processor Communication
   labels:
@@ -2526,7 +2388,6 @@ Memory Management:
     - tests/lib/mem_blocks/
     - doc/services/mem_mgmt/
     - include/zephyr/mem_mgmt/mem_attr.h
-    - include/zephyr/dt-bindings/memory-attr/
     - tests/lib/mem_blocks_stats/
     - tests/drivers/mm/
   tests:
@@ -2608,8 +2469,6 @@ LoRa and LoRaWAN:
     - include/zephyr/lorawan/
     - subsys/lorawan/
     - samples/subsys/lorawan/
-    - include/zephyr/dt-bindings/lora/
-    - dts/bindings/lora/
     - doc/connectivity/lora_lorawan/index.rst
   labels:
     - "area: LoRa"
@@ -2631,6 +2490,25 @@ MAINTAINERS file:
   description: >-
     Zephyr Maintainers File
 
+Mbed TLS:
+  status: maintained
+  maintainers:
+    - d3zd3z
+    - ceolin
+  collaborators:
+    - ithinuel
+    - valeriosetti
+  files:
+    - tests/crypto/mbedtls/
+    - tests/benchmarks/mbedtls/
+  labels:
+    - "area: Crypto / RNG"
+  description: >-
+    Mbed TLS module implementing the PSA Crypto API and TLS.
+  tests:
+    - benchmark.crypto.mbedtls
+    - crypto.mbedtls
+
 MCU Manager:
   status: maintained
   maintainers:
@@ -3109,8 +2987,6 @@ Power management:
     - tests/subsys/pm/
     - doc/services/pm/
     - drivers/power_domain/
-    - dts/bindings/power/
-    - include/zephyr/dt-bindings/power/
   labels:
     - "area: Power Management"
   tests:
@@ -3172,17 +3048,6 @@ Retention:
   labels:
     - "area: Retention"
 
-Rust:
-  status: maintained
-  maintainers:
-    - d3zd3z
-  files:
-    - cmake/modules/rust.cmake
-    - lib/rust/
-    - samples/rust/
-  labels:
-    - "area: Rust"
-
 Samples:
   status: maintained
   maintainers:
@@ -3343,13 +3208,10 @@ ADI Platforms:
   maintainers:
     - MaureenHelm
   collaborators:
-    - ozersa
-    - ttmut
     - galak
     - microbuilder
   files:
     - boards/adi/
-    - boards/shields/pmod_acl/
     - drivers/*/*max*
     - drivers/*/*max*/
     - drivers/dac/dac_ltc*
@@ -3397,9 +3259,9 @@ Synopsys Platforms:
   status: maintained
   maintainers:
     - ruuddw
-    - evgeniy-paltsev
   collaborators:
     - abrodkin
+    - evgeniy-paltsev
   files:
     - soc/snps/
     - boards/snps/
@@ -3453,19 +3315,6 @@ Nuvoton Numicro Numaker Platforms:
   labels:
     - "platform: Nuvoton Numicro Numaker"
 
-Nuvoton NPCM Platforms:
-  status: maintained
-  maintainers:
-    - maxdog988
-    - warp5tw
-    - jc849
-  files:
-    - soc/nuvoton/npcm/
-    - boards/nuvoton/npcm*/
-    - dts/arm/nuvoton/
-  labels:
-    - "platform: Nuvoton NPCM"
-
 Raspberry Pi Pico Platforms:
   status: maintained
   maintainers:
@@ -3595,9 +3444,6 @@ NXP Drivers:
     - manuargue
     - dbaluta
     - MarkWangChinese
-  files-regex:
-    - ^drivers/.*nxp.*
-    - ^drivers/.*mcux.*
   files:
     - drivers/*/*imx*
     - drivers/*/*lpc*.c
@@ -3609,8 +3455,6 @@ NXP Drivers:
     - drivers/misc/*/nxp*
     - include/zephyr/dt-bindings/*/*nxp*
     - include/zephyr/dt-bindings/*/*mcux*
-    - include/zephyr/dt-bindings/inputmux/
-    - include/zephyr/dt-bindings/rdc/
     - include/zephyr/drivers/*/*nxp*
     - include/zephyr/drivers/*/*mcux*
     - arch/arm/core/mpu/nxp_mpu.c
@@ -3832,14 +3676,13 @@ Renesas RA Platforms:
     - thaoluonguw
   files:
     - boards/arduino/uno_r4/
-    - boards/renesas/*ra*/
     - drivers/*/*renesas_ra*
     - drivers/pinctrl/renesas/ra/
     - dts/arm/renesas/ra/
     - dts/bindings/*/*renesas,ra*
     - soc/renesas/ra/
   labels:
-    - "platform: Renesas RA"
+    - "platforms: Renesas RA"
   description: >-
     Renesas RA SOCs, dts files, and related drivers. Boards based
     on Renesas RA SoCs.
@@ -3893,7 +3736,6 @@ STM32 Platforms:
     - gautierg-st
     - GeorgeCGV
     - marwaiehm-st
-    - mathieuchopstm
   files:
     - boards/st/
     - drivers/*/*stm32*.c
@@ -4047,6 +3889,7 @@ LiteX Platforms:
   files:
     - boards/enjoydigital/litex_vexriscv/
     - drivers/*/*litex*
+    - drivers/spi/spi_litespi*
     - drivers/*/Kconfig.litex
     - dts/bindings/*/litex*
     - dts/riscv/riscv32-litex-vexriscv.dtsi
@@ -4163,6 +4006,24 @@ TDK Sensors:
   tests:
     - sample.drivers.misc.timeaware_gpio
 
+TF-M Integration:
+  status: maintained
+  maintainers:
+    - d3zd3z
+  collaborators:
+    - Vge0rge
+    - ithinuel
+    - valeriosetti
+  files:
+    - samples/tfm_integration/
+    - modules/trusted-firmware-m/
+    - doc/services/tfm/
+  labels:
+    - "area: TF-M"
+  tests:
+    - trusted-firmware-m
+
+
 "Toolchain Integration":
   status: maintained
   maintainers:
@@ -4242,7 +4103,6 @@ USB:
   files:
     - drivers/usb/
     - dts/bindings/usb/
-    - include/zephyr/dt-bindings/usb/
     - include/zephyr/*/usb/
     - include/zephyr/usb/
     - samples/subsys/usb/
@@ -4266,7 +4126,6 @@ USB-C:
   files:
     - drivers/usb_c/
     - dts/bindings/usb-c/
-    - include/zephyr/dt-bindings/usb-c/
     - include/zephyr/*/usb_c/
     - include/zephyr/usb_c/
     - samples/subsys/usb_c/
@@ -4522,7 +4381,6 @@ West:
     - MaureenHelm
   collaborators:
     - ozersa
-    - ttmut
   files: []
   labels:
     - "platform: ADI"
@@ -4846,17 +4704,15 @@ West:
   files:
     - modules/lvgl/
     - tests/lib/gui/lvgl/
-    - include/zephyr/dt-bindings/lvgl/
   labels:
     - "area: LVGL"
 
 "West project: lz4":
   status: odd fixes
   collaborators:
-    - parthitce
+    - Navin-Sankar
   files:
     - modules/lz4/
-    - samples/modules/compression/lz4/
   labels:
     - "area: Compression"
 
@@ -4868,16 +4724,10 @@ West:
   collaborators:
     - ithinuel
     - valeriosetti
-    - tomi-font
   files:
     - modules/mbedtls/
-    - tests/crypto/mbedtls/
-    - tests/benchmarks/mbedtls/
   labels:
-    - "area: mbedTLS / PSA Crypto"
-  tests:
-    - benchmark.crypto.mbedtls
-    - crypto.mbedtls
+    - "area: Crypto / RNG"
 
 "West project: mcuboot":
   status: maintained
@@ -5041,16 +4891,10 @@ West:
   collaborators:
     - Vge0rge
     - ithinuel
-    - valeriosetti
-    - tomi-font
   files:
     - modules/trusted-firmware-m/
-    - samples/tfm_integration/
-    - doc/services/tfm/
   labels:
     - "area: TF-M"
-  tests:
-    - trusted-firmware-m
 
 "West project: tf-m-tests":
   status: maintained
@@ -5234,8 +5078,6 @@ Random:
   status: maintained
   maintainers:
     - ceolin
-  collaborators:
-    - tomi-font
   files:
     - subsys/random/
     - include/zephyr/random/

README.rst

@@ -10,15 +10,12 @@
      </p>
    </a>
 
-   <a href="https://bestpractices.coreinfrastructure.org/projects/74">
-     <img src="https://bestpractices.coreinfrastructure.org/projects/74/badge">
-   </a>
-   <a href="https://scorecard.dev/viewer/?uri=github.com/zephyrproject-rtos/zephyr">
-     <img src="https://api.securityscorecards.dev/projects/github.com/zephyrproject-rtos/zephyr/badge">
-   </a>
-   <a href="https://github.com/zephyrproject-rtos/zephyr/actions/workflows/twister.yaml?query=branch%3Amain">
-     <img src="https://github.com/zephyrproject-rtos/zephyr/actions/workflows/twister.yaml/badge.svg?event=push">
-   </a>
+   <a href="https://bestpractices.coreinfrastructure.org/projects/74"><img
+   src="https://bestpractices.coreinfrastructure.org/projects/74/badge"></a>
+   <a
+   href="https://github.com/zephyrproject-rtos/zephyr/actions/workflows/twister.yaml?query=branch%3Amain">
+   <img
+   src="https://github.com/zephyrproject-rtos/zephyr/actions/workflows/twister.yaml/badge.svg?event=push"></a>
 
 
 The Zephyr Project is a scalable real-time operating system (RTOS) supporting

SDK_VERSION

@@ -1 +1 @@
-0.16.8
+0.16.9

VERSION

@@ -1,5 +1,5 @@
 VERSION_MAJOR = 3
 VERSION_MINOR = 7
-PATCHLEVEL = 99
+PATCHLEVEL = 2
 VERSION_TWEAK = 0
-EXTRAVERSION =
+EXTRAVERSION = rc1

arch/Kconfig

@@ -32,7 +32,6 @@ config ARM
 	bool
 	select ARCH_IS_SET
 	select ARCH_SUPPORTS_COREDUMP if CPU_CORTEX_M
-	select ARCH_SUPPORTS_COREDUMP_THREADS if CPU_CORTEX_M
 	# FIXME: current state of the code for all ARM requires this, but
 	# is really only necessary for Cortex-M with ARM MPU!
 	select GEN_PRIV_STACKS
@@ -655,9 +654,6 @@ config ARCH_HAS_NESTED_EXCEPTION_DETECTION
 config ARCH_SUPPORTS_COREDUMP
 	bool
 
-config ARCH_SUPPORTS_COREDUMP_THREADS
-	bool
-
 config ARCH_SUPPORTS_ARCH_HW_INIT
 	bool
 
@@ -1078,28 +1074,9 @@ config TOOLCHAIN_HAS_BUILTIN_FFS
 	help
 	  Hidden option to signal that toolchain has __builtin_ffs*().
 
-config ARCH_HAS_CUSTOM_CPU_IDLE
-	bool
+config ARCH_CPU_IDLE_CUSTOM
+	bool "Custom arch_cpu_idle implementation"
+	default n
 	help
 	  This options allows applications to override the default arch idle implementation with
 	  a custom one.
-
-config ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
-	bool
-	help
-	  This options allows applications to override the default arch idle implementation with
-	  a custom one.
-
-config ARCH_HAS_CUSTOM_SWAP_TO_MAIN
-	bool
-	help
-	  It's possible that an architecture port cannot use _Swap() to swap to
-	  the _main() thread, but instead must do something custom. It must
-	  enable this option in that case.
-
-config ARCH_HAS_CUSTOM_BUSY_WAIT
-	bool
-	help
-	  It's possible that an architecture port cannot or does not want to use
-	  the provided k_busy_wait(), but instead must do something custom. It must
-	  enable this option in that case.

arch/arc/core/cpu_idle.S

@@ -26,7 +26,6 @@ SECTION_VAR(BSS, z_arc_cpu_sleep_mode)
 	.align 4
 	.word 0
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 /*
  * @brief Put the CPU in low-power mode
  *
@@ -49,9 +48,7 @@ SECTION_FUNC(TEXT, arch_cpu_idle)
 	sleep r1
 	j_s [blink]
 	nop
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 /*
  * @brief Put the CPU in low-power mode, entered with IRQs locked
  *
@@ -59,7 +56,6 @@ SECTION_FUNC(TEXT, arch_cpu_idle)
  *
  * void arch_cpu_atomic_idle(unsigned int key)
  */
-
 SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 
 #ifdef CONFIG_TRACING
@@ -74,4 +70,3 @@ SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 	sleep r1
 	j_s.d [blink]
 	seti r0
-#endif

arch/arm/core/cortex_a_r/boot.h

@@ -26,6 +26,5 @@ extern void __start(void);
 #define BOOT_PARAM_UDF_SP_OFFSET	16
 #define BOOT_PARAM_SVC_SP_OFFSET	20
 #define BOOT_PARAM_SYS_SP_OFFSET	24
-#define BOOT_PARAM_VOTING_OFFSET	28
 
 #endif /* _BOOT_H_ */

arch/arm/core/cortex_a_r/cpu_idle.S

@@ -49,7 +49,6 @@ _skip_\@:
 #endif /* CONFIG_ARM_ON_ENTER_CPU_IDLE_HOOK */
 .endm
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 SECTION_FUNC(TEXT, arch_cpu_idle)
 #ifdef CONFIG_TRACING
 	push	{r0, lr}
@@ -69,9 +68,6 @@ SECTION_FUNC(TEXT, arch_cpu_idle)
 
 	bx	lr
 
-#endif
-
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 #ifdef CONFIG_TRACING
 	push	{r0, lr}
@@ -97,4 +93,3 @@ SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 _irq_disabled:
 
 	bx	lr
-#endif

arch/arm/core/cortex_a_r/isr_wrapper.S

@@ -339,15 +339,6 @@ z_arm_cortex_ar_irq_done:
 	str r0, [r2, #___cpu_t_nested_OFFSET]
 	/* Do not context switch if exiting a nested interrupt */
 	cmp r0, #0
-	/* Note that this function is only called from `z_arm_svc`,
-	 *	while handling irq_offload, with below modes set:
-	 *	```
-	 *		if (cpu interrupts are nested)
-	 *			mode=MODE_SYS
-	 *		else
-	 *			mode=MODE_IRQ
-	 *	```
-	 */
 	bhi __EXIT_INT
 
 	/* retrieve pointer to the current thread */

arch/arm/core/cortex_a_r/macro_priv.inc

@@ -18,27 +18,6 @@
 	ubfx	\rreg0, \rreg0, #0, #24
 .endm
 
-/*
- * Get CPU logic id by looking up cpu_node_list
- * returns
- *   reg0: MPID
- *   reg1: logic id (0 ~ CONFIG_MP_MAX_NUM_CPUS - 1)
- * clobbers: reg0, reg1, reg2, reg3
- */
-.macro get_cpu_logic_id reg0, reg1, reg2, reg3
-	get_cpu_id \reg0
-	ldr	\reg3, =cpu_node_list
-	mov	\reg1, #0
-1:	ldr	\reg2, [\reg3, \reg1, lsl #2]
-	cmp	\reg2, \reg0
-	beq	2f
-	add	\reg1, \reg1, #1
-	cmp	\reg1, #CONFIG_MP_MAX_NUM_CPUS
-	bne	1b
-	b	.
-2:
-.endm
-
 .macro get_cpu rreg0
 	/*
          * Get CPU pointer.
@@ -54,7 +33,8 @@
 	 */
 	srsdb sp!, #MODE_SYS
 	cps #MODE_SYS
-	push {r0-r3, r12, lr}
+	stmdb sp, {r0-r3, r12, lr}^
+	sub sp, #24
 
