release: bump version to Zephyr 1.14.2

Update version to 1.14.2

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

.editorconfig

@@ -7,7 +7,7 @@ root = true
 [*]
 charset = utf-8
 end_of_line = lf
-insert_final_newline = false
+insert_final_newline = true
 trim_trailing_whitespace = true
 
 # C
@@ -53,4 +53,4 @@ indent_size = 2
 
 # Makefile
 [Makefile]
-indent_style = tab
+indent_style = tab

.github/license_config.yml

@@ -0,0 +1,16 @@
+license:
+  main: apache-2.0
+  report_missing: true
+  category: Permissive
+copyright:
+  check: true
+exclude:
+  extensions:
+    - yml
+    - yaml
+    - html
+    - rst
+    - conf
+    - cfg
+  langs:
+    - HTML

.github/workflows/doc-build.yml

@@ -0,0 +1,65 @@
+# Copyright (c) 2020 Linaro Limited.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Documentation GitHub Workflow
+
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Update PATH for west
+      run: |
+        echo "::add-path::$HOME/.local/bin"
+
+    - name: checkout
+      uses: actions/checkout@v2
+
+    - name: install-pkgs
+      run: |
+        sudo apt-get install -y ninja-build doxygen
+
+    - name: cache-pip
+      uses: actions/cache@v1
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-doc-pip
+
+    - name: install-pip
+      run: |
+        pip3 install setuptools
+        pip3 install 'breathe>=4.9.1,<4.15.0' 'docutils>=0.14' \
+                     'sphinx>=1.7.5,<3.0' sphinx_rtd_theme sphinx-tabs \
+                     sphinxcontrib-svg2pdfconverter 'west>=0.6.2'
+        pip3 install pyelftools
+
+    - name: west setup
+      run: |
+        west init -l . || true
+
+    - name: build-docs
+      run: |
+        source zephyr-env.sh
+        make htmldocs
+        tar cvf htmldocs.tar --directory=./doc/_build html
+
+    - name: upload-build
+      uses: actions/upload-artifact@master
+      continue-on-error: True
+      with:
+        name: htmldocs.tar
+        path: htmldocs.tar
+
+    - name: check-warns
+      run: |
+        if [ -s doc/_build/doc.warnings ]; then
+           docwarn=$(cat doc/_build/doc.warnings)
+           docwarn="${docwarn//'%'/'%25'}"
+           docwarn="${docwarn//$'\n'/'%0A'}"
+           docwarn="${docwarn//$'\r'/'%0D'}"
+           # We treat doc warnings as errors
+           echo "::error file=doc.warnings::$docwarn"
+           exit 1
+        fi

.github/workflows/license_check.yml

@@ -0,0 +1,32 @@
+name: Scancode
+
+on: [pull_request]
+
+jobs:
+  scancode_job:
+    runs-on: ubuntu-latest
+    name: Scan code for licenses
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v1
+    - name: Scan the code
+      id: scancode
+      uses: zephyrproject-rtos/action_scancode@v3
+      with:
+        directory-to-scan: 'scan/'
+    - name: Artifact Upload
+      uses: actions/upload-artifact@v1
+      with:
+        name: scancode
+        path: ./artifacts
+
+    - name: Verify
+      run: |
+        if [ -s ./artifacts/report.txt ]; then
+          report=$(cat ./artifacts/report.txt)
+          report="${report//'%'/'%25'}"
+          report="${report//$'\n'/'%0A'}"
+          report="${report//$'\r'/'%0D'}"
+          echo "::error file=./artifacts/report.txt::$report"
+          exit 1
+        fi

.known-issues/doc/bluetooth.conf

@@ -48,3 +48,21 @@
 ^(?P=filename):(?P=lineno): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
 ^.*bt_mesh_model.__unnamed__.*
 ^[- \t]*\^
+#
+# Bluetooth mesh pub struct definition
+#
+^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]bluetooth[/\\]mesh[/\\]access.rst):(?P<lineno>[0-9]+): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
+^.*bt_mesh_model_pub.*
+^[- \t]*\^
+^(?P=filename):(?P=lineno): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
+^.*bt_mesh_model_pub.*
+^[- \t]*\^
+^(?P=filename):(?P=lineno): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
+^.*bt_mesh_model_pub.*
+^[- \t]*\^
+^(?P=filename):(?P=lineno): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
+^.*bt_mesh_model_pub.*
+^[- \t]*\^
+^(?P=filename):(?P=lineno): WARNING: Invalid definition: Expected end of definition. \[error at [0-9]+]
+^.*bt_mesh_model_pub.*
+^[- \t]*\^

.known-issues/doc/duplicate.conf

@@ -1,6 +1,6 @@
 #
-^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]file_system[/\\]index.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration.
+^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]file_system[/\\]index.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration(.*)
 #
-^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]peripherals[/\\]dma.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration.
+^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]peripherals[/\\]dma.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration(.*)
 #
-^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]peripherals[/\\]sensor.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration.
+^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]peripherals[/\\]sensor.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration(.*)

.known-issues/doc/networking.conf

@@ -67,4 +67,4 @@
 #
 # stray duplicate definition warnings
 #
-^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]networking[/\\]net_if.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration.
+^(?P<filename>([\-:\\/\w\.])+[/\\]doc[/\\]reference[/\\]networking[/\\]net_if.rst):(?P<lineno>[0-9]+): WARNING: Duplicate declaration(.*)

.shippable.yml

@@ -4,8 +4,8 @@ compiler: gcc
 
 env:
     global:
-        - SDK=0.10.0
-        - ZEPHYR_SDK_INSTALL_DIR=/opt/sdk/zephyr-sdk-0.10.0
+        - SDK=0.10.3
+        - ZEPHYR_SDK_INSTALL_DIR=/opt/sdk/zephyr-sdk-0.10.3
         - ZEPHYR_TOOLCHAIN_VARIANT=zephyr
         - MATRIX_BUILDS="5"
     matrix:
@@ -21,7 +21,7 @@ build:
         - ${SHIPPABLE_BUILD_DIR}/ccache
     pre_ci_boot:
         image_name: zephyrprojectrtos/ci
-        image_tag: v0.6.3
+        image_tag: v0.8.2
         pull: true
         options: "-e HOME=/home/buildslave --privileged=true --tty --net=bridge --user buildslave"
 
@@ -48,7 +48,11 @@ build:
         else
           ./scripts/ci/run_ci.sh -s -b ${BRANCH} -r origin -m ${MATRIX_BUILD} -M ${MATRIX_BUILDS};
         fi;
-
+branches:
+  only:
+    - master
+    - v*-branch
+    - topic-*
 integrations:
   notifications:
     - integrationName: slack_integration
@@ -70,5 +74,6 @@ integrations:
           - net
           - bluetooth
           - arm
+          - v1.14-branch
       on_success: never
       on_failure: never

CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 # *DOCUMENTATION*
 #
 # Note that this is *NOT* the top-level CMakeLists.txt. That's in the
@@ -575,16 +577,20 @@ add_subdirectory(ext)
 add_subdirectory(subsys)
 add_subdirectory(drivers)
 
-# Add all zephyr modules subdirectories.
-if(ZEPHYR_MODULES_NAME)
-  message("Including module(s): ${ZEPHYR_MODULES_NAME}")
+# Include zephyr modules generated CMake file.
+if(EXISTS ${CMAKE_BINARY_DIR}/zephyr_modules.txt)
+  file(STRINGS ${CMAKE_BINARY_DIR}/zephyr_modules.txt ZEPHYR_MODULES_TXT)
+
+  foreach(module ${ZEPHYR_MODULES_TXT})
+    # Match "<name>":"<path>" for each line of file, each corresponding to
+    # one module. The use of quotes is required due to CMake not supporting
+    # lazy regexes (it supports greedy only).
+    string(REGEX REPLACE "\"(.*)\":\".*\"" "\\1" module_name ${module})
+    string(REGEX REPLACE "\".*\":\"(.*)\"" "\\1" module_path ${module})
+    message("Including module: ${module_name} in path: ${module_path}")
+    add_subdirectory(${module_path} ${CMAKE_BINARY_DIR}/${module_name})
+  endforeach()
 endif()
-set(index 0)
-foreach(module_name ${ZEPHYR_MODULES_NAME})
-  list(GET ZEPHYR_MODULES_DIR ${index} module_dir)
-  math(EXPR index "${index} + 1")
-  add_subdirectory(${module_dir} ${CMAKE_BINARY_DIR}/${module_name})
-endforeach()
 
 set(syscall_macros_h ${ZEPHYR_BINARY_DIR}/include/generated/syscall_macros.h)
 
@@ -713,6 +719,7 @@ add_custom_command(
   ${ZEPHYR_BASE}/scripts/gen_kobject_list.py
   --validation-output ${DRV_VALIDATION}
   $<$<BOOL:${CMAKE_VERBOSE_MAKEFILE}>:--verbose>
+  DEPENDS ${ZEPHYR_BASE}/scripts/gen_kobject_list.py
   WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
   )
 add_custom_target(${DRIVER_VALIDATION_H_TARGET} DEPENDS ${DRV_VALIDATION})
@@ -846,6 +853,10 @@ endif()
 
 if(CONFIG_CODE_DATA_RELOCATION)
    set(MEM_RELOCATAION_LD "${PROJECT_BINARY_DIR}/include/generated/linker_relocate.ld")
+   set(MEM_RELOCATAION_SRAM_DATA_LD
+     "${PROJECT_BINARY_DIR}/include/generated/linker_sram_data_relocate.ld")
+   set(MEM_RELOCATAION_SRAM_BSS_LD
+     "${PROJECT_BINARY_DIR}/include/generated/linker_sram_bss_relocate.ld")
    set(MEM_RELOCATAION_CODE "${PROJECT_BINARY_DIR}/code_relocation.c")
 
    add_custom_command(
@@ -857,6 +868,8 @@ if(CONFIG_CODE_DATA_RELOCATION)
      -d ${APPLICATION_BINARY_DIR}
      -i '$<TARGET_PROPERTY:code_data_relocation_target,COMPILE_DEFINITIONS>'
      -o ${MEM_RELOCATAION_LD}
+     -s ${MEM_RELOCATAION_SRAM_DATA_LD}
+     -b ${MEM_RELOCATAION_SRAM_BSS_LD}
      -c ${MEM_RELOCATAION_CODE}
      DEPENDS app kernel ${ZEPHYR_LIBS_PROPERTY}
      )
@@ -870,6 +883,7 @@ if(CONFIG_USERSPACE)
   zephyr_get_compile_options_for_lang_as_string(C compiler_flags_priv)
   string(REPLACE "-ftest-coverage" "" NO_COVERAGE_FLAGS "${compiler_flags_priv}")
   string(REPLACE "-fprofile-arcs" "" NO_COVERAGE_FLAGS "${NO_COVERAGE_FLAGS}")
+  string(REPLACE "-fno-inline" "" NO_COVERAGE_FLAGS "${NO_COVERAGE_FLAGS}")
 
   get_property(include_dir_in_interface TARGET zephyr_interface
     PROPERTY INTERFACE_INCLUDE_DIRECTORIES)

CODEOWNERS

@@ -6,9 +6,12 @@
 # Do not use wildcard on all source yet
 # *                                        @galak @nashif
 
+/.github/                                 @nashif @galak
 /.known-issues/                           @inakypg @nashif
 /arch/arc/                                @vonhust @ruuddw
 /arch/arm/                                @MaureenHelm @galak
+/arch/arm/core/cortex_m/cmse/             @ioannisg
+arch/arm/include/cortex_m/cmse.h          @ioannisg
 /soc/arm/                                 @MaureenHelm @galak
 /soc/arm/arm/mps2/                        @fvincenzo
 /soc/arm/atmel_sam/sam4s/                 @fallrisk
@@ -103,7 +106,7 @@
 /drivers/bluetooth/                       @sjanc @jhedberg @Vudentz
 /drivers/can/                             @alexanderwachter
 /drivers/clock_control/*stm32f4*          @rsalveti @idlethread
-/drivers/counter/                         @anangl
+/drivers/counter/                         @nordic-krch
 /drivers/display/                         @vanwinkeljan
 /drivers/ethernet/                        @jukkar @tbursztyka @pfalcon
 /drivers/flash/                           @nashif
@@ -116,6 +119,7 @@
 /drivers/led/                             @Mani-Sadhasivam
 /drivers/led_strip/                       @mbolivar
 /drivers/modem/                           @mike-scott
+/drivers/pci/                             @gnuless
 /drivers/pinmux/stm32/                    @rsalveti @idlethread
 /drivers/sensor/                          @bogdan-davidoaia @MaureenHelm
 /drivers/sensor/hts*/                     @avisconti
@@ -126,16 +130,19 @@
 /drivers/net/slip.c                       @jukkar @tbursztyka
 /drivers/spi/                             @tbursztyka
 /drivers/spi/spi_ll_stm32.*               @superna9999
+/drivers/timer/cortex_m_systick.c         @ioannisg
 /drivers/timer/altera_avalon_timer_hal.c  @ramakrishnapallala
 /drivers/timer/riscv_machine_timer.c      @nategraff-sifive @kgugala @pgielda
 /drivers/usb/                             @jfischer-phytec-iot @finikorg
 /drivers/usb/device/usb_dc_stm32.c        @ydamigos @loicpoulain
 /drivers/i2c/i2c_ll_stm32*                @ldts @ydamigos
+/drivers/watchdog/wdt_handlers.c          @andrewboie
 /drivers/wifi/                            @jukkar @tbursztyka @pfalcon
 /drivers/wifi/eswifi/                     @loicpoulain
 /dts/arm/st/                              @erwango
 /dts/arm/nordic/                          @ioannisg @carlescufi
 /dts/arm/nxp/                             @MaureenHelm
+/dts/bindings/                            @galak
 /dts/bindings/can/                        @alexanderwachter
 /dts/bindings/*/nordic*                   @anangl
 /dts/bindings/*/nxp*                      @MaureenHelm
@@ -167,7 +174,7 @@
 /include/bluetooth/                       @sjanc @jhedberg @Vudentz
 /include/cache.h                          @andrewboie @andyross
 /include/can.h                            @alexanderwachter
-/include/counter.h                        @anangl
+/include/counter.h                        @nordic-krch
 /include/device.h                         @ramakrishnapallala @nashif
 /include/display.h                        @vanwinkeljan
 /include/display/                         @vanwinkeljan
@@ -210,7 +217,9 @@
 /include/zephyr.h                         @andrewboie @andyross
 /kernel/                                  @andrewboie @andyross
 /lib/gui/                                 @vanwinkeljan
+/lib/os/                                  @andrewboie @andyross
 /lib/posix/                               @pfalcon
+/lib/libc/                                @nashif @andrewboie
 /kernel/device.c                          @andrewboie @andyross @nashif
 /kernel/idle.c                            @andrewboie @andyross @nashif
 /samples/basic/servo_motor/*microbit*     @jhe
@@ -227,6 +236,8 @@
 /samples/net/sockets/coap_server/         @rveerama1
 /samples/net/sockets/                     @jukkar @tbursztyka @pfalcon
 /samples/sensor/                          @bogdan-davidoaia
+/samples/subsys/logging/                  @nordic-krch @jarz-nordic
+/samples/subsys/shell/                    @jarz-nordic @nordic-krch
 /samples/subsys/usb/                      @jfischer-phytec-iot @finikorg
 /samples/subsys/power/                    @ramakrishnapallala @pizi-nordic
 /scripts/coccicheck                       @himanshujha199640 @JuliaLawall
@@ -247,6 +258,7 @@
 /scripts/series-push-hook.sh              @erwango
 /scripts/west_commands/                   @mbolivar
 /scripts/west-commands.yml                @mbolivar
+/scripts/zephyr_module.py                 @tejlmand
 /subsys/bluetooth/                        @sjanc @jhedberg @Vudentz
 /subsys/bluetooth/controller/             @carlescufi @cvinayak @thoh-ot
 /subsys/fs/                               @nashif
@@ -266,7 +278,9 @@
 /subsys/settings/                         @nvlsianpu
 /subsys/shell/                            @jarz-nordic @nordic-krch
 /subsys/storage/                          @nvlsianpu
+/subsys/testsuite/                        @nashif
 /subsys/usb/                              @jfischer-phytec-iot @finikorg
+/tests/application_development/libcxx/    @pabigot
 /tests/boards/native_posix/               @aescolar
 /tests/boards/intel_s1000_crb/            @rgundi @dcpleung @sathishkuttan
 /tests/bluetooth/                         @sjanc @jhedberg @Vudentz
@@ -276,7 +290,9 @@
 /tests/drivers/can/                       @alexanderwachter
 /tests/drivers/hwinfo/                    @alexanderwachter
 /tests/drivers/spi/                       @tbursztyka
+/tests/drivers/uart/uart_async_api/       @Mierunski
 /tests/kernel/                            @andrewboie @andyross @nashif
+/tests/lib/                               @nashif
 /tests/net/                               @jukkar @tbursztyka @pfalcon
 /tests/net/buf/                           @jukkar @jhedberg @tbursztyka @pfalcon
 /tests/net/lib/                           @jukkar @tbursztyka @pfalcon

Kconfig.zephyr

@@ -7,7 +7,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-source "$(PROJECT_BINARY_DIR)/Kconfig.modules"
+source "$(CMAKE_BINARY_DIR)/Kconfig.modules"
 
 # Include these first so that any properties (e.g. defaults) below can be
 # overriden in *.defconfig files (by defining symbols in multiple locations).
@@ -82,9 +82,15 @@ config HAS_FLASH_LOAD_OFFSET
 	  This option is selected by targets having a FLASH_LOAD_OFFSET
 	  and FLASH_LOAD_SIZE.
 
+config USE_CODE_PARTITION
+	bool "link into code-partition"
+	depends on HAS_FLASH_LOAD_OFFSET
+	help
+	  When selected application will be linked into chosen code-partition.
+
 config FLASH_LOAD_OFFSET
 	hex "Kernel load offset"
-	default $(dt_hex_val,DT_CODE_PARTITION_OFFSET) if BOOTLOADER_MCUBOOT
+	default $(dt_hex_val,DT_CODE_PARTITION_OFFSET) if USE_CODE_PARTITION
 	default 0
 	depends on HAS_FLASH_LOAD_OFFSET
 	help
@@ -97,7 +103,7 @@ config FLASH_LOAD_OFFSET
 
 config FLASH_LOAD_SIZE
 	hex "Kernel load size"
-	default $(dt_hex_val,DT_CODE_PARTITION_SIZE) if BOOTLOADER_MCUBOOT
+	default $(dt_hex_val,DT_CODE_PARTITION_SIZE) if USE_CODE_PARTITION
 	default 0
 	depends on HAS_FLASH_LOAD_OFFSET
 	help
@@ -341,6 +347,7 @@ config BOOTLOADER_SRAM_SIZE
 
 config BOOTLOADER_MCUBOOT
 	bool "MCUboot bootloader support"
+	select USE_CODE_PARTITION
 	help
 	  This option signifies that the target uses MCUboot as a bootloader,
 	  or in other words that the image is to be chain-loaded by MCUboot.

VERSION

@@ -1,5 +1,5 @@
 VERSION_MAJOR = 1
 VERSION_MINOR = 14
-PATCHLEVEL = 0
+PATCHLEVEL = 2
 VERSION_TWEAK = 0
-EXTRAVERSION = rc2
+EXTRAVERSION =

arch/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 add_definitions(-D__ZEPHYR_SUPERVISOR__)
 
 add_subdirectory(common)

arch/Kconfig

@@ -178,10 +178,7 @@ config USERSPACE
 
 config PRIVILEGED_STACK_SIZE
 	int "Size of privileged stack"
-	default 512 if MPU_STACK_GUARD || BUILTIN_STACK_GUARD
-	default 512 if COVERAGE_GCOV
-	default 384 if ARC
-	default 256
+	default 1024
 	depends on ARCH_HAS_USERSPACE
 	help
 	  This option sets the privileged stack region size that will be used
@@ -200,6 +197,7 @@ config PRIVILEGED_STACK_TEXT_AREA
 config KOBJECT_TEXT_AREA
 	int "Size if kobject text area"
 	default 512 if COVERAGE_GCOV
+	default 512 if NO_OPTIMIZATIONS
 	default 256
 	depends on ARCH_HAS_USERSPACE
 	help
@@ -350,42 +348,42 @@ config ARCH_HAS_THREAD_ABORT
 # Hidden PM feature configs which are to be selected by
 # individual SoC.
 #
-config HAS_STATE_LOW_POWER_1
+config HAS_SYS_POWER_STATE_SLEEP_1
 	# Hidden
 	bool
 	help
-	  This option signifies that the target supports the SYS_POWER_STATE_LOW_POWER_1
+	  This option signifies that the target supports the SYS_POWER_STATE_SLEEP_1
 	  configuration option.
 
-config HAS_STATE_LOW_POWER_2
+config HAS_SYS_POWER_STATE_SLEEP_2
 	# Hidden
 	bool
 	help
-	  This option signifies that the target supports the SYS_POWER_STATE_LOW_POWER_2
+	  This option signifies that the target supports the SYS_POWER_STATE_SLEEP_2
 	  configuration option.
 
-config HAS_STATE_LOW_POWER_3
+config HAS_SYS_POWER_STATE_SLEEP_3
 	# Hidden
 	bool
 	help
-	  This option signifies that the target supports the SYS_POWER_STATE_LOW_POWER_3
+	  This option signifies that the target supports the SYS_POWER_STATE_SLEEP_3
 	  configuration option.
 
-config HAS_STATE_DEEP_SLEEP_1
+config HAS_SYS_POWER_STATE_DEEP_SLEEP_1
 	# Hidden
 	bool
 	help
 	  This option signifies that the target supports the SYS_POWER_STATE_DEEP_SLEEP_1
 	  configuration option.
 
-config HAS_STATE_DEEP_SLEEP_2
+config HAS_SYS_POWER_STATE_DEEP_SLEEP_2
 	# Hidden
 	bool
 	help
 	  This option signifies that the target supports the SYS_POWER_STATE_DEEP_SLEEP_2
 	  configuration option.
 
-config HAS_STATE_DEEP_SLEEP_3
+config HAS_SYS_POWER_STATE_DEEP_SLEEP_3
 	# Hidden
 	bool
 	help

arch/arc/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 # Enable debug support in mdb
 # Dwarf version 2 can be recognized by mdb
 # The default dwarf version in gdb is not recognized by mdb

arch/arc/Kconfig

@@ -28,8 +28,8 @@ menu "ARCv2 Family Options"
 
 config	CPU_ARCV2
 	bool
-	select ARCH_HAS_STACK_PROTECTION
-	select ARCH_HAS_USERSPACE if ARC_CORE_MPU
+	select ARCH_HAS_STACK_PROTECTION if ARC_HAS_STACK_CHECKING || ARC_MPU
+	select ARCH_HAS_USERSPACE if ARC_MPU
 	default y
 	help
 	  This option signifies the use of a CPU of the ARCv2 family.
@@ -85,13 +85,34 @@ config ARC_FIRQ
 	  If FIRQ is disabled, the handle of interrupts with highest priority
 	  will be same with other interrupts.
 
