SPRUIY2 November 2024 F29H850TU , F29H859TU-Q1
The NMI (non-maskable interrupt) is the second-highest priority interrupt line, and receives system exception interrupts.
This NMI input line is used for any device-level critical condition and various faults either inside or outside the CPU that needs immediate attention.
NMIs cannot be masked or blocked in the CPU. There is no global enable/disable bit for the NMI line in the CPU. Because of this, any interrupts which are received on the NMI line are directly passed to the CPU for prioritization. Priority is then decided amongst the interrupt types (NMI, RTINT, and INT lines). NMI always has highest priority and asserts within any RTINT or INT currently executing. ATOMIC instructions in RTINT or INT ISRs cannot block or prevent NMI from asserting. ATOMIC instructions have no effect on NMI.
The NMIn input latches inside the CPU, and is handled with higher priority than all other interrupt types (except Reset events).
This interrupt line uses the protected Real Time Interrupt Stack for context save and restore. This SSU-protected (Safety and Security Unit) stack has protection features to prevent stack overflow during nesting, when nesting is requested by the PIPE module. The WARNRTISP and MAXRTISP CPU registers serve this purpose in the C29x CPU system.
This protection limits nesting of RTINT up to the number of levels supported by the RTINT Stack minus one level (which is always reserved for NMI interrupt).
For security, the SSU protection of the RTINT Stack are designed so that the contents of the stack are not visible. Registers are also zeroed to prevent visibility into what was happening before the interrupt was serviced.
See Section 2.4 for details on stack overflow protection using the WARNRTISP and MAXRTISP registers.
NMI and RTINT interrupts can potentially have the respective interrupt service routines residing in a different LINK/STACK. Therefore NMI and RTINT interrupt service routines (ISRs) require that the first instruction packet of every vector address contain the (ISR1.PROT || ISR2.PROT) instructions. The CPU pipeline control hardware checks for these required instructions and generates a FAULT, if these instructions are not the first instruction packet of the ISR. These required instructions are inserted automatically by the compiler, but must be configured to do so for the appropriate vectors within a separate security settings file. See Section 3.6 for more details.
ISR1.PROT also initializes the stack pointer (A15) to the appropriate STACK by performing the following operation: A15 = SECSPn (where n is the current STACK indicated by ISTS.CURRSP).
For more details on the security implications of the LINK/STACK/ZONE and memory space for CPU interrupts, see Section 3.6.