 	/* TODO: EXTRA_EXCEPTION_INFO */
 	mov r0, sp

arch/arm/core/cortex_a_r/reset.S

@@ -200,62 +200,23 @@ EL1_Reset_Handler:
 #endif /* CONFIG_DCLS */
 
     ldr r0, =arm_cpu_boot_params
-
 #if CONFIG_MP_MAX_NUM_CPUS > 1
-    /*
-     * This code uses voting locks, like arch/arm64/core/reset.S, to determine primary CPU.
-     */
+    get_cpu_id r1
 
-    /*
-     * Get the "logic" id defined by cpu_node_list statically for voting lock self-identify.
-     * It is worth noting that this is NOT the final logic id (arch_curr_cpu()->id)
-     */
-    get_cpu_logic_id r1, r2, r3, r4 // r1: MPID, r2: logic id
-
-    add r4, r0, #BOOT_PARAM_VOTING_OFFSET
-
-    /* signal our desire to vote */
-    mov r5, #1
-    strb r5, [r4, r2]
-    ldr r3, [r0, #BOOT_PARAM_MPID_OFFSET]
-    cmn r3, #1
-    beq 1f
-
-    /* some core already won, release */
-    mov r7, #0
-    strb r7, [r4, r2]
-    b _secondary_core
-
-    /* suggest current core then release */
-1:  str r1, [r0, #BOOT_PARAM_MPID_OFFSET]
-    strb r7, [r4, r2]
-    dmb
-
-    /* then wait until every core else is done voting */
-    mov r5, #0
-2:  ldrb r3, [r4, r5]
-    tst r3, #255
-    /* wait */
-    bne 2b
-    add r5, r5, #1
-    cmp r5, #CONFIG_MP_MAX_NUM_CPUS
-    bne 2b
-
-    /* check if current core won */
-    dmb
-    ldr r3, [r0, #BOOT_PARAM_MPID_OFFSET]
-    cmp r3, r1
+    ldrex r2, [r0, #BOOT_PARAM_MPID_OFFSET]
+    cmp r2, #-1
+    bne 1f
+    strex r3, r1, [r0, #BOOT_PARAM_MPID_OFFSET]
+    cmp r3, #0
     beq _primary_core
-    /* fallthrough secondary */
 
-    /* loop until our turn comes */
-_secondary_core:
-    dmb
+1:
+    dmb ld
     ldr r2, [r0, #BOOT_PARAM_MPID_OFFSET]
     cmp r1, r2
-    bne _secondary_core
+    bne 1b
 
-    /* we can now load our stack pointer values and move on */
+    /* we can now move on */
     ldr r4, =arch_secondary_cpu_init
     ldr r5, [r0, #BOOT_PARAM_FIQ_SP_OFFSET]
     ldr r6, [r0, #BOOT_PARAM_IRQ_SP_OFFSET]

arch/arm/core/cortex_a_r/smp.c

@@ -51,7 +51,6 @@ struct boot_params {
 	char *udf_sp;
 	char *svc_sp;
 	char *sys_sp;
-	uint8_t voting[CONFIG_MP_MAX_NUM_CPUS];
 	arch_cpustart_t fn;
 	void *arg;
 	int cpu_num;
@@ -65,7 +64,6 @@ BUILD_ASSERT(offsetof(struct boot_params, abt_sp) == BOOT_PARAM_ABT_SP_OFFSET);
 BUILD_ASSERT(offsetof(struct boot_params, udf_sp) == BOOT_PARAM_UDF_SP_OFFSET);
 BUILD_ASSERT(offsetof(struct boot_params, svc_sp) == BOOT_PARAM_SVC_SP_OFFSET);
 BUILD_ASSERT(offsetof(struct boot_params, sys_sp) == BOOT_PARAM_SYS_SP_OFFSET);
-BUILD_ASSERT(offsetof(struct boot_params, voting) == BOOT_PARAM_VOTING_OFFSET);
 
 volatile struct boot_params arm_cpu_boot_params = {
 	.mpid = -1,
@@ -77,7 +75,7 @@ volatile struct boot_params arm_cpu_boot_params = {
 	.sys_sp = (char *)(z_arm_sys_stack + CONFIG_ARMV7_SYS_STACK_SIZE),
 };
 
-const uint32_t cpu_node_list[] = {
+static const uint32_t cpu_node_list[] = {
 	DT_FOREACH_CHILD_STATUS_OKAY_SEP(DT_PATH(cpus), DT_REG_ADDR, (,))};
 
 /* cpu_map saves the maping of core id and mpid */

arch/arm/core/cortex_a_r/thread.c

@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 2013-2014 Wind River Systems, Inc.
  * Copyright (c) 2021 Lexmark International, Inc.
+ * Copyright 2025 Arm Limited and/or its affiliates <open-source-office@arm.com>
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -37,6 +38,34 @@
  */
 #define DEFAULT_EXC_RETURN 0xFD;
 
+#ifdef CONFIG_USERSPACE
+static void setup_priv_stack(struct k_thread *thread)
+{
+	/* Set up privileged stack before entering user mode */
+	thread->arch.priv_stack_start = (uint32_t)z_priv_stack_find(thread->stack_obj);
+
+	/* CONFIG_PRIVILEGED_STACK_SIZE does not account for MPU_GUARD_ALIGN_AND_SIZE or
+	 * MPU_GUARD_ALIGN_AND_SIZE_FLOAT. Therefore, we must compute priv_stack_end here before
+	 * adjusting priv_stack_start for the mpu guard alignment
+	 */
+	thread->arch.priv_stack_end = thread->arch.priv_stack_start + CONFIG_PRIVILEGED_STACK_SIZE;
+
+#if defined(CONFIG_MPU_STACK_GUARD)
+	/* Stack guard area reserved at the bottom of the thread's
+	 * privileged stack. Adjust the available (writable) stack
+	 * buffer area accordingly.
+	 */
+#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
+	thread->arch.priv_stack_start +=
+		((thread->arch.mode & Z_ARM_MODE_MPU_GUARD_FLOAT_Msk) != 0) ?
+		MPU_GUARD_ALIGN_AND_SIZE_FLOAT : MPU_GUARD_ALIGN_AND_SIZE;
+#else
+	thread->arch.priv_stack_start += MPU_GUARD_ALIGN_AND_SIZE;
+#endif /* CONFIG_FPU && CONFIG_FPU_SHARING */
+#endif /* CONFIG_MPU_STACK_GUARD */
+}
+#endif
+
 /* An initial context, to be "restored" by z_arm_pendsv(), is put at the other
  * end of the stack, and thus reusable by the stack when not needed anymore.
  *
@@ -78,9 +107,24 @@ void arch_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 #endif /* FP_GUARD_EXTRA_SIZE */
 #endif /* CONFIG_MPU_STACK_GUARD */
 
+#if defined(CONFIG_ARM_STORE_EXC_RETURN) || defined(CONFIG_USERSPACE)
+	thread->arch.mode = 0;
+#if defined(CONFIG_ARM_STORE_EXC_RETURN)
+	thread->arch.mode_exc_return = DEFAULT_EXC_RETURN;
+#endif
+#if FP_GUARD_EXTRA_SIZE > 0
+	if ((thread->base.user_options & K_FP_REGS) != 0) {
+		thread->arch.mode |= Z_ARM_MODE_MPU_GUARD_FLOAT_Msk;
+	}
+#endif
+#endif
+
 	iframe = Z_STACK_PTR_TO_FRAME(struct __basic_sf, stack_ptr);
 #if defined(CONFIG_USERSPACE)
+	thread->arch.priv_stack_start = 0;
 	if ((thread->base.user_options & K_USER) != 0) {
+		setup_priv_stack(thread);
+		iframe = Z_STACK_PTR_TO_FRAME(struct __basic_sf, thread->arch.priv_stack_end);
 		iframe->pc = (uint32_t)arch_user_mode_enter;
 	} else {
 		iframe->pc = (uint32_t)z_thread_entry;
@@ -112,20 +156,6 @@ void arch_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	thread->callee_saved.psp = (uint32_t)iframe;
 	thread->arch.basepri = 0;
 
-#if defined(CONFIG_ARM_STORE_EXC_RETURN) || defined(CONFIG_USERSPACE)
-	thread->arch.mode = 0;
-#if defined(CONFIG_ARM_STORE_EXC_RETURN)
-	thread->arch.mode_exc_return = DEFAULT_EXC_RETURN;
-#endif
-#if FP_GUARD_EXTRA_SIZE > 0
-	if ((thread->base.user_options & K_FP_REGS) != 0) {
-		thread->arch.mode |= Z_ARM_MODE_MPU_GUARD_FLOAT_Msk;
-	}
-#endif
-#if defined(CONFIG_USERSPACE)
-	thread->arch.priv_stack_start = 0;
-#endif
-#endif
 	/*
 	 * initial values in all other registers/thread entries are
 	 * irrelevant.
@@ -196,10 +226,8 @@ static inline void z_arm_thread_stack_info_adjust(struct k_thread *thread,
 FUNC_NORETURN void arch_user_mode_enter(k_thread_entry_t user_entry,
 					void *p1, void *p2, void *p3)
 {
+	uint32_t sp_is_priv = 1;
 
-	/* Set up privileged stack before entering user mode */
-	_current->arch.priv_stack_start =
-		(uint32_t)z_priv_stack_find(_current->stack_obj);
 #if defined(CONFIG_MPU_STACK_GUARD)
 #if defined(CONFIG_THREAD_STACK_INFO)
 	/* We're dropping to user mode which means the guard area is no
@@ -216,29 +244,29 @@ FUNC_NORETURN void arch_user_mode_enter(k_thread_entry_t user_entry,
 	_current->stack_info.start -= MPU_GUARD_ALIGN_AND_SIZE;
 	_current->stack_info.size += MPU_GUARD_ALIGN_AND_SIZE;
 #endif /* CONFIG_THREAD_STACK_INFO */
-
-	/* Stack guard area reserved at the bottom of the thread's
-	 * privileged stack. Adjust the available (writable) stack
-	 * buffer area accordingly.
-	 */
-#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
-	_current->arch.priv_stack_start +=
-		((_current->arch.mode & Z_ARM_MODE_MPU_GUARD_FLOAT_Msk) != 0) ?
-		MPU_GUARD_ALIGN_AND_SIZE_FLOAT : MPU_GUARD_ALIGN_AND_SIZE;
-#else
-	_current->arch.priv_stack_start += MPU_GUARD_ALIGN_AND_SIZE;
-#endif /* CONFIG_FPU && CONFIG_FPU_SHARING */
 #endif /* CONFIG_MPU_STACK_GUARD */
 
-#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
-	_current->arch.priv_stack_end =
-		_current->arch.priv_stack_start + CONFIG_PRIVILEGED_STACK_SIZE;
-#endif
+	/* 2 ways how arch_user_mode_enter is called:
+	 * - called as part of context switch from z_arm_pendsv, in this case privileged stack is
+	 *   already setup and stack pointer points to privileged stack.
+	 * - called directly from k_thread_user_mode_enter, in this case privileged stack is not
+	 *   setup and stack pointer points to user stack.
+	 *
+	 * When called from k_thread_user_mode_enter, we need to check and setup the privileged
+	 * stack and then instruct z_arm_userspace_enter to change the PSP to the privileged stack.
+	 * Note that we do not change the PSP in this function to avoid any conflict with compiler's
+	 * sequence which has already pushed stuff on the user stack.
+	 */
+	if (0 == _current->arch.priv_stack_start) {
+		setup_priv_stack(_current);
+		sp_is_priv = 0;
+	}
 
 	z_arm_userspace_enter(user_entry, p1, p2, p3,
 			     (uint32_t)_current->stack_info.start,
 			     _current->stack_info.size -
-			     _current->stack_info.delta);
+			     _current->stack_info.delta,
+			     sp_is_priv);
 	CODE_UNREACHABLE;
 }
 

arch/arm/core/cortex_a_r/vector_table.S

@@ -41,11 +41,6 @@ SECTION_SUBSEC_FUNC(exc_vector_table,_vector_table_section,_vector_table)
 GTEXT(z_arm_cortex_ar_exit_exc)
 SECTION_SUBSEC_FUNC(TEXT, _HandlerModeExit, z_arm_cortex_ar_exit_exc)
 
-	/* Note:
-	 * This function is expected to be *always* called with
-	 * processor mode set to MODE_SYS.
-	 */
-
 	/* decrement exception depth */
 	get_cpu r2
 	ldrb r1, [r2, #_cpu_offset_to_exc_depth]
@@ -56,6 +51,7 @@ SECTION_SUBSEC_FUNC(TEXT, _HandlerModeExit, z_arm_cortex_ar_exit_exc)
 	 * Restore r0-r3, r12, lr, lr_und and spsr_und from the exception stack
 	 * and return to the current thread.
 	 */
-	pop {r0-r3, r12, lr}
+	ldmia sp, {r0-r3, r12, lr}^
+	add sp, #24
 	rfeia sp!
 #endif

arch/arm/core/cortex_m/Kconfig

@@ -330,7 +330,7 @@ config ZERO_LATENCY_IRQS
 config ZERO_LATENCY_LEVELS
 	int "Number of interrupt priority levels reserved for zero latency"
 	depends on ZERO_LATENCY_IRQS
-	range 1 $(UINT8_MAX)
+	range 1 255
 	help
 	  The amount of interrupt priority levels reserved for zero latency
 	  interrupts. Increase this value to reserve more than one priority

arch/arm/core/cortex_m/cpu_idle.c

@@ -53,7 +53,6 @@ void z_arm_cpu_idle_init(void)
 } while (false)
 #endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 void arch_cpu_idle(void)
 {
 #if defined(CONFIG_TRACING)
@@ -97,9 +96,7 @@ void arch_cpu_idle(void)
 	__enable_irq();
 	__ISB();
 }
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 void arch_cpu_atomic_idle(unsigned int key)
 {
 #if defined(CONFIG_TRACING)
@@ -138,4 +135,3 @@ void arch_cpu_atomic_idle(unsigned int key)
 	__enable_irq();
 #endif
 }
-#endif

arch/arm/core/cortex_m/exc_exit.c

@@ -55,13 +55,8 @@ FUNC_ALIAS(z_arm_exc_exit, z_arm_int_exit, void);
 Z_GENERIC_SECTION(.text._HandlerModeExit) void z_arm_exc_exit(void)
 {
 #ifdef CONFIG_PREEMPT_ENABLED
-	/* If thread is preemptible */
-	if (_kernel.cpus->current->base.prio >= 0) {
-		/* and cached thread is not current thread */
-		if (_kernel.ready_q.cache != _kernel.cpus->current) {
-			/* trigger a context switch */
-			SCB->ICSR |= SCB_ICSR_PENDSVSET_Msk;
-		}
+	if (_kernel.ready_q.cache != _kernel.cpus->current) {
+		SCB->ICSR |= SCB_ICSR_PENDSVSET_Msk;
 	}
 #endif /* CONFIG_PREEMPT_ENABLED */
 

