Skip to content

riscv: smp: fix secondary cpus' initial stack #50459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fabiobaltieri merged 1 commit into from
Sep 21, 2022
Merged

riscv: smp: fix secondary cpus' initial stack #50459

fabiobaltieri merged 1 commit into from
Sep 21, 2022

Conversation

@npitre
Copy link

@npitre npitre commented Sep 21, 2022
edited by carlocaione
Loading

Z_THREAD_STACK_BUFFER() must not be used here. This is meant for stacks
defined with K_THREAD_STACK_ARRAY_DEFINE() whereas in this case we are
given a stack created with K_KERNEL_STACK_ARRAY_DEFINE().

If CONFIG_USERSPACE=y then K_THREAD_STACK_RESERVED gets defined with
a bigger value than K_KERNEL_STACK_RESERVED. Then Z_THREAD_STACK_BUFFER()
returns a pointer that is more advanced than expected, resulting in a
stack pointer outside its actual stack area and therefore memory
corruption ensues.

Fixes: #50465

riscv: smp: fix secondary cpus' initial stack
c77269a 
Z_THREAD_STACK_BUFFER() must not be used here. This is meant for stacks
defined with K_THREAD_STACK_ARRAY_DEFINE() whereas in this case we are
given a stack created with K_KERNEL_STACK_ARRAY_DEFINE().

If CONFIG_USERSPACE=y then K_THREAD_STACK_RESERVED gets defined with
a bigger value than K_KERNEL_STACK_RESERVED. Then Z_THREAD_STACK_BUFFER()
returns a pointer that is more advanced than expected, resulting in a
stack pointer outside its actual stack area and therefore memory
corruption ensues.

Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
@npitre npitre added this to the v3.2.0 milestone Sep 21, 2022
@zephyrbot zephyrbot added the area: RISCV RISCV Architecture (32-bit & 64-bit) label Sep 21, 2022
@stephanosio
Copy link
Member

stephanosio commented Sep 21, 2022
edited
Loading

It seems we have the same issue on a few other archs as well:

zephyr/soc/xtensa/esp32/esp32-mp.c

Line 238 in 51af614

sr.stack_top = Z_THREAD_STACK_BUFFER(stack) + sz;

zephyr/soc/xtensa/intel_adsp/common/multiprocessing.c

Line 140 in 0687a61

z_mp_stack_top = Z_THREAD_STACK_BUFFER(stack) + sz;

zephyr/arch/arc/core/arc_smp.c

Line 53 in 83d73f6

arc_cpu_sp = Z_THREAD_STACK_BUFFER(stack) + sz;

cc @dcpleung @ruuddw

Tracked by #50467 and #50468

This was referenced Sep 21, 2022
Closed
Closed
@fabiobaltieri fabiobaltieri merged commit c76d8c8 into zephyrproject-rtos:main Sep 21, 2022
This was referenced Sep 21, 2022
Closed
Closed
Merged
@npitre npitre deleted the rv_fix_smp_init branch October 5, 2022 04:19
@npitre npitre mentioned this pull request Nov 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nashif nashif nashif approved these changes

@carlocaione carlocaione carlocaione approved these changes

@katsuster katsuster katsuster approved these changes

@stephanosio stephanosio stephanosio approved these changes

@fkokosinski fkokosinski fkokosinski approved these changes

@kgugala kgugala Awaiting requested review from kgugala

@pgielda pgielda Awaiting requested review from pgielda

@edersondisouza edersondisouza Awaiting requested review from edersondisouza

@mgielda mgielda Awaiting requested review from mgielda

@tgorochowik tgorochowik Awaiting requested review from tgorochowik

Assignees

@fkokosinski fkokosinski

Labels

area: RISCV RISCV Architecture (32-bit & 64-bit)

Projects

None yet

Milestone

v3.2.0

Development

Successfully merging this pull request may close these issues.

Possible memory corruption on RISCV when userspace is enabled

8 participants

@npitre @stephanosio @nashif @carlocaione @katsuster @fkokosinski @fabiobaltieri @zephyrbot