-config	ARC_STACK_CHECKING
+config 	ARC_HAS_STACK_CHECKING
+	bool "ARC has STACK_CHECKING"
+	default y
+	help
+	  ARC is configured with STACK_CHECKING which is a mechanism for
+	  checking stack accesses and raising an exception when a stack
+	  overflow or underflow is detected.
+
+config  ARC_STACK_CHECKING
+	bool
+	help
+	  Use ARC STACK_CHECKING to do stack protection
+
+config	ARC_STACK_PROTECTION
 	bool
 	default y if HW_STACK_PROTECTION
+	select ARC_STACK_CHECKING if ARC_HAS_STACK_CHECKING
+	select MPU_STACK_GUARD if (!ARC_STACK_CHECKING && ARC_MPU)
 	select THREAD_STACK_INFO
 	help
-	  ARCV2 has a special feature allowing to check stack overflows. This
-	  enables code that allows using this debug feature
+	  This option enables either:
+	  - The ARC stack checking, or
+	  - the MPU-based stack guard
+	  to cause a system fatal error
+	  if the bounds of the current process stack are overflowed.
+	  The two stack guard options are mutually exclusive. The
+	  selection of the ARC stack checking is
+	  prioritized over the MPU-based stack guard.
 
 config	FAULT_DUMP
 	int "Fault dump level"

arch/arc/core/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 
 zephyr_library_sources(

arch/arc/core/cache.c

@@ -91,7 +91,7 @@ static void dcache_flush_mlines(u32_t start_addr, u32_t size)
 	u32_t end_addr;
 	unsigned int key;
 
-	if (!dcache_available() || (size == 0)) {
+	if (!dcache_available() || (size == 0U)) {
 		return;
 	}
 
@@ -150,9 +150,9 @@ static void init_dcache_line_size(void)
 	u32_t val;
 
 	val = z_arc_v2_aux_reg_read(_ARC_V2_D_CACHE_BUILD);
-	__ASSERT((val&0xff) != 0, "d-cache is not present");
+	__ASSERT((val&0xff) != 0U, "d-cache is not present");
 	val = ((val>>16) & 0xf) + 1;
-	val *= 16;
+	val *= 16U;
 	sys_cache_line_size = (size_t) val;
 }
 #endif

arch/arc/core/fast_irq.S

@@ -140,9 +140,14 @@ SECTION_FUNC(TEXT, _firq_exit)
 	mov	r1, exc_nest_count
 	ld	r0, [r1]
 	sub	r0, r0, 1
-	cmp	r0, 0
-	bne.d	_firq_no_reschedule
 	st	r0, [r1]
+/* see comments in _rirq_exit */
+	lr 	r0, [_ARC_V2_AUX_IRQ_ACT]
+	and 	r0, r0, 0xffff
+	ffs	r1, r0
+	fls	r2, r0
+	cmp 	r1, r2
+	jne	_firq_no_reschedule
 
 #ifdef CONFIG_STACK_SENTINEL
 	bl z_check_stack_sentinel
@@ -262,7 +267,15 @@ _firq_reschedule:
 	pop_s r2
 #endif
 
-	ld_s r3, [r2, _thread_offset_to_relinquish_cause]
+#if defined(CONFIG_USERSPACE)
+/*
+ * see comments in regular_irq.S
+ */
+	lr r0, [_ARC_V2_AUX_IRQ_ACT]
+	bclr r0, r0, 31
+	sr r0, [_ARC_V2_AUX_IRQ_ACT]
+#endif
+	ld r3, [r2, _thread_offset_to_relinquish_cause]
 
 	breq r3, _CAUSE_RIRQ, _firq_return_from_rirq
 	nop
@@ -274,7 +287,7 @@ _firq_reschedule:
 .balign 4
 _firq_return_from_coop:
 
-	ld_s r3, [r2, _thread_offset_to_intlock_key]
+	ld r3, [r2, _thread_offset_to_intlock_key]
 	st  0, [r2, _thread_offset_to_intlock_key]
 
 	/* pc into ilink */
@@ -293,7 +306,7 @@ _firq_return_from_coop:
 	or.nz r0, r0, _ARC_V2_STATUS32_IE
 	sr r0, [_ARC_V2_STATUS32_P0]
 
-	ld_s r0, [r2, _thread_offset_to_return_value]
+	ld r0, [r2, _thread_offset_to_return_value]
 	rtie
 
 .balign 4

arch/arc/core/fatal.c

@@ -43,7 +43,7 @@ void z_NanoFatalErrorHandler(unsigned int reason, const NANO_ESF *pEsf)
 		break;
 
 #if defined(CONFIG_STACK_CANARIES) || defined(CONFIG_ARC_STACK_CHECKING) \
-	|| defined(CONFIG_STACK_SENTINEL)
+	|| defined(CONFIG_STACK_SENTINEL) || defined(CONFIG_MPU_STACK_GUARD)
 	case _NANO_ERR_STACK_CHK_FAIL:
 		printk("***** Stack Check Fail! *****\n");
 		break;

arch/arc/core/fault.c

@@ -21,6 +21,8 @@
 #include <exc_handle.h>
 #include <logging/log_ctrl.h>
 
+u32_t arc_exc_saved_sp;
+
 #ifdef CONFIG_USERSPACE
 Z_EXC_DECLARE(z_arch_user_string_nlen);
 
@@ -29,6 +31,98 @@ static const struct z_exc_handle exceptions[] = {
 };
 #endif
 
+#if defined(CONFIG_MPU_STACK_GUARD)
+
+#define IS_MPU_GUARD_VIOLATION(guard_start, fault_addr, stack_ptr) \
+	((fault_addr >= guard_start) && \
+	(fault_addr < (guard_start + STACK_GUARD_SIZE)) && \
+	(stack_ptr <= (guard_start + STACK_GUARD_SIZE)))
+
+/**
+ * @brief Assess occurrence of current thread's stack corruption
+ *
+ * This function performs an assessment whether a memory fault (on a
+ * given memory address) is the result of stack memory corruption of
+ * the current thread.
+ *
+ * Thread stack corruption for supervisor threads or user threads in
+ * privilege mode (when User Space is supported) is reported upon an
+ * attempt to access the stack guard area (if MPU Stack Guard feature
+ * is supported). Additionally the current thread stack pointer
+ * must be pointing inside or below the guard area.
+ *
+ * Thread stack corruption for user threads in user mode is reported,
+ * if the current stack pointer is pointing below the start of the current
+ * thread's stack.
+ *
+ * Notes:
+ * - we assume a fully descending stack,
+ * - we assume a stacking error has occurred,
+ * - the function shall be called when handling MPU privilege violation
+ *
+ * If stack corruption is detected, the function returns the lowest
+ * allowed address where the Stack Pointer can safely point to, to
+ * prevent from errors when un-stacking the corrupted stack frame
+ * upon exception return.
+ *
+ * @param fault_addr memory address on which memory access violation
+ *                   has been reported.
+ * @param sp stack pointer when exception comes out
+ *
+ * @return The lowest allowed stack frame pointer, if error is a
+ *         thread stack corruption, otherwise return 0.
+ */
+static u32_t z_check_thread_stack_fail(const u32_t fault_addr, u32_t sp)
+{
+	const struct k_thread *thread = _current;
+
+	if (!thread) {
+		return 0;
+	}
+#if defined(CONFIG_USERSPACE)
+	if (thread->arch.priv_stack_start) {
+		/* User thread */
+		if (z_arc_v2_aux_reg_read(_ARC_V2_ERSTATUS)
+			& _ARC_V2_STATUS32_U) {
+			/* Thread's user stack corruption */
+#ifdef CONFIG_ARC_HAS_SECURE
+			sp = z_arc_v2_aux_reg_read(_ARC_V2_SEC_U_SP);
+#else
+			sp = z_arc_v2_aux_reg_read(_ARC_V2_USER_SP);
+#endif
+			if (sp <= (u32_t)thread->stack_obj) {
+				return (u32_t)thread->stack_obj;
+			}
+		} else {
+			/* User thread in privilege mode */
+			if (IS_MPU_GUARD_VIOLATION(
+			thread->arch.priv_stack_start - STACK_GUARD_SIZE,
+			fault_addr, sp)) {
+				/* Thread's privilege stack corruption */
+				return thread->arch.priv_stack_start;
+			}
+		}
+	} else {
+		/* Supervisor thread */
+		if (IS_MPU_GUARD_VIOLATION((u32_t)thread->stack_obj,
+			fault_addr, sp)) {
+			/* Supervisor thread stack corruption */
+			return (u32_t)thread->stack_obj + STACK_GUARD_SIZE;
+		}
+	}
+#else /* CONFIG_USERSPACE */
+	if (IS_MPU_GUARD_VIOLATION(thread->stack_info.start,
+			fault_addr, sp)) {
+		/* Thread stack corruption */
+		return thread->stack_info.start + STACK_GUARD_SIZE;
+	}
+#endif /* CONFIG_USERSPACE */
+
+	return 0;
+}
+
+#endif
+
 /*
  * @brief Fault handler
  *
@@ -57,9 +151,9 @@ void _Fault(NANO_ESF *esf)
 	}
 #endif
 
-	vector = _ARC_V2_ECR_VECTOR(ecr);
-	code =  _ARC_V2_ECR_CODE(ecr);
-	parameter = _ARC_V2_ECR_PARAMETER(ecr);
+	vector = Z_ARC_V2_ECR_VECTOR(ecr);
+	code =  Z_ARC_V2_ECR_CODE(ecr);
+	parameter = Z_ARC_V2_ECR_PARAMETER(ecr);
 
 
 	/* exception raised by kernel */
@@ -74,11 +168,22 @@ void _Fault(NANO_ESF *esf)
 #ifdef CONFIG_ARC_STACK_CHECKING
 	/* Vector 6 = EV_ProV. Regardless of code, parameter 2 means stack
 	 * check violation
+	 * stack check and mpu violation can come out together, then
+	 * parameter = 0x2 | [0x4 | 0x8 | 0x1]
 	 */
-	if (vector == 6 && parameter == 2) {
+	if (vector == 6U && parameter & 0x2) {
 		z_NanoFatalErrorHandler(_NANO_ERR_STACK_CHK_FAIL, esf);
 		return;
 	}
 #endif
+
+#ifdef CONFIG_MPU_STACK_GUARD
+	if (vector == 0x6 && ((parameter == 0x4) || (parameter == 0x24))) {
+		if (z_check_thread_stack_fail(exc_addr, arc_exc_saved_sp)) {
+			z_NanoFatalErrorHandler(_NANO_ERR_STACK_CHK_FAIL, esf);
+			return;
+		}
+	}
+#endif
 	z_NanoFatalErrorHandler(_NANO_ERR_HW_EXCEPTION, esf);
 }

arch/arc/core/fault_s.S

@@ -19,7 +19,7 @@
 #include <syscall.h>
 
 GTEXT(_Fault)
-GTEXT(_do_kernel_oops)
+GTEXT(z_do_kernel_oops)
 GTEXT(__reset)
 GTEXT(__memory_error)
 GTEXT(__instruction_error)
@@ -35,14 +35,11 @@ GTEXT(__ev_div_zero)
 GTEXT(__ev_dc_error)
 GTEXT(__ev_maligned)
 #ifdef CONFIG_IRQ_OFFLOAD
-GTEXT(_irq_do_offload);
+GTEXT(z_irq_do_offload);
 #endif
 
 GDATA(exc_nest_count)
-
-	.balign 4
-SECTION_VAR(BSS, saved_value)
-	.word 0
+GDATA(arc_exc_saved_sWWp)
 
 /* the necessary stack size for exception handling */
 #define EXCEPTION_STACK_SIZE 384
@@ -65,7 +62,7 @@ SECTION_SUBSEC_FUNC(TEXT,__fault,__ev_dc_error)
 SECTION_SUBSEC_FUNC(TEXT,__fault,__ev_maligned)
 
 _exc_entry:
-	st sp, [saved_value]
+	st sp, [arc_exc_saved_sp]
 	/*
 	 * re-use the top part of interrupt stack as exception
 	 * stack. If this top part is used by interrupt handling,
@@ -145,7 +142,7 @@ _exc_return_from_exc:
 	sr r0, [_ARC_V2_ERET]
 
 	_pop_irq_stack_frame
-	ld sp, [saved_value]
+	ld sp, [arc_exc_saved_sp]
 	rtie
 
 
@@ -156,30 +153,35 @@ SECTION_SUBSEC_FUNC(TEXT,__fault,__ev_trap)
 #ifdef CONFIG_USERSPACE
 	cmp ilink, _TRAP_S_CALL_SYSTEM_CALL
 	bne _do_non_syscall_trap
-/* do sys_call */
+	/* do sys_call */
 	mov ilink, K_SYSCALL_LIMIT
 	cmp r6, ilink
-	blt valid_syscall_id
+	blo valid_syscall_id
 
 	mov r0, r6
 	mov r6, K_SYSCALL_BAD
 
 valid_syscall_id:
+	/* create a sys call frame
+	 * caller regs (r0 - 12) are saved in _create_irq_stack_frame
+	 * ok to use them later
+	 */
+	_create_irq_stack_frame
 #ifdef CONFIG_ARC_HAS_SECURE
-	lr ilink, [_ARC_V2_ERSEC_STAT]
-	push ilink
+	lr r0, [_ARC_V2_ERSEC_STAT]
+	st_s r0, [sp, ___isf_t_sec_stat_OFFSET]
 #endif
-	lr ilink, [_ARC_V2_ERET]
-	push ilink
-	lr ilink, [_ARC_V2_ERSTATUS]
-	push ilink
+	lr r0, [_ARC_V2_ERET]
+	st_s r0, [sp, ___isf_t_pc_OFFSET] /* eret into pc */
+	lr r0, [_ARC_V2_ERSTATUS]
+	st_s r0, [sp, ___isf_t_status32_OFFSET]
 
 
-	bclr ilink, ilink, _ARC_V2_STATUS32_U_BIT
-	sr ilink, [_ARC_V2_ERSTATUS]
+	bclr r0, r0, _ARC_V2_STATUS32_U_BIT
+	sr r0, [_ARC_V2_ERSTATUS]
 
-	mov ilink, _arc_do_syscall
-	sr ilink, [_ARC_V2_ERET]
+	mov r0, _arc_do_syscall
+	sr r0, [_ARC_V2_ERET]
 
 	rtie
 
@@ -218,7 +220,7 @@ _do_non_syscall_trap:
 exc_nest_handle:
 	push_s r0
 
-	jl _irq_do_offload
+	jl z_irq_do_offload
 
 	pop sp
 

arch/arc/core/irq_manage.c

@@ -40,7 +40,7 @@ void z_arch_irq_enable(unsigned int irq)
 {
 	unsigned int key = irq_lock();
 
-	_arc_v2_irq_unit_int_enable(irq);
+	z_arc_v2_irq_unit_int_enable(irq);
 	irq_unlock(key);
 }
 
@@ -57,7 +57,7 @@ void z_arch_irq_disable(unsigned int irq)
 {
 	unsigned int key = irq_lock();
 
-	_arc_v2_irq_unit_int_disable(irq);
+	z_arc_v2_irq_unit_int_disable(irq);
 	irq_unlock(key);
 }
 
@@ -83,7 +83,7 @@ void z_irq_priority_set(unsigned int irq, unsigned int prio, u32_t flags)
 
 	__ASSERT(prio < CONFIG_NUM_IRQ_PRIO_LEVELS,
 		 "invalid priority %d for irq %d", prio, irq);
-	_arc_v2_irq_unit_prio_set(irq, prio);
+	z_arc_v2_irq_unit_prio_set(irq, prio);
 	irq_unlock(key);
 }
 

arch/arc/core/irq_offload.c

@@ -15,7 +15,7 @@ static irq_offload_routine_t offload_routine;
 static void *offload_param;
 
 /* Called by trap_s exception handler */
-void _irq_do_offload(void)
+void z_irq_do_offload(void)
 {
 	offload_routine(offload_param);
 }

arch/arc/core/isr_wrapper.S

@@ -230,43 +230,6 @@ From RIRQ:
  */
 
 SECTION_FUNC(TEXT, _isr_wrapper)
-#ifdef CONFIG_EXECUTION_BENCHMARKING
-	push_s r0
-	push_s blink
-	push_s r13
-	push_s r12
-	push r11
-	push r10
-	push r9
-	push r8
-	push r7
-	push r6
-	push r5
-	push r4
-	push_s r3
-	push_s r2
-	push_s r1
-
-	bl read_timer_start_of_isr
-
-	pop_s r1
-	pop_s r2
-	pop_s r3
-	pop r4
-	pop r5
-	pop r6
-	pop r7
-	pop r8
-	pop r9
-	pop r10
-	pop r11
-	pop_s r12
-	pop_s r13
-	pop_s blink
-	pop_s r0
-
-#endif
-
 #if CONFIG_ARC_FIRQ
 #if CONFIG_RGF_NUM_BANKS == 1
 	st r0,[saved_r0]
@@ -326,7 +289,6 @@ rirq_path:
 	j_s [r2]
 #endif
 #else
-
 	mov r3, _rirq_exit
 	mov r2, _rirq_enter
 	j_s [r2]
@@ -375,7 +337,9 @@ _skip_sys_power_save_idle_exit:
 SECTION_FUNC(TEXT, _isr_demux)
 	push_s r3
 
-
+#ifdef CONFIG_EXECUTION_BENCHMARKING
+	bl read_timer_start_of_isr
+#endif
 	/* cannot be done before this point because we must be able to run C */
 	/* r0 is available to be stomped here, and exit_tickless_idle uses it */
 	exit_tickless_idle
@@ -383,9 +347,9 @@ SECTION_FUNC(TEXT, _isr_demux)
 
 	lr r0, [_ARC_V2_ICAUSE]
 	/* handle software triggered interrupt */
-	lr	r3, [_ARC_V2_AUX_IRQ_HINT]
-	brne	r3, r0, irq_hint_handled
-	sr	0, [_ARC_V2_AUX_IRQ_HINT]
+	lr r3, [_ARC_V2_AUX_IRQ_HINT]
+	brne r3, r0, irq_hint_handled
+	sr 0, [_ARC_V2_AUX_IRQ_HINT]
 irq_hint_handled:
 
 	sub r0, r0, 16
@@ -396,39 +360,10 @@ irq_hint_handled:
 	ld_s r1, [r0, 4] /* ISR into r1 */
 #ifdef CONFIG_EXECUTION_BENCHMARKING
 	push_s r0
-	push_s blink
-	push_s r13
-	push_s r12
-	push r11
-	push r10
-	push r9
-	push r8
-	push r7
-	push r6
-	push r5
-	push r4
-	push_s r3
-	push_s r2
 	push_s r1
-
 	bl read_timer_end_of_isr
-
 	pop_s r1
-	pop_s r2
-	pop_s r3
-	pop r4
-	pop r5
-	pop r6
-	pop r7
-	pop r8
-	pop r9
-	pop r10
-	pop r11
-	pop_s r12
-	pop_s r13
-	pop_s blink
 	pop_s r0
-
 #endif
 	jl_s.d [r1]
 	ld_s r0, [r0] /* delay slot: ISR parameter into r0  */

arch/arc/core/mpu/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 
 zephyr_library_sources_if_kconfig(arc_core_mpu.c)

arch/arc/core/mpu/Kconfig

@@ -20,7 +20,7 @@ config ARC_CORE_MPU
 
 config MPU_STACK_GUARD
 	bool "Thread Stack Guards"
-	depends on ARC_CORE_MPU && !ARC_STACK_CHECKING
+	depends on ARC_CORE_MPU
 	help
 	  Enable thread stack guards via MPU. ARC supports built-in stack protection.
 	  If your core supports that, it is preferred over MPU stack guard

arch/arc/core/mpu/arc_mpu.c

@@ -21,11 +21,11 @@ LOG_MODULE_REGISTER(mpu);
  * @brief Get the number of supported MPU regions
  *
  */
-static inline u8_t _get_num_regions(void)
+static inline u8_t get_num_regions(void)
 {
 	u32_t num = z_arc_v2_aux_reg_read(_ARC_V2_MPU_BUILD);
 
-	num = (num & 0xFF00) >> 8;
+	num = (num & 0xFF00U) >> 8U;
 
 	return (u8_t)num;
 }
@@ -34,7 +34,7 @@ static inline u8_t _get_num_regions(void)
  * This internal function is utilized by the MPU driver to parse the intent
  * type (i.e. THREAD_STACK_REGION) and return the correct parameter set.
  */
-static inline u32_t _get_region_attr_by_type(u32_t type)
+static inline u32_t get_region_attr_by_type(u32_t type)
 {
 	switch (type) {
 	case THREAD_STACK_USER_REGION:
@@ -52,7 +52,6 @@ static inline u32_t _get_region_attr_by_type(u32_t type)
 	}
 }
 
-
 #if CONFIG_ARC_MPU_VER == 2
 #include "arc_mpu_v2_internal.h"
 #elif CONFIG_ARC_MPU_VER == 3

arch/arc/core/mpu/arc_mpu_v2_internal.h

@@ -31,7 +31,7 @@ static inline void _region_init(u32_t index, u32_t region_addr, u32_t size,
 {
 	u8_t bits = find_msb_set(size) - 1;
 
-	index = 2 * index;
+	index = index * 2U;
 
 	if (bits < ARC_FEATURE_MPU_ALIGNMENT_BITS) {
 		bits = ARC_FEATURE_MPU_ALIGNMENT_BITS;
@@ -57,7 +57,7 @@ static inline void _region_init(u32_t index, u32_t region_addr, u32_t size,
  * This internal function is utilized by the MPU driver to parse the intent
  * type (i.e. THREAD_STACK_REGION) and return the correct region index.
  */
-static inline int _get_region_index_by_type(u32_t type)
+static inline int get_region_index_by_type(u32_t type)
 {
 	/*
 	 * The new MPU regions are allocated per type after the statically
@@ -71,21 +71,21 @@ static inline int _get_region_index_by_type(u32_t type)
 	 */
 	switch (type) {
 	case THREAD_STACK_USER_REGION:
-		return _get_num_regions() - mpu_config.num_regions
+		return get_num_regions() - mpu_config.num_regions
 		       - THREAD_STACK_REGION;
 	case THREAD_STACK_REGION:
 	case THREAD_APP_DATA_REGION:
 	case THREAD_STACK_GUARD_REGION:
-		return _get_num_regions() - mpu_config.num_regions - type;
+		return get_num_regions() - mpu_config.num_regions - type;
 	case THREAD_DOMAIN_PARTITION_REGION:
 #if defined(CONFIG_MPU_STACK_GUARD)
-		return _get_num_regions() - mpu_config.num_regions - type;
+		return get_num_regions() - mpu_config.num_regions - type;
 #else
 		/*
 		 * Start domain partition region from stack guard region
 		 * since stack guard is not enabled.
 		 */
-		return _get_num_regions() - mpu_config.num_regions - type + 1;
+		return get_num_regions() - mpu_config.num_regions - type + 1;
 #endif
 	default:
 		__ASSERT(0, "Unsupported type");
@@ -98,7 +98,7 @@ static inline int _get_region_index_by_type(u32_t type)
  */
 static inline bool _is_enabled_region(u32_t r_index)
 {
-	return ((z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDB0 + 2 * r_index)
+	return ((z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDB0 + r_index * 2U)
 		 & AUX_MPU_RDB_VALID_MASK) == AUX_MPU_RDB_VALID_MASK);
 }
 
@@ -111,14 +111,14 @@ static inline bool _is_in_region(u32_t r_index, u32_t start, u32_t size)
 	u32_t r_addr_end;
 	u32_t r_size_lshift;
 
-	r_addr_start = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDB0 + 2 * r_index)
+	r_addr_start = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDB0 + r_index * 2U)
 		       & (~AUX_MPU_RDB_VALID_MASK);
-	r_size_lshift = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDP0 + 2 * r_index)
+	r_size_lshift = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDP0 + r_index * 2U)
 			& AUX_MPU_RDP_SIZE_MASK;
 	r_size_lshift = (r_size_lshift & 0x3) | ((r_size_lshift >> 7) & 0x1C);
 	r_addr_end = r_addr_start  + (1 << (r_size_lshift + 1));
 
-	if (start >= r_addr_start && (start + size) < r_addr_end) {
+	if (start >= r_addr_start && (start + size) <= r_addr_end) {
 		return 1;
 	}
 
@@ -132,7 +132,7 @@ static inline bool _is_user_accessible_region(u32_t r_index, int write)
 {
 	u32_t r_ap;
 
-	r_ap = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDP0 + 2 * r_index);
+	r_ap = z_arc_v2_aux_reg_read(_ARC_V2_MPU_RDP0 + r_index * 2U);
 
 	r_ap &= AUX_MPU_RDP_ATTR_MASK;
 
@@ -154,12 +154,12 @@ static inline bool _is_user_accessible_region(u32_t r_index, int write)
  */
 static inline int _mpu_configure(u8_t type, u32_t base, u32_t size)
 {
-	s32_t region_index =  _get_region_index_by_type(type);
-	u32_t region_attr = _get_region_attr_by_type(type);
+	s32_t region_index =  get_region_index_by_type(type);
+	u32_t region_attr = get_region_attr_by_type(type);
 
 	LOG_DBG("Region info: 0x%x 0x%x", base, size);
 
-	if (region_attr == 0 || region_index < 0) {
+	if (region_attr == 0U || region_index < 0) {
 		return -EINVAL;
 	}
 
@@ -204,7 +204,7 @@ void arc_core_mpu_configure_thread(struct k_thread *thread)
 
 #if defined(CONFIG_MPU_STACK_GUARD)
 #if defined(CONFIG_USERSPACE)
-	if ((thread->thread_base.user_options & K_USER) != 0) {
+	if ((thread->base.user_options & K_USER) != 0) {
 		/* the areas before and after the user stack of thread is
 		 * kernel only. These area can be used as stack guard.
 		 * -----------------------
@@ -283,7 +283,7 @@ void arc_core_mpu_default(u32_t region_attr)
 int arc_core_mpu_region(u32_t index, u32_t base, u32_t size,
 			 u32_t region_attr)
 {
-	if (index >= _get_num_regions()) {
+	if (index >= get_num_regions()) {
 		return -EINVAL;
 	}
 
@@ -304,7 +304,7 @@ int arc_core_mpu_region(u32_t index, u32_t base, u32_t size,
 void arc_core_mpu_configure_mem_domain(struct k_thread *thread)
 {
 	int region_index =
-		_get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
+		get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
 	u32_t num_partitions;
 	struct k_mem_partition *pparts;
 	struct k_mem_domain *mem_domain = NULL;
@@ -348,7 +348,7 @@ void arc_core_mpu_remove_mem_domain(struct k_mem_domain *mem_domain)
 	ARG_UNUSED(mem_domain);
 
 	int region_index =
-		_get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
+		get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
 
 	for (; region_index >= 0; region_index--) {
 		_region_init(region_index, 0, 0, 0);
@@ -367,7 +367,7 @@ void arc_core_mpu_remove_mem_partition(struct k_mem_domain *domain,
 	ARG_UNUSED(domain);
 
 	int region_index =
-		_get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
+		get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION);
 
 	LOG_DBG("disable region 0x%x", region_index + part_id);
 	/* Disable region */
@@ -379,7 +379,7 @@ void arc_core_mpu_remove_mem_partition(struct k_mem_domain *domain,
  */
 int arc_core_mpu_get_max_domain_partition_regions(void)
 {
-	return _get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION) + 1;
+	return get_region_index_by_type(THREAD_DOMAIN_PARTITION_REGION) + 1;
 }
 
 /**
@@ -395,7 +395,7 @@ int arc_core_mpu_buffer_validate(void *addr, size_t size, int write)
 	 * matched region that grants permission or denies access.
 	 *
 	 */
-	for (r_index = 0; r_index < _get_num_regions(); r_index++) {
+	for (r_index = 0; r_index < get_num_regions(); r_index++) {
 		if (!_is_enabled_region(r_index) ||
 		    !_is_in_region(r_index, (u32_t)addr, size)) {
 			continue;
@@ -426,7 +426,7 @@ static int arc_mpu_init(struct device *arg)
 	u32_t num_regions;
 	u32_t i;
 