arch/arm/core/cortex_m/fault.c

@@ -1192,7 +1192,5 @@ void z_arm_fault_init(void)
 #endif /* CONFIG_BUILTIN_STACK_GUARD */
 #ifdef CONFIG_TRAP_UNALIGNED_ACCESS
 	SCB->CCR |= SCB_CCR_UNALIGN_TRP_Msk;
-#else
-	SCB->CCR &= ~SCB_CCR_UNALIGN_TRP_Msk;
 #endif /* CONFIG_TRAP_UNALIGNED_ACCESS */
 }

arch/arm/core/cortex_m/swap.c

@@ -1,6 +1,5 @@
 /*
  * Copyright (c) 2018 Linaro, Limited
- * Copyright (c) 2023 Arm Limited
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -48,63 +47,3 @@ int arch_swap(unsigned int key)
 	 */
 	return _current->arch.swap_return_value;
 }
-
-uintptr_t z_arm_pendsv_c(uintptr_t exc_ret)
-{
-	/* Store LSB of LR (EXC_RETURN) to the thread's 'mode' word. */
-	IF_ENABLED(CONFIG_ARM_STORE_EXC_RETURN,
-		   (_kernel.cpus[0].current->arch.mode_exc_return = (uint8_t)exc_ret;));
-
-	/* Protect the kernel state while we play with the thread lists */
-	uint32_t basepri = arch_irq_lock();
-
-	/* fetch the thread to run from the ready queue cache */
-	struct k_thread *current = _kernel.cpus[0].current = _kernel.ready_q.cache;
-
-	/*
-	 * Clear PendSV so that if another interrupt comes in and
-	 * decides, with the new kernel state based on the new thread
-	 * being context-switched in, that it needs to reschedule, it
-	 * will take, but that previously pended PendSVs do not take,
-	 * since they were based on the previous kernel state and this
-	 * has been handled.
-	 */
-	SCB->ICSR = SCB_ICSR_PENDSVCLR_Msk;
-
-	/* For Cortex-M, store TLS pointer in a global variable,
-	 * as it lacks the process ID or thread ID register
-	 * to be used by toolchain to access thread data.
-	 */
-	IF_ENABLED(CONFIG_THREAD_LOCAL_STORAGE,
-		   (extern uintptr_t z_arm_tls_ptr; z_arm_tls_ptr = current->tls));
-
-	IF_ENABLED(CONFIG_ARM_STORE_EXC_RETURN,
-		   (exc_ret = (exc_ret & 0xFFFFFF00) | current->arch.mode_exc_return));
-
-	/* Restore previous interrupt disable state (irq_lock key)
-	 * (We clear the arch.basepri field after restoring state)
-	 */
-	basepri = current->arch.basepri;
-	current->arch.basepri = 0;
-
-	arch_irq_unlock(basepri);
-
-#if defined(CONFIG_MPU_STACK_GUARD) || defined(CONFIG_USERSPACE)
-	/* Re-program dynamic memory map */
-	z_arm_configure_dynamic_mpu_regions(current);
-#endif
-
-	/* restore mode */
-	IF_ENABLED(CONFIG_USERSPACE, ({
-			CONTROL_Type ctrl = {.w = __get_CONTROL()};
-			/* exit privileged state when returning to thread mode. */
-			ctrl.b.nPRIV = 0;
-			/* __set_CONTROL inserts an ISB which is may not be necessary here
-			 * (stack pointer may not be touched), but it's recommended to avoid
-			 * executing pre-fetched instructions with the previous privilege.
-			 */
-			__set_CONTROL(ctrl.w | current->arch.mode);
-		}));
-
-	return exc_ret;
-}

arch/arm/core/cortex_m/swap_helper.S

@@ -27,7 +27,6 @@ _ASM_FILE_PROLOGUE
 GTEXT(z_arm_svc)
 GTEXT(z_arm_pendsv)
 GTEXT(z_do_kernel_oops)
-GTEXT(z_arm_pendsv_c)
 #if defined(CONFIG_USERSPACE)
 GTEXT(z_arm_do_syscall)
 #endif
@@ -118,20 +117,125 @@ out_fp_endif:
 #error Unknown ARM architecture
 #endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE */
 
-    mov r4, lr
-    mov r0, lr
-    bl z_arm_pendsv_c
-    mov lr, r4
+    /* Protect the kernel state while we play with the thread lists */
+#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
+    cpsid i
+#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
+    movs.n r0, #_EXC_IRQ_DEFAULT_PRIO
+    msr BASEPRI_MAX, r0
+    isb /* Make the effect of disabling interrupts be realized immediately */
+#else
+#error Unknown ARM architecture
+#endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE */
 
-    ldr r1, =_kernel
-    ldr r2, [r1, #_kernel_offset_to_current]
+    /*
+     * Prepare to clear PendSV with interrupts unlocked, but
+     * don't clear it yet. PendSV must not be cleared until
+     * the new thread is context-switched in since all decisions
+     * to pend PendSV have been taken with the current kernel
+     * state and this is what we're handling currently.
+     */
+    ldr r7, =_SCS_ICSR
+    ldr r6, =_SCS_ICSR_UNPENDSV
+
+    /* _kernel is still in r1 */
+
+    /* fetch the thread to run from the ready queue cache */
+    ldr r2, [r1, #_kernel_offset_to_ready_q_cache]
+
+    str r2, [r1, #_kernel_offset_to_current]
+
+    /*
+     * Clear PendSV so that if another interrupt comes in and
+     * decides, with the new kernel state based on the new thread
+     * being context-switched in, that it needs to reschedule, it
+     * will take, but that previously pended PendSVs do not take,
+     * since they were based on the previous kernel state and this
+     * has been handled.
+     */
+
+    /* _SCS_ICSR is still in r7 and _SCS_ICSR_UNPENDSV in r6 */
+    str r6, [r7, #0]
+
+#if defined(CONFIG_THREAD_LOCAL_STORAGE)
+    /* Grab the TLS pointer */
+    ldr r4, =_thread_offset_to_tls
+    adds r4, r2, r4
+    ldr r0, [r4]
+
+    /* For Cortex-M, store TLS pointer in a global variable,
+     * as it lacks the process ID or thread ID register
+     * to be used by toolchain to access thread data.
+     */
+    ldr r4, =z_arm_tls_ptr
+    str r0, [r4]
+#endif
 
 #if defined(CONFIG_ARM_STORE_EXC_RETURN)
     /* Restore EXC_RETURN value. */
-    mov lr, r0
+    ldrsb lr, [r2, #_thread_offset_to_mode_exc_return]
+#endif
+
+    /* Restore previous interrupt disable state (irq_lock key)
+     * (We clear the arch.basepri field after restoring state)
+     */
+#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE) && (_thread_offset_to_basepri > 124)
+    /* Doing it this way since the offset to thread->arch.basepri can in
+     * some configurations be larger than the maximum of 124 for ldr/str
+     * immediate offsets.
+     */
+    ldr r4, =_thread_offset_to_basepri
+    adds r4, r2, r4
+
+    ldr r0, [r4]
+    movs.n r3, #0
+    str r3, [r4]
+#else
+    ldr r0, [r2, #_thread_offset_to_basepri]
+    movs r3, #0
+    str r3, [r2, #_thread_offset_to_basepri]
 #endif
 
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
+    /* BASEPRI not available, previous interrupt disable state
+     * maps to PRIMASK.
+     *
+     * Only enable interrupts if value is 0, meaning interrupts
+     * were enabled before irq_lock was called.
+     */
+    cmp r0, #0
+    bne _thread_irq_disabled
+    cpsie i
+_thread_irq_disabled:
+
+#if defined(CONFIG_MPU_STACK_GUARD) || defined(CONFIG_USERSPACE)
+    /* Re-program dynamic memory map */
+    push {r2,lr}
+    mov r0, r2
+    bl z_arm_configure_dynamic_mpu_regions
+    pop {r2,r3}
+    mov lr, r3
+#endif
+
+#ifdef CONFIG_USERSPACE
+    /* restore mode */
+    ldr r3, =_thread_offset_to_mode
+    adds r3, r2, r3
+    ldr r0, [r3]
+    mrs r3, CONTROL
+    movs.n r1, #1
+    bics r3, r1
+    orrs r3, r0
+    msr CONTROL, r3
+
+    /* ISB is not strictly necessary here (stack pointer is not being
+     * touched), but it's recommended to avoid executing pre-fetched
+     * instructions with the previous privilege.
+     */
+    isb
+
+#endif
+
     ldr r4, =_thread_offset_to_callee_saved
     adds r0, r2, r4
 
@@ -149,6 +253,9 @@ out_fp_endif:
     subs r0, #36
     ldmia r0!, {r4-r7}
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
+    /* restore BASEPRI for the incoming thread */
+    msr BASEPRI, r0
+
 #ifdef CONFIG_FPU_SHARING
     /* Assess whether switched-in thread had been using the FP registers. */
     tst lr, #_EXC_RETURN_FTYPE_Msk
@@ -178,6 +285,30 @@ in_fp_endif:
     isb
 #endif
 
+#if defined(CONFIG_MPU_STACK_GUARD) || defined(CONFIG_USERSPACE)
+    /* Re-program dynamic memory map */
+    push {r2,lr}
+    mov r0, r2 /* _current thread */
+    bl z_arm_configure_dynamic_mpu_regions
+    pop {r2,lr}
+#endif
+
+#ifdef CONFIG_USERSPACE
+    /* restore mode */
+    ldr r0, [r2, #_thread_offset_to_mode]
+    mrs r3, CONTROL
+    bic r3, #1
+    orr r3, r0
+    msr CONTROL, r3
+
+    /* ISB is not strictly necessary here (stack pointer is not being
+     * touched), but it's recommended to avoid executing pre-fetched
+     * instructions with the previous privilege.
+     */
+    isb
+
+#endif
+
     /* load callee-saved + psp from thread */
     add r0, r2, #_thread_offset_to_callee_saved
     ldmia r0, {r4-r11, ip}
@@ -300,6 +431,7 @@ _stack_frame_endif:
     /* exception return is done in z_arm_int_exit() */
     ldr r0, =z_arm_int_exit
     bx r0
+
 #endif
 
