New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
arch/cortex-m3: Allow the kernel to access protected memory #2120
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Although I'm a little confused how the m3/m4 can differ since they are symlinked to the same file.
Ha! I didn't realise they were symlinked, I checked the M4 after I changed the M3. Ignore that part then. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me too, thanks for the quick turnaround on this
Commit 128782d "mpu: Change the disable_mpu API" converted the disable_app_mpu() function to not make any changes. This means when we return from an app to the kernel we don't disable the MPU. This resulted in some access failures when the kernel tried to access direct write flash regions (tock#1873 (comment)). We can either disable the MPU when returning to the kernel or change the app MPU configuration permissions to not impact the kernel. This patch converts the Cortex-M3 MPU implementation to always allow the kernel access when configuring the app. This way we can avoid the overhead of disabling the MPU on context switches. There is no security gap here as the kernel could just disable the MPU anyway if it was malicious. Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
7542a1c
9bba3a9
to
7542a1c
Compare
Fixed the format failure. |
bors r+ |
2433: use const generics to remove duplicate code for cortex-m MPU r=bradjc a=hudson-ayers ### Pull Request Overview This pull request uses const generics to remove duplicate code for the Cortex-M MPU. It also moves mpu.rs into `arch/cortex-m`, rather than having it in `arch/cortex-m3` and using symbolic links elsewhere. Each specific architecture re-exports the generic type as a concrete type with the correct number of regions for that architecture. I think this is more in line with how we generally handle shared code in other places. I realize that now `cortex-m/mpu.rs` would not work for all `cortex-m` platforms (e.g. `cortex-m0`), but architectures for which this does not work should just not re-export the functionality, and instead present their own MPU type. `cortex-m/src/mpu.rs` clearly indicates in the comments that it is only for use on m3/m4/m7. We need generics because the cortex-m7 MPU has 16 regions instead of 8. The cortex-m7 MPU has already fallen out of date with the cortex-m3 MPU implementation because #2120 only updated the m3 implementation, and not the mostly duplicate code used in m7. I used the `pub mod MPU {}` wrapper in each `lib.rs` to avoid having to modify every chip to update the path, but it could be removed. ### Testing Strategy This pull request was tested by compiling and running blink on an Imix. ### TODO or Help Wanted N/A ### Documentation Updated - [x] No updates are required. ### Formatting - [x] Ran `make prepush`. Co-authored-by: Hudson Ayers <hayers@stanford.edu>
Pull Request Overview
Commit 128782d "mpu: Change the disable_mpu API" converted the
disable_app_mpu() function to not make any changes. This means when we
return from an app to the kernel we don't disable the MPU.
This resulted in some access failures when the kernel tried to access
direct write flash regions (#1873 (comment)).
We can either disable the MPU when returning to the kernel or change the
app MPU configuration permissions to not impact the kernel.
This patch converts the Cortex-M3 MPU implementation to always allow the
kernel access when configuring the app. This way we can avoid the
overhead of disabling the MPU on context switches. There is no security
gap here as the kernel could just disable the MPU anyway if it was
malicious.
Signed-off-by: Alistair Francis alistair.francis@wdc.com
Testing Strategy
None.
TODO or Help Wanted
Documentation Updated
/docs
, or no updates are required.Formatting
make prepush
.