-	num_regions = _get_num_regions();
+	num_regions = get_num_regions();
 
 	/* ARC MPU supports up to 16 Regions */
 	if (mpu_config.num_regions > num_regions) {

arch/arc/core/mpu/arc_mpu_v3_internal.h

@@ -148,7 +148,7 @@ static inline int _mpu_probe(u32_t addr)
  */
 static inline int _dynamic_region_allocate_index(void)
 {
-	if (dynamic_region_index >= _get_num_regions()) {
+	if (dynamic_region_index >= get_num_regions()) {
 		LOG_ERR("no enough mpu entries %d", dynamic_region_index);
 		return -EINVAL;
 	}
@@ -314,13 +314,13 @@ static int _dynamic_region_allocate_and_init(u32_t base, u32_t size,
 static void _mpu_reset_dynamic_regions(void)
 {
 	u32_t i;
-	u32_t num_regions = _get_num_regions();
+	u32_t num_regions = get_num_regions();
 
 	for (i = static_regions_num; i < num_regions; i++) {
 		_region_init(i, 0, 0, 0);
 	}
 
-	for (i = 0; i < dynamic_regions_num; i++) {
+	for (i = 0U; i < dynamic_regions_num; i++) {
 		_region_init(
 			dyn_reg_info[i].index,
 			dyn_reg_info[i].base,
@@ -341,7 +341,7 @@ static void _mpu_reset_dynamic_regions(void)
  */
 static inline int _mpu_configure(u8_t type, u32_t base, u32_t size)
 {
-	u32_t region_attr = _get_region_attr_by_type(type);
+	u32_t region_attr = get_region_attr_by_type(type);
 
 	return _dynamic_region_allocate_and_init(base, size, region_attr);
 }
@@ -389,7 +389,7 @@ void arc_core_mpu_configure_thread(struct k_thread *thread)
 	_mpu_reset_dynamic_regions();
 #if defined(CONFIG_MPU_STACK_GUARD)
 #if defined(CONFIG_USERSPACE)
-	if ((thread->thread_base.user_options & K_USER) != 0) {
+	if ((thread->base.user_options & K_USER) != 0U) {
 		/* the areas before and after the user stack of thread is
 		 * kernel only. These area can be used as stack guard.
 		 * -----------------------
@@ -448,7 +448,7 @@ void arc_core_mpu_configure_thread(struct k_thread *thread)
 		num_partitions = mem_domain->num_partitions;
 		pparts = mem_domain->partitions;
 	} else {
-		num_partitions = 0;
+		num_partitions = 0U;
 		pparts = NULL;
 	}
 
@@ -493,7 +493,7 @@ void arc_core_mpu_default(u32_t region_attr)
 int arc_core_mpu_region(u32_t index, u32_t base, u32_t size,
 			 u32_t region_attr)
 {
-	if (index >= _get_num_regions()) {
+	if (index >= get_num_regions()) {
 		return -EINVAL;
 	}
 
@@ -576,7 +576,7 @@ void arc_core_mpu_remove_mem_partition(struct k_mem_domain *domain,
 int arc_core_mpu_get_max_domain_partition_regions(void)
 {
 	/* consider the worst case: each partition requires split */
-	return (_get_num_regions() - MPU_REGION_NUM_FOR_THREAD) / 2;
+	return (get_num_regions() - MPU_REGION_NUM_FOR_THREAD) / 2;
 }
 
 /**
@@ -594,7 +594,7 @@ int arc_core_mpu_buffer_validate(void *addr, size_t size, int write)
 	 */
 	r_index = _mpu_probe((u32_t)addr);
 	/*  match and the area is in one region */
-	if (r_index >= 0 && r_index == _mpu_probe((u32_t)addr + size)) {
+	if (r_index >= 0 && r_index == _mpu_probe((u32_t)addr + (size - 1))) {
 		if (_is_user_accessible_region(r_index, write)) {
 			return 0;
 		} else {
@@ -619,7 +619,7 @@ static int arc_mpu_init(struct device *arg)
 	u32_t num_regions;
 	u32_t i;
 
-	num_regions = _get_num_regions();
+	num_regions = get_num_regions();
 
 	/* ARC MPU supports up to 16 Regions */
 	if (mpu_config.num_regions > num_regions) {

arch/arc/core/prep_c.c

@@ -117,7 +117,7 @@ extern FUNC_NORETURN void z_cstart(void);
 
 void _PrepC(void)
 {
-	_icache_setup();
+	z_icache_setup();
 	adjust_vector_table_base();
 	z_bss_zero();
 	z_data_copy();

arch/arc/core/regular_irq.S

@@ -99,9 +99,24 @@ SECTION_FUNC(TEXT, _rirq_exit)
 	mov	r1, exc_nest_count
 	ld	r0, [r1]
 	sub	r0, r0, 1
-	cmp	r0, 0
-	bne.d	_rirq_return_from_rirq
 	st	r0, [r1]
+	/*
+	 * using exc_nest_count to decide whether is nest int is not reliable.
+	 * a better option is to use IRQ_ACT
+	 * A case is:  a high priority int preempts a low priority int before
+	 * rirq_enter/firq_enter, then in _rirq_exit/_firq_exit, it will see
+	 * exc_nest_cout is 0, this will lead to possible thread switch, but
+	 * a low priority int is still pending.
+	 *
+	 * If multi bits in IRQ_ACT are set, i.e. last bit != fist bit, it's
+	 * in nest interrupt
+	 */
+	lr 	r0, [_ARC_V2_AUX_IRQ_ACT]
+	and 	r0, r0, 0xffff
+	ffs	r1, r0
+	fls	r2, r0
+	cmp	r1, r2
+	jne	_rirq_return_from_rirq
 
 #ifdef CONFIG_STACK_SENTINEL
 	bl z_check_stack_sentinel
@@ -166,7 +181,23 @@ _rirq_common_interrupt_swap:
 	pop_s r2
 #endif
 
-	ld_s r3, [r2, _thread_offset_to_relinquish_cause]
+#if defined(CONFIG_USERSPACE)
+/*
+ * when USERSPACE is enabled, according to ARCv2 ISA, SP will be switched
+ * if interrupt comes out in user mode, and will be recorded in bit 31
+ * (U bit) of IRQ_ACT. when interrupt exits, SP will be switched back
+ * according to U bit.
+ *
+ * For the case that context switches in interrupt, the target sp must be
+ * thread's kernel stack, no need to do hardware sp switch. so, U bit should
+ * be cleared.
+ */
+	lr r0, [_ARC_V2_AUX_IRQ_ACT]
+	bclr r0, r0, 31
+	sr r0, [_ARC_V2_AUX_IRQ_ACT]
+#endif
+
+	ld r3, [r2, _thread_offset_to_relinquish_cause]
 
 	breq r3, _CAUSE_RIRQ, _rirq_return_from_rirq
 	nop
@@ -186,7 +217,7 @@ _rirq_return_from_coop:
 
 	/* update status32.ie (explanation in firq_exit:_firq_return_from_coop) */
 
-	ld_s r3, [r2, _thread_offset_to_intlock_key]
+	ld r3, [r2, _thread_offset_to_intlock_key]
 	st  0, [r2, _thread_offset_to_intlock_key]
 	cmp r3, 0
 	or.ne r0, r0, _ARC_V2_STATUS32_IE
@@ -197,7 +228,7 @@ _rirq_return_from_coop:
 	sub sp, sp, ___isf_t_pc_OFFSET
 
 	/* update return value on stack */
-	ld_s r0, [r2, _thread_offset_to_return_value]
+	ld r0, [r2, _thread_offset_to_return_value]
 	st_s r0, [sp, ___isf_t_r0_OFFSET]
 
 	/* reset zero-overhead loops */

arch/arc/core/reset.S

@@ -49,7 +49,16 @@ SECTION_FUNC(TEXT,__start)
 	 */
 	mov r0, 0
 	kflag r0
-
+#if defined(CONFIG_BOOT_TIME_MEASUREMENT) && defined(CONFIG_ARCV2_TIMER)
+	/*
+	 * ARCV2 timer (timer0) is a free run timer, let it start to count
+	 * here.
+	 */
+	mov r0, 0xffffffff
+	sr r0, [_ARC_V2_TMR0_LIMIT]
+	mov r0, 0
+	sr r0, [_ARC_V2_TMR0_COUNT]
+#endif
 	/* interrupt related init */
 	sr r0, [_ARC_V2_AUX_IRQ_ACT]
 	sr r0, [_ARC_V2_AUX_IRQ_CTRL]
@@ -90,7 +99,7 @@ done_cache_invalidate:
 
 #if defined(CONFIG_SYS_POWER_DEEP_SLEEP_STATES) && \
 	!defined(CONFIG_BOOTLOADER_CONTEXT_RESTORE)
-        jl @sys_resume_from_deep_sleep
+        jl @_sys_resume_from_deep_sleep
 #endif
 
 #ifdef CONFIG_INIT_STACKS

arch/arc/core/swap.S

@@ -82,7 +82,7 @@ SECTION_FUNC(TEXT, __swap)
 	ld_s r2, [r1, _kernel_offset_to_current]
 
 	/* save intlock key */
-	st_s r0, [r2, _thread_offset_to_intlock_key]
+	st r0, [r2, _thread_offset_to_intlock_key]
 	st _CAUSE_COOP, [r2, _thread_offset_to_relinquish_cause]
 
 	/*
@@ -92,7 +92,7 @@ SECTION_FUNC(TEXT, __swap)
          * z_set_thread_return_value().
          */
 	ld r3, [_k_neg_eagain]
-	st_s r3, [r2, _thread_offset_to_return_value]
+	st r3, [r2, _thread_offset_to_return_value]
 
 	/*
 	 * Save status32 and blink on the stack before the callee-saved registers.
@@ -142,7 +142,7 @@ SECTION_FUNC(TEXT, __swap)
 	pop_s r2
 #endif
 
-	ld_s r3, [r2, _thread_offset_to_relinquish_cause]
+	ld r3, [r2, _thread_offset_to_relinquish_cause]
 
 	breq r3, _CAUSE_RIRQ, _swap_return_from_rirq
 	nop
@@ -154,9 +154,9 @@ SECTION_FUNC(TEXT, __swap)
 .balign 4
 _swap_return_from_coop:
 
-	ld_s r1, [r2, _thread_offset_to_intlock_key]
+	ld r1, [r2, _thread_offset_to_intlock_key]
 	st  0, [r2, _thread_offset_to_intlock_key]
-	ld_s r0, [r2, _thread_offset_to_return_value]
+	ld r0, [r2, _thread_offset_to_return_value]
 
 	lr ilink, [_ARC_V2_STATUS32]
 	bbit1 ilink, _ARC_V2_STATUS32_AE_BIT, _return_from_exc

arch/arc/core/thread.c

@@ -67,7 +67,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		 void *parameter1, void *parameter2, void *parameter3,
 		 int priority, unsigned int options)
 {
-	char *pStackMem = K_THREAD_STACK_BUFFER(stack);
+	char *pStackMem = Z_THREAD_STACK_BUFFER(stack);
 	Z_ASSERT_VALID_PRIO(priority, pEntry);
 
 	char *stackEnd;
@@ -81,9 +81,9 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 
 /* adjust stack and stack size */
 #if CONFIG_ARC_MPU_VER == 2
-	stackAdjSize = POW2_CEIL(STACK_SIZE_ALIGN(stackSize));
+	stackAdjSize = Z_ARC_MPUV2_SIZE_ALIGN(stackSize);
 #elif CONFIG_ARC_MPU_VER == 3
-	stackAdjSize = ROUND_UP(stackSize, STACK_ALIGN);
+	stackAdjSize = STACK_SIZE_ALIGN(stackSize);
 #endif
 	stackEnd = pStackMem + stackAdjSize;
 
@@ -95,8 +95,8 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		thread->arch.priv_stack_start =
 			(u32_t)(stackEnd + STACK_GUARD_SIZE);
 
-		stackAdjEnd = (char *)STACK_ROUND_DOWN(stackEnd + STACK_GUARD_SIZE +
-					CONFIG_PRIVILEGED_STACK_SIZE);
+		stackAdjEnd = (char *)STACK_ROUND_DOWN(stackEnd +
+				Z_ARCH_THREAD_STACK_RESERVED);
 
 		/* reserve 4 bytes for the start of user sp */
 		stackAdjEnd -= 4;
@@ -126,7 +126,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	 */
 		pStackMem += STACK_GUARD_SIZE;
 		stackAdjSize = stackAdjSize + CONFIG_PRIVILEGED_STACK_SIZE;
-		stackEnd += CONFIG_PRIVILEGED_STACK_SIZE + STACK_GUARD_SIZE;
+		stackEnd += Z_ARCH_THREAD_STACK_RESERVED;
 
 		thread->arch.priv_stack_start = 0;
 
@@ -141,8 +141,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 #endif
 	}
 
-	_new_thread_init(thread, pStackMem, stackAdjSize, priority, options);
-
+	z_new_thread_init(thread, pStackMem, stackAdjSize, priority, options);
 
 	/* carve the thread entry struct from the "base" of
 		the privileged stack */
@@ -152,9 +151,9 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	/* fill init context */
 	pInitCtx->status32 = 0U;
 	if (options & K_USER) {
-		pInitCtx->pc = ((u32_t)_user_thread_entry_wrapper);
+		pInitCtx->pc = ((u32_t)z_user_thread_entry_wrapper);
 	} else {
-		pInitCtx->pc = ((u32_t)_thread_entry_wrapper);
+		pInitCtx->pc = ((u32_t)z_thread_entry_wrapper);
 	}
 
 	/*
@@ -166,9 +165,10 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	 */
 	pInitCtx->status32 |= _ARC_V2_STATUS32_US;
 #else /* For no USERSPACE feature */
+	pStackMem += Z_ARCH_THREAD_STACK_RESERVED;
 	stackEnd = pStackMem + stackSize;
 
-	_new_thread_init(thread, pStackMem, stackSize, priority, options);
+	z_new_thread_init(thread, pStackMem, stackSize, priority, options);
 
 	stackAdjEnd = stackEnd;
 
@@ -177,7 +177,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		sizeof(struct init_stack_frame));
 
 	pInitCtx->status32 = 0U;
-	pInitCtx->pc = ((u32_t)_thread_entry_wrapper);
+	pInitCtx->pc = ((u32_t)z_thread_entry_wrapper);
 #endif
 
 #ifdef CONFIG_ARC_HAS_SECURE
@@ -203,7 +203,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		thread->arch.k_stack_top =
 			 (u32_t)(stackEnd + STACK_GUARD_SIZE);
 		thread->arch.k_stack_base = (u32_t)
-		(stackEnd + STACK_GUARD_SIZE + CONFIG_PRIVILEGED_STACK_SIZE);
+		(stackEnd + Z_ARCH_THREAD_STACK_RESERVED);
 	} else {
 		thread->arch.k_stack_top = (u32_t)pStackMem;
 		thread->arch.k_stack_base = (u32_t)stackEnd;
@@ -270,7 +270,7 @@ FUNC_NORETURN void z_arch_user_mode_enter(k_thread_entry_t user_entry,
 	/* need to lock cpu here ? */
 	configure_mpu_thread(_current);
 
-	_arc_userspace_enter(user_entry, p1, p2, p3,
+	z_arc_userspace_enter(user_entry, p1, p2, p3,
 			     (u32_t)_current->stack_obj,
 			     _current->stack_info.size);
 	CODE_UNREACHABLE;

arch/arc/core/thread_entry_wrapper.S

@@ -14,7 +14,7 @@
 #include <toolchain.h>
 #include <linker/sections.h>
 
-GTEXT(_thread_entry_wrapper)
+GTEXT(z_thread_entry_wrapper)
 
 /*
  * @brief Wrapper for z_thread_entry
@@ -25,7 +25,7 @@ GTEXT(_thread_entry_wrapper)
  * @return N/A
  */
 
-SECTION_FUNC(TEXT, _thread_entry_wrapper)
+SECTION_FUNC(TEXT, z_thread_entry_wrapper)
 
 	pop_s r3
 	pop_s r2

arch/arc/core/userspace.S

@@ -44,9 +44,9 @@
 	mov r13, 0
 .endm
 
-GTEXT(_arc_userspace_enter)
+GTEXT(z_arc_userspace_enter)
 GTEXT(_arc_do_syscall)
-GTEXT(_user_thread_entry_wrapper)
+GTEXT(z_user_thread_entry_wrapper)
 GTEXT(z_arch_user_string_nlen)
 GTEXT(z_arch_user_string_nlen_fault_start)
 GTEXT(z_arch_user_string_nlen_fault_end)
@@ -57,7 +57,7 @@ GTEXT(z_arch_user_string_nlen_fixup)
  *
  * @return N/A
  */
-SECTION_FUNC(TEXT, _user_thread_entry_wrapper)
+SECTION_FUNC(TEXT, z_user_thread_entry_wrapper)
 	pop_s r3
 	pop_s r2
 	pop_s r1
@@ -74,7 +74,7 @@ SECTION_FUNC(TEXT, _user_thread_entry_wrapper)
 
 /*
  * when CONFIG_INIT_STACKS is enable, stack will be initialized
- * in _new_thread_init.
+ * in z_new_thread_init.
  */
 	j _arc_go_to_user_space
 
@@ -87,7 +87,7 @@ SECTION_FUNC(TEXT, _user_thread_entry_wrapper)
  * not transition back later, unless they are doing system calls.
  *
  */
-SECTION_FUNC(TEXT, _arc_userspace_enter)
+SECTION_FUNC(TEXT, z_arc_userspace_enter)
 	/*
 	 * In ARCv2, the U bit can only be set through exception return
 	 */
@@ -151,7 +151,7 @@ _arc_go_to_user_space:
 	lr r0, [_ARC_V2_STATUS32]
 	bset r0, r0, _ARC_V2_STATUS32_U_BIT
 
-	mov r1, _thread_entry_wrapper
+	mov r1, z_thread_entry_wrapper
 
 	/* fake exception return */
 	kflag _ARC_V2_STATUS32_AE
@@ -202,40 +202,47 @@ return_loc_userspace_enter:
  *
  */
 SECTION_FUNC(TEXT, _arc_do_syscall)
-	/* r0-r5: arg1-arg6, r6 is call id */
-	/* the call id is already checked in trap_s handler */
-	push_s blink
+	/*
+	 * r0-r5: arg1-arg6, r6 is call id which is already checked in
+	 * trap_s handler, r7 is the system call stack frame pointer
+	 * need to recover r0, r1, r2 because they will be modified in
+	 * _create_irq_stack_frame. If a specific syscall frame (different
+	 * with irq stack frame) is defined, the cover of r0, r1, r2 can be
+	 * optimized.
+	 */
+	ld_s r0, [sp, ___isf_t_r0_OFFSET]
+	ld_s r1, [sp, ___isf_t_r1_OFFSET]
+	ld_s r2, [sp, ___isf_t_r2_OFFSET]
+
+	mov r7, sp
 
 	mov blink, _k_syscall_table
 	ld.as r6, [blink, r6]
 
 	jl [r6]
 
-	/*
-	 * no need to clear callee regs, as they will be saved and restored
-	 * automatically
-	 */
-	clear_scratch_regs
+	/* save return value */
+	st_s r0, [sp, ___isf_t_r0_OFFSET]
 
 	mov r29, 0
 	mov r30, 0
 
-	pop_s blink
-
 	/* through fake exception return, go back to the caller */
-	kflag _ARC_V2_STATUS32_AE
+	lr r0, [_ARC_V2_STATUS32]
+	bset r0, r0, _ARC_V2_STATUS32_AE_BIT
+	kflag r0
 
-	/* the status and return address are saved in trap_s handler */
-	pop r6
-	sr r6, [_ARC_V2_ERSTATUS]
-	pop r6
-	sr r6, [_ARC_V2_ERET]
 #ifdef CONFIG_ARC_HAS_SECURE
-	pop r6
-	sr r6, [_ARC_V2_ERSEC_STAT]
+	ld_s r0, [sp, ___isf_t_sec_stat_OFFSET]
+	sr r0, [_ARC_V2_ERSEC_STAT]
 #endif
+	ld_s r0, [sp, ___isf_t_status32_OFFSET]
+	sr r0, [_ARC_V2_ERSTATUS]
 
-	mov r6, 0
+	ld_s r0, [sp, ___isf_t_pc_OFFSET] /* eret into pc */
+	sr r0, [_ARC_V2_ERET]
+
+	_pop_irq_stack_frame
 
 	rtie
 

arch/arc/include/kernel_arch_func.h

@@ -33,7 +33,7 @@ extern "C" {
 
 static ALWAYS_INLINE void kernel_arch_init(void)
 {
-	_irq_setup();
+	z_irq_setup();
 }
 
 static ALWAYS_INLINE void
@@ -49,7 +49,7 @@ z_set_thread_return_value(struct k_thread *thread, unsigned int value)
  *
  * @return IRQ number
  */
-static ALWAYS_INLINE int _INTERRUPT_CAUSE(void)
+static ALWAYS_INLINE int Z_INTERRUPT_CAUSE(void)
 {
 	u32_t irq_num = z_arc_v2_aux_reg_read(_ARC_V2_ICAUSE);
 
@@ -58,10 +58,10 @@ static ALWAYS_INLINE int _INTERRUPT_CAUSE(void)
 
 #define z_is_in_isr	z_arc_v2_irq_unit_is_in_isr
 
-extern void _thread_entry_wrapper(void);
-extern void _user_thread_entry_wrapper(void);
+extern void z_thread_entry_wrapper(void);
+extern void z_user_thread_entry_wrapper(void);
 
-extern void _arc_userspace_enter(k_thread_entry_t user_entry, void *p1,
+extern void z_arc_userspace_enter(k_thread_entry_t user_entry, void *p1,
 		 void *p2, void *p3, u32_t stack, u32_t size);
 
 #endif /* _ASMLANGUAGE */

arch/arc/include/tracing_arch.h

@@ -24,9 +24,9 @@ extern "C" {
  *
  * @return The key of the interrupt that is currently being processed.
  */
-int _sys_current_irq_key_get(void)
+int z_sys_current_irq_key_get(void)
 {
-	return _INTERRUPT_CAUSE();
+	return Z_INTERRUPT_CAUSE();
 }
 
 #ifdef __cplusplus

arch/arc/include/v2/cache.h

@@ -34,7 +34,7 @@ extern "C" {
  *
  * Enables the i-cache and sets it to direct access mode.
  */
-static ALWAYS_INLINE void _icache_setup(void)
+static ALWAYS_INLINE void z_icache_setup(void)
 {
 	u32_t icache_config = (
 		IC_CACHE_DIRECT | /* direct mapping (one-way assoc.) */
@@ -44,7 +44,7 @@ static ALWAYS_INLINE void _icache_setup(void)
 
 	val = z_arc_v2_aux_reg_read(_ARC_V2_I_CACHE_BUILD);
 	val &= 0xff;
-	if (val != 0) { /* is i-cache present? */
+	if (val != 0U) { /* is i-cache present? */
 		/* configure i-cache */
 		z_arc_v2_aux_reg_write(_ARC_V2_IC_CTRL, icache_config);
 	}

arch/arc/include/v2/irq.h

@@ -36,11 +36,11 @@ extern "C" {
 extern K_THREAD_STACK_DEFINE(_interrupt_stack, CONFIG_ISR_STACK_SIZE);
 
 /*
- * _irq_setup
+ * z_irq_setup
  *
  * Configures interrupt handling parameters
  */
-static ALWAYS_INLINE void _irq_setup(void)
+static ALWAYS_INLINE void z_irq_setup(void)
 {
 	u32_t aux_irq_ctrl_value = (
 		_ARC_V2_AUX_IRQ_CTRL_LOOP_REGS | /* save lp_xxx registers */
@@ -55,7 +55,7 @@ static ALWAYS_INLINE void _irq_setup(void)
 	z_arc_v2_aux_reg_write(_ARC_V2_AUX_IRQ_CTRL, aux_irq_ctrl_value);
 
 	_kernel.irq_stack =
-		K_THREAD_STACK_BUFFER(_interrupt_stack) + CONFIG_ISR_STACK_SIZE;
+		Z_THREAD_STACK_BUFFER(_interrupt_stack) + CONFIG_ISR_STACK_SIZE;
 }
 
 #endif /* _ASMLANGUAGE */

arch/arm/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 set(ARCH_FOR_cortex-m0        armv6s-m        )
 set(ARCH_FOR_cortex-m0plus    armv6s-m        )
 set(ARCH_FOR_cortex-m3        armv7-m         )

arch/arm/core/CMakeLists.txt

@@ -1,8 +1,11 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 
 zephyr_compile_options_ifdef(CONFIG_COVERAGE_GCOV
   -ftest-coverage
   -fprofile-arcs
+  -fno-inline
   )
 
 zephyr_library_sources(

arch/arm/core/cortex_m/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 
 zephyr_library_sources(

arch/arm/core/cortex_m/cmse/CMakeLists.txt

@@ -1 +1,3 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_sources(arm_core_cmse.c)

arch/arm/core/cortex_m/mpu/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 
 zephyr_library_sources(                             arm_core_mpu.c)

arch/arm/core/cortex_m/mpu/Kconfig

@@ -44,4 +44,23 @@ config MPU_ALLOW_FLASH_WRITE
 	help
 	  Enable this to allow MPU RWX access to flash memory
 