 _oops:
@@ -352,20 +484,219 @@ _oops:
      * r8 - saved link register
      */
 _do_syscall:
+/*
+ * Build a privilege stack frame from the user stack frame, then switch PSP
+ * to it. This ensures return from SVC does not rely on the user stack.
+ *
+ * Layout of privilege stack created from user stack:
+ *
+ *  +------+-------------------------+------+-------------------------+--------------------------+
+ *  |  User stack                    |  Privilege stack               | Notes                    |
+ *  +------+-------------------------+------+-------------------------+--------------------------+
+ *  |Offset| contents                |Offset| contents                |                          |
+ *  +------+-------------------------+------+-------------------------+--------------------------+
+ *  |  0   | R0                   -> | 0    | R0                      | PSP switches from 0th    |
+ *  |      |                         |      |                         | offset of user stack to  |
+ *  |      |                         |      |                         | 0th offset of priv stack |
+ *  |  4   | R1                   -> | 4    | R1                      |                          |
+ *  |  8   | R2                   -> | 8    | R2                      |                          |
+ *  | 12   | R3                   -> |12    | R3                      |                          |
+ *  | 16   | R12                  -> |16    | R12                     |                          |
+ *  | 20   | LR                   -> |20    | LR                      |                          |
+ *  | 24   | Return Address      -x> |24    | z_arm_do_syscall        |return address from user  |
+ *  |      |                         |      |                         |sf is not copied. Instead,|
+ *  |      |                         |      |                         |it is replaced so that    |
+ *  |      |                         |      |                         |z_arm_svc returns to      |
+ *  |      |                         |      |                         |z_arm_do_syscall.         |
+ *  |      |                         |      |                         |                          |
+ *  | 28   | xPSR (w/ or w/o pad) -> |28    | xPSR (pad bit cleared)  |This completes the basic  |
+ *  |      |                         |      |                         |exception sf w/ or w/o pad|
+ *  |      |                         |      |                         |                          |
+ *  | --   | FP regs + FPSCR      -> |--    | FP regs + FPSCR         |For arch supporting fp    |
+ *  |      | (w/ or w/o pad)         |      |                         |context an additional     |
+ *  |      |                         |      |                         |extended sf is copied.    |
+ *  |________________________________|______|_________________________|__________________________|
+ *  |      |                         |      |                         |On returning to           |
+ *  |      |                         |      |                         |z_arm_do_syscall, the     |
+ *  |      |                         |      |                         |above sf has already been |
+ *  |      |                         |      |                         |unstacked and 8B from the |
+ *  |      |                         |      |                         |then sf are used to pass  |
+ *  |      |                         |      |                         |original pre-svc sp & the |
+ *  |      |                         |      |                         |return address.           |
+ *  |      |                         |      |                         |Note: at the moment       |
+ *  |      |                         |      |                         |z_arm_do_syscall also     |
+ *  |      |                         |      |                         |expects the return address|
+ *  |      |                         |      |                         |to be set in r8.          |
+ *  |      |                         |      |                         |                          |
+ *  |      |                         | 0    | address that            |z_arm_do_syscall expects  |
+ *  |      |                         |      | z_arm_do_syscall should |the original pre-svc sp at|
+ *  |      |                         |      | set as PSP before       |0th offset i.e. new sp[0] |
+ *  |      |                         |      | returning from svc.     |and,                      |
+ *  |      |                         |      |                         |                          |
+ *  |      |                         | 4    | Address that            |the return address at     |
+ *  |      |                         |      | z_arm_do_syscall should |sp[4]. Note that this is  |
+ *  |      |                         |      | return to after handling|the return address copied |
+ *  |      |                         |      | svc                     |from user exception sf[24]|
+ *  |      |                         |      |                         |which was not copied in   |
+ *  |      |                         |      |                         |the previous sf.          |
+ *  +------+-------------------------+------+-------------------------+--------------------------+
+ * "sf" in this function is used as abbreviation for "stack frame".
+ * Note that the "FP regs + FPSCR" are only present if CONFIG_FPU_SHARING=y, and the optional pad
+ * is only present if PSP was not 8-byte aligned when SVC was executed.
+ * Also note that FPU cannot be present in ARMv6-M or ARMv8-M Baseline implementations
+ * (i.e., it may only be present when CONFIG_ARMV7_M_ARMV8_M_MAINLINE is enabled).
+ */
+ /* Start by fetching the top of privileged stack */
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    movs r3, #24
-    ldr r1, [r0, r3]   /* grab address of PC from stack frame */
-    mov r8, r1
+    ldr r1, =_kernel
+    ldr r1, [r1, #_kernel_offset_to_current]
+    adds r1, r1, #_thread_offset_to_priv_stack_start
+    ldr r1, [r1] /* bottom of priv stack */
+    ldr r3, =CONFIG_PRIVILEGED_STACK_SIZE
+    subs r3, #(_EXC_HW_SAVED_BASIC_SF_SIZE+8) /* 8 for original sp and pc */
+    add r1, r3
+    mov ip, r1
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
-    ldr r8, [r0, #24]   /* grab address of PC from stack frame */
+    ldr ip, =_kernel
+    ldr ip, [ip, #_kernel_offset_to_current]
+    ldr ip, [ip, #_thread_offset_to_priv_stack_start] /* bottom of priv stack */
+    add ip, #CONFIG_PRIVILEGED_STACK_SIZE
+#ifdef CONFIG_FPU_SHARING
+    /* Assess whether svc calling thread had been using the FP registers. */
+    tst lr, #_EXC_RETURN_FTYPE_Msk
+    ite eq
+    moveq r8, #_EXC_HW_SAVED_EXTENDED_SF_SIZE
+    movne r8, #_EXC_HW_SAVED_BASIC_SF_SIZE
+#else
+    mov r8, #_EXC_HW_SAVED_BASIC_SF_SIZE
 #endif
+    sub ip, #8 /* z_arm_do_syscall will use this to get original sp and pc */
+    sub ip, r8 /* 32 for basic sf + 72 for the optional esf */
+#endif
+
+    /*
+     * At this point:
+     * r0 has PSP i.e. top of user stack
+     * ip has top of privilege stack
+     * r8 has hardware-saved stack frame size (only in case of mainline)
+     */
+    push {r4-r7}
+    push {r2}
+#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
+    mov  r2, r0 /* safe to use r2 since it is saved on MSP */
+
+    /* Check for padding in the sf */
+    ldr  r1, [r0, #_EXC_HW_SAVED_BASIC_SF_XPSR_OFFSET] /* grab xPSR from sf which has the pad bit */
+    movs r3, #1
+    /* Check if pad bit 9 is set */
+    lsls r3, r3, #9
+    tst  r1, r3
+    beq  .L_no_padding
+    /* special handling for padded sf */
+    bics r1, r3 /* clear the pad bit (priv stack is aligned and doesn't need it) */
+    adds r2, #4
+.L_no_padding:
+    /* Calculate original pre-svc user sp which is psp + sf size (+4B if pad bit was set) */
+    adds r2, #_EXC_HW_SAVED_BASIC_SF_SIZE
+    mov  r3, ip
+    str r2,[r3, #0]
+
+    /* Store the pre-SVC user SP at the offset expected by z_arm_do_syscall,
+     * as detailed in the table above.
+     */
+    str r2,[r3, #_EXC_HW_SAVED_BASIC_SF_SIZE]
+    /* sf of priv stack has the same xPSR as user stack but with 9th bit reset */
+    str r1,[r3, #_EXC_HW_SAVED_BASIC_SF_XPSR_OFFSET]
+
+    /* r0-r3, r12, LR from user stack sf are copied to sf of priv stack */
+    mov r1, r0
+    mov r2, r3
+    ldmia r1!, {r4-r7}
+    stmia r2!, {r4-r7}
+    ldmia r1!, {r4-r5}
+    stmia r2!, {r4-r5}
+
+    /* Store the svc return address at the offset expected by z_arm_do_syscall,
+     * as detailed in the table above.
+     */
+    str r5, [r3, #(_EXC_HW_SAVED_BASIC_SF_SIZE+4)]
+
     ldr r1, =z_arm_do_syscall
-#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    str r1, [r0, r3]   /* overwrite the PC to point to z_arm_do_syscall */
+    str r1, [r3, #_EXC_HW_SAVED_BASIC_SF_RETADDR_OFFSET] /* Execution return to z_arm_do_syscall */
+    ldr r1, [r0, #_EXC_HW_SAVED_BASIC_SF_RETADDR_OFFSET] /* grab address of PC from stack frame */
+    /* Store the svc return address (i.e. next instr to svc) in r8 as expected by z_arm_do_syscall.
+     */
+    mov r8, r1
+
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
-    str r1, [r0, #24]   /* overwrite the PC to point to z_arm_do_syscall */
+    mov  r2, r0 /* safe to use r2 since it is saved on MSP */
+
+    /* Calculate original pre-svc user sp without pad which is psp + sf size */
+    add r2, r8
+
+    /* Also, check for padding in the sf */
+    ldr  r1, [r0, #_EXC_HW_SAVED_BASIC_SF_XPSR_OFFSET] /* grab xPSR from sf which has the pad bit */
+    tst r1, #(1<<9) /* Check if pad bit 9 is set */
+    beq .L_no_padding
+    bics r1, #(1<<9) /* clear the pad bit (priv stack is aligned and doesn't need it) */
+    /* Calculate original pre-svc user sp with pad */
+    add  r2, #4
+.L_no_padding:
+    str r2,[ip, #0]
+    /* Store the pre-SVC user SP at the offset expected by z_arm_do_syscall,
+     * as detailed in the table above.
+     */
+    str r2,[ip, r8]
+    str r1,[ip, #_EXC_HW_SAVED_BASIC_SF_XPSR_OFFSET] /* priv sf get user sf xPSR with bit9 reset */
+
+    /* r0-r3, r12, LR from user stack sf are copied to sf of priv stack */
+    mov r1, r0
+    mov r2, ip
+    ldmia r1!, {r4-r7}
+    stmia r2!, {r4-r7}
+    ldmia r1!, {r4-r5}
+    stmia r2!, {r4-r5}
+
+    /* Store the svc return address at the offset expected by z_arm_do_syscall,
+     * as detailed in the table above.
+     */
+    add r8, #4
+    str r5, [ip, r8]
+
+    ldr r1, =z_arm_do_syscall
+    str r1, [ip, #_EXC_HW_SAVED_BASIC_SF_RETADDR_OFFSET] /* Execution return to z_arm_do_syscall */
+    ldr r1, [r0, #_EXC_HW_SAVED_BASIC_SF_RETADDR_OFFSET] /* grab address of PC from stack frame */
+    /* Store the svc return address (i.e. next instr to svc) in r8 as expected by z_arm_do_syscall.
+     */
+    mov r8, r1
+
+    /* basic stack frame is copied at this point to privilege stack,
+     * now time to copy the fp context
+     */
+#ifdef CONFIG_FPU_SHARING
+    tst lr, #_EXC_RETURN_FTYPE_Msk
+    bne .L_skip_fp_copy
+    add r1, r0, #32
+    add r2, ip, #32
+
+    vldmia r1!, {s0-s15}
+    vstmia r2!, {s0-s15}
+
+    /* copy FPSCR + reserved (8 bytes) */
+    ldmia   r1!, {r4, r5}
+    stmia   r2!, {r4, r5}
+.L_skip_fp_copy:
 #endif
 
+#endif
+    pop {r2} /* restore CONTROL value */
+    pop {r4-r7}
+
+    /* Point PSP to privilege stack,
+     * note that r0 still has the old PSP
+     */
+    msr PSP, ip
+
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
     ldr r3, =K_SYSCALL_LIMIT
     cmp r6, r3
@@ -419,14 +750,12 @@ valid_syscall_id:
     isb
 
 #if defined(CONFIG_BUILTIN_STACK_GUARD)
-    /* Thread is now in privileged mode; after returning from SCVall it
-     * will use the default (user) stack before switching to the privileged
-     * stack to execute the system call. We need to protect the user stack
-     * against stack overflows until this stack transition.
-     */
-    ldr r1, [r0, #_thread_offset_to_stack_info_start]    /* stack_info.start */
-    msr PSPLIM, r1
-#endif /* CONFIG_BUILTIN_STACK_GUARD */
+    /* Set stack pointer limit (needed in privileged mode) */
+    ldr ip, =_kernel
+    ldr ip, [ip, #_kernel_offset_to_current]
+    ldr ip, [ip, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
+    msr PSPLIM, ip
+#endif
 
     /* return from SVC to the modified LR - z_arm_do_syscall */
     bx lr

arch/arm/core/cortex_m/thread.c

@@ -46,6 +46,35 @@
 K_THREAD_STACK_DECLARE(z_main_stack, CONFIG_MAIN_STACK_SIZE);
 #endif
 
+#ifdef CONFIG_USERSPACE
+static void setup_priv_stack(struct k_thread *thread)
+{
+	/* Set up privileged stack before entering user mode */
+	thread->arch.priv_stack_start = (uint32_t)z_priv_stack_find(thread->stack_obj);
+
+	/* CONFIG_PRIVILEGED_STACK_SIZE does not account for MPU_GUARD_ALIGN_AND_SIZE or
+	 * MPU_GUARD_ALIGN_AND_SIZE_FLOAT. Therefore, we must compute priv_stack_end here before
+	 * adjusting priv_stack_start for the mpu guard alignment
+	 */
+	thread->arch.priv_stack_end = thread->arch.priv_stack_start + CONFIG_PRIVILEGED_STACK_SIZE;
+
+#if defined(CONFIG_MPU_STACK_GUARD)
+	/* Stack guard area reserved at the bottom of the thread's
+	 * privileged stack. Adjust the available (writable) stack
+	 * buffer area accordingly.
+	 */
+#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
+	thread->arch.priv_stack_start +=
+		((thread->arch.mode & Z_ARM_MODE_MPU_GUARD_FLOAT_Msk) != 0)
+			? MPU_GUARD_ALIGN_AND_SIZE_FLOAT
+			: MPU_GUARD_ALIGN_AND_SIZE;
+#else
+	thread->arch.priv_stack_start += MPU_GUARD_ALIGN_AND_SIZE;
+#endif /* CONFIG_FPU && CONFIG_FPU_SHARING */
+#endif /* CONFIG_MPU_STACK_GUARD */
+}
+#endif
+
 /* An initial context, to be "restored" by z_arm_pendsv(), is put at the other
  * end of the stack, and thus reusable by the stack when not needed anymore.
  *
@@ -87,9 +116,24 @@ void arch_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 #endif /* FP_GUARD_EXTRA_SIZE */
 #endif /* CONFIG_MPU_STACK_GUARD */
 
+#if defined(CONFIG_ARM_STORE_EXC_RETURN) || defined(CONFIG_USERSPACE)
+	thread->arch.mode = 0;
+#if defined(CONFIG_ARM_STORE_EXC_RETURN)
+	thread->arch.mode_exc_return = DEFAULT_EXC_RETURN;
+#endif
+#if FP_GUARD_EXTRA_SIZE > 0
+	if ((thread->base.user_options & K_FP_REGS) != 0) {
+		thread->arch.mode |= Z_ARM_MODE_MPU_GUARD_FLOAT_Msk;
+	}
+#endif
+#endif
+
 	iframe = Z_STACK_PTR_TO_FRAME(struct __basic_sf, stack_ptr);
 #if defined(CONFIG_USERSPACE)
+	thread->arch.priv_stack_start = 0;
 	if ((thread->base.user_options & K_USER) != 0) {
+		setup_priv_stack(thread);
+		iframe = Z_STACK_PTR_TO_FRAME(struct __basic_sf, thread->arch.priv_stack_end);
 		iframe->pc = (uint32_t)arch_user_mode_enter;
 	} else {
 		iframe->pc = (uint32_t)z_thread_entry;
@@ -111,20 +155,6 @@ void arch_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	thread->callee_saved.psp = (uint32_t)iframe;
 	thread->arch.basepri = 0;
 
-#if defined(CONFIG_ARM_STORE_EXC_RETURN) || defined(CONFIG_USERSPACE)
-	thread->arch.mode = 0;
-#if defined(CONFIG_ARM_STORE_EXC_RETURN)
-	thread->arch.mode_exc_return = DEFAULT_EXC_RETURN;
-#endif
-#if FP_GUARD_EXTRA_SIZE > 0
-	if ((thread->base.user_options & K_FP_REGS) != 0) {
-		thread->arch.mode |= Z_ARM_MODE_MPU_GUARD_FLOAT_Msk;
-	}
-#endif
-#if defined(CONFIG_USERSPACE)
-	thread->arch.priv_stack_start = 0;
-#endif
-#endif
 	/*
 	 * initial values in all other registers/thread entries are
 	 * irrelevant.
@@ -226,13 +256,10 @@ uint32_t z_arm_mpu_stack_guard_and_fpu_adjust(struct k_thread *thread)
 #endif
 
 #ifdef CONFIG_USERSPACE
-FUNC_NORETURN void arch_user_mode_enter(k_thread_entry_t user_entry,
-					void *p1, void *p2, void *p3)
+FUNC_NORETURN void arch_user_mode_enter(k_thread_entry_t user_entry, void *p1, void *p2, void *p3)
 {
+	uint32_t sp_is_priv = 1;
 
-	/* Set up privileged stack before entering user mode */
-	_current->arch.priv_stack_start =
-		(uint32_t)z_priv_stack_find(_current->stack_obj);
 #if defined(CONFIG_MPU_STACK_GUARD)
 #if defined(CONFIG_THREAD_STACK_INFO)
 	/* We're dropping to user mode which means the guard area is no
@@ -249,24 +276,26 @@ FUNC_NORETURN void arch_user_mode_enter(k_thread_entry_t user_entry,
 	_current->stack_info.start -= MPU_GUARD_ALIGN_AND_SIZE;
 	_current->stack_info.size += MPU_GUARD_ALIGN_AND_SIZE;
 #endif /* CONFIG_THREAD_STACK_INFO */
-
-	/* Stack guard area reserved at the bottom of the thread's
-	 * privileged stack. Adjust the available (writable) stack
-	 * buffer area accordingly.
-	 */
-#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
-	_current->arch.priv_stack_start +=
-		((_current->arch.mode & Z_ARM_MODE_MPU_GUARD_FLOAT_Msk) != 0) ?
-		MPU_GUARD_ALIGN_AND_SIZE_FLOAT : MPU_GUARD_ALIGN_AND_SIZE;
-#else
-	_current->arch.priv_stack_start += MPU_GUARD_ALIGN_AND_SIZE;
-#endif /* CONFIG_FPU && CONFIG_FPU_SHARING */
 #endif /* CONFIG_MPU_STACK_GUARD */
 
-	z_arm_userspace_enter(user_entry, p1, p2, p3,
-			     (uint32_t)_current->stack_info.start,
-			     _current->stack_info.size -
-			     _current->stack_info.delta);
+	/* 2 ways how arch_user_mode_enter is called:
+	 * - called as part of context switch from z_arm_pendsv, in this case privileged stack is
+	 *   already setup and stack pointer points to privileged stack.
+	 * - called directly from k_thread_user_mode_enter, in this case privileged stack is not
+	 *   setup and stack pointer points to user stack.
+	 *
+	 * When called from k_thread_user_mode_enter, we need to check and setup the privileged
+	 * stack and then instruct z_arm_userspace_enter to change the PSP to the privileged stack.
+	 * Note that we do not change the PSP in this function to avoid any conflict with compiler's
+	 * sequence which has already pushed stuff on the user stack.
+	 */
+	if (0 == _current->arch.priv_stack_start) {
+		setup_priv_stack(_current);
+		sp_is_priv = 0;
+	}
+
+	z_arm_userspace_enter(user_entry, p1, p2, p3, (uint32_t)_current->stack_info.start,
+			      _current->stack_info.size - _current->stack_info.delta, sp_is_priv);
 	CODE_UNREACHABLE;
 }
 
@@ -586,9 +615,11 @@ void arch_switch_to_main_thread(struct k_thread *main_thread, char *stack_ptr,
 	"mov   r3, #0\n"
 	"ldr   r4, =z_thread_entry\n"
 	"bx    r4\n"		/* We don’t intend to return, so there is no need to link. */
-	: "+r" (_main)
-	: "r" (stack_ptr)
-	: "r0", "r1", "r2", "r3", "r4", "ip", "lr");
+	/* Force a literal pool placement for the addresses referenced above */
+	".ltorg\n"
+	:
+	: "r" (_main), "r" (stack_ptr)
+	: "r0", "r1", "r2", "r3", "r4", "ip", "lr", "memory");
 
