hw: activate strict conversion checking in kernel

Fix genodelabs/genode#4753

repos/base-hw/lib/mk/bootstrap-hw.inc

@@ -34,5 +34,3 @@ vpath hw/%          $(BASE_HW_DIR)/src/lib
 vpath lib/base/%    $(BASE_HW_DIR)/src
 vpath lib/base/%    $(BASE_DIR)/src
 vpath lib/startup/% $(BASE_DIR)/src
-
-CC_CXX_WARN_STRICT_CONVERSION =

repos/base-hw/lib/mk/spec/arm_v7/core-hw-imx53_qsb.inc

@@ -4,5 +4,3 @@ SRC_CC += spec/arm/imx_epit.cc
 SRC_CC += spec/arm/imx_tzic.cc
 
 include $(call select_from_repositories,lib/mk/spec/cortex_a8/core-hw.inc)
-
-CC_CXX_WARN_STRICT_CONVERSION =

repos/base-hw/lib/mk/spec/cortex_a15/core-hw.inc

@@ -11,5 +11,3 @@ SRC_CC += spec/arm/kernel/lock.cc
 
 # include less specific configuration
 include $(call select_from_repositories,lib/mk/spec/arm_v7/core-hw.inc)
-
-CC_CXX_WARN_STRICT_CONVERSION =

repos/base-hw/lib/mk/spec/cortex_a8/core-hw.inc

@@ -10,5 +10,3 @@ SRC_CC += kernel/lock.cc
 
 # include less specific configuration
 include $(call select_from_repositories,lib/mk/spec/arm_v7/core-hw.inc)
-
-CC_CXX_WARN_STRICT_CONVERSION =

repos/base-hw/lib/mk/spec/cortex_a9/core-hw.inc

@@ -15,5 +15,3 @@ SRC_CC += kernel/cpu_mp.cc
 
 # include less specific configuration
 include $(call select_from_repositories,lib/mk/spec/arm_v7/core-hw.inc)
-
-CC_CXX_WARN_STRICT_CONVERSION =

repos/base-hw/src/core/kernel/thread.cc

@@ -303,7 +303,10 @@ size_t Thread::_core_to_kernel_quota(size_t const quota) const
 {
 	using Genode::Cpu_session;
 	using Genode::sizet_arithm_t;
-	size_t const ticks = _cpu->timer().us_to_ticks(Kernel::cpu_quota_us);
+
+	/* we assert at timer construction that cpu_quota_us in ticks fits size_t */
+	size_t const ticks = (size_t)
+		_cpu->timer().us_to_ticks(Kernel::cpu_quota_us);
 	return Cpu_session::quota_lim_downscale<sizet_arithm_t>(quota, ticks);
 }
 

repos/base-hw/src/core/kernel/timer.cc

@@ -122,4 +122,10 @@ Timer::Timer(Cpu & cpu)
 	 * period).
 	 */
 	assert(ticks_to_us(_max_value()) > 2 * cpu_quota_us);
+
+	/*
+	 * Kernel::cpu_quota_us is used in ticks for quota calculations
+	 * and must fit into its datatype, which is size_t not time_t
+	 */
+	assert(us_to_ticks(cpu_quota_us) < ~0UL);
 }

repos/base-hw/src/core/spec/arm/cortex_a9_global_timer.cc

@@ -85,8 +85,8 @@ void Timer::_start_one_shot(time_t const ticks)
 	_device.write<Device::Control::Comp_enable>(0);
 
 	time_t end_ticks = _device.current_ticks() + ticks;
-	_device.write<Device::Comparator>(end_ticks & 0xFFFFFFFF, 0);
-	_device.write<Device::Comparator>(end_ticks >> 32       , 1);
+	_device.write<Device::Comparator>((uint32_t)end_ticks, 0);
+	_device.write<Device::Comparator>((uint32_t)(end_ticks >> 32) , 1);
 
 	/* Enable comparator before setting a new value */
 	_device.write<Device::Control::Comp_enable>(1);

repos/base-hw/src/core/spec/arm/imx_epit.cc

@@ -54,7 +54,9 @@ void Timer::_start_one_shot(time_t const ticks)
 	 * otherwise if the tick is small enough, we loose an interrupt
 	 */
 	_device.write<Board::Timer::Sr::Ocif>(1);
-	_device.write<Board::Timer::Lr>(ticks - 1);
+
+	/* maximal ticks are guaranteed via _max_value */
+	_device.write<Board::Timer::Lr>((uint32_t)(ticks - 1));
 }
 