+config CUSTOM_SECTION_ALIGN
+	bool "Custom Section Align"
+	depends on ARM_MPU
+	help
+	  MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT(ARMv7-M) sometimes cause memory
+	  wasting in linker scripts defined memory sections. Use this symbol
+	  to guarantee user custom section align size to avoid more memory used
+	  for respect alignment. But that needs carefully configure MPU region
+	  and sub-regions(ARMv7-M) to cover this feature.
+
+config CUSTOM_SECTION_MIN_ALIGN_SIZE
+	int "Custom Section Align Size"
+	default 32
+	help
+	  Custom algin size of memory section in linker scripts. Usually
+	  it should consume less alignment memory. Alougth this alignment
+	  size is configured by users, it must also respect the power of
+	  two regulation if hardware requires.
+
 endif # CPU_HAS_MPU

arch/arm/core/cortex_m/mpu/arm_core_mpu.c

@@ -150,7 +150,7 @@ void z_arch_configure_dynamic_mpu_regions(struct k_thread *thread)
 	 */
 	struct k_mem_partition *dynamic_regions[_MAX_DYNAMIC_MPU_REGIONS_NUM];
 
-	u8_t region_num = 0;
+	u8_t region_num = 0U;
 
 #if defined(CONFIG_USERSPACE)
 	struct k_mem_partition thread_stack;
@@ -184,7 +184,7 @@ void z_arch_configure_dynamic_mpu_regions(struct k_thread *thread)
 
 			region_num++;
 			num_partitions--;
-			if (num_partitions == 0) {
+			if (num_partitions == 0U) {
 				break;
 			}
 		}
@@ -193,15 +193,9 @@ void z_arch_configure_dynamic_mpu_regions(struct k_thread *thread)
 	LOG_DBG("configure user thread %p's context", thread);
 	if (thread->arch.priv_stack_start) {
 		u32_t base = (u32_t)thread->stack_obj;
-		u32_t size = thread->stack_info.size;
-#if !defined(CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT)
-		/* In user-mode the thread stack will include the (optional)
-		 * guard area. For MPUs with arbitrary base address and limit
-		 * it is essential to include this size increase, to avoid
-		 * MPU faults.
-		 */
-		size += thread->stack_info.start - base;
-#endif
+		u32_t size = thread->stack_info.size +
+			(thread->stack_info.start - base);
+
 		__ASSERT(region_num < _MAX_DYNAMIC_MPU_REGIONS_NUM,
 			"Out-of-bounds error for dynamic region map.");
 		thread_stack = (const struct k_mem_partition)
@@ -306,7 +300,7 @@ void z_arch_mem_domain_destroy(struct k_mem_domain *domain)
 
 	for (i = 0; i < CONFIG_MAX_DOMAIN_PARTITIONS; i++) {
 		partition = domain->partitions[i];
-		if (partition.size == 0) {
+		if (partition.size == 0U) {
 			/* Zero size indicates a non-existing
 			 * memory partition.
 			 */

arch/arm/core/cortex_m/mpu/arm_mpu.c

@@ -26,7 +26,7 @@ static u8_t static_regions_num;
 /**
  *  Get the number of supported MPU regions.
  */
-static inline u8_t _get_num_regions(void)
+static inline u8_t get_num_regions(void)
 {
 #if defined(CONFIG_CPU_CORTEX_M0PLUS) || \
 	defined(CONFIG_CPU_CORTEX_M3) || \
@@ -57,11 +57,11 @@ static inline u8_t _get_num_regions(void)
 #error "Unsupported ARM CPU"
 #endif
 
-static int _region_allocate_and_init(const u8_t index,
+static int region_allocate_and_init(const u8_t index,
 	const struct arm_mpu_region *region_conf)
 {
 	/* Attempt to allocate new region index. */
-	if (index > (_get_num_regions() - 1)) {
+	if (index > (get_num_regions() - 1)) {
 
 		/* No available MPU region index. */
 		LOG_ERR("Failed to allocate new MPU region %u\n", index);
@@ -71,7 +71,7 @@ static int _region_allocate_and_init(const u8_t index,
 	LOG_DBG("Program MPU region at index 0x%x", index);
 
 	/* Program region */
-	_region_init(index, region_conf);
+	region_init(index, region_conf);
 
 	return index;
 }
@@ -79,7 +79,7 @@ static int _region_allocate_and_init(const u8_t index,
 /* This internal function programs an MPU region
  * of a given configuration at a given MPU index.
  */
-static int _mpu_configure_region(const u8_t index,
+static int mpu_configure_region(const u8_t index,
 	const struct k_mem_partition *new_region)
 {
 	struct arm_mpu_region region_conf;
@@ -88,11 +88,11 @@ static int _mpu_configure_region(const u8_t index,
 
 	/* Populate internal ARM MPU region configuration structure. */
 	region_conf.base = new_region->start;
-	_get_region_attr_from_k_mem_partition_info(&region_conf.attr,
+	get_region_attr_from_k_mem_partition_info(&region_conf.attr,
 		&new_region->attr, new_region->start, new_region->size);
 
 	/* Allocate and program region */
-	return _region_allocate_and_init(index,
+	return region_allocate_and_init(index,
 		(const struct arm_mpu_region *)&region_conf);
 }
 
@@ -135,20 +135,20 @@ void arm_core_mpu_mem_partition_config_update(
 {
 	/* Find the partition. ASSERT if not found. */
 	u8_t i;
-	u8_t reg_index = _get_num_regions();
+	u8_t reg_index = get_num_regions();
 
-	for (i = static_regions_num; i < _get_num_regions(); i++) {
-		if (!_is_enabled_region(i)) {
+	for (i = get_dyn_region_min_index(); i < get_num_regions(); i++) {
+		if (!is_enabled_region(i)) {
 			continue;
 		}
 
-		u32_t base = _mpu_region_get_base(i);
+		u32_t base = mpu_region_get_base(i);
 
 		if (base != partition->start) {
 			continue;
 		}
 
-		u32_t size = _mpu_region_get_size(i);
+		u32_t size = mpu_region_get_size(i);
 
 		if (size != partition->size) {
 			continue;
@@ -158,12 +158,12 @@ void arm_core_mpu_mem_partition_config_update(
 		reg_index = i;
 		break;
 	}
-	__ASSERT(reg_index != _get_num_regions(),
-		"Memory domain partition not found\n");
+	__ASSERT(reg_index != get_num_regions(),
+		 "Memory domain partition not found\n");
 
 	/* Modify the permissions */
 	partition->attr = *new_attr;
-	_mpu_configure_region(reg_index, partition);
+	mpu_configure_region(reg_index, partition);
 }
 
 /**
@@ -172,7 +172,7 @@ void arm_core_mpu_mem_partition_config_update(
  */
 int arm_core_mpu_get_max_available_dyn_regions(void)
 {
-	return _get_num_regions() - static_regions_num;
+	return get_num_regions() - static_regions_num;
 }
 
 /**
@@ -182,7 +182,7 @@ int arm_core_mpu_get_max_available_dyn_regions(void)
  */
 int arm_core_mpu_buffer_validate(void *addr, size_t size, int write)
 {
-	return _mpu_buffer_validate(addr, size, write);
+	return mpu_buffer_validate(addr, size, write);
 }
 
 #endif /* CONFIG_USERSPACE */
@@ -194,8 +194,8 @@ void arm_core_mpu_configure_static_mpu_regions(const struct k_mem_partition
 	*static_regions[], const u8_t regions_num,
 	const u32_t background_area_start, const u32_t background_area_end)
 {
-	if (_mpu_configure_static_mpu_regions(static_regions, regions_num,
-		background_area_start, background_area_end) == -EINVAL) {
+	if (mpu_configure_static_mpu_regions(static_regions, regions_num,
+					       background_area_start, background_area_end) == -EINVAL) {
 
 		__ASSERT(0, "Configuring %u static MPU regions failed\n",
 			regions_num);
@@ -210,8 +210,8 @@ void arm_core_mpu_mark_areas_for_dynamic_regions(
 	const struct k_mem_partition dyn_region_areas[],
 	const u8_t dyn_region_areas_num)
 {
-	if (_mpu_mark_areas_for_dynamic_regions(dyn_region_areas,
-			dyn_region_areas_num) == -EINVAL) {
+	if (mpu_mark_areas_for_dynamic_regions(dyn_region_areas,
+						 dyn_region_areas_num) == -EINVAL) {
 
 		__ASSERT(0, "Marking %u areas for dynamic regions failed\n",
 			dyn_region_areas_num);
@@ -225,7 +225,7 @@ void arm_core_mpu_mark_areas_for_dynamic_regions(
 void arm_core_mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
-	if (_mpu_configure_dynamic_mpu_regions(dynamic_regions, regions_num)
+	if (mpu_configure_dynamic_mpu_regions(dynamic_regions, regions_num)
 		== -EINVAL) {
 
 		__ASSERT(0, "Configuring %u dynamic MPU regions failed\n",
@@ -245,7 +245,7 @@ static int arm_mpu_init(struct device *arg)
 {
 	u32_t r_index;
 
-	if (mpu_config.num_regions > _get_num_regions()) {
+	if (mpu_config.num_regions > get_num_regions()) {
 		/* Attempt to configure more MPU regions than
 		 * what is supported by hardware. As this operation
 		 * is executed during system (pre-kernel) initialization,
@@ -255,21 +255,21 @@ static int arm_mpu_init(struct device *arg)
 		__ASSERT(0,
 			"Request to configure: %u regions (supported: %u)\n",
 			mpu_config.num_regions,
-			_get_num_regions()
+			get_num_regions()
 		);
 		return -1;
 	}
 
-	LOG_DBG("total region count: %d", _get_num_regions());
+	LOG_DBG("total region count: %d", get_num_regions());
 
 	arm_core_mpu_disable();
 
 	/* Architecture-specific configuration */
-	_mpu_init();
+	mpu_init();
 
 	/* Program fixed regions configured at SOC definition. */
 	for (r_index = 0U; r_index < mpu_config.num_regions; r_index++) {
-		_region_init(r_index, &mpu_config.mpu_regions[r_index]);
+		region_init(r_index, &mpu_config.mpu_regions[r_index]);
 	}
 
 	/* Update the number of programmed MPU regions. */

arch/arm/core/cortex_m/mpu/arm_mpu_v7_internal.h

@@ -13,7 +13,7 @@
 #include <logging/log.h>
 
 /* Global MPU configuration at system initialization. */
-static void _mpu_init(void)
+static void mpu_init(void)
 {
 	/* No specific configuration at init for ARMv7-M MPU. */
 }
@@ -23,7 +23,7 @@ static void _mpu_init(void)
  * Note:
  *   The caller must provide a valid region index.
  */
-static void _region_init(const u32_t index,
+static void region_init(const u32_t index,
 	const struct arm_mpu_region *region_conf)
 {
 	/* Select the region you want to access */
@@ -44,7 +44,7 @@ static void _region_init(const u32_t index,
  * @param part Pointer to the data structure holding the partition
  *             information (must be valid).
  */
-static int _mpu_partition_is_valid(const struct k_mem_partition *part)
+static int mpu_partition_is_valid(const struct k_mem_partition *part)
 {
 	/* Partition size must be power-of-two,
 	 * and greater or equal to the minimum
@@ -52,11 +52,11 @@ static int _mpu_partition_is_valid(const struct k_mem_partition *part)
 	 * partition must align with size.
 	 */
 	int partition_is_valid =
-		((part->size & (part->size - 1)) == 0)
+		((part->size & (part->size - 1)) == 0U)
 		&&
 		(part->size >= CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE)
 		&&
-		((part->start & (part->size - 1)) == 0);
+		((part->start & (part->size - 1)) == 0U);
 
 	return partition_is_valid;
 }
@@ -69,10 +69,10 @@ static int _mpu_partition_is_valid(const struct k_mem_partition *part)
  * power-of-two value, and the returned SIZE field value corresponds
  * to that power-of-two value.
  */
-static inline u32_t _size_to_mpu_rasr_size(u32_t size)
+static inline u32_t size_to_mpu_rasr_size(u32_t size)
 {
 	/* The minimal supported region size is 32 bytes */
-	if (size <= 32) {
+	if (size <= 32U) {
 		return REGION_32B;
 	}
 
@@ -94,7 +94,7 @@ static inline u32_t _size_to_mpu_rasr_size(u32_t size)
  * region attribute configuration and size and fill-in a driver-specific
  * structure with the correct MPU region configuration.
  */
-static inline void _get_region_attr_from_k_mem_partition_info(
+static inline void get_region_attr_from_k_mem_partition_info(
 	arm_mpu_region_attr_t *p_attr,
 	const k_mem_partition_attr_t *attr, u32_t base, u32_t size)
 {
@@ -103,32 +103,44 @@ static inline void _get_region_attr_from_k_mem_partition_info(
 	 */
 	(void) base;
 
-	p_attr->rasr = attr->rasr_attr | _size_to_mpu_rasr_size(size);
+	p_attr->rasr = attr->rasr_attr | size_to_mpu_rasr_size(size);
 }
 
 #if defined(CONFIG_USERSPACE)
 
+/**
+ * This internal function returns the minimum HW MPU region index
+ * that may hold the configuration of a dynamic memory region.
+ *
+ * Trivial for ARMv7-M MPU, where dynamic memory areas are programmed
+ * in MPU regions indices right after the static regions.
+ */
+static inline int get_dyn_region_min_index(void)
+{
+	return static_regions_num;
+}
+
 /**
  * This internal function converts the SIZE field value of MPU_RASR
  * to the region size (in bytes).
  */
-static inline u32_t _mpu_rasr_size_to_size(u32_t rasr_size)
+static inline u32_t mpu_rasr_size_to_size(u32_t rasr_size)
 {
 	return 1 << (rasr_size + 1);
 }
 
-static inline u32_t _mpu_region_get_base(u32_t index)
+static inline u32_t mpu_region_get_base(u32_t index)
 {
 	MPU->RNR = index;
 	return MPU->RBAR & MPU_RBAR_ADDR_Msk;
 }
 
-static inline u32_t _mpu_region_get_size(u32_t index)
+static inline u32_t mpu_region_get_size(u32_t index)
 {
 	MPU->RNR = index;
 	u32_t rasr_size = (MPU->RASR & MPU_RASR_SIZE_Msk) >> MPU_RASR_SIZE_Pos;
 
-	return _mpu_rasr_size_to_size(rasr_size);
+	return mpu_rasr_size_to_size(rasr_size);
 }
 
 /**
@@ -137,10 +149,18 @@ static inline u32_t _mpu_region_get_size(u32_t index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_enabled_region(u32_t index)
+static inline int is_enabled_region(u32_t index)
 {
+	/* Lock IRQs to ensure RNR value is correct when reading RASR. */
+	unsigned int key;
+	u32_t rasr;
+
+	key = irq_lock();
 	MPU->RNR = index;
-	return (MPU->RASR & MPU_RASR_ENABLE_Msk) ? 1 : 0;
+	rasr = MPU->RASR;
+	irq_unlock(key);
+
+	return (rasr & MPU_RASR_ENABLE_Msk) ? 1 : 0;
 }
 
 /* Only a single bit is set for all user accessible permissions.
@@ -155,10 +175,18 @@ static inline int _is_enabled_region(u32_t index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline u32_t _get_region_ap(u32_t r_index)
+static inline u32_t get_region_ap(u32_t r_index)
 {
+	/* Lock IRQs to ensure RNR value is correct when reading RASR. */
+	unsigned int key;
+	u32_t rasr;
+
+	key = irq_lock();
 	MPU->RNR = r_index;
-	return (MPU->RASR & MPU_RASR_AP_Msk) >> MPU_RASR_AP_Pos;
+	rasr = MPU->RASR;
+	irq_unlock(key);
+
+	return (rasr & MPU_RASR_AP_Msk) >> MPU_RASR_AP_Pos;
 }
 
 /**
@@ -167,19 +195,34 @@ static inline u32_t _get_region_ap(u32_t r_index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_in_region(u32_t r_index, u32_t start, u32_t size)
+static inline int is_in_region(u32_t r_index, u32_t start, u32_t size)
 {
 	u32_t r_addr_start;
 	u32_t r_size_lshift;
 	u32_t r_addr_end;
+	u32_t end;
 
+	/* Lock IRQs to ensure RNR value is correct when reading RBAR, RASR. */
+	unsigned int key;
+	u32_t rbar, rasr;
+
+	key = irq_lock();
 	MPU->RNR = r_index;
-	r_addr_start = MPU->RBAR & MPU_RBAR_ADDR_Msk;
-	r_size_lshift = ((MPU->RASR & MPU_RASR_SIZE_Msk) >>
+	rbar = MPU->RBAR;
+	rasr = MPU->RASR;
+	irq_unlock(key);
+
+	r_addr_start = rbar & MPU_RBAR_ADDR_Msk;
+	r_size_lshift = ((rasr & MPU_RASR_SIZE_Msk) >>
 			MPU_RASR_SIZE_Pos) + 1;
 	r_addr_end = r_addr_start + (1UL << r_size_lshift) - 1;
 
-	if (start >= r_addr_start && (start + size - 1) <= r_addr_end) {
+	size = size == 0 ? 0 : size - 1;
+	if (__builtin_add_overflow(start, size, &end)) {
+		return 0;
+	}
+
+	if ((start >= r_addr_start) && (end <= r_addr_end)) {
 		return 1;
 	}
 
@@ -192,9 +235,9 @@ static inline int _is_in_region(u32_t r_index, u32_t start, u32_t size)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_user_accessible_region(u32_t r_index, int write)
+static inline int is_user_accessible_region(u32_t r_index, int write)
 {
-	u32_t r_ap = _get_region_ap(r_index);
+	u32_t r_ap = get_region_ap(r_index);
 
 
 	if (write) {
@@ -208,14 +251,14 @@ static inline int _is_user_accessible_region(u32_t r_index, int write)
  * This internal function validates whether a given memory buffer
  * is user accessible or not.
  */
-static inline int _mpu_buffer_validate(void *addr, size_t size, int write)
+static inline int mpu_buffer_validate(void *addr, size_t size, int write)
 {
 	s32_t r_index;
 
 	/* Iterate all mpu regions in reversed order */
-	for (r_index = _get_num_regions() - 1; r_index >= 0;  r_index--) {
-		if (!_is_enabled_region(r_index) ||
-		    !_is_in_region(r_index, (u32_t)addr, size)) {
+	for (r_index = get_num_regions() - 1; r_index >= 0;  r_index--) {
+		if (!is_enabled_region(r_index) ||
+		    !is_in_region(r_index, (u32_t)addr, size)) {
 			continue;
 		}
 
@@ -224,7 +267,7 @@ static inline int _mpu_buffer_validate(void *addr, size_t size, int write)
 		 * we can stop the iteration immediately once we find the
 		 * matched region that grants permission or denies access.
 		 */
-		if (_is_user_accessible_region(r_index, write)) {
+		if (is_user_accessible_region(r_index, write)) {
 			return 0;
 		} else {
 			return -EPERM;
@@ -237,14 +280,14 @@ static inline int _mpu_buffer_validate(void *addr, size_t size, int write)
 
 #endif /* CONFIG_USERSPACE */
 
-static int _mpu_configure_region(const u8_t index,
+static int mpu_configure_region(const u8_t index,
 	const struct k_mem_partition *new_region);
 
 /* This internal function programs a set of given MPU regions
  * over a background memory area, optionally performing a
  * sanity check of the memory regions to be programmed.
  */
-static int _mpu_configure_regions(const struct k_mem_partition
+static int mpu_configure_regions(const struct k_mem_partition
 	*regions[], u8_t regions_num, u8_t start_reg_index,
 	bool do_sanity_check)
 {
@@ -252,18 +295,18 @@ static int _mpu_configure_regions(const struct k_mem_partition
 	int reg_index = start_reg_index;
 
 	for (i = 0; i < regions_num; i++) {
-		if (regions[i]->size == 0) {
+		if (regions[i]->size == 0U) {
 			continue;
 		}
 		/* Non-empty region. */
 
 		if (do_sanity_check &&
-				(!_mpu_partition_is_valid(regions[i]))) {
+				(!mpu_partition_is_valid(regions[i]))) {
 			LOG_ERR("Partition %u: sanity check failed.", i);
 			return -EINVAL;
 		}
 
-		reg_index = _mpu_configure_region(reg_index, regions[i]);
+		reg_index = mpu_configure_region(reg_index, regions[i]);
 
 		if (reg_index == -EINVAL) {
 			return reg_index;
@@ -284,7 +327,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
  * If the static MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
+static int mpu_configure_static_mpu_regions(const struct k_mem_partition
 	*static_regions[], const u8_t regions_num,
 	const u32_t background_area_base,
 	const u32_t background_area_end)
@@ -297,7 +340,7 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
 	ARG_UNUSED(background_area_base);
 	ARG_UNUSED(background_area_end);
 
-	mpu_reg_index = _mpu_configure_regions(static_regions,
+	mpu_reg_index = mpu_configure_regions(static_regions,
 		regions_num, mpu_reg_index, true);
 
 	static_regions_num = mpu_reg_index;
@@ -313,7 +356,7 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
  * If the dynamic MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
+static int mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
 	int mpu_reg_index = static_regions_num;
@@ -322,13 +365,13 @@ static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * programmed on top of existing SRAM region configuration.
 	 */
 
-	mpu_reg_index = _mpu_configure_regions(dynamic_regions,
+	mpu_reg_index = mpu_configure_regions(dynamic_regions,
 		regions_num, mpu_reg_index, false);
 
 	if (mpu_reg_index != -EINVAL) {
 
 		/* Disable the non-programmed MPU regions. */
-		for (int i = mpu_reg_index; i < _get_num_regions(); i++) {
+		for (int i = mpu_reg_index; i < get_num_regions(); i++) {
 			ARM_MPU_ClrRegion(i);
 		}
 	}

arch/arm/core/cortex_m/mpu/arm_mpu_v8_internal.h

@@ -18,7 +18,7 @@
  *        is allowed.
  */
 struct dynamic_region_info {
-	u8_t index;
+	int index;
 	struct arm_mpu_region region_conf;
 };
 
@@ -31,7 +31,7 @@ static struct dynamic_region_info dyn_reg_info[MPU_DYNAMIC_REGION_AREAS_NUM];
 
 
 /* Global MPU configuration at system initialization. */
-static void _mpu_init(void)
+static void mpu_init(void)
 {
 	/* Configure the cache-ability attributes for all the
 	 * different types of memory regions.
@@ -57,7 +57,7 @@ static void _mpu_init(void)
  * Note:
  *   The caller must provide a valid region index.
  */
-static void _region_init(const u32_t index,
+static void region_init(const u32_t index,
 	const struct arm_mpu_region *region_conf)
 {
 	ARM_MPU_SetRegion(
@@ -87,7 +87,7 @@ static void _region_init(const u32_t index,
  * @param part Pointer to the data structure holding the partition
  *             information (must be valid).
  * */
-static int _mpu_partition_is_valid(const struct k_mem_partition *part)
+static int mpu_partition_is_valid(const struct k_mem_partition *part)
 {
 	/* Partition size must be a multiple of the minimum MPU region
 	 * size. Start address of the partition must align with the
@@ -101,7 +101,7 @@ static int _mpu_partition_is_valid(const struct k_mem_partition *part)
 			== part->size)
 		&&
 		((part->start &
-			(CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE - 1)) == 0);
+			(CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE - 1)) == 0U);
 
 	return partition_is_valid;
 }
@@ -116,7 +116,7 @@ static int _mpu_partition_is_valid(const struct k_mem_partition *part)
  * needs to be enabled.
  *
  */
-static inline int _get_region_index(u32_t start, u32_t size)
+static inline int get_region_index(u32_t start, u32_t size)
 {
 	u32_t region_start_addr = arm_cmse_mpu_region_get(start);
 	u32_t region_end_addr = arm_cmse_mpu_region_get(start + size - 1);
@@ -130,33 +130,33 @@ static inline int _get_region_index(u32_t start, u32_t size)
 	return -EINVAL;
 }
 
-static inline u32_t _mpu_region_get_base(const u32_t index)
+static inline u32_t mpu_region_get_base(const u32_t index)
 {
 	MPU->RNR = index;
 	return MPU->RBAR & MPU_RBAR_BASE_Msk;
 }
 
-static inline void _mpu_region_set_base(const u32_t index, const u32_t base)
+static inline void mpu_region_set_base(const u32_t index, const u32_t base)
 {
 	MPU->RNR = index;
 	MPU->RBAR = (MPU->RBAR & (~MPU_RBAR_BASE_Msk))
 		| (base & MPU_RBAR_BASE_Msk);
 }
 
-static inline u32_t _mpu_region_get_last_addr(const u32_t index)
+static inline u32_t mpu_region_get_last_addr(const u32_t index)
 {
 	MPU->RNR = index;
 	return (MPU->RLAR & MPU_RLAR_LIMIT_Msk) | (~MPU_RLAR_LIMIT_Msk);
 }
 
-static inline void _mpu_region_set_limit(const u32_t index, const u32_t limit)
+static inline void mpu_region_set_limit(const u32_t index, const u32_t limit)
 {
 	MPU->RNR = index;
 	MPU->RLAR = (MPU->RLAR & (~MPU_RLAR_LIMIT_Msk))
 		| (limit & MPU_RLAR_LIMIT_Msk);
 }
 
-static inline void _mpu_region_get_access_attr(const u32_t index,
+static inline void mpu_region_get_access_attr(const u32_t index,
 	arm_mpu_region_attr_t *attr)
 {
 	MPU->RNR = index;
@@ -167,7 +167,7 @@ static inline void _mpu_region_get_access_attr(const u32_t index,
 		MPU_RLAR_AttrIndx_Pos;
 }
 