 	CODE_UNREACHABLE;
 }
@@ -653,6 +684,8 @@ FUNC_NORETURN void z_arm_switch_to_main_no_multithreading(
 	"ldr r0, =arch_irq_lock_outlined\n"
 	"blx r0\n"
 	"loop: b loop\n\t"    /* while (true); */
+	/* Force a literal pool placement for the addresses referenced above */
+	".ltorg\n"
 	:
 	: [_p1]"r" (p1), [_p2]"r" (p2), [_p3]"r" (p3),
 	  [_psp]"r" (psp), [_main_entry]"r" (main_entry)

arch/arm/core/offsets/offsets_aarch32.c

@@ -45,8 +45,9 @@ GEN_OFFSET_SYM(_thread_arch_t, mode_exc_return);
 #endif
 #if defined(CONFIG_USERSPACE)
 GEN_OFFSET_SYM(_thread_arch_t, priv_stack_start);
-#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
 GEN_OFFSET_SYM(_thread_arch_t, priv_stack_end);
+
+#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
 GEN_OFFSET_SYM(_thread_arch_t, sp_usr);
 #endif
 #endif

arch/arm/core/userspace.S

@@ -2,6 +2,7 @@
  * Userspace and service handler hooks
  *
  * Copyright (c) 2017 Linaro Limited
+ * Copyright 2025 Arm Limited and/or its affiliates <open-source-office@arm.com>
  *
  * SPDX-License-Identifier: Apache-2.0
  *
@@ -41,45 +42,41 @@ GDATA(_k_syscall_table)
  *
  * The function is invoked as:
  * z_arm_userspace_enter(user_entry, p1, p2, p3,
- *                        stack_info.start, stack_info.size);
+ *                        stack_info.start, stack_info.size,
+ *                        sp_is_priv);
  */
 SECTION_FUNC(TEXT,z_arm_userspace_enter)
     /* move user_entry to lr */
     mov lr, r0
 
-    /* prepare to set stack to privileged stack */
+    /* load arguments from stack:
+     *   r4 = user stack start
+     *   r5 = user stack size
+     *   r6 = sp_is_priv (1 if already on privileged stack)
+     */
+    pop {r4, r5, r6}
+
+    /* get current thread pointer */
     ldr r0, =_kernel
     ldr r0, [r0, #_kernel_offset_to_current]
+
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
     /* move p1 to ip */
     mov ip, r1
-    ldr r1, =_thread_offset_to_priv_stack_start
-    ldr r0, [r0, r1]    /* priv stack ptr */
-    ldr r1, =CONFIG_PRIVILEGED_STACK_SIZE
-    add r0, r0, r1
+    ldr r1, =_thread_offset_to_priv_stack_end
+    ldr r0, [r0, r1]
     /* Restore p1 from ip */
     mov r1, ip
-#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
-    ldr r0, [r0, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    ldr ip, =CONFIG_PRIVILEGED_STACK_SIZE
-    add r0, r0, ip
-#elif defined(CONFIG_CPU_AARCH32_CORTEX_R)
-    ldr r0, [r0, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    ldr ip, =CONFIG_PRIVILEGED_STACK_SIZE
-    add r0, r0, ip
-
-    ldr ip, =_kernel
-    ldr ip, [ip, #_kernel_offset_to_current]
-    str r0, [ip, #_thread_offset_to_priv_stack_end] /* priv stack end */
+#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE) \
+    || defined(CONFIG_CPU_AARCH32_CORTEX_R)
+    ldr r0, [r0, #_thread_offset_to_priv_stack_end]    /* privileged stack ptr */
 #endif
 
-    /* store current stack pointer to ip
-     * the current stack pointer is needed to retrieve
-     * stack_info.start and stack_info.size
-     */
-    mov ip, sp
+    /* check if current stack is privileged and switch to it if not */
+    cmp r6, #1
+    beq 1f
 
-#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
+#if defined(CONFIG_CPU_AARCH32_CORTEX_R) || defined(CONFIG_CPU_AARCH32_CORTEX_A)
     mov sp, r0
 #else
     /* set stack to privileged stack
@@ -93,35 +90,28 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
     msr PSP, r0
 #endif
 
+1:
+    /* push thread args and entrypoint to stack */
+    push {r1,r2,r3,lr}
+
 #if defined(CONFIG_BUILTIN_STACK_GUARD)
     /* At this point the privileged stack is not yet protected by PSPLIM.
-     * Since we have just switched to the top of the privileged stack, we
+     * Since we have switched to the top of the privileged stack, we
      * are safe, as long as the stack can accommodate the maximum exception
      * stack frame.
      */
-
-    /* set stack pointer limit to the start of the priv stack */
-    ldr r0, =_kernel
-    ldr r0, [r0, #_kernel_offset_to_current]
-    ldr r0, [r0, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
+    ldr r1, =CONFIG_PRIVILEGED_STACK_SIZE
+    sub r0, r0, r1 /* Calculate start of privileged stack */
+    /* set stack pointer limit to the start of the privileged stack */
     msr PSPLIM, r0
 #endif
 
-    /* push args to stack */
-    push {r1,r2,r3,lr}
-#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    mov r1, ip
-    push {r0,r1}
-#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE) \
-    || defined(CONFIG_CPU_AARCH32_CORTEX_R)
-    push {r0,ip}
-#endif
 
     /* Re-program dynamic memory map.
      *
      * Important note:
      * z_arm_configure_dynamic_mpu_regions() may re-program the MPU Stack Guard
-     * to guard the privilege stack for overflows (if building with option
+     * to guard the privileged stack for overflows (if building with option
      * CONFIG_MPU_STACK_GUARD). There is a risk of actually overflowing the
      * stack while doing the re-programming. We minimize the risk by placing
      * this function immediately after we have switched to the privileged stack
@@ -135,29 +125,10 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
     ldr r0, [r0, #_kernel_offset_to_current]
     bl z_arm_configure_dynamic_mpu_regions
 
-#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    pop {r0,r3}
-
-    /* load up stack info from user stack */
-    ldr r0, [r3]
-    ldr r3, [r3, #4]
-    mov ip, r3
-
-    push {r0,r3}
-#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE) \
-    || defined(CONFIG_CPU_AARCH32_CORTEX_R)
-    pop {r0,ip}
-
-    /* load up stack info from user stack */
-    ldr r0, [ip]
-    ldr ip, [ip, #4]
-
-    push {r0,ip}
-#endif
-
     /* clear the user stack area to clean out privileged data */
     /* from right past the guard right up to the end */
-    mov r2, ip
+    mov r0, r4
+    mov r2, r5
 #ifdef CONFIG_INIT_STACKS
     ldr r1,=0xaaaaaaaa
 #else
@@ -165,17 +136,18 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
 #endif
     bl memset
 
+    /* At this point:
+     * r4 contains user stack start
+     * r5 contains user stack size
+     * calculate top of user stack in r0 (start+size)
+     */
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    pop {r0, r1}
-    mov ip, r1
+    adds r0, r4, r5
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE) \
     || defined(CONFIG_CPU_AARCH32_CORTEX_R)
-    pop {r0,ip}
+    add r0, r4, r5
 #endif
 
-    /* r0 contains user stack start, ip contains user stack size */
-    add r0, r0, ip   /* calculate top of stack */
-
     /* pop remaining arguments from stack before switching stacks */
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
     /* Use r4 to pop lr, then restore r4 */
@@ -188,7 +160,7 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
     pop {r1,r2,r3,lr}
 #endif
 
-#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
+#if defined(CONFIG_CPU_AARCH32_CORTEX_R) || defined(CONFIG_CPU_AARCH32_CORTEX_A)
     /*
      * set stack to user stack.  We are in SYSTEM state, so r13 and r14 are
      * shared with USER state
@@ -223,10 +195,7 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
     isb
 
     /* Set PSPLIM to guard the thread's user stack. */
-    ldr r0, =_kernel
-    ldr r0, [r0, #_kernel_offset_to_current]
-    ldr r0, [r0, #_thread_offset_to_stack_info_start]
-    msr PSPLIM, r0
+    msr PSPLIM, r4
 
     pop {r0, ip}
 #endif
@@ -308,9 +277,8 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
  * This function is used to do system calls from unprivileged code.  This
  * function is responsible for the following:
  * 1) Fixing up bad syscalls
- * 2) Configuring privileged stack and loading up stack arguments
- * 3) Dispatching the system call
- * 4) Restoring stack and calling back to the caller of the SVC
+ * 2) Dispatching the system call
+ * 3) Restoring stack and calling back to the caller of the SVC
  *
  */
 SECTION_FUNC(TEXT, z_arm_do_syscall)
@@ -328,41 +296,7 @@ SECTION_FUNC(TEXT, z_arm_do_syscall)
      * At this point PSPLIM is already configured to guard the default (user)
      * stack, so pushing to the default thread's stack is safe.
      */
-#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-    /* save current stack pointer (user stack) */
-    mov ip, sp
-    /* temporarily push to user stack */
-    push {r0,r1}
-    /* setup privileged stack */
-    ldr r0, =_kernel
-    ldr r0, [r0, #_kernel_offset_to_current]
-    adds r0, r0, #_thread_offset_to_priv_stack_start
-    ldr r0, [r0]    /* priv stack ptr */
-    ldr r1, =CONFIG_PRIVILEGED_STACK_SIZE
-    add r0, r1
-
-    /* Store current SP and LR at the beginning of the priv stack */
-    subs r0, #8
-    mov r1, ip
-    str r1, [r0, #0]
-    mov r1, lr
-    str r1, [r0, #4]
-    mov ip, r0
-    /* Restore user stack and original r0, r1 */
-    pop {r0, r1}
-
-#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
-    /* setup privileged stack */
-    ldr ip, =_kernel
-    ldr ip, [ip, #_kernel_offset_to_current]
-    ldr ip, [ip, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    add ip, #CONFIG_PRIVILEGED_STACK_SIZE
-
-    /* Store current SP and LR at the beginning of the priv stack */
-    subs ip, #8
-    str sp, [ip, #0]
-    str lr, [ip, #4]
-#elif defined(CONFIG_CPU_AARCH32_CORTEX_R)
+#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
     /*
      * The SVC handler has already switched to the privileged stack.
      * Store the user SP and LR at the beginning of the priv stack.
@@ -373,11 +307,6 @@ SECTION_FUNC(TEXT, z_arm_do_syscall)
     push {ip, lr}
 #endif
 
-#if !defined(CONFIG_CPU_AARCH32_CORTEX_R)
-    /* switch to privileged stack */
-    msr PSP, ip
-#endif
-
     /* Note (applies when using stack limit checking):
      * We do not need to lock IRQs after switching PSP to the privileged stack;
      * PSPLIM is guarding the default (user) stack, which, by design, is
@@ -386,14 +315,6 @@ SECTION_FUNC(TEXT, z_arm_do_syscall)
      * the maximum exception stack frame.
      */
 
-#if defined(CONFIG_BUILTIN_STACK_GUARD)
-    /* Set stack pointer limit (needed in privileged mode) */
-    ldr ip, =_kernel
-    ldr ip, [ip, #_kernel_offset_to_current]
-    ldr ip, [ip, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    msr PSPLIM, ip
-#endif
-
     /*
      * r0-r5 contain arguments
      * r6 contains call_id

arch/arm/include/cortex_a_r/kernel_arch_func.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2019 Carlo Caione <ccaione@baylibre.com>
+ * Copyright 2025 Arm Limited and/or its affiliates <open-source-office@arm.com>
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -57,7 +58,8 @@ static ALWAYS_INLINE void arch_switch(void *switch_to, void **switched_from)
 extern FUNC_NORETURN void z_arm_userspace_enter(k_thread_entry_t user_entry,
 					       void *p1, void *p2, void *p3,
 					       uint32_t stack_end,
-					       uint32_t stack_start);
+					       uint32_t stack_start,
+					       uint32_t sp_is_priv);
 
 extern void z_arm_fatal_error(unsigned int reason, const struct arch_esf *esf);
 

arch/arm/include/cortex_m/kernel_arch_func.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2019 Carlo Caione <ccaione@baylibre.com>
+ * Copyright 2025 Arm Limited and/or its affiliates <open-source-office@arm.com>
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -71,10 +72,9 @@ extern FUNC_NORETURN void z_arm_switch_to_main_no_multithreading(
 
 #endif /* !CONFIG_MULTITHREADING */
 
-extern FUNC_NORETURN void z_arm_userspace_enter(k_thread_entry_t user_entry,
-					       void *p1, void *p2, void *p3,
-					       uint32_t stack_end,
-					       uint32_t stack_start);
+extern FUNC_NORETURN void z_arm_userspace_enter(k_thread_entry_t user_entry, void *p1, void *p2,
+						void *p3, uint32_t stack_end, uint32_t stack_start,
+						uint32_t sp_is_priv);
 
 extern void z_arm_fatal_error(unsigned int reason, const struct arch_esf *esf);
 

arch/arm/include/offsets_short_arch.h

@@ -45,10 +45,10 @@
 #define _thread_offset_to_priv_stack_start \
 	(___thread_t_arch_OFFSET + ___thread_arch_t_priv_stack_start_OFFSET)
 
-#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
 #define _thread_offset_to_priv_stack_end \
 	(___thread_t_arch_OFFSET + ___thread_arch_t_priv_stack_end_OFFSET)
 
+#if defined(CONFIG_CPU_AARCH32_CORTEX_R)
 #define _thread_offset_to_sp_usr \
 	(___thread_t_arch_OFFSET + ___thread_arch_t_sp_usr_OFFSET)
 #endif

arch/arm64/core/cpu_idle.S

@@ -13,7 +13,7 @@
 #include <zephyr/arch/cpu.h>
 
 _ASM_FILE_PROLOGUE
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
+
 GTEXT(arch_cpu_idle)
 SECTION_FUNC(TEXT, arch_cpu_idle)
 #ifdef CONFIG_TRACING
@@ -25,9 +25,7 @@ SECTION_FUNC(TEXT, arch_cpu_idle)
 	wfi
 	msr	daifclr, #(DAIFCLR_IRQ_BIT)
 	ret
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 GTEXT(arch_cpu_atomic_idle)
 SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 #ifdef CONFIG_TRACING
@@ -43,5 +41,3 @@ SECTION_FUNC(TEXT, arch_cpu_atomic_idle)
 	msr	daifclr, #(DAIFCLR_IRQ_BIT)
 _irq_disabled:
 	ret
-
-#endif

arch/common/CMakeLists.txt

@@ -17,11 +17,6 @@ if(CONFIG_GEN_ISR_TABLES)
   )
 endif()
 
-zephyr_library_sources_ifdef(
-  CONFIG_ISR_TABLE_SHELL
-  isr_tables_shell.c
-)
-
 zephyr_library_sources_ifdef(
   CONFIG_MULTI_LEVEL_INTERRUPTS
   multilevel_irq.c

arch/common/Kconfig

@@ -30,10 +30,3 @@ config LEGACY_MULTI_LEVEL_TABLE_GENERATION
 	help
 	  A make-shift Kconfig to continue generating the multi-level interrupt LUT
 	  with the legacy way using DT macros.
-
-config ISR_TABLE_SHELL
-	bool "Shell command to dump the ISR tables"
-	depends on GEN_SW_ISR_TABLE
-	depends on SHELL
-	help
-	  This option enables a shell command to dump the ISR tables.

