New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
arm64: Add stack guard for v8r #62902
Merged
carlescufi
merged 11 commits into
zephyrproject-rtos:main
from
povergoing:v8r64_add_mpu_stack_guard
Sep 22, 2023
Merged
arm64: Add stack guard for v8r #62902
carlescufi
merged 11 commits into
zephyrproject-rtos:main
from
povergoing:v8r64_add_mpu_stack_guard
Sep 22, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Accessing mem before mmu or mpu init will cause a cache coherence issue. To avoid such a problem, move the safe exception stack init function after the mmu or mpu is initiated. Also change the data section attribute from INNER_SHAREABLE to OUTER_SHAREABLE. Otherwise there will be a cache coherence issue during the memory regions switch. Because we are using background region to do the regions switch, and the default background region is OUTER_SHAREABLE, if we use INNER_SHAREABLE as the foreground region, then we have to flush all cache regions to make sure the cached values are right. However, flushing all regions is too heavy, so we set OUTER_SHAREABLE to fix this issue. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Clean the thread->arch during the arch_new_thread to avoid unexpected behavior. If the thread struct is allocated from heap or in stack, the data in thread->arch might be dirty. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Introduce the ARM64_STACK_PROTECTION config. This option leverages the MMU or MPU to cause a system fatal error if the bounds of the current process stack are overflowed. This is done by preceding all stack areas with a fixed guard region. The config depends on MPU for now since MMU stack protection is not ready. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Add the stack check function z_arm64_stack_corruption_check at z_arm64_fatal_error to handle the stack overflow triggered by the hardware region. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Refactor the stack relevant macros to prepare to introduce the stack guard. Also add comments about the changes related to stack layout. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
To make the stack guard works well, clean and refine the MPU code. To save the MPU regions (the number of MPU regions are limited), we choose to remove the guard region. Comparing to add an individual region to guard the stack, removing the guard region can at least save 2 regions per core. Similarly with userspace, the stack guard will leverage the dynamic regions switching mechanism which means we need a region switch during the context switch. Otherwise, the other option is using stack guard region, but this is very limited since the number of MPU regions is limited. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Enable stack guard for v8R which is backed by MPU. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
The test case allocate struct k_thread thread in the stack. This will lead the random initial value of thread and thus cause the test cases randomly hang. To fix such issue, move the declartion of struct k_thread thread outside the function as a stacic variable. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
The heap size is not enough so that it will cause the testcase fail. Increase to 32k to make sure it works for a long time in the future. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
The stack guard report this testcase has the stack overflow issue. To fix the issue, slightly increse the stack size. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
The test_sem_take_timeout_isr depends on the thread's priority. But for SMP platforms, the priority is different with no-SMP. High-priority threads and low-priority threads might run simultaneously at different cores. Set the test case run at 1cpu to fix such an issue. Signed-off-by: Jaxson Han <jaxson.han@arm.com>
povergoing
requested review from
dcpleung,
andyross,
nashif,
cfriedt and
carlocaione
as code owners
September 21, 2023 07:26
zephyrbot
added
area: POSIX
POSIX API Library
area: ARM64
ARM (64-bit) Architecture
area: Kernel
labels
Sep 21, 2023
carlocaione
approved these changes
Sep 21, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks an amazing work to me.
SgrrZhf
approved these changes
Sep 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add stack guard as an implementation of HW_STACK_PROTECTION. The original work is #55207, but the PR cannot be reopened, it might be too long, so I have to reopen a new one.
fvp_baser_aemv8r
andfvp_baser_aemv8r_smp
board with HW_STACK_PROTECTION enabled.samples/arch/smp/pi/
Example:
or
The output will be something like:
Limitation:
printk
or LOG