-static inline void _mpu_region_get_conf(const u32_t index,
+static inline void mpu_region_get_conf(const u32_t index,
 	struct arm_mpu_region *region_conf)
 {
 	MPU->RNR = index;
@@ -177,7 +177,7 @@ static inline void _mpu_region_get_conf(const u32_t index,
 	 * - Share-ability
 	 * - Access Permissions
 	 */
-	_mpu_region_get_access_attr(index, &region_conf->attr);
+	mpu_region_get_access_attr(index, &region_conf->attr);
 
 	/* Region base address */
 	region_conf->base = (MPU->RBAR & MPU_RBAR_BASE_Msk);
@@ -191,7 +191,7 @@ static inline void _mpu_region_get_conf(const u32_t index,
  * region attribute configuration and size and fill-in a driver-specific
  * structure with the correct MPU region configuration.
  */
-static inline void _get_region_attr_from_k_mem_partition_info(
+static inline void get_region_attr_from_k_mem_partition_info(
 	arm_mpu_region_attr_t *p_attr,
 	const k_mem_partition_attr_t *attr, u32_t base, u32_t size)
 {
@@ -203,10 +203,35 @@ static inline void _get_region_attr_from_k_mem_partition_info(
 
 #if defined(CONFIG_USERSPACE)
 
-static inline u32_t _mpu_region_get_size(u32_t index)
+/**
+ * This internal function returns the minimum HW MPU region index
+ * that may hold the configuration of a dynamic memory region.
+ *
+ * Browse through the memory areas marked for dynamic MPU programming,
+ * pick the one with the minimum MPU region index. Return that index.
+ *
+ * The function is optimized for the (most common) use-case of a single
+ * marked area for dynamic memory regions.
+ */
+static inline int get_dyn_region_min_index(void)
 {
-	return _mpu_region_get_last_addr(index) + 1
-		- _mpu_region_get_base(index);
+	int dyn_reg_min_index = dyn_reg_info[0].index;
+#if MPU_DYNAMIC_REGION_AREAS_NUM > 1
+	for (int i = 1; i < MPU_DYNAMIC_REGION_AREAS_NUM; i++) {
+		if ((dyn_reg_info[i].index != -EINVAL) &&
+			(dyn_reg_info[i].index < dyn_reg_min_index)
+		) {
+			dyn_reg_min_index = dyn_reg_info[i].index;
+		}
+	}
+#endif
+	return dyn_reg_min_index;
+}
+
+static inline u32_t mpu_region_get_size(u32_t index)
+{
+	return mpu_region_get_last_addr(index) + 1
+		- mpu_region_get_base(index);
 }
 
 /**
@@ -215,7 +240,7 @@ static inline u32_t _mpu_region_get_size(u32_t index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_enabled_region(u32_t index)
+static inline int is_enabled_region(u32_t index)
 {
 	MPU->RNR = index;
 
@@ -225,8 +250,27 @@ static inline int _is_enabled_region(u32_t index)
 /**
  * This internal function validates whether a given memory buffer
  * is user accessible or not.
+ *
+ * Note: [Doc. number: ARM-ECM-0359818]
+ * "Some SAU, IDAU, and MPU configurations block the efficient implementation
+ * of an address range check. The CMSE intrinsic operates under the assumption
+ * that the configuration of the SAU, IDAU, and MPU is constrained as follows:
+ * - An object is allocated in a single MPU/SAU/IDAU region.
+ * - A stack is allocated in a single region.
+ *
+ * These points imply that the memory buffer does not span across multiple MPU,
+ * SAU, or IDAU regions."
+ *
+ * MPU regions are configurable, however, some platforms might have fixed-size
+ * SAU or IDAU regions. So, even if a buffer is allocated inside a single MPU
+ * region, it might span across multiple SAU/IDAU regions, which will make the
+ * TT-based address range check fail.
+ *
+ * Therefore, the function performs a second check, which is based on MPU only,
+ * in case the fast address range check fails.
+ *
  */
-static inline int _mpu_buffer_validate(void *addr, size_t size, int write)
+static inline int mpu_buffer_validate(void *addr, size_t size, int write)
 {
 	u32_t _addr = (u32_t)addr;
 	u32_t _size = (u32_t)size;
@@ -241,23 +285,44 @@ static inline int _mpu_buffer_validate(void *addr, size_t size, int write)
 		}
 	}
 
+#if defined(CONFIG_CPU_HAS_TEE)
+	/*
+	 * Validation failure may be due to SAU/IDAU presence.
+	 * We re-check user accessibility based on MPU only.
+	 */
+	s32_t r_index_base = arm_cmse_mpu_region_get(_addr);
+	s32_t r_index_last = arm_cmse_mpu_region_get(_addr + _size - 1);
+
+	if ((r_index_base != -EINVAL) && (r_index_base == r_index_last)) {
+		/* Valid MPU region, check permissions on base address only. */
+		if (write) {
+			if (arm_cmse_addr_readwrite_ok(_addr, 1)) {
+				return 0;
+			}
+		} else {
+			if (arm_cmse_addr_read_ok(_addr, 1)) {
+				return 0;
+			}
+		}
+	}
+#endif /* CONFIG_CPU_HAS_TEE */
 	return -EPERM;
 }
 
 
 #endif /* CONFIG_USERSPACE */
 
-static int _region_allocate_and_init(const u8_t index,
+static int region_allocate_and_init(const u8_t index,
 	const struct arm_mpu_region *region_conf);
 
-static int _mpu_configure_region(const u8_t index,
+static int mpu_configure_region(const u8_t index,
 	const struct k_mem_partition *new_region);
 
 /* This internal function programs a set of given MPU regions
  * over a background memory area, optionally performing a
  * sanity check of the memory regions to be programmed.
  */
-static int _mpu_configure_regions(const struct k_mem_partition
+static int mpu_configure_regions(const struct k_mem_partition
 	*regions[], u8_t regions_num, u8_t start_reg_index,
 	bool do_sanity_check)
 {
@@ -265,13 +330,13 @@ static int _mpu_configure_regions(const struct k_mem_partition
 	int reg_index = start_reg_index;
 
 	for (i = 0; i < regions_num; i++) {
-		if (regions[i]->size == 0) {
+		if (regions[i]->size == 0U) {
 			continue;
 		}
 		/* Non-empty region. */
 
 		if (do_sanity_check &&
-			(!_mpu_partition_is_valid(regions[i]))) {
+			(!mpu_partition_is_valid(regions[i]))) {
 			LOG_ERR("Partition %u: sanity check failed.", i);
 			return -EINVAL;
 		}
@@ -280,7 +345,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
 		 * inside which the new region will be configured.
 		 */
 		int u_reg_index =
-			_get_region_index(regions[i]->start, regions[i]->size);
+			get_region_index(regions[i]->start, regions[i]->size);
 
 		if ((u_reg_index == -EINVAL) ||
 			(u_reg_index > (reg_index - 1))) {
@@ -293,8 +358,8 @@ static int _mpu_configure_regions(const struct k_mem_partition
 		 * The new memory region is to be placed inside the underlying
 		 * region, possibly splitting the underlying region into two.
 		 */
-		u32_t u_reg_base = _mpu_region_get_base(u_reg_index);
-		u32_t u_reg_last = _mpu_region_get_last_addr(u_reg_index);
+		u32_t u_reg_base = mpu_region_get_base(u_reg_index);
+		u32_t u_reg_last = mpu_region_get_last_addr(u_reg_index);
 		u32_t reg_last = regions[i]->start + regions[i]->size - 1;
 
 		if ((regions[i]->start == u_reg_base) &&
@@ -305,17 +370,17 @@ static int _mpu_configure_regions(const struct k_mem_partition
 			 * underlying region with those of the new
 			 * region.
 			 */
-			_mpu_configure_region(u_reg_index, regions[i]);
+			mpu_configure_region(u_reg_index, regions[i]);
 		} else if (regions[i]->start == u_reg_base) {
 			/* The new region starts exactly at the start of the
 			 * underlying region; the start of the underlying
 			 * region needs to be set to the end of the new region.
 			 */
-			_mpu_region_set_base(u_reg_index,
+			mpu_region_set_base(u_reg_index,
 				regions[i]->start + regions[i]->size);
 
 			reg_index =
-				_mpu_configure_region(reg_index, regions[i]);
+				mpu_configure_region(reg_index, regions[i]);
 
 			if (reg_index == -EINVAL) {
 				return reg_index;
@@ -328,11 +393,11 @@ static int _mpu_configure_regions(const struct k_mem_partition
 			 * region needs to be set to the start of the
 			 * new region.
 			 */
-			_mpu_region_set_limit(u_reg_index,
+			mpu_region_set_limit(u_reg_index,
 				regions[i]->start - 1);
 
 			reg_index =
-				_mpu_configure_region(reg_index, regions[i]);
+				mpu_configure_region(reg_index, regions[i]);
 
 			if (reg_index == -EINVAL) {
 				return reg_index;
@@ -344,11 +409,11 @@ static int _mpu_configure_regions(const struct k_mem_partition
 			 * underlying region, which needs to split
 			 * into two regions.
 			 */
-			_mpu_region_set_limit(u_reg_index,
+			mpu_region_set_limit(u_reg_index,
 				regions[i]->start - 1);
 
 			reg_index =
-				_mpu_configure_region(reg_index, regions[i]);
+				mpu_configure_region(reg_index, regions[i]);
 
 			if (reg_index == -EINVAL) {
 				return reg_index;
@@ -361,7 +426,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
 			 */
 			struct arm_mpu_region fill_region;
 
-			_mpu_region_get_access_attr(u_reg_index,
+			mpu_region_get_access_attr(u_reg_index,
 				&fill_region.attr);
 			fill_region.base = regions[i]->start +
 				regions[i]->size;
@@ -370,7 +435,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
 				regions[i]->size), (u_reg_last - reg_last));
 
 			reg_index =
-				_region_allocate_and_init(reg_index,
+				region_allocate_and_init(reg_index,
 					(const struct arm_mpu_region *)
 						&fill_region);
 
@@ -393,7 +458,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
  * If the static MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
+static int mpu_configure_static_mpu_regions(const struct k_mem_partition
 	*static_regions[], const u8_t regions_num,
 	const u32_t background_area_base,
 	const u32_t background_area_end)
@@ -407,7 +472,7 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
 	ARG_UNUSED(background_area_base);
 	ARG_UNUSED(background_area_end);
 
-	mpu_reg_index = _mpu_configure_regions(static_regions,
+	mpu_reg_index = mpu_configure_regions(static_regions,
 		regions_num, mpu_reg_index, true);
 
 	static_regions_num = mpu_reg_index;
@@ -419,7 +484,7 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
  * where dynamic region programming is allowed. Return zero on success, or
  * -EINVAL on error.
  */
-static int _mpu_mark_areas_for_dynamic_regions(
+static int mpu_mark_areas_for_dynamic_regions(
 		const struct k_mem_partition dyn_region_areas[],
 		const u8_t dyn_region_areas_num)
 {
@@ -428,14 +493,14 @@ static int _mpu_mark_areas_for_dynamic_regions(
 	 * which dynamic memory regions may be programmed at run-time.
 	 */
 	for (int i = 0; i < dyn_region_areas_num; i++) {
-		if (dyn_region_areas[i].size == 0) {
+		if (dyn_region_areas[i].size == 0U) {
 			continue;
 		}
 		/* Non-empty area */
 
 		/* Retrieve HW MPU region index */
 		dyn_reg_info[i].index =
-			_get_region_index(dyn_region_areas[i].start,
+			get_region_index(dyn_region_areas[i].start,
 					dyn_region_areas[i].size);
 
 		if (dyn_reg_info[i].index == -EINVAL) {
@@ -449,7 +514,7 @@ static int _mpu_mark_areas_for_dynamic_regions(
 		}
 
 		/* Store default configuration */
-		_mpu_region_get_conf(dyn_reg_info[i].index,
+		mpu_region_get_conf(dyn_reg_info[i].index,
 			&dyn_reg_info[i].region_conf);
 	}
 
@@ -464,13 +529,13 @@ static int _mpu_mark_areas_for_dynamic_regions(
  * If the dynamic MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
+static int mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
 	int mpu_reg_index = static_regions_num;
 
 	/* Disable all MPU regions except for the static ones. */
-	for (int i = mpu_reg_index; i < _get_num_regions(); i++) {
+	for (int i = mpu_reg_index; i < get_num_regions(); i++) {
 		ARM_MPU_ClrRegion(i);
 	}
 
@@ -478,7 +543,7 @@ static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * be programmed.
 	 */
 	for (int i = 0; i < MPU_DYNAMIC_REGION_AREAS_NUM; i++) {
-		_region_init(dyn_reg_info[i].index,
+		region_init(dyn_reg_info[i].index,
 			&dyn_reg_info[i].region_conf);
 	}
 
@@ -487,7 +552,7 @@ static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * given boundaries.
 	 */
 
-	mpu_reg_index = _mpu_configure_regions(dynamic_regions,
+	mpu_reg_index = mpu_configure_regions(dynamic_regions,
 		regions_num, mpu_reg_index, true);
 
 	return mpu_reg_index;

arch/arm/core/cortex_m/mpu/nxp_mpu.c

@@ -25,7 +25,7 @@ LOG_MODULE_DECLARE(mpu);
 static u8_t static_regions_num;
 
 /* Global MPU configuration at system initialization. */
-static void _mpu_init(void)
+static void mpu_init(void)
 {
 	/* Enable clock for the Memory Protection Unit (MPU). */
 	CLOCK_EnableClock(kCLOCK_Sysmpu0);
@@ -34,7 +34,7 @@ static void _mpu_init(void)
 /**
  *  Get the number of supported MPU regions.
  */
-static inline u8_t _get_num_regions(void)
+static inline u8_t get_num_regions(void)
 {
 	return FSL_FEATURE_SYSMPU_DESCRIPTOR_COUNT;
 }
@@ -47,21 +47,21 @@ static inline u8_t _get_num_regions(void)
  * @param part Pointer to the data structure holding the partition
  *             information (must be valid).
  */
-static int _mpu_partition_is_valid(const struct k_mem_partition *part)
+static int mpu_partition_is_valid(const struct k_mem_partition *part)
 {
 	/* Partition size must be a multiple of the minimum MPU region
 	 * size. Start address of the partition must align with the
 	 * minimum MPU region size.
 	 */
 	int partition_is_valid =
-		(part->size != 0)
+		(part->size != 0U)
 		&&
 		((part->size &
 			(~(CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE - 1)))
 			== part->size)
 		&&
 		((part->start &
-			(CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE - 1)) == 0);
+			(CONFIG_ARM_MPU_REGION_MIN_ALIGN_AND_SIZE - 1)) == 0U);
 
 	return partition_is_valid;
 }
@@ -71,14 +71,14 @@ static int _mpu_partition_is_valid(const struct k_mem_partition *part)
  * Note:
  *   The caller must provide a valid region index.
  */
-static void _region_init(const u32_t index,
+static void region_init(const u32_t index,
 	const struct nxp_mpu_region *region_conf)
 {
 	u32_t region_base = region_conf->base;
 	u32_t region_end = region_conf->end;
 	u32_t region_attr = region_conf->attr.attr;
 
-	if (index == 0) {
+	if (index == 0U) {
 		/* The MPU does not allow writes from the core to affect the
 		 * RGD0 start or end addresses nor the permissions associated
 		 * with the debugger; it can only write the permission fields
@@ -114,11 +114,11 @@ static void _region_init(const u32_t index,
 
 }
 
-static int _region_allocate_and_init(const u8_t index,
+static int region_allocate_and_init(const u8_t index,
 	const struct nxp_mpu_region *region_conf)
 {
 	/* Attempt to allocate new region index. */
-	if (index > (_get_num_regions() - 1)) {
+	if (index > (get_num_regions() - 1)) {
 
 		/* No available MPU region index. */
 		LOG_ERR("Failed to allocate new MPU region %u\n", index);
@@ -128,7 +128,7 @@ static int _region_allocate_and_init(const u8_t index,
 	LOG_DBG("Program MPU region at index 0x%x", index);
 
 	/* Program region */
-	_region_init(index, region_conf);
+	region_init(index, region_conf);
 
 	return index;
 }
@@ -138,7 +138,7 @@ static int _region_allocate_and_init(const u8_t index,
  * region attribute configuration and size and fill-in a driver-specific
  * structure with the correct MPU region attribute configuration.
  */
-static inline void _get_region_attr_from_k_mem_partition_info(
+static inline void get_region_attr_from_k_mem_partition_info(
 	nxp_mpu_region_attr_t *p_attr,
 	const k_mem_partition_attr_t *attr, u32_t base, u32_t size)
 {
@@ -154,7 +154,7 @@ static inline void _get_region_attr_from_k_mem_partition_info(
 /* This internal function programs an MPU region
  * of a given configuration at a given MPU index.
  */
-static int _mpu_configure_region(const u8_t index,
+static int mpu_configure_region(const u8_t index,
 	const struct k_mem_partition *new_region)
 {
 	struct nxp_mpu_region region_conf;
@@ -164,17 +164,17 @@ static int _mpu_configure_region(const u8_t index,
 	/* Populate internal NXP MPU region configuration structure. */
 	region_conf.base = new_region->start;
 	region_conf.end = (new_region->start + new_region->size - 1);
-	_get_region_attr_from_k_mem_partition_info(&region_conf.attr,
+	get_region_attr_from_k_mem_partition_info(&region_conf.attr,
 		&new_region->attr, new_region->start, new_region->size);
 
 	/* Allocate and program region */
-	return _region_allocate_and_init(index,
+	return region_allocate_and_init(index,
 		(const struct nxp_mpu_region *)&region_conf);
 }
 
 #if defined(CONFIG_MPU_STACK_GUARD)
 /* This internal function partitions the SRAM MPU region */
-static int _mpu_sram_partitioning(u8_t index,
+static int mpu_sram_partitioning(u8_t index,
 	const struct k_mem_partition *p_region)
 {
 	/*
@@ -203,8 +203,8 @@ static int _mpu_sram_partitioning(u8_t index,
 	added_sram_region.attr.attr =
 		mpu_config.mpu_regions[mpu_config.sram_region].attr.attr;
 
-	if (_region_allocate_and_init(index,
-		(const struct nxp_mpu_region *)&added_sram_region) < 0) {
+	if (region_allocate_and_init(index,
+				     (const struct nxp_mpu_region *)&added_sram_region) < 0) {
 		return -EINVAL;
 	}
 
@@ -222,7 +222,7 @@ static int _mpu_sram_partitioning(u8_t index,
 	adjusted_sram_region.attr.attr =
 		mpu_config.mpu_regions[mpu_config.sram_region].attr.attr;
 
-	_region_init(mpu_config.sram_region,
+	region_init(mpu_config.sram_region,
 		(const struct nxp_mpu_region *)&adjusted_sram_region);
 
 	return index;
@@ -233,7 +233,7 @@ static int _mpu_sram_partitioning(u8_t index,
  * over a background memory area, optionally performing a
  * sanity check of the memory regions to be programmed.
  */
-static int _mpu_configure_regions(const struct k_mem_partition
+static int mpu_configure_regions(const struct k_mem_partition
 	*regions[], u8_t regions_num, u8_t start_reg_index,
 	bool do_sanity_check)
 {
@@ -241,27 +241,30 @@ static int _mpu_configure_regions(const struct k_mem_partition
 	int reg_index = start_reg_index;
 
 	for (i = 0; i < regions_num; i++) {
-		if (regions[i]->size == 0) {
+		if (regions[i]->size == 0U) {
 			continue;
 		}
 		/* Non-empty region. */
 
 		if (do_sanity_check &&
-				(!_mpu_partition_is_valid(regions[i]))) {
+				(!mpu_partition_is_valid(regions[i]))) {
 			LOG_ERR("Partition %u: sanity check failed.", i);
 			return -EINVAL;
 		}
 
 #if defined(CONFIG_MPU_STACK_GUARD)
 		if (regions[i]->attr.ap_attr == MPU_REGION_SU_RX) {
+			unsigned int key;
 
 			/* Attempt to configure an MPU Stack Guard region; this
 			 * will require splitting of the underlying SRAM region
 			 * into two SRAM regions, leaving out the guard area to
 			 * be programmed afterwards.
 			 */
+			key = irq_lock();
 			reg_index =
-				_mpu_sram_partitioning(reg_index, regions[i]);
+				mpu_sram_partitioning(reg_index, regions[i]);
+			irq_unlock(key);
 		}
 #endif /* CONFIG_MPU_STACK_GUARD */
 
@@ -269,7 +272,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
 			return reg_index;
 		}
 
-		reg_index = _mpu_configure_region(reg_index, regions[i]);
+		reg_index = mpu_configure_region(reg_index, regions[i]);
 
 		if (reg_index == -EINVAL) {
 			return reg_index;
@@ -290,7 +293,7 @@ static int _mpu_configure_regions(const struct k_mem_partition
  * If the static MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
+static int mpu_configure_static_mpu_regions(const struct k_mem_partition
 	*static_regions[], const u8_t regions_num,
 	const u32_t background_area_base,
 	const u32_t background_area_end)
@@ -303,7 +306,7 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
 	ARG_UNUSED(background_area_base);
 	ARG_UNUSED(background_area_end);
 
-	mpu_reg_index = _mpu_configure_regions(static_regions,
+	mpu_reg_index = mpu_configure_regions(static_regions,
 		regions_num, mpu_reg_index, true);
 
 	static_regions_num = mpu_reg_index;
@@ -319,9 +322,11 @@ static int _mpu_configure_static_mpu_regions(const struct k_mem_partition
  * If the dynamic MPU regions configuration has not been successfully
  * performed, the error signal is propagated to the caller of the function.
  */
-static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
+static int mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
+	unsigned int key;
+
 	/* Reset MPU regions inside which dynamic memory regions may
 	 * be programmed.
 	 *
@@ -330,10 +335,10 @@ static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * This might trigger memory faults if ISRs occurring during
 	 * re-programming perform access in those areas.
 	 */
-	arm_core_mpu_disable();
-	_region_init(mpu_config.sram_region, (const struct nxp_mpu_region *)
+	key = irq_lock();
+	region_init(mpu_config.sram_region, (const struct nxp_mpu_region *)
 		&mpu_config.mpu_regions[mpu_config.sram_region]);
-	arm_core_mpu_enable();
+	irq_unlock(key);
 
 	int mpu_reg_index = static_regions_num;
 
@@ -341,13 +346,13 @@ static int _mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * programmed on top of existing SRAM region configuration.
 	 */
 
-	mpu_reg_index = _mpu_configure_regions(dynamic_regions,
+	mpu_reg_index = mpu_configure_regions(dynamic_regions,
 		regions_num, mpu_reg_index, false);
 
 	if (mpu_reg_index != -EINVAL) {
 
 		/* Disable the non-programmed MPU regions. */
-		for (int i = mpu_reg_index; i < _get_num_regions(); i++) {
+		for (int i = mpu_reg_index; i < get_num_regions(); i++) {
 
 			LOG_DBG("disable region 0x%x", i);
 			/* Disable region */
@@ -392,12 +397,12 @@ void arm_core_mpu_disable(void)
 
 #if defined(CONFIG_USERSPACE)
 
-static inline u32_t _mpu_region_get_base(u32_t r_index)
+static inline u32_t mpu_region_get_base(u32_t r_index)
 {
 	return SYSMPU->WORD[r_index][0];
 }
 
-static inline u32_t _mpu_region_get_size(u32_t r_index)
+static inline u32_t mpu_region_get_size(u32_t r_index)
 {
 	/* <END> + 1 - <BASE> */
 	return (SYSMPU->WORD[r_index][1] + 1) - SYSMPU->WORD[r_index][0];
@@ -409,7 +414,7 @@ static inline u32_t _mpu_region_get_size(u32_t r_index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_enabled_region(u32_t r_index)
+static inline int is_enabled_region(u32_t r_index)
 {
 	return SYSMPU->WORD[r_index][3] & SYSMPU_WORD_VLD_MASK;
 }
@@ -420,15 +425,21 @@ static inline int _is_enabled_region(u32_t r_index)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_in_region(u32_t r_index, u32_t start, u32_t size)
+static inline int is_in_region(u32_t r_index, u32_t start, u32_t size)
 {
 	u32_t r_addr_start;
 	u32_t r_addr_end;
+	u32_t end;
 
 	r_addr_start = SYSMPU->WORD[r_index][0];
 	r_addr_end = SYSMPU->WORD[r_index][1];
 
-	if (start >= r_addr_start && (start + size - 1) <= r_addr_end) {
+	size = size == 0 ? 0 : size - 1;
+	if (__builtin_add_overflow(start, size, &end)) {
+		return 0;
+	}
+
+	if ((start >= r_addr_start) && (end <= r_addr_end)) {
 		return 1;
 	}
 
@@ -444,20 +455,20 @@ void arm_core_mpu_mem_partition_config_update(
 {
 	/* Find the partition. ASSERT if not found. */
 	u8_t i;
-	u8_t reg_index = _get_num_regions();
+	u8_t reg_index = get_num_regions();
 
-	for (i = static_regions_num; i < _get_num_regions(); i++) {
-		if (!_is_enabled_region(i)) {
+	for (i = static_regions_num; i < get_num_regions(); i++) {
+		if (!is_enabled_region(i)) {
 			continue;
 		}
 
-		u32_t base = _mpu_region_get_base(i);
+		u32_t base = mpu_region_get_base(i);
 
 		if (base != partition->start) {
 			continue;
 		}
 
-		u32_t size = _mpu_region_get_size(i);
+		u32_t size = mpu_region_get_size(i);
 
 		if (size != partition->size) {
 			continue;
@@ -467,12 +478,12 @@ void arm_core_mpu_mem_partition_config_update(
 		reg_index = i;
 		break;
 	}
-	__ASSERT(reg_index != _get_num_regions(),
-		"Memory domain partition not found\n");
+	__ASSERT(reg_index != get_num_regions(),
+		 "Memory domain partition not found\n");
 