arch/common/isr_tables_shell.c

@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2024 Meta Platforms.
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include <zephyr/debug/symtab.h>
-#include <zephyr/shell/shell.h>
-#include <zephyr/sw_isr_table.h>
-
-static void dump_isr_table_entry(const struct shell *sh, int idx, struct _isr_table_entry *entry)
-{
-
-	if ((entry->isr == z_irq_spurious) || (entry->isr == NULL)) {
-		return;
-	}
-#ifdef CONFIG_SYMTAB
-	const char *name = symtab_find_symbol_name((uintptr_t)entry->isr, NULL);
-
-	shell_print(sh, "%4d: %s(%p)", idx, name, entry->arg);
-#else
-	shell_print(sh, "%4d: %p(%p)", idx, entry->isr, entry->arg);
-#endif /* CONFIG_SYMTAB */
-}
-
-static int cmd_sw_isr_table(const struct shell *sh, size_t argc, char **argv)
-{
-	shell_print(sh, "_sw_isr_table[%d]\n", IRQ_TABLE_SIZE);
-
-	for (int idx = 0; idx < IRQ_TABLE_SIZE; idx++) {
-		dump_isr_table_entry(sh, idx, &_sw_isr_table[idx]);
-	}
-
-	return 0;
-}
-
-#ifdef CONFIG_SHARED_INTERRUPTS
-static int cmd_shared_sw_isr_table(const struct shell *sh, size_t argc, char **argv)
-{
-	shell_print(sh, "z_shared_sw_isr_table[%d][%d]\n", IRQ_TABLE_SIZE,
-		    CONFIG_SHARED_IRQ_MAX_NUM_CLIENTS);
-
-	for (int idx = 0; idx < IRQ_TABLE_SIZE; idx++) {
-		for (int c = 0; c < z_shared_sw_isr_table[idx].client_num; c++) {
-			dump_isr_table_entry(sh, idx, &z_shared_sw_isr_table[idx].clients[c]);
-		}
-	}
-
-	return 0;
-}
-#endif /* CONFIG_SHARED_INTERRUPTS */
-
-SHELL_STATIC_SUBCMD_SET_CREATE(isr_table_cmds,
-			       SHELL_CMD_ARG(sw_isr_table, NULL,
-					     "Dump _sw_isr_table.\n"
-					     "Usage: isr_table sw_isr_table",
-					     cmd_sw_isr_table, 1, 0),
-#ifdef CONFIG_SHARED_INTERRUPTS
-			       SHELL_CMD_ARG(shared_sw_isr_table, NULL,
-					     "Dump z_shared_sw_isr_table.\n"
-					     "Usage: isr_table shared_sw_isr_table",
-					     cmd_shared_sw_isr_table, 1, 0),
-#endif /* CONFIG_SHARED_INTERRUPTS */
-			       SHELL_SUBCMD_SET_END);
-
-SHELL_CMD_ARG_REGISTER(isr_table, &isr_table_cmds, "ISR tables shell command",
-		       NULL, 0, 0);

arch/common/ramfunc.ld

@@ -9,6 +9,7 @@
 
 SECTION_DATA_PROLOGUE(.ramfunc,,)
 {
+	__ramfunc_region_start = .;
 	MPU_ALIGN(__ramfunc_size);
 	__ramfunc_start = .;
 	*(.ramfunc)

arch/mips/core/cpu_idle.c

@@ -19,16 +19,12 @@ static ALWAYS_INLINE void mips_idle(unsigned int key)
 	__asm__ volatile("wait");
 }
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 void arch_cpu_idle(void)
 {
 	mips_idle(1);
 }
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 void arch_cpu_atomic_idle(unsigned int key)
 {
 	mips_idle(key);
 }
-#endif

arch/nios2/core/cpu_idle.c

@@ -7,7 +7,6 @@
 #include <zephyr/kernel.h>
 #include <zephyr/kernel_structs.h>
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 void arch_cpu_idle(void)
 {
 	/* Do nothing but unconditionally unlock interrupts and return to the
@@ -15,9 +14,7 @@ void arch_cpu_idle(void)
 	 */
 	irq_unlock(NIOS2_STATUS_PIE_MSK);
 }
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 void arch_cpu_atomic_idle(unsigned int key)
 {
 	/* Do nothing but restore IRQ state. This CPU does not have any
@@ -25,4 +22,3 @@ void arch_cpu_atomic_idle(unsigned int key)
 	 */
 	irq_unlock(key);
 }
-#endif

arch/posix/core/CMakeLists.txt

@@ -21,12 +21,10 @@ endif()
 if(CONFIG_NATIVE_APPLICATION)
 	zephyr_include_directories(
 		nsi_compat/
-		${ZEPHYR_BASE}/scripts/native_simulator/common/src/include/
 	)
 	zephyr_library_sources(
-		posix_core_nsi.c
+		posix_core.c
 		nsi_compat/nsi_compat.c
-		${ZEPHYR_BASE}/scripts/native_simulator/common/src/nct.c
 		${ZEPHYR_BASE}/scripts/native_simulator/common/src/nce.c
 		${ZEPHYR_BASE}/scripts/native_simulator/common/src/nsi_host_trampolines.c
 	)

arch/posix/core/nsi_compat/nce_if.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#ifndef NSI_COMMON_SRC_INCL_NCE_IF_H
+#define NSI_COMMON_SRC_INCL_NCE_IF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Native simulator CPU start/stop emulation module interface */
+
+void *nce_init(void);
+void nce_terminate(void *this);
+void nce_boot_cpu(void *this, void (*start_routine)(void));
+void nce_halt_cpu(void *this);
+void nce_wake_cpu(void *this);
+int nce_is_cpu_running(void *this);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NSI_COMMON_SRC_INCL_NCE_IF_H */

arch/posix/core/nsi_compat/nsi_host_trampolines.h

@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Note: This is a provisional header which exists to allow
+ * old POSIX arch based boards (i.e. native_posix) to provide access
+ * to the host C library as if the native simulator trampolines
+ * existed.
+ *
+ * Boards based on the native simulator do NOT use this file
+ */
+
+#ifndef ARCH_POSIX_CORE_NSI_COMPAT_NSI_HOST_TRAMPOLINES_H
+#define ARCH_POSIX_CORE_NSI_COMPAT_NSI_HOST_TRAMPOLINES_H
+
+#include "../scripts/native_simulator/common/src/include/nsi_host_trampolines.h"
+
+#endif /* ARCH_POSIX_CORE_NSI_COMPAT_NSI_HOST_TRAMPOLINES_H */

arch/posix/core/nsi_compat/nsi_safe_call.h

@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef ARCH_POSIX_CORE_NSI_SAFE_CALLL_H
+#define ARCH_POSIX_CORE_NSI_SAFE_CALLL_H
+
+#include "nsi_tracing.h"
+#include "posix_arch_internal.h"
+
+#define NSI_SAFE_CALL PC_SAFE_CALL
+
+#endif /* ARCH_POSIX_CORE_NSI_SAFE_CALLL_H */

arch/posix/core/nsi_compat/nsi_tracing.h

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef ARCH_POSIX_CORE_NSI_TRACING_H
+#define ARCH_POSIX_CORE_NSI_TRACING_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void nsi_print_error_and_exit(const char *format, ...);
+void nsi_print_warning(const char *format, ...);
+void nsi_print_trace(const char *format, ...);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ARCH_POSIX_CORE_NSI_TRACING_H */