 
@@ -73,9 +75,8 @@ time_t Timer::_max_value() const {
 time_t Timer::_duration() const
 {
 	using Device = Board::Timer;
-	Device::Cnt::access_t last = _last_timeout_duration;
+	Device::Cnt::access_t last = (Device::Cnt::access_t) _last_timeout_duration;
 	Device::Cnt::access_t cnt  = _device.read<Device::Cnt>();
-	Device::Cnt::access_t ret  = (_device.read<Device::Sr::Ocif>())
-		? _max_value() - cnt + last : last - cnt;
-	return ret;
+	return (_device.read<Device::Sr::Ocif>()) ? _max_value() - cnt + last
+	                                          : last - cnt;
 }

repos/base-hw/src/core/spec/arm/kernel/thread.cc

@@ -78,7 +78,8 @@ void Thread::proceed(Cpu & cpu)
 
 void Thread::user_ret_time(Kernel::time_t const t)
 {
-	regs->r0 = t >> 32UL;
+	/* split 64-bit time_t value into 2 register */
+	regs->r0 = (addr_t) (t >> 32UL);
 	regs->r1 = t & ~0UL;
 }
 

repos/base-hw/src/core/spec/arm_v7/virtualization/hypervisor.h

@@ -38,8 +38,8 @@ namespace Hypervisor {
 	inline void invalidate_tlb(Genode::uint64_t vttbr)
 	{
 		hypervisor_call(TLB_INVALIDATE,
-		                (vttbr & 0xffffffff),
-		                ((vttbr >> 32U) & 0xffffffff));
+		                (Call_arg)vttbr,
+		                (Call_arg)(vttbr >> 32U));
 	}
 
 

repos/base-hw/src/core/spec/cortex_a15/cpu.h

@@ -103,7 +103,7 @@ class Genode::Cpu : public Arm_v7_cpu
 
 				Genode::uint8_t id() const
 				{
-					return Ttbr_64bit::Asid::get(ttbr0);
+					return (uint8_t)Ttbr_64bit::Asid::get(ttbr0);
 				}
 		};
 

repos/base-hw/src/include/hw/spec/arm/lpae.h

@@ -387,7 +387,8 @@ class Hw::Level_3_translation_table :
 					using Block_descriptor = typename Stage_trait<Base, STAGE>::Type;
 					if (!Descriptor::valid(desc))
 						return;
-					phys = Block_descriptor::Output_address::masked(desc);
+					phys =
+						(addr_t)Block_descriptor::Output_address::masked(desc);
 					typename Block_descriptor::access_t ap =
 						Block_descriptor::Access_permission::get(desc);
 					found = ap == Block_descriptor::Access_permission::PRIVILEGED_RW ||
@@ -477,8 +478,13 @@ class Hw::Level_x_translation_table :
 					[[fallthrough]];
 				case Descriptor::TABLE: /* table already available */
 					{
-						/* use allocator to retrieve virt address of table */
-						E & table = alloc.virt_addr<E>(Nt::masked(desc));
+						/**
+						 * Use allocator to retrieve virt address of table
+						 * (we do not have physical memory above 4G on 32bit
+						 *  yet, therefore we can downcast here)
+						 */
+						E & table =
+							alloc.virt_addr<E>((addr_t)Nt::masked(desc));
 						table.insert_translation(vo - (vo & Base::BLOCK_MASK),
 						                         pa, size, flags, alloc);
 						break;
@@ -510,8 +516,12 @@ class Hw::Level_x_translation_table :
 				switch (Descriptor::type(desc)) {
 				case Descriptor::TABLE:
 					{
-						/* use allocator to retrieve virt address of table */
-						E & table = alloc.virt_addr<E>(Nt::masked(desc));
+						/**
+						 * Use allocator to retrieve virt address of table
+						 * (we do not have physical memory above 4G on 32bit
+						 *  yet, therefore we can downcast here)
+						 */
+						E & table = alloc.virt_addr<E>((addr_t)Nt::masked(desc));
 						table.remove_translation(vo - (vo & Base::BLOCK_MASK),
 						                         size, alloc);
 						if (!table.empty()) break;
@@ -544,7 +554,8 @@ class Hw::Level_x_translation_table :
 				switch (Descriptor::type(desc)) {
 				case Descriptor::BLOCK:
 					{
-						phys = Block_descriptor::Output_address::masked(desc);
+						/* downcast: no phys memory above 4G on 32bit yet */
+						phys = (addr_t)Block_descriptor::Output_address::masked(desc);
 						typename Block_descriptor::access_t ap =
 							Block_descriptor::Access_permission::get(desc);
 						found = ap == Block_descriptor::Access_permission::PRIVILEGED_RW ||
@@ -553,8 +564,12 @@ class Hw::Level_x_translation_table :
 					};
 				case Descriptor::TABLE:
 					{
-						/* use allocator to retrieve virt address of table */
-						E & table = alloc.virt_addr<E>(Nt::masked(desc));
+						/*
+						 * Use allocator to retrieve virt address of table
+						 * (we do not have physical memory above 4G on 32bit
+						 *  yet, therefore we can downcast here)
+						 */
+						E & table = alloc.virt_addr<E>((addr_t)Nt::masked(desc));
 						found = table.lookup_rw_translation(vo - (vo & Base::BLOCK_MASK),
 						                                    phys, alloc);
 						return;

repos/base-hw/src/include/hw/spec/arm/usb_armory_board.h

@@ -27,6 +27,7 @@ namespace Hw::Usb_armory_board {
 	enum {
 		UART_BASE  = UART_1_MMIO_BASE,
 		UART_CLOCK = 0, /* ignored value */
+		NR_OF_CPUS = 1,
 	};
 }