 	/* Modify the permissions */
 	partition->attr = *new_attr;
-	_mpu_configure_region(reg_index, partition);
+	mpu_configure_region(reg_index, partition);
 }
 
 /**
@@ -481,7 +492,7 @@ void arm_core_mpu_mem_partition_config_update(
  */
 int arm_core_mpu_get_max_available_dyn_regions(void)
 {
-	return _get_num_regions() - static_regions_num;
+	return get_num_regions() - static_regions_num;
 }
 
 /**
@@ -490,7 +501,7 @@ int arm_core_mpu_get_max_available_dyn_regions(void)
  * Note:
  *   The caller must provide a valid region number.
  */
-static inline int _is_user_accessible_region(u32_t r_index, int write)
+static inline int is_user_accessible_region(u32_t r_index, int write)
 {
 	u32_t r_ap = SYSMPU->WORD[r_index][2];
 
@@ -509,9 +520,9 @@ int arm_core_mpu_buffer_validate(void *addr, size_t size, int write)
 	u8_t r_index;
 
 	/* Iterate through all MPU regions */
-	for (r_index = 0U; r_index < _get_num_regions(); r_index++) {
-		if (!_is_enabled_region(r_index) ||
-		    !_is_in_region(r_index, (u32_t)addr, size)) {
+	for (r_index = 0U; r_index < get_num_regions(); r_index++) {
+		if (!is_enabled_region(r_index) ||
+		    !is_in_region(r_index, (u32_t)addr, size)) {
 			continue;
 		}
 
@@ -520,7 +531,7 @@ int arm_core_mpu_buffer_validate(void *addr, size_t size, int write)
 		 * So we can stop the iteration immediately once we find the
 		 * matched region that grants permission.
 		 */
-		if (_is_user_accessible_region(r_index, write)) {
+		if (is_user_accessible_region(r_index, write)) {
 			return 0;
 		}
 	}
@@ -537,8 +548,8 @@ void arm_core_mpu_configure_static_mpu_regions(const struct k_mem_partition
 	*static_regions[], const u8_t regions_num,
 	const u32_t background_area_start, const u32_t background_area_end)
 {
-	if (_mpu_configure_static_mpu_regions(static_regions, regions_num,
-		background_area_start, background_area_end) == -EINVAL) {
+	if (mpu_configure_static_mpu_regions(static_regions, regions_num,
+					     background_area_start, background_area_end) == -EINVAL) {
 
 		__ASSERT(0, "Configuring %u static MPU regions failed\n",
 			regions_num);
@@ -551,7 +562,7 @@ void arm_core_mpu_configure_static_mpu_regions(const struct k_mem_partition
 void arm_core_mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
-	if (_mpu_configure_dynamic_mpu_regions(dynamic_regions, regions_num)
+	if (mpu_configure_dynamic_mpu_regions(dynamic_regions, regions_num)
 		== -EINVAL) {
 
 		__ASSERT(0, "Configuring %u dynamic MPU regions failed\n",
@@ -573,7 +584,7 @@ static int nxp_mpu_init(struct device *arg)
 
 	u32_t r_index;
 
-	if (mpu_config.num_regions > _get_num_regions()) {
+	if (mpu_config.num_regions > get_num_regions()) {
 		/* Attempt to configure more MPU regions than
 		 * what is supported by hardware. As this operation
 		 * may be executed during system (pre-kernel) initialization,
@@ -583,21 +594,21 @@ static int nxp_mpu_init(struct device *arg)
 		__ASSERT(0,
 			"Request to configure: %u regions (supported: %u)\n",
 			mpu_config.num_regions,
-			_get_num_regions()
+			get_num_regions()
 		);
 		return -1;
 	}
 
-	LOG_DBG("total region count: %d", _get_num_regions());
+	LOG_DBG("total region count: %d", get_num_regions());
 
 	arm_core_mpu_disable();
 
 	/* Architecture-specific configuration */
-	_mpu_init();
+	mpu_init();
 
 	/* Program fixed regions configured at SOC definition. */
 	for (r_index = 0U; r_index < mpu_config.num_regions; r_index++) {
-		_region_init(r_index, &mpu_config.mpu_regions[r_index]);
+		region_init(r_index, &mpu_config.mpu_regions[r_index]);
 	}
 
 	/* Update the number of programmed MPU regions. */

arch/arm/core/cortex_m/nmi.c

@@ -20,14 +20,14 @@
 #include <toolchain.h>
 #include <linker/sections.h>
 
-extern void _SysNmiOnReset(void);
+extern void z_SysNmiOnReset(void);
 #if !defined(CONFIG_RUNTIME_NMI)
-#define handler _SysNmiOnReset
+#define handler z_SysNmiOnReset
 #endif
 
 #ifdef CONFIG_RUNTIME_NMI
 typedef void (*_NmiHandler_t)(void);
-static _NmiHandler_t handler = _SysNmiOnReset;
+static _NmiHandler_t handler = z_SysNmiOnReset;
 
 /**
  *
@@ -39,7 +39,7 @@ static _NmiHandler_t handler = _SysNmiOnReset;
  * @return N/A
  */
 
-static void _DefaultHandler(void)
+static void DefaultHandler(void)
 {
 	printk("NMI received! Rebooting...\n");
 	/* In ARM implementation sys_reboot ignores the parameter */
@@ -59,7 +59,7 @@ static void _DefaultHandler(void)
 
 void z_NmiInit(void)
 {
-	handler = _DefaultHandler;
+	handler = DefaultHandler;
 }
 
 /**
@@ -73,7 +73,7 @@ void z_NmiInit(void)
  * @return N/A
  */
 
-void _NmiHandlerSet(void (*pHandler)(void))
+void z_NmiHandlerSet(void (*pHandler)(void))
 {
 	handler = pHandler;
 }

arch/arm/core/cortex_m/nmi_on_reset.S

@@ -20,8 +20,8 @@
 
 _ASM_FILE_PROLOGUE
 
-GTEXT(_SysNmiOnReset)
+GTEXT(z_SysNmiOnReset)
 
-SECTION_FUNC(TEXT, _SysNmiOnReset)
+SECTION_FUNC(TEXT, z_SysNmiOnReset)
     wfi
-    b _SysNmiOnReset
+    b z_SysNmiOnReset

arch/arm/core/cortex_m/prep_c.c

@@ -22,7 +22,6 @@
 #include <linker/linker-defs.h>
 #include <kernel_internal.h>
 #include <arch/arm/cortex_m/cmsis.h>
-#include <cortex_m/stack.h>
 
 #if defined(__GNUC__)
 /*
@@ -37,44 +36,6 @@
 
 #include <string.h>
 
-static inline void switch_sp_to_psp(void)
-{
-	__set_CONTROL(__get_CONTROL() | CONTROL_SPSEL_Msk);
-	/*
-	 * When changing the stack pointer, software must use an ISB instruction
-	 * immediately after the MSR instruction. This ensures that instructions
-	 * after the ISB instruction execute using the new stack pointer.
-	 */
-	__ISB();
-}
-
-static inline void set_and_switch_to_psp(void)
-{
-	u32_t process_sp;
-
-	process_sp = (u32_t)&_interrupt_stack + CONFIG_ISR_STACK_SIZE;
-	__set_PSP(process_sp);
-	switch_sp_to_psp();
-}
-
-void lock_interrupts(void)
-{
-#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-	__disable_irq();
-#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
-	__set_BASEPRI(_EXC_IRQ_DEFAULT_PRIO);
-#else
-#error Unknown ARM architecture
-#endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE */
-}
-
-#ifdef CONFIG_INIT_STACKS
-static inline void init_stacks(void)
-{
-	memset(&_interrupt_stack, 0xAA, CONFIG_ISR_STACK_SIZE);
-}
-#endif
-
 #ifdef CONFIG_CPU_CORTEX_M_HAS_VTOR
 
 #ifdef CONFIG_XIP
@@ -161,21 +122,13 @@ extern FUNC_NORETURN void z_cstart(void);
  * @return N/A
  */
 
-extern void _IntLibInit(void);
+extern void z_IntLibInit(void);
 
 #ifdef CONFIG_BOOT_TIME_MEASUREMENT
 	extern u64_t __start_time_stamp;
 #endif
 void _PrepC(void)
 {
-#ifdef CONFIG_INIT_STACKS
-	init_stacks();
-#endif
-	/*
-	 * Set PSP and use it to boot without using MSP, so that it
-	 * gets set to _interrupt_stack during initialization.
-	 */
-	set_and_switch_to_psp();
 	relocate_vector_table();
 	enable_floating_point();
 	z_bss_zero();
@@ -183,7 +136,7 @@ void _PrepC(void)
 #ifdef CONFIG_BOOT_TIME_MEASUREMENT
 	__start_time_stamp = 0U;
 #endif
-	_IntLibInit();
+	z_IntLibInit();
 	z_cstart();
 	CODE_UNREACHABLE;
 }

arch/arm/core/cortex_m/reset.S

@@ -19,6 +19,8 @@
 _ASM_FILE_PROLOGUE
 
 GTEXT(__reset)
+GTEXT(memset)
+GDATA(_interrupt_stack)
 #if defined(CONFIG_PLATFORM_SPECIFIC_INIT)
 GTEXT(_PlatformInit)
 #endif
@@ -61,12 +63,46 @@ SECTION_SUBSEC_FUNC(TEXT,_reset_section,__start)
 #endif
 
     /* lock interrupts: will get unlocked when switch to main task */
-    bl	lock_interrupts
+#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
+    cpsid i
+#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
+    movs.n r0, #_EXC_IRQ_DEFAULT_PRIO
+    msr BASEPRI, r0
+#else
+#error Unknown ARM architecture
+#endif
+
 #ifdef CONFIG_WDOG_INIT
     /* board-specific watchdog initialization is necessary */
     bl _WdogInit
 #endif
 
+#ifdef CONFIG_INIT_STACKS
+    ldr r0, =_interrupt_stack
+    ldr r1, =0xaa
+    ldr r2, =CONFIG_ISR_STACK_SIZE
+    bl memset
+#endif
+
+    /*
+     * Set PSP and use it to boot without using MSP, so that it
+     * gets set to _interrupt_stack during initialization.
+     */
+    ldr r0, =_interrupt_stack
+    ldr r1, =CONFIG_ISR_STACK_SIZE
+    adds r0, r0, r1
+    msr PSP, r0
+    mrs r0, CONTROL
+    movs r1, #2
+    orrs r0, r1 /* CONTROL_SPSEL_Msk */
+    msr CONTROL, r0
+    /*
+     * When changing the stack pointer, software must use an ISB instruction
+     * immediately after the MSR instruction. This ensures that instructions
+     * after the ISB instruction execute using the new stack pointer.
+     */
+    isb
+
     /*
      * 'bl' jumps the furthest of the branch instructions that are
      * supported on all platforms. So it is used when jumping to _PrepC

arch/arm/core/cortex_m/tz/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 # '-mcmse' enables the generation of code for the Secure state of the ARMv8-M
 # Security Extensions. This option is required when building a Secure firmware.
 zephyr_compile_options(-mcmse)

arch/arm/core/cpu_idle.S

@@ -20,7 +20,7 @@
 
 _ASM_FILE_PROLOGUE
 
-GTEXT(_CpuIdleInit)
+GTEXT(z_CpuIdleInit)
 #ifdef CONFIG_SYS_POWER_MANAGEMENT
 GTEXT(_NanoIdleValGet)
 GTEXT(_NanoIdleValClear)
@@ -46,10 +46,10 @@ GTEXT(k_cpu_atomic_idle)
  *
  * C function prototype:
  *
- * void _CpuIdleInit (void);
+ * void z_CpuIdleInit (void);
  */
 
-SECTION_FUNC(TEXT, _CpuIdleInit)
+SECTION_FUNC(TEXT, z_CpuIdleInit)
 	ldr r1, =_SCB_SCR
 	movs.n r2, #_SCR_INIT_BITS
 	str r2, [r1]
@@ -179,14 +179,14 @@ SECTION_FUNC(TEXT, k_cpu_atomic_idle)
 	cpsid i
 
 	/*
-	 * No need to set SEVONPEND, it's set once in _CpuIdleInit() and never
+	 * No need to set SEVONPEND, it's set once in z_CpuIdleInit() and never
 	 * touched again.
 	 */
 
 	/* r0: interrupt mask from caller */
 
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-	/* No BASEPRI, call wfe directly (SEVONPEND set in _CpuIdleInit()) */
+	/* No BASEPRI, call wfe directly (SEVONPEND set in z_CpuIdleInit()) */
 	wfe
 
 	cmp r0, #0

arch/arm/core/fatal.c

@@ -92,7 +92,7 @@ void z_NanoFatalErrorHandler(unsigned int reason,
 	z_SysFatalErrorHandler(reason, pEsf);
 }
 
-void _do_kernel_oops(const NANO_ESF *esf)
+void z_do_kernel_oops(const NANO_ESF *esf)
 {
 	z_NanoFatalErrorHandler(esf->r0, esf);
 }
@@ -106,6 +106,6 @@ FUNC_NORETURN void z_arch_syscall_oops(void *ssf_ptr)
 
 	oops_esf.pc = ssf_contents[3];
 
-	_do_kernel_oops(&oops_esf);
+	z_do_kernel_oops(&oops_esf);
 	CODE_UNREACHABLE;
 }

arch/arm/core/fault.c

@@ -55,24 +55,24 @@
 /* bit[0]: Exception Secure. The security domain the exception was taken to. */
 #define EXC_RETURN_EXCEPTION_SECURE_Pos 0
 #define EXC_RETURN_EXCEPTION_SECURE_Msk \
-		(1 << EXC_RETURN_EXCEPTION_SECURE_Pos)
+		BIT(EXC_RETURN_EXCEPTION_SECURE_Pos)
 #define EXC_RETURN_EXCEPTION_SECURE_Non_Secure 0
 #define EXC_RETURN_EXCEPTION_SECURE_Secure EXC_RETURN_EXCEPTION_SECURE_Msk
 /* bit[2]: Stack Pointer selection. */
 #define EXC_RETURN_SPSEL_Pos 2
-#define EXC_RETURN_SPSEL_Msk (1 << EXC_RETURN_SPSEL_Pos)
+#define EXC_RETURN_SPSEL_Msk BIT(EXC_RETURN_SPSEL_Pos)
 #define EXC_RETURN_SPSEL_MAIN 0
 #define EXC_RETURN_SPSEL_PROCESS EXC_RETURN_SPSEL_Msk
 /* bit[3]: Mode. Indicates the Mode that was stacked from. */
 #define EXC_RETURN_MODE_Pos 3
-#define EXC_RETURN_MODE_Msk (1 << EXC_RETURN_MODE_Pos)
+#define EXC_RETURN_MODE_Msk BIT(EXC_RETURN_MODE_Pos)
 #define EXC_RETURN_MODE_HANDLER 0
 #define EXC_RETURN_MODE_THREAD EXC_RETURN_MODE_Msk
 /* bit[4]: Stack frame type. Indicates whether the stack frame is a standard
  * integer only stack frame or an extended floating-point stack frame.
  */
 #define EXC_RETURN_STACK_FRAME_TYPE_Pos 4
-#define EXC_RETURN_STACK_FRAME_TYPE_Msk (1 << EXC_RETURN_STACK_FRAME_TYPE_Pos)
+#define EXC_RETURN_STACK_FRAME_TYPE_Msk BIT(EXC_RETURN_STACK_FRAME_TYPE_Pos)
 #define EXC_RETURN_STACK_FRAME_TYPE_EXTENDED 0
 #define EXC_RETURN_STACK_FRAME_TYPE_STANDARD EXC_RETURN_STACK_FRAME_TYPE_Msk
 /* bit[5]: Default callee register stacking. Indicates whether the default
@@ -80,14 +80,14 @@
  * stack.
  */
 #define EXC_RETURN_CALLEE_STACK_Pos 5
-#define EXC_RETURN_CALLEE_STACK_Msk (1 << EXC_RETURN_CALLEE_STACK_Pos)
+#define EXC_RETURN_CALLEE_STACK_Msk BIT(EXC_RETURN_CALLEE_STACK_Pos)
 #define EXC_RETURN_CALLEE_STACK_SKIPPED 0
 #define EXC_RETURN_CALLEE_STACK_DEFAULT EXC_RETURN_CALLEE_STACK_Msk
 /* bit[6]: Secure or Non-secure stack. Indicates whether a Secure or
  * Non-secure stack is used to restore stack frame on exception return.
  */
 #define EXC_RETURN_RETURN_STACK_Pos 6
-#define EXC_RETURN_RETURN_STACK_Msk (1 << EXC_RETURN_RETURN_STACK_Pos)
+#define EXC_RETURN_RETURN_STACK_Msk BIT(EXC_RETURN_RETURN_STACK_Pos)
 #define EXC_RETURN_RETURN_STACK_Non_Secure 0
 #define EXC_RETURN_RETURN_STACK_Secure EXC_RETURN_RETURN_STACK_Msk
 
@@ -137,7 +137,7 @@
  */
 
 #if (CONFIG_FAULT_DUMP == 1)
-static void _FaultShow(const NANO_ESF *esf, int fault)
+static void FaultShow(const NANO_ESF *esf, int fault)
 {
 	PR_EXC("Fault! EXC #%d\n", fault);
 
@@ -156,7 +156,7 @@ static void _FaultShow(const NANO_ESF *esf, int fault)
  *
  * For Dump level 0, no information needs to be generated.
  */
-static void _FaultShow(const NANO_ESF *esf, int fault)
+static void FaultShow(const NANO_ESF *esf, int fault)
 {
 	(void)esf;
 	(void)fault;
@@ -176,7 +176,7 @@ static const struct z_exc_handle exceptions[] = {
  *
  * @return 1 if error is recoverable, otherwise return 0.
  */
-static int _MemoryFaultIsRecoverable(NANO_ESF *esf)
+static int MemoryFaultIsRecoverable(NANO_ESF *esf)
 {
 #ifdef CONFIG_USERSPACE
 	for (int i = 0; i < ARRAY_SIZE(exceptions); i++) {
@@ -211,7 +211,7 @@ u32_t z_check_thread_stack_fail(const u32_t fault_addr,
  *
  * @return error code to identify the fatal error reason
  */
-static u32_t _MpuFault(NANO_ESF *esf, int fromHardFault)
+static u32_t MpuFault(NANO_ESF *esf, int fromHardFault)
 {
 	u32_t reason = _NANO_ERR_HW_EXCEPTION;
 	u32_t mmfar = -EINVAL;
@@ -321,7 +321,7 @@ static u32_t _MpuFault(NANO_ESF *esf, int fromHardFault)
 	SCB->CFSR |= SCB_CFSR_MEMFAULTSR_Msk;
 
 	/* Assess whether system shall ignore/recover from this MPU fault. */
-	if (_MemoryFaultIsRecoverable(esf)) {
+	if (MemoryFaultIsRecoverable(esf)) {
 		reason = _NANO_ERR_RECOVERABLE;
 	}
 
@@ -336,7 +336,7 @@ static u32_t _MpuFault(NANO_ESF *esf, int fromHardFault)
  *
  * @return N/A
  */
-static int _BusFault(NANO_ESF *esf, int fromHardFault)
+static int BusFault(NANO_ESF *esf, int fromHardFault)
 {
 	u32_t reason = _NANO_ERR_HW_EXCEPTION;
 
@@ -389,7 +389,7 @@ static int _BusFault(NANO_ESF *esf, int fromHardFault)
 
 	if (sperr) {
 		for (i = 0; i < SYSMPU_EAR_COUNT; i++, mask >>= 1) {
-			if ((sperr & mask) == 0) {
+			if ((sperr & mask) == 0U) {
 				continue;
 			}
 			STORE_xFAR(edr, SYSMPU->SP[i].EDR);
@@ -477,7 +477,7 @@ static int _BusFault(NANO_ESF *esf, int fromHardFault)
 	/* clear BFSR sticky bits */
 	SCB->CFSR |= SCB_CFSR_BUSFAULTSR_Msk;
 
-	if (_MemoryFaultIsRecoverable(esf)) {
+	if (MemoryFaultIsRecoverable(esf)) {
 		reason = _NANO_ERR_RECOVERABLE;
 	}
 
@@ -492,7 +492,7 @@ static int _BusFault(NANO_ESF *esf, int fromHardFault)
  *
  * @return error code to identify the fatal error reason
  */
-static u32_t _UsageFault(const NANO_ESF *esf)
+static u32_t UsageFault(const NANO_ESF *esf)
 {
 	u32_t reason = _NANO_ERR_HW_EXCEPTION;
 
@@ -548,7 +548,7 @@ static u32_t _UsageFault(const NANO_ESF *esf)
  *
  * @return N/A
  */
-static void _SecureFault(const NANO_ESF *esf)
+static void SecureFault(const NANO_ESF *esf)
 {
 	PR_FAULT_INFO("***** SECURE FAULT *****\n");
 
@@ -587,7 +587,7 @@ static void _SecureFault(const NANO_ESF *esf)
  *
  * @return N/A
  */
-static void _DebugMonitor(const NANO_ESF *esf)
+static void DebugMonitor(const NANO_ESF *esf)
 {
 	ARG_UNUSED(esf);
 
@@ -607,14 +607,14 @@ static void _DebugMonitor(const NANO_ESF *esf)
  *
  * @return error code to identify the fatal error reason
  */
-static u32_t _HardFault(NANO_ESF *esf)
+static u32_t HardFault(NANO_ESF *esf)
 {
 	u32_t reason = _NANO_ERR_HW_EXCEPTION;
 
 	PR_FAULT_INFO("***** HARD FAULT *****\n");
 
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
-	if (_MemoryFaultIsRecoverable(esf) != 0) {
+	if (MemoryFaultIsRecoverable(esf) != 0) {
 		reason = _NANO_ERR_RECOVERABLE;
 	}
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
@@ -623,14 +623,14 @@ static u32_t _HardFault(NANO_ESF *esf)
 	} else if ((SCB->HFSR & SCB_HFSR_FORCED_Msk) != 0) {
 		PR_EXC("  Fault escalation (see below)\n");
 		if (SCB_MMFSR != 0) {
-			reason = _MpuFault(esf, 1);
+			reason = MpuFault(esf, 1);
 		} else if (SCB_BFSR != 0) {
-			reason = _BusFault(esf, 1);
+			reason = BusFault(esf, 1);
 		} else if (SCB_UFSR != 0) {
-			reason = _UsageFault(esf);
+			reason = UsageFault(esf);
 #if defined(CONFIG_ARM_SECURE_FIRMWARE)
 		} else if (SAU->SFSR != 0) {
-			_SecureFault(esf);
+			SecureFault(esf);
 #endif /* CONFIG_ARM_SECURE_FIRMWARE */
 		}
 	}
@@ -649,7 +649,7 @@ static u32_t _HardFault(NANO_ESF *esf)
  *
  * @return N/A
  */
-static void _ReservedException(const NANO_ESF *esf, int fault)
+static void ReservedException(const NANO_ESF *esf, int fault)
 {
 	ARG_UNUSED(esf);
 
@@ -659,45 +659,45 @@ static void _ReservedException(const NANO_ESF *esf, int fault)
 }
 
 /* Handler function for ARM fault conditions. */
-static u32_t _FaultHandle(NANO_ESF *esf, int fault)
+static u32_t FaultHandle(NANO_ESF *esf, int fault)
 {
 	u32_t reason = _NANO_ERR_HW_EXCEPTION;
 
 	switch (fault) {
 	case 3:
-		reason = _HardFault(esf);
+		reason = HardFault(esf);
 		break;
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
 	/* HardFault is used for all fault conditions on ARMv6-M. */
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
 	case 4:
-		reason = _MpuFault(esf, 0);
+		reason = MpuFault(esf, 0);
 		break;
 	case 5:
-		reason = _BusFault(esf, 0);
+		reason = BusFault(esf, 0);
 		break;
 	case 6:
-		reason = _UsageFault(esf);
+		reason = UsageFault(esf);
 		break;
 #if defined(CONFIG_ARM_SECURE_FIRMWARE)
 	case 7:
-		_SecureFault(esf);
+		SecureFault(esf);
 		break;
 #endif /* CONFIG_ARM_SECURE_FIRMWARE */
 	case 12:
-		_DebugMonitor(esf);
+		DebugMonitor(esf);
 		break;
 #else
 #error Unknown ARM architecture
 #endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE */
 	default:
-		_ReservedException(esf, fault);
+		ReservedException(esf, fault);
 		break;
 	}
 
 	if (reason != _NANO_ERR_RECOVERABLE) {
 		/* Dump generic information about the fault. */
-		_FaultShow(esf, fault);
+		FaultShow(esf, fault);
 	}
 
 	return reason;
@@ -711,7 +711,7 @@ static u32_t _FaultHandle(NANO_ESF *esf, int fault)
  *
  * @param secure_esf Pointer to the secure stack frame.
  */
-static void _SecureStackDump(const NANO_ESF *secure_esf)
+static void SecureStackDump(const NANO_ESF *secure_esf)
 {
 	/*
 	 * In case a Non-Secure exception interrupted the Secure
@@ -747,7 +747,7 @@ static void _SecureStackDump(const NANO_ESF *secure_esf)
 	PR_FAULT_INFO("  S instruction address:  0x%x\n", sec_ret_addr);
 