arch/posix/core/posix_core.c

@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2017 Oticon A/S
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * Here is where things actually happen for the POSIX arch
+ *
+ * We isolate all functions here, to ensure they can be compiled as
+ * independently as possible to the remainder of Zephyr to avoid name clashes
+ * as Zephyr does provide functions with the same names as the POSIX threads
+ * functions
+ */
+/**
+ * Principle of operation:
+ *
+ * The Zephyr OS and its app run as a set of native pthreads.
+ * The Zephyr OS only sees one of this thread executing at a time.
+ * Which is running is controlled using {cond|mtx}_threads and
+ * currently_allowed_thread.
+ *
+ * The main part of the execution of each thread will occur in a fully
+ * synchronous and deterministic manner, and only when commanded by the Zephyr
+ * kernel.
+ * But the creation of a thread will spawn a new pthread whose start
+ * is asynchronous to the rest, until synchronized in posix_wait_until_allowed()
+ * below.
+ * Similarly aborting and canceling threads execute a tail in a quite
+ * asynchronous manner.
+ *
+ * This implementation is meant to be portable in between POSIX systems.
+ * A table (threads_table) is used to abstract the native pthreads.
+ * And index in this table is used to identify threads in the IF to the kernel.
+ *
+ */
+
+#include <pthread.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "posix_core.h"
+#include "posix_arch_internal.h"
+
+#define PREFIX     "POSIX arch core: "
+#define ERPREFIX   PREFIX"error on "
+#define NO_MEM_ERR PREFIX"Can't allocate memory\n"
+
+#define PC_ENABLE_CANCEL 0 /* See Note.c1 */
+#define PC_ALLOC_CHUNK_SIZE 64
+#define PC_REUSE_ABORTED_ENTRIES 0
+/* tests/kernel/threads/scheduling/schedule_api fails when setting
+ * PC_REUSE_ABORTED_ENTRIES => don't set it by now
+ */
+
+static int threads_table_size;
+struct threads_table_el {
+	enum {NOTUSED = 0, USED, ABORTING, ABORTED, FAILED} state;
+	bool running;     /* Is this the currently running thread */
+	pthread_t thread; /* Actual pthread_t as returned by native kernel */
+	int thead_cnt; /* For debugging: Unique, consecutive, thread number */
+	/* Pointer to the status kept in the Zephyr thread stack */
+	posix_thread_status_t *t_status;
+};
+
+static struct threads_table_el *threads_table;
+
+static int thread_create_count; /* For debugging. Thread creation counter */
+
+/*
+ * Conditional variable to block/awake all threads during swaps()
+ * (we only need 1 mutex and 1 cond variable for all threads)
+ */
+static pthread_cond_t cond_threads = PTHREAD_COND_INITIALIZER;
+/* Mutex for the conditional variable posix_core_cond_threads */
+static pthread_mutex_t mtx_threads = PTHREAD_MUTEX_INITIALIZER;
+/* Token which tells which process is allowed to run now */
+static int currently_allowed_thread;
+
+static bool terminate; /* Are we terminating the program == cleaning up */
+
+static void posix_wait_until_allowed(int this_th_nbr);
+static void *posix_thread_starter(void *arg);
+static void posix_preexit_cleanup(void);
+extern void posix_arch_thread_entry(void *pa_thread_status);
+
+/**
+ * Helper function, run by a thread is being aborted
+ */
+static void abort_tail(int this_th_nbr)
+{
+	PC_DEBUG("Thread [%i] %i: %s: Aborting (exiting) (rel mut)\n",
+		threads_table[this_th_nbr].thead_cnt,
+		this_th_nbr,
+		__func__);
+
+	threads_table[this_th_nbr].running = false;
+	threads_table[this_th_nbr].state = ABORTED;
+	posix_preexit_cleanup();
+	pthread_exit(NULL);
+}
+
+/**
+ *  Helper function to block this thread until it is allowed again
+ *  (somebody calls posix_let_run() with this thread number
+ *
+ * Note that we go out of this function (the while loop below)
+ * with the mutex locked by this particular thread.
+ * In normal circumstances, the mutex is only unlocked internally in
+ * pthread_cond_wait() while waiting for cond_threads to be signaled
+ */
+static void posix_wait_until_allowed(int this_th_nbr)
+{
+	threads_table[this_th_nbr].running = false;
+
+	PC_DEBUG("Thread [%i] %i: %s: Waiting to be allowed to run (rel mut)\n",
+		threads_table[this_th_nbr].thead_cnt,
+		this_th_nbr,
+		__func__);
+
+	while (this_th_nbr != currently_allowed_thread) {
+		pthread_cond_wait(&cond_threads, &mtx_threads);
+
+		if (threads_table &&
+		    (threads_table[this_th_nbr].state == ABORTING)) {
+			abort_tail(this_th_nbr);
+		}
+	}
+
+	threads_table[this_th_nbr].running = true;
+
+	PC_DEBUG("Thread [%i] %i: %s(): I'm allowed to run! (hav mut)\n",
+		threads_table[this_th_nbr].thead_cnt,
+		this_th_nbr,
+		__func__);
+}
+
+
+/**
+ * Helper function to let the thread <next_allowed_th> run
+ * Note: posix_let_run() can only be called with the mutex locked
+ */
+static void posix_let_run(int next_allowed_th)
+{
+	PC_DEBUG("%s: We let thread [%i] %i run\n",
+		__func__,
+		threads_table[next_allowed_th].thead_cnt,
+		next_allowed_th);
+
+
+	currently_allowed_thread = next_allowed_th;
+
+	/*
+	 * We let all threads know one is able to run now (it may even be us
+	 * again if fancied)
+	 * Note that as we hold the mutex, they are going to be blocked until
+	 * we reach our own posix_wait_until_allowed() while loop
+	 */
+	PC_SAFE_CALL(pthread_cond_broadcast(&cond_threads));
+}
+
+
+static void posix_preexit_cleanup(void)
+{
+	/*
+	 * Release the mutex so the next allowed thread can run
+	 */
+	PC_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
+
+	/* We detach ourselves so nobody needs to join to us */
+	pthread_detach(pthread_self());
+}
+
+
+/**
+ * Let the ready thread run and block this thread until it is allowed again
+ *
+ * called from arch_swap() which does the picking from the kernel structures
+ */
+void posix_swap(int next_allowed_thread_nbr, int this_th_nbr)
+{
+	posix_let_run(next_allowed_thread_nbr);
+
+	if (threads_table[this_th_nbr].state == ABORTING) {
+		PC_DEBUG("Thread [%i] %i: %s: Aborting curr.\n",
+			threads_table[this_th_nbr].thead_cnt,
+			this_th_nbr,
+			__func__);
+		abort_tail(this_th_nbr);
+	} else {
+		posix_wait_until_allowed(this_th_nbr);
+	}
+}
+
+/**
+ * Let the ready thread (main) run, and exit this thread (init)
+ *
+ * Called from arch_switch_to_main_thread() which does the picking from the
+ * kernel structures
+ *
+ * Note that we could have just done a swap(), but that would have left the
+ * init thread lingering. Instead here we exit the init thread after enabling
+ * the new one
+ */
+void posix_main_thread_start(int next_allowed_thread_nbr)
+{
+	posix_let_run(next_allowed_thread_nbr);
+	PC_DEBUG("%s: Init thread dying now (rel mut)\n",
+		__func__);
+	posix_preexit_cleanup();
+	pthread_exit(NULL);
+}
+
+/**
+ * Handler called when any thread is cancelled or exits
+ */
+static void posix_cleanup_handler(void *arg)
+{
+	/*
+	 * If we are not terminating, this is just an aborted thread,
+	 * and the mutex was already released
+	 * Otherwise, release the mutex so other threads which may be
+	 * caught waiting for it could terminate
+	 */
+
+	if (!terminate) {
+		return;
+	}
+
+#if POSIX_ARCH_DEBUG_PRINTS
+	posix_thread_status_t *ptr = (posix_thread_status_t *) arg;
+
+	PC_DEBUG("Thread %i: %s: Canceling (rel mut)\n",
+		ptr->thread_idx,
+		__func__);
+#endif
+
+
+	PC_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
+
+	/* We detach ourselves so nobody needs to join to us */
+	pthread_detach(pthread_self());
+}
+
+/**
+ * Helper function to start a Zephyr thread as a POSIX thread:
+ *  It will block the thread until a arch_swap() is called for it
+ *
+ * Spawned from posix_new_thread() below
+ */
+static void *posix_thread_starter(void *arg)
+{
+	int thread_idx = (intptr_t)arg;
+
+	PC_DEBUG("Thread [%i] %i: %s: Starting\n",
+		threads_table[thread_idx].thead_cnt,
+		thread_idx,
+		__func__);
+
+	/*
+	 * We block until all other running threads reach the while loop
+	 * in posix_wait_until_allowed() and they release the mutex
+	 */
+	PC_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
+
+	/*
+	 * The program may have been finished before this thread ever got to run
+	 */
+	/* LCOV_EXCL_START */ /* See Note1 */
+	if (!threads_table) {
+		posix_cleanup_handler(arg);
+		pthread_exit(NULL);
+	}
+	/* LCOV_EXCL_STOP */
+
+	pthread_cleanup_push(posix_cleanup_handler, arg);
+
+	PC_DEBUG("Thread [%i] %i: %s: After start mutex (hav mut)\n",
+		threads_table[thread_idx].thead_cnt,
+		thread_idx,
+		__func__);
+
+	/*
+	 * The thread would try to execute immediately, so we block it
+	 * until allowed
+	 */
+	posix_wait_until_allowed(thread_idx);
+
+	posix_thread_status_t *ptr = threads_table[thread_idx].t_status;
+
+	posix_arch_thread_entry(ptr);
+
+	/*
+	 * We only reach this point if the thread actually returns which should
+	 * not happen. But we handle it gracefully just in case
+	 */
+	/* LCOV_EXCL_START */
+	posix_print_trace(PREFIX"Thread [%i] %i [%lu] ended!?!\n",
+			threads_table[thread_idx].thead_cnt,
+			thread_idx,
+			pthread_self());
+
+
+	threads_table[thread_idx].running = false;
+	threads_table[thread_idx].state = FAILED;
+
+	pthread_cleanup_pop(1);
+
+	return NULL;
+	/* LCOV_EXCL_STOP */
+}
+
+/**
+ * Return the first free entry index in the threads table
+ */
+static int ttable_get_empty_slot(void)
+{
+
+	for (int i = 0; i < threads_table_size; i++) {
+		if ((threads_table[i].state == NOTUSED)
+			|| (PC_REUSE_ABORTED_ENTRIES
+			&& (threads_table[i].state == ABORTED))) {
+			return i;
+		}
+	}
+
+	/*
+	 * else, we run out table without finding an index
+	 * => we expand the table
+	 */
+
+	threads_table = realloc(threads_table,
+				(threads_table_size + PC_ALLOC_CHUNK_SIZE)
+				* sizeof(struct threads_table_el));
+	if (threads_table == NULL) { /* LCOV_EXCL_BR_LINE */
+		posix_print_error_and_exit(NO_MEM_ERR); /* LCOV_EXCL_LINE */
+	}
+
+	/* Clear new piece of table */
+	(void)memset(&threads_table[threads_table_size], 0,
+		     PC_ALLOC_CHUNK_SIZE * sizeof(struct threads_table_el));
+
+	threads_table_size += PC_ALLOC_CHUNK_SIZE;
+
+	/* The first newly created entry is good: */
+	return threads_table_size - PC_ALLOC_CHUNK_SIZE;
+}
+
+/**
+ * Called from arch_new_thread(),
+ * Create a new POSIX thread for the new Zephyr thread.
+ * arch_new_thread() picks from the kernel structures what it is that we need
+ * to call with what parameters
+ */
+int posix_new_thread(void *ptr)
+{
+	int t_slot;
+
+	t_slot = ttable_get_empty_slot();
+	threads_table[t_slot].state = USED;
+	threads_table[t_slot].running = false;
+	threads_table[t_slot].thead_cnt = thread_create_count++;
+	threads_table[t_slot].t_status = ptr;
+
+	/*
+	 * Note: If you are here due to a valgrind reported memory leak in
+	 * pthread_create() please use the provided valgrind.supp suppression file.
+	 */
+	PC_SAFE_CALL(pthread_create(&threads_table[t_slot].thread,
+				  NULL,
+				  posix_thread_starter,
+				  (void *)(intptr_t)t_slot));
+
+	PC_DEBUG("%s created thread [%i] %i [%lu]\n",
+		__func__,
+		threads_table[t_slot].thead_cnt,
+		t_slot,
+		threads_table[t_slot].thread);
+
+	return t_slot;
+}
+
+/*
+ * Initialize the posix architecture
+ *
+ * Prepare whatever needs to be prepared to be able to start threads
+ */
+void posix_arch_init(void)
+{
+	thread_create_count = 0;
+
+	currently_allowed_thread = -1;
+
+	threads_table = calloc(PC_ALLOC_CHUNK_SIZE,
+				sizeof(struct threads_table_el));
+	if (threads_table == NULL) { /* LCOV_EXCL_BR_LINE */
+		posix_print_error_and_exit(NO_MEM_ERR); /* LCOV_EXCL_LINE */
+	}
+
+	threads_table_size = PC_ALLOC_CHUNK_SIZE;
+
+
+	PC_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
+}
+
+/*
+ * Free any allocated memory by the posix core and clean up.
+ * Note that this function cannot be called from a SW thread
+ * (the CPU is assumed halted. Otherwise we will cancel ourselves)
+ *
+ * This function cannot guarantee the threads will be cancelled before the HW
+ * thread exists. The only way to do that, would be  to wait for each of them in
+ * a join (without detaching them, but that could lead to locks in some
+ * convoluted cases. As a call to this function can come from an ASSERT or other
+ * error termination, we better do not assume things are working fine.
+ * => we prefer the supposed memory leak report from valgrind, and ensure we
+ * will not hang
+ */
+void posix_arch_clean_up(void)
+{
+
+	if (!threads_table) { /* LCOV_EXCL_BR_LINE */
+		return; /* LCOV_EXCL_LINE */
+	}
+
+	terminate = true;
+
+#if (PC_ENABLE_CANCEL)
+	for (int i = 0; i < threads_table_size; i++) {
+		if (threads_table[i].state != USED) {
+			continue;
+		}
+
+		/* LCOV_EXCL_START */
+		if (pthread_cancel(threads_table[i].thread)) {
+			posix_print_warning(
+				PREFIX"cleanup: could not stop thread %i\n",
+				i);
+		}
+		/* LCOV_EXCL_STOP */
+	}
+#endif
+
+	free(threads_table);
+	threads_table = NULL;
+}
+
+void posix_abort_thread(int thread_idx)
+{
+	if (thread_idx == currently_allowed_thread) {
+		PC_DEBUG("Thread [%i] %i: %s Marked myself "
+			"as aborting\n",
+			threads_table[thread_idx].thead_cnt,
+			thread_idx,
+			__func__);
+	} else {
+		if (threads_table[thread_idx].state != USED) { /* LCOV_EXCL_BR_LINE */
+			/* The thread may have been already aborted before */
+			return; /* LCOV_EXCL_LINE */
+		}
+
+		PC_DEBUG("Aborting not scheduled thread [%i] %i\n",
+			threads_table[thread_idx].thead_cnt,
+			thread_idx);
+	}
+
+	threads_table[thread_idx].state = ABORTING;
+	/*
+	 * Note: the native thread will linger in RAM until it catches the
+	 * mutex or awakes on the condition.
+	 * Note that even if we would pthread_cancel() the thread here, that
+	 * would be the case, but with a pthread_cancel() the mutex state would
+	 * be uncontrolled
+	 */
+
+}
+
+int posix_arch_get_unique_thread_id(int thread_idx)
+{
+	return threads_table[thread_idx].thead_cnt;
+}
+
+/*
+ * Notes about coverage:
+ *
+ * Note1:
+ *
+ * This condition will only be triggered in very unlikely cases
+ * (once every few full regression runs).
+ * It is therefore excluded from the coverage report to avoid confusing
+ * developers.
+ *
+ * Background: This arch creates a pthread as soon as the Zephyr kernel creates
+ * a Zephyr thread. A pthread creation is an asynchronous process handled by the
+ * host kernel.
+ *
+ * This architecture normally keeps only 1 thread executing at a time.
+ * But part of the pre-initialization during creation of a new thread
+ * and some cleanup at the tail of the thread termination are executed
+ * in parallel to other threads.
+ * That is, the execution of those code paths is a bit indeterministic.
+ *
+ * Only when the Zephyr kernel attempts to swap to a new thread does this
+ * architecture need to wait until its pthread is ready and initialized
+ * (has reached posix_wait_until_allowed())
+ *
+ * In some cases (tests) threads are created which are never actually needed
+ * (typically the idle thread). That means the test may finish before this
+ * thread's underlying pthread has reached posix_wait_until_allowed().
+ *
+ * In this unlikely cases the initialization or cleanup of the thread follows
+ * non-typical code paths.
+ * This code paths are there to ensure things work always, no matter
+ * the load of the host. Without them, very rare & mysterious segfault crashes
+ * would occur.
+ * But as they are very atypical and only triggered with some host loads,
+ * they will be covered in the coverage reports only rarely.
+ *
+ * Note2:
+ *
+ * Some other code will never or only very rarely trigger and is therefore
+ * excluded with LCOV_EXCL_LINE
+ *
+ *
+ * Notes about (memory) cleanup:
+ *
+ * Note.c1:
+ *
+ * In some very rare cases in very loaded machines, a race in the glibc pthread_cancel()
+ * seems to be triggered.
+ * In this, the cancelled thread cleanup overtakes the pthread_cancel() code, and frees the
+ * pthread structure before pthread_cancel() has finished, resulting in a dereference into already
+ * free'd memory, and therefore a segfault.
+ * Calling pthread_cancel() during cleanup is not required beyond preventing a valgrind
+ * memory leak report (all threads will be canceled immediately on exit).
+ * Therefore we do not do this, to avoid this very rare crashes.
+ */

arch/posix/core/thread.c

@@ -61,6 +61,25 @@ void posix_arch_thread_entry(void *pa_thread_status)
 	z_thread_entry(ptr->entry_point, ptr->arg1, ptr->arg2, ptr->arg3);
 }
 
+#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
+int arch_float_disable(struct k_thread *thread)
+{
+	ARG_UNUSED(thread);
+
+	/* Posix always has FPU enabled so cannot be disabled */
+	return -ENOTSUP;
+}
+
+int arch_float_enable(struct k_thread *thread, unsigned int options)
+{
+	ARG_UNUSED(thread);
+	ARG_UNUSED(options);
+
+	/* Posix always has FPU enabled so nothing to do here */
+	return 0;
+}
+#endif /* CONFIG_FPU && CONFIG_FPU_SHARING */
+
 #if defined(CONFIG_ARCH_HAS_THREAD_ABORT)
 void z_impl_k_thread_abort(k_tid_t thread)
 {

arch/riscv/core/cpu_idle.c

@@ -7,20 +7,16 @@
 #include <zephyr/irq.h>
 #include <zephyr/tracing/tracing.h>
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
-void arch_cpu_idle(void)
+void __weak arch_cpu_idle(void)
 {
 	sys_trace_idle();
 	__asm__ volatile("wfi");
 	irq_unlock(MSTATUS_IEN);
 }
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
-void arch_cpu_atomic_idle(unsigned int key)
+void __weak arch_cpu_atomic_idle(unsigned int key)
 {
 	sys_trace_idle();
 	__asm__ volatile("wfi");
 	irq_unlock(key);
 }
-#endif

arch/riscv/core/fatal.c

@@ -226,13 +226,6 @@ void _Fault(struct arch_esf *esf)
 	unsigned int reason = K_ERR_CPU_EXCEPTION;
 
 	if (bad_stack_pointer(esf)) {
-#ifdef CONFIG_PMP_STACK_GUARD
-		/*
-		 * Remove the thread's PMP setting to prevent triggering a stack
-		 * overflow error again due to the previous configuration.
-		 */
-		z_riscv_pmp_stackguard_disable();
-#endif /* CONFIG_PMP_STACK_GUARD */
 		reason = K_ERR_STACK_CHK_FAIL;
 	}
 

arch/riscv/core/isr.S

@@ -163,6 +163,14 @@ SECTION_FUNC(exception.entry, _isr_wrapper)
 	lr t0, ___cpu_t_current_OFFSET(s0)
 	lr tp, _thread_offset_to_tls(t0)
 
+	/* Make sure global pointer is sane */
+#ifdef CONFIG_RISCV_GP
+	.option push
+	.option norelax
+	la gp, __global_pointer$
+	.option pop
+#endif /* CONFIG_RISCV_GP */
+
 	/* Clear our per-thread usermode flag */
 	lui t0, %tprel_hi(is_user_mode)
 	add t0, t0, tp, %tprel_add(is_user_mode)
@@ -347,21 +355,6 @@ no_fp:	/* increment _current->arch.exception_depth */
 	 */
 	li t1, RISCV_EXC_ECALLU
 	beq t0, t1, is_user_syscall
-
-#ifdef CONFIG_PMP_STACK_GUARD
-	/*
-	 * Determine if we come from user space. If so, reconfigure the PMP for
-	 * kernel mode stack guard.
-	 */
-	csrr t0, mstatus
-	li t1, MSTATUS_MPP
-	and t0, t0, t1
-	bnez t0, 1f
-	lr a0, ___cpu_t_current_OFFSET(s0)
-	call z_riscv_pmp_stackguard_enable
-1:
-#endif /* CONFIG_PMP_STACK_GUARD */
-
 #endif /* CONFIG_USERSPACE */
 
 	/*
@@ -443,6 +436,12 @@ do_fault:
 1:	mv a1, sp
 
 #ifdef CONFIG_EXCEPTION_DEBUG
+	/*
+	 * Restore the s0 we saved early in ISR entry
+	 * so it shows up properly in the CSF.
+	 */
+	lr s0, __struct_arch_esf_s0_OFFSET(sp)
+
 	/* Allocate space for caller-saved registers on current thread stack */
 	addi sp, sp, -__callee_saved_t_SIZEOF
 

arch/riscv/core/pmp.c

@@ -511,37 +511,6 @@ void z_riscv_pmp_stackguard_enable(struct k_thread *thread)
 	csr_set(mstatus, MSTATUS_MPRV);
 }
 
-/**
- * @brief Remove PMP stackguard content to actual PMP registers
- */
-void z_riscv_pmp_stackguard_disable(void)
-{
-
-	unsigned long pmp_addr[PMP_M_MODE_SLOTS];
-	unsigned long pmp_cfg[PMP_M_MODE_SLOTS / sizeof(unsigned long)];
-	unsigned int index = global_pmp_end_index;
-
-	/* Retrieve the pmpaddr value matching the last global PMP slot. */
-	pmp_addr[global_pmp_end_index - 1] = global_pmp_last_addr;
-
-	/* Disable (non-locked) PMP entries for m-mode while we update them. */
-	csr_clear(mstatus, MSTATUS_MPRV);
-
-	/*
-	 * Set a temporary default "catch all" PMP entry for MPRV to work,
-	 * except for the global locked entries.
-	 */
-	set_pmp_mprv_catchall(&index, pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
-
-	/* Write "catch all" entry and clear unlocked entries to PMP regs. */
-	write_pmp_entries(global_pmp_end_index, index,
-			  true, pmp_addr, pmp_cfg, ARRAY_SIZE(pmp_addr));
-
-	if (PMP_DEBUG_DUMP) {
-		dump_pmp_regs("catch all register dump");
-	}
-}
-
 #endif /* CONFIG_PMP_STACK_GUARD */
 
 #ifdef CONFIG_USERSPACE

arch/riscv/core/reset.S

@@ -62,7 +62,8 @@ boot_first_core:
 #ifdef CONFIG_INIT_STACKS
 	/* Pre-populate all bytes in z_interrupt_stacks with 0xAA */
 	la t0, z_interrupt_stacks
-	li t1, __z_interrupt_stack_SIZEOF
+	/* Total size of all cores' IRQ stack */
+	li t1, __z_interrupt_all_stacks_SIZEOF
 	add t1, t1, t0
 