 }
-#define SECURE_STACK_DUMP(esf) _SecureStackDump(esf)
+#define SECURE_STACK_DUMP(esf) SecureStackDump(esf)
 #else
 /* We do not dump the Secure stack information for lower dump levels. */
 #define SECURE_STACK_DUMP(esf)
@@ -796,7 +796,7 @@ void _Fault(NANO_ESF *esf, u32_t exc_return)
 		/* Invalid EXC_RETURN value */
 		goto _exit_fatal;
 	}
-	if ((exc_return & EXC_RETURN_EXCEPTION_SECURE_Secure) == 0) {
+	if ((exc_return & EXC_RETURN_EXCEPTION_SECURE_Secure) == 0U) {
 		/* Secure Firmware shall only handle Secure Exceptions.
 		 * This is a fatal error.
 		 */
@@ -859,7 +859,7 @@ void _Fault(NANO_ESF *esf, u32_t exc_return)
 	(void) exc_return;
 #endif /* CONFIG_ARM_SECURE_FIRMWARE */
 
-	reason = _FaultHandle(esf, fault);
+	reason = FaultHandle(esf, fault);
 
 	if (reason == _NANO_ERR_RECOVERABLE) {
 		return;
@@ -880,7 +880,7 @@ _exit_fatal:
  *
  * @return N/A
  */
-void _FaultInit(void)
+void z_FaultInit(void)
 {
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)

arch/arm/core/irq_init.c

@@ -33,7 +33,7 @@
  * @return N/A
  */
 
-void _IntLibInit(void)
+void z_IntLibInit(void)
 {
 	int irq = 0;
 

arch/arm/core/irq_manage.c

@@ -67,7 +67,7 @@ void z_arch_irq_disable(unsigned int irq)
  */
 int z_arch_irq_is_enabled(unsigned int irq)
 {
-	return NVIC->ISER[REG_FROM_IRQ(irq)] & (1 << BIT_FROM_IRQ(irq));
+	return NVIC->ISER[REG_FROM_IRQ(irq)] & BIT(BIT_FROM_IRQ(irq));
 }
 
 /**
@@ -108,10 +108,10 @@ void z_irq_priority_set(unsigned int irq, unsigned int prio, u32_t flags)
 	 * affecting performance (can still be useful on systems with a
 	 * reduced set of priorities, like Cortex-M0/M0+).
 	 */
-	__ASSERT(prio <= ((1 << DT_NUM_IRQ_PRIO_BITS) - 1),
-		 "invalid priority %d! values must be less than %d\n",
+	__ASSERT(prio <= (BIT(DT_NUM_IRQ_PRIO_BITS) - 1),
+		 "invalid priority %d! values must be less than %lu\n",
 		 prio - _IRQ_PRIO_OFFSET,
-		 (1 << DT_NUM_IRQ_PRIO_BITS) - (_IRQ_PRIO_OFFSET));
+		 BIT(DT_NUM_IRQ_PRIO_BITS) - (_IRQ_PRIO_OFFSET));
 	NVIC_SetPriority((IRQn_Type)irq, prio);
 }
 

arch/arm/core/irq_offload.c

@@ -15,7 +15,7 @@ volatile irq_offload_routine_t offload_routine;
 static void *offload_param;
 
 /* Called by __svc */
-void _irq_do_offload(void)
+void z_irq_do_offload(void)
 {
 	offload_routine(offload_param);
 }
@@ -29,7 +29,7 @@ void irq_offload(irq_offload_routine_t routine, void *parameter)
 	unsigned int key;
 
 	__asm__ volatile("mrs %0, PRIMASK;" : "=r" (key) : : "memory");
-	__ASSERT(key == 0, "irq_offload called with interrupts locked\n");
+	__ASSERT(key == 0U, "irq_offload called with interrupts locked\n");
 #endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE && CONFIG_ASSERT */
 
 	k_sched_lock();

arch/arm/core/swap.c

@@ -47,10 +47,6 @@ extern const int _k_neg_eagain;
  */
 int __swap(int key)
 {
-#ifdef CONFIG_USERSPACE
-	/* Save off current privilege mode */
-	_current->arch.mode = __get_CONTROL() & CONTROL_nPRIV_Msk;
-#endif
 #ifdef CONFIG_EXECUTION_BENCHMARKING
 	read_timer_start_of_swap();
 #endif
@@ -65,5 +61,8 @@ int __swap(int key)
 	/* clear mask or enable all irqs to take a pendsv */
 	irq_unlock(0);
 
+	/* Context switch is performed here. Returning implies the
+	 * thread has been context-switched-in again.
+	 */
 	return _current->arch.swap_return_value;
 }

arch/arm/core/swap_helper.S

@@ -22,8 +22,8 @@ _ASM_FILE_PROLOGUE
 
 GTEXT(__svc)
 GTEXT(__pendsv)
-GTEXT(_do_kernel_oops)
-GTEXT(_arm_do_syscall)
+GTEXT(z_do_kernel_oops)
+GTEXT(z_arm_do_syscall)
 GDATA(_k_neg_eagain)
 
 GDATA(_kernel)
@@ -61,6 +61,7 @@ SECTION_FUNC(TEXT, __pendsv)
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
     movs.n r0, #_EXC_IRQ_DEFAULT_PRIO
     msr BASEPRI, r0
+    isb /* Make the effect of disabling interrupts be realized immediately */
 #else
 #error Unknown ARM architecture
 #endif /* CONFIG_ARMV6_M_ARMV8_M_BASELINE */
@@ -302,7 +303,7 @@ _stack_frame_endif:
 
 #if CONFIG_IRQ_OFFLOAD
     push {r0, lr}
-    bl _irq_do_offload  /* call C routine which executes the offload */
+    bl z_irq_do_offload  /* call C routine which executes the offload */
     pop {r0, r1}
     mov lr, r1
 #endif /* CONFIG_IRQ_OFFLOAD */
@@ -312,7 +313,7 @@ _stack_frame_endif:
 
 _oops:
     push {r0, lr}
-    bl _do_kernel_oops
+    bl z_do_kernel_oops
     pop {r0, pc}
 
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
@@ -368,7 +369,7 @@ SECTION_FUNC(TEXT, __svc)
 
 #if CONFIG_IRQ_OFFLOAD
     push {r0, lr}
-    bl _irq_do_offload  /* call C routine which executes the offload */
+    bl z_irq_do_offload  /* call C routine which executes the offload */
     pop {r0, lr}
 
     /* exception return is done in _IntExit() */
@@ -377,12 +378,12 @@ SECTION_FUNC(TEXT, __svc)
 
 _oops:
     push {r0, lr}
-    bl _do_kernel_oops
+    bl z_do_kernel_oops
     pop {r0, pc}
 
 #if CONFIG_USERSPACE
     /*
-     * System call will setup a jump to the _do_arm_syscall function
+     * System call will setup a jump to the z_arm_do_syscall() function
      * when the SVC returns via the bx lr.
      *
      * There is some trickery involved here because we have to preserve
@@ -404,19 +405,32 @@ _oops:
      */
 _do_syscall:
     ldr r8, [r0, #24]   /* grab address of PC from stack frame */
-    ldr r1, =_arm_do_syscall
-    str r1, [r0, #24]   /* overwrite the PC to point to _arm_do_syscall */
+    ldr r1, =z_arm_do_syscall
+    str r1, [r0, #24]   /* overwrite the PC to point to z_arm_do_syscall */
 
-    /* validate syscall limit, only set priv mode if valid */
+    /* validate syscall limit */
     ldr ip, =K_SYSCALL_LIMIT
     cmp r6, ip
-    blt valid_syscall_id
+    /* The supplied syscall_id must be lower than the limit
+     * (Requires unsigned integer comparison)
+     */
+    blo valid_syscall_id
 
-    /* bad syscall id.  Set arg0 to bad id and set call_id to SYSCALL_BAD */
+    /* bad syscall id.  Set arg1 to bad id and set call_id to SYSCALL_BAD */
     str r6, [r0, #0]
     ldr r6, =K_SYSCALL_BAD
 
+    /* Bad syscalls treated as valid syscalls with ID K_SYSCALL_BAD. */
+
 valid_syscall_id:
+    push {r0, r1}
+    ldr r0, =_kernel
+    ldr r0, [r0, #_kernel_offset_to_current]
+    ldr r1, [r0, #_thread_offset_to_mode]
+    bic r1, #1
+    /* Store (privileged) mode in thread's mode state variable */
+    str r1, [r0, #_thread_offset_to_mode]
+    dsb
     /* set mode to privileged, r2 still contains value from CONTROL */
     bic r2, #1
     msr CONTROL, r2
@@ -426,8 +440,9 @@ valid_syscall_id:
      * instructions with the previous privilege.
      */
     isb
+    pop {r0, r1}
 
-    /* return from SVC to the modified LR - _arm_do_syscall */
+    /* return from SVC to the modified LR - z_arm_do_syscall */
     bx lr
 #endif
 

arch/arm/core/thread.c

@@ -17,7 +17,7 @@
 #include <wait_q.h>
 
 #ifdef CONFIG_USERSPACE
-extern u8_t *_k_priv_stack_find(void *obj);
+extern u8_t *z_priv_stack_find(void *obj);
 #endif
 
 /**
@@ -55,10 +55,10 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		 void *parameter1, void *parameter2, void *parameter3,
 		 int priority, unsigned int options)
 {
-	char *pStackMem = K_THREAD_STACK_BUFFER(stack);
+	char *pStackMem = Z_THREAD_STACK_BUFFER(stack);
 	char *stackEnd;
 	/* Offset between the top of stack and the high end of stack area. */
-	u32_t top_of_stack_offset = 0;
+	u32_t top_of_stack_offset = 0U;
 
 	Z_ASSERT_VALID_PRIO(priority, pEntry);
 
@@ -91,13 +91,13 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	 * k_thread_create(). If K_THREAD_STACK_SIZEOF() is used, the
 	 * Guard size has already been take out of stackSize.
 	 */
-	stackEnd = pStackMem + stackSize - MPU_GUARD_ALIGN_AND_SIZE;
-#else
-	stackEnd = pStackMem + stackSize;
+	stackSize -= MPU_GUARD_ALIGN_AND_SIZE;
 #endif
+	stackEnd = pStackMem + stackSize;
+
 	struct __esf *pInitCtx;
 
-	_new_thread_init(thread, pStackMem, stackSize, priority,
+	z_new_thread_init(thread, pStackMem, stackSize, priority,
 			 options);
 
 	/* carve the thread entry struct from the "base" of the stack */
@@ -123,6 +123,9 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	pInitCtx->a4 = (u32_t)parameter3;
 	pInitCtx->xpsr =
 		0x01000000UL; /* clear all, thumb bit is 1, even if RO */
+#ifdef CONFIG_FLOAT
+	pInitCtx->fpscr = (u32_t)0; /* clears FPU status/control register*/
+#endif
 
 	thread->callee_saved.psp = (u32_t)pInitCtx;
 	thread->arch.basepri = 0;
@@ -148,9 +151,9 @@ FUNC_NORETURN void z_arch_user_mode_enter(k_thread_entry_t user_entry,
 
 	/* Set up privileged stack before entering user mode */
 	_current->arch.priv_stack_start =
-		(u32_t)_k_priv_stack_find(_current->stack_obj);
+		(u32_t)z_priv_stack_find(_current->stack_obj);
 
-	_arm_userspace_enter(user_entry, p1, p2, p3,
+	z_arm_userspace_enter(user_entry, p1, p2, p3,
 			     (u32_t)_current->stack_info.start,
 			     _current->stack_info.size);
 	CODE_UNREACHABLE;
@@ -279,11 +282,11 @@ u32_t z_check_thread_stack_fail(const u32_t fault_addr, const u32_t psp)
 		}
 	}
 #else /* CONFIG_USERSPACE */
-	if (IS_MPU_GUARD_VIOLATION(thread->stack_info.start,
+	if (IS_MPU_GUARD_VIOLATION(thread->stack_info.start -
+			MPU_GUARD_ALIGN_AND_SIZE,
 			fault_addr, psp)) {
 		/* Thread stack corruption */
-		return thread->stack_info.start +
-			MPU_GUARD_ALIGN_AND_SIZE;
+		return thread->stack_info.start;
 	}
 #endif /* CONFIG_USERSPACE */
 

arch/arm/core/userspace.S

@@ -16,8 +16,8 @@
 
 _ASM_FILE_PROLOGUE
 
-GTEXT(_arm_userspace_enter)
-GTEXT(_arm_do_syscall)
+GTEXT(z_arm_userspace_enter)
+GTEXT(z_arm_do_syscall)
 GTEXT(z_arch_user_string_nlen)
 GTEXT(z_arch_user_string_nlen_fault_start)
 GTEXT(z_arch_user_string_nlen_fault_end)
@@ -36,7 +36,7 @@ GDATA(_k_syscall_table)
  * not transition back later, unless they are doing system calls.
  *
  */
-SECTION_FUNC(TEXT,_arm_userspace_enter)
+SECTION_FUNC(TEXT,z_arm_userspace_enter)
     /* move user_entry to lr */
     mov lr, r0
 
@@ -77,7 +77,7 @@ SECTION_FUNC(TEXT,_arm_userspace_enter)
      *
      * Note that the risk for overflow is higher if using the normal thread
      * stack, since we do not control how much stack is actually left, when
-     * user invokes _arm_userspace_enter().
+     * user invokes z_arm_userspace_enter().
      */
     push {r0,r1,r2,r3,ip,lr}
     ldr r0, =_kernel
@@ -142,8 +142,16 @@ SECTION_FUNC(TEXT,_arm_userspace_enter)
 #endif /* CONFIG_EXECUTION_BENCHMARKING */
 
     /* change processor mode to unprivileged */
+    push {r0, r1}
+    ldr r0, =_kernel
+    ldr r0, [r0, #_kernel_offset_to_current]
+    ldr r1, [r0, #_thread_offset_to_mode]
+    orrs r1, r1, #1
     mrs ip, CONTROL
     orrs ip, ip, #1
+    /* Store (unprivileged) mode in thread's mode state variable */
+    str r1, [r0, #_thread_offset_to_mode]
+    dsb
     msr CONTROL, ip
 
     /* ISB is not strictly necessary here (stack pointer is not being
@@ -151,6 +159,7 @@ SECTION_FUNC(TEXT,_arm_userspace_enter)
      * instructions with the previous privilege.
      */
     isb
+    pop {r0, r1}
 
     /* jump to z_thread_entry entry */
     ldr ip, =z_thread_entry
@@ -168,7 +177,45 @@ SECTION_FUNC(TEXT,_arm_userspace_enter)
  * 4) Restoring stack and calling back to the caller of the SVC
  *
  */
-SECTION_FUNC(TEXT, _arm_do_syscall)
+SECTION_FUNC(TEXT, z_arm_do_syscall)
+
+    /* The function is executing in privileged mode. This implies that we
+     * shall not be allowed to use the thread's default unprivileged stack,
+     * (i.e push to or pop from it), to avoid a possible stack corruption.
+     *
+     * Rationale: since we execute in PRIV mode and no MPU guard or PSPLIM
+     * register is guarding the end of the default stack, we won't be able
+     * to detect any stack overflows.
+     */
+
+#if defined(CONFIG_BUILTIN_STACK_GUARD)
+    /* clear stack pointer limit before setting the PSP */
+    mov ip, #0
+    msr PSPLIM, ip
+#endif
+
+    /* setup privileged stack */
+    ldr ip, =_kernel
+    ldr ip, [ip, #_kernel_offset_to_current]
+    ldr ip, [ip, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
+    add ip, #CONFIG_PRIVILEGED_STACK_SIZE
+
+    /* Store current SP and LR at the beginning of the priv stack */
+    subs ip, #8
+    str sp, [ip, #0]
+    str lr, [ip, #4]
+
+    /* switch to privileged stack */
+    msr PSP, ip
+
+#if defined(CONFIG_BUILTIN_STACK_GUARD)
+    /* Set stack pointer limit (needed in privileged mode) */
+    ldr ip, =_kernel
+    ldr ip, [ip, #_kernel_offset_to_current]
+    ldr ip, [ip, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
+    msr PSPLIM, ip
+#endif
+
     /*
      * r0-r5 contain arguments
      * r6 contains call_id
@@ -179,45 +226,12 @@ SECTION_FUNC(TEXT, _arm_do_syscall)
     bne valid_syscall
 
     /* BAD SYSCALL path */
-    /* fixup stack frame on unprivileged stack, adding ssf */
+    /* fixup stack frame on the privileged stack, adding ssf */
     mov ip, sp
     push {r4,r5,ip,lr}
     b dispatch_syscall
 
 valid_syscall:
-    /* setup privileged stack */
-    push {r6}
-    ldr r6, =_kernel
-    ldr r6, [r6, #_kernel_offset_to_current]
-    ldr ip, [r6, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    ldr r6, =CONFIG_PRIVILEGED_STACK_SIZE
-    add ip, r6
-    pop {r6}
-    subs ip, #8
-    str sp, [ip, #0]
-    str lr, [ip, #4]
-
-#if defined(CONFIG_BUILTIN_STACK_GUARD)
-    /* clear stack pointer limit before setting the PSP */
-    push {r3}
-    mov r3, #0
-    msr PSPLIM, r3
-    pop {r3}
-#endif
-
-    /* switch to privileged stack */
-    msr PSP, ip
-
-#if defined(CONFIG_BUILTIN_STACK_GUARD)
-    /* Set stack pointer limit (needed in privileged mode) */
-    push {r6}
-    ldr r6, =_kernel
-    ldr r6, [r6, #_kernel_offset_to_current]
-    ldr r6, [r6, #_thread_offset_to_priv_stack_start]    /* priv stack ptr */
-    msr PSPLIM, r6
-    pop {r6}
-#endif
-
     /* push args to complete stack frame */
     push {r4,r5}
 
@@ -242,6 +256,14 @@ dispatch_syscall:
     ldr ip, [sp,#8]
     msr PSP, ip
 
+    push {r0, r1}
+    ldr r0, =_kernel
+    ldr r0, [r0, #_kernel_offset_to_current]
+    ldr r1, [r0, #_thread_offset_to_mode]
+    orrs r1, r1, #1
+    /* Store (unprivileged) mode in thread's mode state variable */
+    str r1, [r0, #_thread_offset_to_mode]
+    dsb
     /* drop privileges by setting bit 0 in CONTROL */
     mrs ip, CONTROL
     orrs ip, ip, #1
@@ -252,6 +274,7 @@ dispatch_syscall:
      * instructions with the previous privilege.
      */
     isb
+    pop {r0, r1}
 
     /* Zero out volatile (caller-saved) registers so as to not leak state from
      * kernel mode. The C calling convention for the syscall handler will

arch/arm/include/cortex_m/exc.h

@@ -49,7 +49,7 @@ extern volatile irq_offload_routine_t offload_routine;
  *
  * @return 1 if in ISR, 0 if not.
  */
-static ALWAYS_INLINE bool _IsInIsr(void)
+static ALWAYS_INLINE bool z_IsInIsr(void)
 {
 	u32_t vector = __get_IPSR();
 
@@ -63,7 +63,7 @@ static ALWAYS_INLINE bool _IsInIsr(void)
 		/* On ARMv6-M there is no nested execution bit, so we check
 		 * exception 3, hard fault, to a detect a nested exception.
 		 */
-		|| (vector == 3)
+		|| (vector == 3U)
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
 		/* If not in thread mode, and if RETTOBASE bit in ICSR is 0,
 		 * then there are preempted active exceptions to execute.
@@ -93,7 +93,7 @@ static ALWAYS_INLINE bool _IsInIsr(void)
  *
  * @return N/A
  */
-static ALWAYS_INLINE void _ExcSetup(void)
+static ALWAYS_INLINE void z_ExcSetup(void)
 {
 	NVIC_SetPriority(PendSV_IRQn, 0xff);
 
@@ -144,7 +144,7 @@ static ALWAYS_INLINE void _ExcSetup(void)
  *
  * @return N/A
  */
-static ALWAYS_INLINE void _ClearFaults(void)
+static ALWAYS_INLINE void z_clearfaults(void)
 {
 #if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
 #elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)

arch/arm/include/cortex_m/stack.h

@@ -37,14 +37,14 @@ extern K_THREAD_STACK_DEFINE(_interrupt_stack, CONFIG_ISR_STACK_SIZE);
  *
  * @return N/A
  */
-static ALWAYS_INLINE void _InterruptStackSetup(void)
+static ALWAYS_INLINE void z_InterruptStackSetup(void)
 {
 #if defined(CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT) && \
 	defined(CONFIG_USERSPACE)
-	u32_t msp = (u32_t)(K_THREAD_STACK_BUFFER(_interrupt_stack) +
+	u32_t msp = (u32_t)(Z_THREAD_STACK_BUFFER(_interrupt_stack) +
 			    CONFIG_ISR_STACK_SIZE - MPU_GUARD_ALIGN_AND_SIZE);
 #else
-	u32_t msp = (u32_t)(K_THREAD_STACK_BUFFER(_interrupt_stack) +
+	u32_t msp = (u32_t)(Z_THREAD_STACK_BUFFER(_interrupt_stack) +
 			    CONFIG_ISR_STACK_SIZE);
 #endif
 

arch/arm/include/kernel_arch_func.h

@@ -27,8 +27,8 @@ extern "C" {
 #endif
 
 #ifndef _ASMLANGUAGE
-extern void _FaultInit(void);
-extern void _CpuIdleInit(void);
+extern void z_FaultInit(void);
+extern void z_CpuIdleInit(void);
 #ifdef CONFIG_ARM_MPU
 extern void z_arch_configure_static_mpu_regions(void);
 extern void z_arch_configure_dynamic_mpu_regions(struct k_thread *thread);
@@ -36,10 +36,10 @@ extern void z_arch_configure_dynamic_mpu_regions(struct k_thread *thread);
 
 static ALWAYS_INLINE void kernel_arch_init(void)
 {
-	_InterruptStackSetup();
-	_ExcSetup();
-	_FaultInit();
-	_CpuIdleInit();
+	z_InterruptStackSetup();
+	z_ExcSetup();
+	z_FaultInit();
+	z_CpuIdleInit();
 }
 
 static ALWAYS_INLINE void
@@ -63,13 +63,13 @@ z_arch_switch_to_main_thread(struct k_thread *main_thread,
 #if defined(CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT) && \
 	defined(CONFIG_USERSPACE)
 	start_of_main_stack =
-		K_THREAD_STACK_BUFFER(main_stack) + main_stack_size -
+		Z_THREAD_STACK_BUFFER(main_stack) + main_stack_size -
 		MPU_GUARD_ALIGN_AND_SIZE;
 #else
 	start_of_main_stack =
-		K_THREAD_STACK_BUFFER(main_stack) + main_stack_size;
+		Z_THREAD_STACK_BUFFER(main_stack) + main_stack_size;
 #endif
-	start_of_main_stack = (void *)STACK_ROUND_DOWN(start_of_main_stack);
+	start_of_main_stack = (char *)STACK_ROUND_DOWN(start_of_main_stack);
 
 #ifdef CONFIG_TRACING
 	z_sys_trace_thread_switched_out();
@@ -134,9 +134,9 @@ z_set_thread_return_value(struct k_thread *thread, unsigned int value)
 
 extern void k_cpu_atomic_idle(unsigned int key);
 
-#define z_is_in_isr() _IsInIsr()
+#define z_is_in_isr() z_IsInIsr()
 
-extern FUNC_NORETURN void _arm_userspace_enter(k_thread_entry_t user_entry,
+extern FUNC_NORETURN void z_arm_userspace_enter(k_thread_entry_t user_entry,
 					       void *p1, void *p2, void *p3,
 					       u32_t stack_end,
 					       u32_t stack_start);

arch/arm/include/tracing_arch.h

@@ -25,7 +25,7 @@ extern "C" {
  *
  * @return The key of the interrupt that is currently being processed.
  */
-int _sys_current_irq_key_get(void)
+int z_sys_current_irq_key_get(void)
 {
 	return __get_IPSR();
 }

arch/common/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 # Put functions and data in their own binary sections so that ld can
 # garbage collect them
 zephyr_cc_option(-ffunction-sections -fdata-sections)

arch/common/gen_isr_tables.py

@@ -223,7 +223,6 @@ def main():
     intlist = read_intlist(args.intlist)
     nvec = intlist["num_vectors"]
     offset = intlist["offset"]
-    prefix = endian_prefix()
 
     spurious_handler = "&z_irq_spurious"
     sw_irq_handler   = "ISR_WRAPPER"
@@ -250,8 +249,8 @@ def main():
         swt = None
 
     for irq, flags, func, param in intlist["interrupts"]:
-        if (flags & ISR_FLAG_DIRECT):
-            if (param != 0):
+        if flags & ISR_FLAG_DIRECT:
+            if param != 0:
                 error("Direct irq %d declared, but has non-NULL parameter"
                         % irq)
             vt[irq - offset] = func
@@ -307,4 +306,3 @@ def main():
 
 if __name__ == "__main__":
     main()
-

arch/common/timing_info_bench.c

@@ -18,6 +18,7 @@ u64_t  __end_drop_to_usermode_time;
 /* location of the time stamps*/
 u32_t __read_swap_end_time_value;
 u64_t __common_var_swap_end_time;
+u64_t __temp_start_swap_time;
 
 #if CONFIG_ARM
 #include <arch/arm/cortex_m/cmsis.h>
@@ -80,7 +81,7 @@ u64_t __common_var_swap_end_time;
 
 void read_timer_start_of_swap(void)
 {
-	if (__read_swap_end_time_value == 1) {
+	if (__read_swap_end_time_value == 1U) {
 		TIMING_INFO_PRE_READ();
 		__start_swap_time = (u32_t) TIMING_INFO_OS_GET_TIME();
 	}
@@ -88,7 +89,7 @@ void read_timer_start_of_swap(void)
 
 void read_timer_end_of_swap(void)
 {
-	if (__read_swap_end_time_value == 1) {
+	if (__read_swap_end_time_value == 1U) {
 		TIMING_INFO_PRE_READ();
 		__read_swap_end_time_value = 2U;
 		__common_var_swap_end_time = (u64_t)TIMING_INFO_OS_GET_TIME();

arch/nios2/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 if(CONFIG_GP_NONE)
 set(gpopt none)
 elseif(CONFIG_GP_LOCAL)

arch/nios2/core/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_sources(
 	thread.c
 	cpu_idle.c

arch/nios2/core/cache.c

@@ -15,23 +15,23 @@
  * text to memory, such as a boot copier or runtime synthesis of code.  If the
  * new text was written with instructions that do not bypass cache memories,
  * this should immediately be followed by an invocation of
- * _nios2_dcache_flush_all() so that cached instruction data is committed to
+ * z_nios2_dcache_flush_all() so that cached instruction data is committed to
  * RAM.
  *
  * See Chapter 9 of the Nios II Gen 2 Software Developer's Handbook for more
  * information on cache considerations.
  */
 #if ALT_CPU_ICACHE_SIZE > 0
-void _nios2_icache_flush_all(void)
+void z_nios2_icache_flush_all(void)
 {
 	u32_t i;
 
 	for (i = 0U; i < ALT_CPU_ICACHE_SIZE; i += ALT_CPU_ICACHE_LINE_SIZE) {
-		_nios2_icache_flush(i);
+		z_nios2_icache_flush(i);
 	}
 
 	/* Get rid of any stale instructions in the pipeline */
-	_nios2_pipeline_flush();
+	z_nios2_pipeline_flush();
 }
 #endif
 
@@ -51,26 +51,26 @@ void _nios2_icache_flush_all(void)
  * information on cache considerations.
  */
 #if ALT_CPU_DCACHE_SIZE > 0
-void _nios2_dcache_flush_all(void)
+void z_nios2_dcache_flush_all(void)
 {
 	u32_t i;
 
 	for (i = 0U; i < ALT_CPU_DCACHE_SIZE; i += ALT_CPU_DCACHE_LINE_SIZE) {
-		_nios2_dcache_flush(i);
+		z_nios2_dcache_flush(i);
 	}
 }
 #endif
 
 /*
- * _nios2_dcache_flush_no_writeback() is called to flush the data cache for a
+ * z_nios2_dcache_flush_no_writeback() is called to flush the data cache for a
  * memory region of length "len" bytes, starting at address "start".
  *
  * Any dirty lines in the data cache are NOT written back to memory.
  * Make sure you really want this behavior.  If you aren't 100% sure,
- * use the _nios2_dcache_flush() routine instead.
+ * use the z_nios2_dcache_flush() routine instead.
  */
 #if ALT_CPU_DCACHE_SIZE > 0
-void _nios2_dcache_flush_no_writeback(void *start, u32_t len)
+void z_nios2_dcache_flush_no_writeback(void *start, u32_t len)
 {
 	u8_t *i;
 	u8_t *end = ((char *) start) + len;

arch/nios2/core/exception.S

@@ -15,7 +15,7 @@ GTEXT(_exception)
 GTEXT(_Fault)
 GTEXT(__swap)
 #ifdef CONFIG_IRQ_OFFLOAD
-GTEXT(_irq_do_offload)
+GTEXT(z_irq_do_offload)
 GTEXT(_offload_routine)
 #endif
 

arch/nios2/core/fatal.c

@@ -174,10 +174,10 @@ FUNC_NORETURN void _Fault(const NANO_ESF *esf)
 	u32_t exc_reg, badaddr_reg, eccftl;
 	enum nios2_exception_cause cause;
 
-	exc_reg = _nios2_creg_read(NIOS2_CR_EXCEPTION);
+	exc_reg = z_nios2_creg_read(NIOS2_CR_EXCEPTION);
 
 	/* Bit 31 indicates potentially fatal ECC error */
-	eccftl = (exc_reg & NIOS2_EXCEPTION_REG_ECCFTL_MASK) != 0;
+	eccftl = (exc_reg & NIOS2_EXCEPTION_REG_ECCFTL_MASK) != 0U;
 
 	/* Bits 2-6 contain the cause code */
 	cause = (exc_reg & NIOS2_EXCEPTION_REG_CAUSE_MASK)
@@ -188,7 +188,7 @@ FUNC_NORETURN void _Fault(const NANO_ESF *esf)
 	printk("reason: %s\n", cause_str(cause));
 #endif
 	if (BIT(cause) & NIOS2_BADADDR_CAUSE_MASK) {
-		badaddr_reg = _nios2_creg_read(NIOS2_CR_BADADDR);
+		badaddr_reg = z_nios2_creg_read(NIOS2_CR_BADADDR);
 		printk("Badaddr: 0x%x\n", badaddr_reg);
 	}
 #endif /* ALT_CPU_HAS_EXTRA_EXCEPTION_INFO */
@@ -246,7 +246,7 @@ hang_system:
 #endif
 
 #ifdef ALT_CPU_HAS_DEBUG_STUB
-	_nios2_break();
+	z_nios2_break();
 #endif
 	for (;;) {
 		k_cpu_idle();

arch/nios2/core/irq_manage.c

@@ -25,7 +25,7 @@ void z_irq_spurious(void *unused)
 {
 	ARG_UNUSED(unused);
 	printk("Spurious interrupt detected! ipending: %x\n",
-	       _nios2_creg_read(NIOS2_CR_IPENDING));
+	       z_nios2_creg_read(NIOS2_CR_IPENDING));
 	z_NanoFatalErrorHandler(_NANO_ERR_SPURIOUS_INT, &_default_esf);
 }
 
@@ -37,9 +37,9 @@ void z_arch_irq_enable(unsigned int irq)
 
 	key = irq_lock();
 
-	ienable = _nios2_creg_read(NIOS2_CR_IENABLE);
-	ienable |= (1 << irq);
-	_nios2_creg_write(NIOS2_CR_IENABLE, ienable);
+	ienable = z_nios2_creg_read(NIOS2_CR_IENABLE);
+	ienable |= BIT(irq);
+	z_nios2_creg_write(NIOS2_CR_IENABLE, ienable);
 
 	irq_unlock(key);
 };
@@ -53,9 +53,9 @@ void z_arch_irq_disable(unsigned int irq)
 
 	key = irq_lock();
 
-	ienable = _nios2_creg_read(NIOS2_CR_IENABLE);
-	ienable &= ~(1 << irq);
-	_nios2_creg_write(NIOS2_CR_IENABLE, ienable);
+	ienable = z_nios2_creg_read(NIOS2_CR_IENABLE);
+	ienable &= ~BIT(irq);
+	z_nios2_creg_write(NIOS2_CR_IENABLE, ienable);
 
 	irq_unlock(key);
 };
@@ -80,7 +80,7 @@ void _enter_irq(u32_t ipending)
 	_kernel.nested++;
 
 #ifdef CONFIG_IRQ_OFFLOAD
-	_irq_do_offload();
+	z_irq_do_offload();
 #endif
 
 	while (ipending) {
@@ -89,7 +89,7 @@ void _enter_irq(u32_t ipending)
 		z_sys_trace_isr_enter();
 
 		index = find_lsb_set(ipending) - 1;
-		ipending &= ~(1 << index);
+		ipending &= ~BIT(index);
 
 		ite = &_sw_isr_table[index];
 

arch/nios2/core/irq_offload.c

@@ -15,7 +15,7 @@ static volatile void *offload_param;
  * Just in case the offload routine itself generates an unhandled
  * exception, clear the offload_routine global before executing.
  */
-void _irq_do_offload(void)
+void z_irq_do_offload(void)
 {
 	irq_offload_routine_t tmp;
 

arch/nios2/core/prep_c.c

@@ -39,13 +39,13 @@ void _PrepC(void)
 	/* In most XIP scenarios we copy the exception code into RAM, so need
 	 * to flush instruction cache.
 	 */
-	_nios2_icache_flush_all();
+	z_nios2_icache_flush_all();
 #if ALT_CPU_ICACHE_SIZE > 0
 	/* Only need to flush the data cache here if there actually is an
 	 * instruction cache, so that the cached instruction data written is
 	 * actually committed.
 	 */
-	_nios2_dcache_flush_all();
+	z_nios2_dcache_flush_all();
 #endif
 #endif
 	z_cstart();

arch/nios2/core/swap.S

@@ -10,7 +10,7 @@
 
 /* exports */
 GTEXT(__swap)
-GTEXT(_thread_entry_wrapper)
+GTEXT(z_thread_entry_wrapper)
 
 /* imports */
 GTEXT(z_sys_trace_thread_switched_in)
@@ -171,9 +171,9 @@ no_unlock:
 	ret
 
 
-/* void _thread_entry_wrapper(void)
+/* void z_thread_entry_wrapper(void)
  */
-SECTION_FUNC(TEXT, _thread_entry_wrapper)
+SECTION_FUNC(TEXT, z_thread_entry_wrapper)
 	/* This all corresponds to struct init_stack_frame defined in
 	 * thread.c. We need to take this stuff off the stack and put
 	 * it in the apporpriate registers

arch/nios2/core/thread.c

@@ -14,12 +14,12 @@
  * to z_thread_entry() since this arch puts the first four arguments
  * in r4-r7 and not on the stack
  */
-void _thread_entry_wrapper(k_thread_entry_t, void *, void *, void *);
+void z_thread_entry_wrapper(k_thread_entry_t, void *, void *, void *);
 
 struct init_stack_frame {
 	/* top of the stack / most recently pushed */
 
-	/* Used by _thread_entry_wrapper. pulls these off the stack and
+	/* Used by z_thread_entry_wrapper. pulls these off the stack and
 	 * into argument registers before calling z_thread_entry()
 	 */
 	k_thread_entry_t entry_point;
@@ -36,12 +36,12 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		 void *arg1, void *arg2, void *arg3,
 		 int priority, unsigned int options)
 {
-	char *stack_memory = K_THREAD_STACK_BUFFER(stack);
+	char *stack_memory = Z_THREAD_STACK_BUFFER(stack);
 	Z_ASSERT_VALID_PRIO(priority, thread_func);
 
 	struct init_stack_frame *iframe;
 
-	_new_thread_init(thread, stack_memory, stack_size, priority, options);
+	z_new_thread_init(thread, stack_memory, stack_size, priority, options);
 
 	/* Initial stack frame data, stored at the base of the stack */
 	iframe = (struct init_stack_frame *)
@@ -54,7 +54,7 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 	iframe->arg3 = arg3;
 
 	thread->callee_saved.sp = (u32_t)iframe;
-	thread->callee_saved.ra = (u32_t)_thread_entry_wrapper;
+	thread->callee_saved.ra = (u32_t)z_thread_entry_wrapper;
 	thread->callee_saved.key = NIOS2_STATUS_PIE_MSK;
 	/* Leave the rest of thread->callee_saved junk */
 }

arch/nios2/include/kernel_arch_func.h

@@ -32,7 +32,7 @@ void k_cpu_atomic_idle(unsigned int key);
 static ALWAYS_INLINE void kernel_arch_init(void)
 {
 	_kernel.irq_stack =
-		K_THREAD_STACK_BUFFER(_interrupt_stack) + CONFIG_ISR_STACK_SIZE;
+		Z_THREAD_STACK_BUFFER(_interrupt_stack) + CONFIG_ISR_STACK_SIZE;
 }
 
 static ALWAYS_INLINE void
@@ -44,21 +44,21 @@ z_set_thread_return_value(struct k_thread *thread, unsigned int value)
 #define z_is_in_isr() (_kernel.nested != 0U)
 
 #ifdef CONFIG_IRQ_OFFLOAD
-void _irq_do_offload(void);
+void z_irq_do_offload(void);
 #endif
 
 #if ALT_CPU_ICACHE_SIZE > 0
-void _nios2_icache_flush_all(void);
+void z_nios2_icache_flush_all(void);
 #else
-#define _nios2_icache_flush_all() do { } while (0)
+#define z_nios2_icache_flush_all() do { } while (0)
 #endif
 
 #if ALT_CPU_DCACHE_SIZE > 0
-void _nios2_dcache_flush_all(void);
-void _nios2_dcache_flush_no_writeback(void *start, u32_t len);
+void z_nios2_dcache_flush_all(void);
+void z_nios2_dcache_flush_no_writeback(void *start, u32_t len);
 #else
-#define _nios2_dcache_flush_all() do { } while (0)
-#define _nios2_dcache_flush_no_writeback(x, y) do { } while (0)
+#define z_nios2_dcache_flush_all() do { } while (0)
+#define z_nios2_dcache_flush_no_writeback(x, y) do { } while (0)
 #endif
 
 #endif /* _ASMLANGUAGE */

arch/nios2/include/tracing_arch.h

@@ -26,11 +26,11 @@ extern "C" {
  *
  * @return The key of the interrupt that is currently being processed.
  */
-static inline int _sys_current_irq_key_get(void)
+static inline int z_sys_current_irq_key_get(void)
 {
 	u32_t ipending;
 
-	ipending = _nios2_creg_read(NIOS2_CR_IPENDING);
+	ipending = z_nios2_creg_read(NIOS2_CR_IPENDING);
 	return find_lsb_set(ipending) - 1;
 }
 

arch/posix/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_compile_options(
   -fno-freestanding
   -m32
@@ -12,6 +14,7 @@ zephyr_include_directories(${BOARD_DIR})
 zephyr_compile_options_ifdef(CONFIG_COVERAGE
   -fprofile-arcs
   -ftest-coverage
+  -fno-inline
 )
 zephyr_link_libraries_ifdef(CONFIG_COVERAGE
 	-lgcov

arch/posix/Kconfig

@@ -22,4 +22,14 @@ config ARCH_POSIX_RECOMMENDED_STACK_SIZE
 	  thread stack, the real stack is the native underlying pthread stack.
 	  Therefore the allocated stack can be limited to this size)
 
+config ARCH_POSIX_STOP_ON_FATAL_ERROR
+	bool "Terminate execution on fatal errors"
+	depends on ARCH_POSIX
+	help
+	  If set, when a fatal error occurs, the execution will stop immediately with
+	  an error. If not set, the default Zephyr behaviour will be followed:
+	  terminate only if the fault was triggered in an ISR or essential thread,
+	  otherwise abort the current thread and attempt to continue.
+	  Enabling this option may simplify locating and debugging faults
+
 endmenu

arch/posix/core/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_library()
 zephyr_library_compile_definitions(NO_POSIX_CHEATS)
 zephyr_library_sources(

arch/posix/core/fatal.c

@@ -85,13 +85,14 @@ FUNC_NORETURN void z_NanoFatalErrorHandler(unsigned int reason,
  * This routine implements the corrective action to be taken when the system
  * detects a fatal error.
  *
- * This sample implementation attempts to abort the current thread and allow
+ * If CONFIG_ARCH_POSIX_STOP_ON_FATAL_ERROR is not set,
+ * it will attempt to abort the current thread and allow
  * the system to continue executing, which may permit the system to continue
  * functioning with degraded capabilities.
  *
- * System designers may wish to enhance or substitute this sample
- * implementation to take other actions, such as logging error (or debug)
- * information to a persistent repository and/or rebooting the system.
+ * If CONFIG_ARCH_POSIX_STOP_ON_FATAL_ERROR is set, or the thread is an
+ * essential thread or interrupt, the execution will be terminated, and an error
+ * code will be returned to the invoking shell
  *
  * @param reason the fatal error reason
  * @param pEsf pointer to exception stack frame
@@ -117,7 +118,10 @@ FUNC_NORETURN __weak void z_SysFatalErrorHandler(unsigned int reason,
 			k_is_in_isr() ? "ISR" : "essential thread");
 	}
 	printk("Fatal fault in thread %p! Aborting.\n", _current);
-	k_thread_abort(_current);
+
+	if (!IS_ENABLED(CONFIG_ARCH_POSIX_STOP_ON_FATAL_ERROR)) {
+		k_thread_abort(_current);
+	}
 
 hang_system:
 

arch/posix/core/posix_core.c

@@ -72,6 +72,8 @@ struct threads_table_el {
 	bool running;     /* Is this the currently running thread */
 	pthread_t thread; /* Actual pthread_t as returned by native kernel */
 	int thead_cnt; /* For debugging: Unique, consecutive, thread number */
+	/* Pointer to the status kept in the Zephyr thread stack */
+	posix_thread_status_t *t_status;
 };
 
 static struct threads_table_el *threads_table;
@@ -166,7 +168,7 @@ static void posix_let_run(int next_allowed_th)
 	 * Note that as we hold the mutex, they are going to be blocked until
 	 * we reach our own posix_wait_until_allowed() while loop
 	 */
-	_SAFE_CALL(pthread_cond_broadcast(&cond_threads));
+	PC_SAFE_CALL(pthread_cond_broadcast(&cond_threads));
 }
 
 
@@ -175,7 +177,7 @@ static void posix_preexit_cleanup(void)
 	/*
 	 * Release the mutex so the next allowed thread can run
 	 */
-	_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
+	PC_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
 
 	/* We detach ourselves so nobody needs to join to us */
 	pthread_detach(pthread_self());
@@ -246,7 +248,7 @@ static void posix_cleanup_handler(void *arg)
 #endif
 
 
-	_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
+	PC_SAFE_CALL(pthread_mutex_unlock(&mtx_threads));
 
 	/* We detach ourselves so nobody needs to join to us */
 	pthread_detach(pthread_self());
@@ -260,18 +262,18 @@ static void posix_cleanup_handler(void *arg)
  */
 static void *posix_thread_starter(void *arg)
 {
-	posix_thread_status_t *ptr = (posix_thread_status_t *) arg;
+	int thread_idx = (intptr_t)arg;
 
 	PC_DEBUG("Thread [%i] %i: %s: Starting\n",
-		threads_table[ptr->thread_idx].thead_cnt,
-		ptr->thread_idx,
+		threads_table[thread_idx].thead_cnt,
+		thread_idx,
 		__func__);
 
 	/*
 	 * We block until all other running threads reach the while loop
 	 * in posix_wait_until_allowed() and they release the mutex
 	 */
-	_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
+	PC_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
 
 	/*
 	 * The program may have been finished before this thread ever got to run
@@ -286,18 +288,20 @@ static void *posix_thread_starter(void *arg)
 	pthread_cleanup_push(posix_cleanup_handler, arg);
 
 	PC_DEBUG("Thread [%i] %i: %s: After start mutex (hav mut)\n",
-		threads_table[ptr->thread_idx].thead_cnt,
-		ptr->thread_idx,
+		threads_table[thread_idx].thead_cnt,
+		thread_idx,
 		__func__);
 
 	/*
 	 * The thread would try to execute immediately, so we block it
 	 * until allowed
 	 */
-	posix_wait_until_allowed(ptr->thread_idx);
+	posix_wait_until_allowed(thread_idx);
 
 	posix_new_thread_pre_start();
 
+	posix_thread_status_t *ptr = threads_table[thread_idx].t_status;
+
 	z_thread_entry(ptr->entry_point, ptr->arg1, ptr->arg2, ptr->arg3);
 
 	/*
@@ -306,13 +310,13 @@ static void *posix_thread_starter(void *arg)
 	 */
 	/* LCOV_EXCL_START */
 	posix_print_trace(PREFIX"Thread [%i] %i [%lu] ended!?!\n",
-			threads_table[ptr->thread_idx].thead_cnt,
-			ptr->thread_idx,
+			threads_table[thread_idx].thead_cnt,
+			thread_idx,
 			pthread_self());
 
 
-	threads_table[ptr->thread_idx].running = false;
-	threads_table[ptr->thread_idx].state = FAILED;
+	threads_table[thread_idx].running = false;
+	threads_table[thread_idx].state = FAILED;
 
 	pthread_cleanup_pop(1);
 
@@ -370,16 +374,18 @@ void posix_new_thread(posix_thread_status_t *ptr)
 	threads_table[t_slot].state = USED;
 	threads_table[t_slot].running = false;
 	threads_table[t_slot].thead_cnt = thread_create_count++;
+	threads_table[t_slot].t_status = ptr;
 	ptr->thread_idx = t_slot;
 
-	_SAFE_CALL(pthread_create(&threads_table[t_slot].thread,
+	PC_SAFE_CALL(pthread_create(&threads_table[t_slot].thread,
 				  NULL,
 				  posix_thread_starter,
-				  (void *)ptr));
+				  (void *)(intptr_t)t_slot));
 
-	PC_DEBUG("created thread [%i] %i [%lu]\n",
+	PC_DEBUG("%s created thread [%i] %i [%lu]\n",
+		__func__,
 		threads_table[t_slot].thead_cnt,
-		ptr->thread_idx,
+		t_slot,
 		threads_table[t_slot].thread);
 
 }
@@ -403,7 +409,7 @@ void posix_init_multithreading(void)
 	threads_table_size = PC_ALLOC_CHUNK_SIZE;
 
 
-	_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
+	PC_SAFE_CALL(pthread_mutex_lock(&mtx_threads));
 }
 
 /**

arch/posix/core/thread.c

@@ -51,13 +51,13 @@ void z_new_thread(struct k_thread *thread, k_thread_stack_t *stack,
 		int priority, unsigned int options)
 {
 
-	char *stack_memory = K_THREAD_STACK_BUFFER(stack);
+	char *stack_memory = Z_THREAD_STACK_BUFFER(stack);
 
 	Z_ASSERT_VALID_PRIO(priority, thread_func);
 
 	posix_thread_status_t *thread_status;
 
-	_new_thread_init(thread, stack_memory, stack_size, priority, options);
+	z_new_thread_init(thread, stack_memory, stack_size, priority, options);
 
 	/* We store it in the same place where normal archs store the
 	 * "initial stack frame"

arch/posix/include/offsets_short_arch.h

@@ -24,9 +24,6 @@
 #define _thread_offset_to_esp \
 	(___thread_t_callee_saved_OFFSET + ___callee_saved_t_esp_OFFSET)
 
-#define _thread_offset_to_coopFloatReg \
-	(___thread_t_arch_OFFSET + ___thread_arch_t_coopFloatReg_OFFSET)
-
 #define _thread_offset_to_preempFloatReg \
 	(___thread_t_arch_OFFSET + ___thread_arch_t_preempFloatReg_OFFSET)
 

arch/posix/include/posix_arch_internal.h

@@ -9,13 +9,13 @@
 
 #include "toolchain.h"
 
-#define _SAFE_CALL(a) _safe_call(a, #a)
+#define PC_SAFE_CALL(a) pc_safe_call(a, #a)
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-static inline void _safe_call(int test, const char *test_str)
+static inline void pc_safe_call(int test, const char *test_str)
 {
 	/* LCOV_EXCL_START */ /* See Note1 */
 	if (unlikely(test)) {
@@ -34,6 +34,6 @@ static inline void _safe_call(int test, const char *test_str)
 /*
  * Note 1:
  *
- * All checks for the host pthreads functions which are wrapped by _SAFE_CALL
+ * All checks for the host pthreads functions which are wrapped by PC_SAFE_CALL
  * are meant to never fail, and therefore will not be covered.
  */

arch/posix/include/tracing_arch.h

@@ -27,7 +27,7 @@ extern "C" {
  *
  * @return The key of the interrupt that is currently being processed.
  */
-static inline int _sys_current_irq_key_get(void)
+static inline int z_sys_current_irq_key_get(void)
 {
 	return posix_get_current_irq();
 }

arch/riscv32/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 add_subdirectory(core)
 
 set_property(GLOBAL PROPERTY PROPERTY_OUTPUT_FORMAT elf32-littleriscv)

arch/riscv32/core/CMakeLists.txt

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 zephyr_sources(
   cpu_idle.c
   fatal.c

arch/riscv32/core/irq_offload.c

@@ -17,7 +17,7 @@ static volatile void *offload_param;
  * Just in case the offload routine itself generates an unhandled
  * exception, clear the offload_routine global before executing.
  */
-void _irq_do_offload(void)
+void z_irq_do_offload(void)
 {
 	irq_offload_routine_t tmp;
 

arch/riscv32/core/isr.S

@@ -218,12 +218,12 @@ on_irq_stack:
 	beqz t1, call_irq
 
 	/*
-	 * Call _irq_do_offload to handle IRQ offloading.
+	 * Call z_irq_do_offload to handle IRQ offloading.
 	 * Set return address to on_thread_stack in order to jump there
-	 * upon returning from _irq_do_offload
+	 * upon returning from z_irq_do_offload
 	 */
 	la ra, on_thread_stack
-	tail _irq_do_offload
+	tail z_irq_do_offload
 
 call_irq:
 #ifdef CONFIG_TRACING

arch/riscv32/core/swap.S

@@ -10,7 +10,7 @@
 
 /* exports */
 GTEXT(__swap)
-GTEXT(_thread_entry_wrapper)
+GTEXT(z_thread_entry_wrapper)
 
 /* Use ABI name of registers for the sake of simplicity */
 
@@ -103,11 +103,11 @@ SECTION_FUNC(exception.other, __swap)
 
 
 /*
- * void _thread_entry_wrapper(k_thread_entry_t, void *, void *, void *)
+ * void z_thread_entry_wrapper(k_thread_entry_t, void *, void *, void *)
  */
-SECTION_FUNC(TEXT, _thread_entry_wrapper)
+SECTION_FUNC(TEXT, z_thread_entry_wrapper)
 	/*
-	 * _thread_entry_wrapper is called for every new thread upon the return
+	 * z_thread_entry_wrapper is called for every new thread upon the return
 	 * of __swap or ISR. Its address, as well as its input function
 	 * arguments thread_entry_t, void *, void *, void * are restored from
 	 * the thread stack (initialized via function _thread).