 	/* Populate z_interrupt_stacks with 0xaaaaaaaa */
@@ -71,7 +72,7 @@ aa_loop:
 	sw t2, 0x00(t0)
 	addi t0, t0, 4
 	blt t0, t1, aa_loop
-#endif
+#endif /* CONFIG_INIT_STACKS */
 
 	/*
 	 * Initially, setup stack pointer to

arch/riscv/core/stacktrace.c

@@ -90,10 +90,7 @@ static bool in_stack_bound(uintptr_t addr, const struct k_thread *const thread,
 static bool in_fatal_stack_bound(uintptr_t addr, const struct k_thread *const thread,
 				 const struct arch_esf *esf)
 {
-	const uintptr_t align =
-		COND_CODE_1(CONFIG_FRAME_POINTER, (ARCH_STACK_PTR_ALIGN), (sizeof(uintptr_t)));
-
-	if (!IS_ALIGNED(addr, align)) {
+	if (!IS_ALIGNED(addr, sizeof(uintptr_t))) {
 		return false;
 	}
 

arch/riscv/include/pmp.h

@@ -10,7 +10,6 @@
 void z_riscv_pmp_init(void);
 void z_riscv_pmp_stackguard_prepare(struct k_thread *thread);
 void z_riscv_pmp_stackguard_enable(struct k_thread *thread);
-void z_riscv_pmp_stackguard_disable(void);
 void z_riscv_pmp_usermode_init(struct k_thread *thread);
 void z_riscv_pmp_usermode_prepare(struct k_thread *thread);
 void z_riscv_pmp_usermode_enable(struct k_thread *thread);

arch/x86/Kconfig

@@ -205,7 +205,7 @@ config MAX_IRQ_LINES
 config IRQ_OFFLOAD_VECTOR
 	int "IDT vector to use for IRQ offload"
 	default 33
-	range 32 $(UINT8_MAX)
+	range 32 255
 	depends on IRQ_OFFLOAD
 
 config PIC_DISABLE

arch/x86/core/Kconfig.intel64

@@ -42,13 +42,13 @@ config X86_EXCEPTION_STACK_TRACE
 config SCHED_IPI_VECTOR
 	int "IDT vector to use for scheduler IPI"
 	default 34
-	range 33 $(UINT8_MAX)
+	range 33 255
 	depends on SMP
 
 config TLB_IPI_VECTOR
 	int "IDT vector to use for TLB shootdown IPI"
 	default 35
-	range 33 $(UINT8_MAX)
+	range 33 255
 	depends on SMP
 
 # We should really only have to provide one of the following two values,

arch/x86/core/cpuhalt.c

@@ -7,7 +7,6 @@
 #include <zephyr/tracing/tracing.h>
 #include <zephyr/arch/cpu.h>
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
 __pinned_func
 void arch_cpu_idle(void)
 {
@@ -16,9 +15,7 @@ void arch_cpu_idle(void)
 	    "sti\n\t"
 	    "hlt\n\t");
 }
-#endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 __pinned_func
 void arch_cpu_atomic_idle(unsigned int key)
 {
@@ -45,4 +42,3 @@ void arch_cpu_atomic_idle(unsigned int key)
 		__asm__ volatile("cli");
 	}
 }
-#endif

arch/x86/core/ia32/intstub.S

@@ -112,12 +112,11 @@ SECTION_FUNC(PINNED_TEXT, _interrupt_enter)
 	 * EAX = isr_param, EDX = isr
 	 */
 
-	/* Push EBP as we will use it for scratch space.
-     * Also it helps in stack unwinding
+	/* Push EDI as we will use it for scratch space.
 	 * Rest of the callee-saved regs get saved by invocation of C
 	 * functions (isr handler, arch_swap(), etc)
 	 */
-	pushl	%ebp
+	pushl	%edi
 
 	/* load %ecx with &_kernel */
 
@@ -132,17 +131,17 @@ SECTION_FUNC(PINNED_TEXT, _interrupt_enter)
 	jne	alreadyOnIntStack
 
 	/*
-	 * switch to base of the interrupt stack: save esp in ebp, then load
+	 * switch to base of the interrupt stack: save esp in edi, then load
 	 * irq_stack pointer
 	 */
 
-	movl	%esp, %ebp
+	movl	%esp, %edi
 	movl	_kernel_offset_to_irq_stack(%ecx), %esp
 
 
 	/* save thread's stack pointer onto base of interrupt stack */
 
-	pushl	%ebp			/* Save stack pointer */
+	pushl	%edi			/* Save stack pointer */
 
 #ifdef CONFIG_PM
 	cmpl	$0, _kernel_offset_to_idle(%ecx)
@@ -266,7 +265,7 @@ alreadyOnIntStack:
 #endif /* CONFIG_LAZY_FPU_SHARING */
 
 	/* Restore volatile registers and return to the interrupted thread */
-	popl	%ebp
+	popl	%edi
 	popl	%ecx
 	popl	%edx
 	popl	%eax
@@ -299,7 +298,7 @@ noReschedule:
 	 */
 
 nestedInterrupt:
-	popl	%ebp
+	popl	%edi
 	popl	%ecx		/* pop volatile registers in reverse order */
 	popl	%edx
 	popl	%eax

arch/xtensa/core/CMakeLists.txt

@@ -12,7 +12,6 @@ zephyr_library_sources(
   irq_manage.c
   thread.c
   vector_handlers.c
-  prep_c.c
   )
 
 zephyr_library_sources_ifdef(CONFIG_XTENSA_USE_CORE_CRT1 crt1.S)

arch/xtensa/core/cpu_idle.c

@@ -6,7 +6,7 @@
 #include <zephyr/toolchain.h>
 #include <zephyr/tracing/tracing.h>
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_IDLE
+#ifndef CONFIG_ARCH_CPU_IDLE_CUSTOM
 void arch_cpu_idle(void)
 {
 	sys_trace_idle();
@@ -14,7 +14,6 @@ void arch_cpu_idle(void)
 }
 #endif
 
-#ifndef CONFIG_ARCH_HAS_CUSTOM_CPU_ATOMIC_IDLE
 void arch_cpu_atomic_idle(unsigned int key)
 {
 	sys_trace_idle();
@@ -22,4 +21,3 @@ void arch_cpu_atomic_idle(unsigned int key)
 			  "wsr.ps %0\n\t"
 			  "rsync" :: "a"(key));
 }
-#endif

arch/xtensa/core/crt1.S

@@ -4,7 +4,7 @@
  */
 
 /*
- * Control arrives here at _start from the reset vector.
+ * Control arrives here at _start from the reset vector or from crt0-app.S.
  */
 
 #include <xtensa/coreasm.h>
@@ -22,7 +22,7 @@
  */
 
 .global __start
-.type	z_prep_c, @function
+.type	z_cstart, @function
 
 
 /* Macros to abstract away ABI differences */
@@ -52,7 +52,7 @@ _start:
 	/*
 	 *  _start is typically NOT at the beginning of the text segment --
 	 *  it is always called from either the reset vector (__start) or other
-	 *  code that does equivalent initialization.
+	 *  code that does equivalent initialization (such as crt0-app.S).
 	 *
 	 *  Assumptions on entry to _start:
 	 *	- low (level-one) and medium priority interrupts are disabled
@@ -189,6 +189,6 @@ _start:
 #endif /* !XCHAL_HAVE_BOOTLOADER */
 
 	/* Enter C domain, never returns from here */
-	CALL	z_prep_c
+	CALL	z_cstart
 
 	.size	_start, . - _start

arch/xtensa/core/mpu.c

@@ -33,6 +33,9 @@ extern char _heap_start[];
 /** MPU foreground map for kernel mode. */
 static struct xtensa_mpu_map xtensa_mpu_map_fg_kernel;
 
+/** Make sure write to the MPU region is atomic. */
+static struct k_spinlock xtensa_mpu_lock;
+
 /*
  * Additional information about the MPU maps: foreground and background
  * maps.
@@ -629,6 +632,9 @@ void xtensa_mpu_map_write(struct xtensa_mpu_map *map)
 #endif
 {
 	int entry;
+	k_spinlock_key_t key;
+
+	key = k_spin_lock(&xtensa_mpu_lock);
 
 #ifdef CONFIG_USERSPACE
 	struct xtensa_mpu_map *map = thread->arch.mpu_map;
@@ -652,6 +658,8 @@ void xtensa_mpu_map_write(struct xtensa_mpu_map *map)
 		__asm__ volatile("wptlb %0, %1\n\t"
 				 : : "a"(map->entries[entry].at), "a"(map->entries[entry].as));
 	}
+
+	k_spin_unlock(&xtensa_mpu_lock, key);
 }
 
 /**
@@ -765,6 +773,7 @@ int arch_mem_domain_partition_remove(struct k_mem_domain *domain,
 {
 	int ret;
 	uint32_t perm;
+	struct k_thread *cur_thread;
 	struct xtensa_mpu_map *map = &domain->arch.mpu_map;
 	struct k_mem_partition *partition = &domain->partitions[partition_id];
 	uintptr_t end_addr = partition->start + partition->size;
@@ -833,6 +842,15 @@ int arch_mem_domain_partition_remove(struct k_mem_domain *domain,
 				 CONFIG_XTENSA_MPU_DEFAULT_MEM_TYPE,
 				 NULL);
 
+	/*
+	 * Need to update hardware MPU regions if we are removing
+	 * partition from the domain of the current running thread.
+	 */
+	cur_thread = _current_cpu->current;
+	if (cur_thread->mem_domain_info.mem_domain == domain) {
+		xtensa_mpu_map_write(cur_thread);
+	}
+
 out:
 	return ret;
 }
@@ -841,6 +859,7 @@ int arch_mem_domain_partition_add(struct k_mem_domain *domain,
 				  uint32_t partition_id)
 {
 	int ret;
+	struct k_thread *cur_thread;
 	struct xtensa_mpu_map *map = &domain->arch.mpu_map;
 	struct k_mem_partition *partition = &domain->partitions[partition_id];
 	uintptr_t end_addr = partition->start + partition->size;
@@ -855,6 +874,20 @@ int arch_mem_domain_partition_add(struct k_mem_domain *domain,
 				 CONFIG_XTENSA_MPU_DEFAULT_MEM_TYPE,
 				 NULL);
 
+	/*
+	 * Need to update hardware MPU regions if we are removing
+	 * partition from the domain of the current running thread.
+	 *
+	 * Note that this function can be called with dummy thread
+	 * at boot so we need to avoid writing MPU regions to
+	 * hardware.
+	 */
+	cur_thread = _current_cpu->current;
+	if (((cur_thread->base.thread_state & _THREAD_DUMMY) != _THREAD_DUMMY) &&
+	    (cur_thread->mem_domain_info.mem_domain == domain)) {
+		xtensa_mpu_map_write(cur_thread);
+	}
+
 out:
 	return ret;
 }

arch/xtensa/core/prep_c.c

@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2024 Intel Corporation.
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-#include <zephyr/kernel.h>
-#include <kernel_internal.h>
-
-extern FUNC_NORETURN void z_cstart(void);
-
-/* defined by the SoC in case of CONFIG_SOC_HAS_RUNTIME_NUM_CPUS=y */
-extern void soc_num_cpus_init(void);
-
-/**
- *
- * @brief Prepare to and run C code
- *
- * This routine prepares for the execution of and runs C code.
- *
- */
-void z_prep_c(void)
-{
-#if CONFIG_SOC_HAS_RUNTIME_NUM_CPUS
-	soc_num_cpus_init();
-#endif
-
-	_cpu_t *cpu0 = &_kernel.cpus[0];
-
-#ifdef CONFIG_KERNEL_COHERENCE
-	/* Make sure we don't have live data for unexpected cached
-	 * regions due to boot firmware
-	 */
-	sys_cache_data_flush_and_invd_all();
-
-	/* Our cache top stash location might have junk in it from a
-	 * pre-boot environment.  Must be zero or valid!
-	 */
-	XTENSA_WSR(ZSR_FLUSH_STR, 0);
-#endif
-
-	cpu0->nested = 0;
-
-	/* The asm2 scheme keeps the kernel pointer in a scratch SR
-	 * (see zsr.h for generation specifics) for easy access.  That
-	 * saves 4 bytes of immediate value to store the address when
-	 * compared to the legacy scheme.  But in SMP this record is a
-	 * per-CPU thing and having it stored in a SR already is a big
-	 * win.
-	 */
-	XTENSA_WSR(ZSR_CPU_STR, cpu0);
-
-#ifdef CONFIG_INIT_STACKS
-	char *stack_start = K_KERNEL_STACK_BUFFER(z_interrupt_stacks[0]);
-	size_t stack_sz = K_KERNEL_STACK_SIZEOF(z_interrupt_stacks[0]);
-	char *stack_end = stack_start + stack_sz;
-
-	uint32_t sp;
-
-	__asm__ volatile("mov %0, sp" : "=a"(sp));
-
-	/* Only clear the interrupt stack if the current stack pointer
-	 * is not within the interrupt stack. Or else we would be
-	 * wiping the in-use stack.
-	 */
-	if (((uintptr_t)sp < (uintptr_t)stack_start) ||
-	    ((uintptr_t)sp >= (uintptr_t)stack_end)) {
-		memset(stack_start, 0xAA, stack_sz);
-	}
-#endif
-
-#ifdef CONFIG_XTENSA_MMU
-	xtensa_mmu_init();
-#endif
-
-#ifdef CONFIG_XTENSA_MPU
-	xtensa_mpu_init();
-#endif
-	z_cstart();
-	CODE_UNREACHABLE;
-}

arch/xtensa/core/ptables.c

@@ -267,12 +267,6 @@ static void map_memory(const uint32_t start, const uint32_t end,
 static void xtensa_init_page_tables(void)
 {
 	volatile uint8_t entry;
-	static bool already_inited;
-
-	if (already_inited) {
-		return;
-	}
-	already_inited = true;
 
 	init_page_table(xtensa_kernel_ptables, XTENSA_L1_PAGE_TABLE_ENTRIES);
 	atomic_set_bit(l1_page_table_track, 0);
@@ -311,7 +305,15 @@ __weak void arch_xtensa_mmu_post_init(bool is_core0)
 
 void xtensa_mmu_init(void)
 {
-	xtensa_init_page_tables();
+	if (_current_cpu->id == 0) {
+		/* This is normally done via arch_kernel_init() inside z_cstart().
+		 * However, before that is called, we go through the sys_init of
+		 * INIT_LEVEL_EARLY, which is going to result in TLB misses.
+		 * So setup whatever necessary so the exception handler can work
+		 * properly.
+		 */
+		xtensa_init_page_tables();
+	}
 
 	xtensa_init_paging(xtensa_kernel_ptables);
 

arch/xtensa/core/vector_handlers.c

@@ -363,13 +363,9 @@ void *xtensa_excint1_c(void *esf)
 
 	switch (cause) {
 	case EXCCAUSE_LEVEL1_INTERRUPT:
-#ifdef CONFIG_XTENSA_MMU
 		if (!is_dblexc) {
 			return xtensa_int1_c(interrupted_stack);
 		}
-#else
-		return xtensa_int1_c(interrupted_stack);
-#endif /* CONFIG_XTENSA_MMU */
 		break;
 #ifndef CONFIG_USERSPACE
 	/* Syscalls are handled earlier in assembly if MMU is enabled.