From 6773d468ae877ce36feda1c86842510fb33501a3 Mon Sep 17 00:00:00 2001 From: Scott Larson Date: Fri, 16 Oct 2020 11:57:42 -0700 Subject: [PATCH] 6.1.1 patch: add stack sealing to armv8-m, fix misra warning, fix stack check link error --- common/inc/tx_api.h | 7 ++- common/src/tx_thread_stack_error_handler.c | 7 ++- common/src/tx_thread_suspend.c | 10 ++-- common_smp/inc/tx_api.h | 7 ++- .../src/tx_thread_stack_error_handler.c | 7 ++- .../RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct | 4 ++ .../RTE/Device/ARMCM23_TZ/startup_ARMCM23.c | 3 ++ .../ac5/src/tx_thread_secure_stack.c | 42 ++++++++++----- .../RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct | 4 ++ .../RTE/Device/ARMCM23_TZ/startup_ARMCM23.c | 3 ++ .../ac6/src/tx_thread_secure_stack.c | 44 +++++++++++----- .../gnu/src/tx_thread_secure_stack.c | 42 ++++++++++----- .../iar/src/tx_thread_secure_stack.c | 42 ++++++++++----- .../Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct | 4 ++ .../ARMCM33_DSP_FP_TZ/startup_ARMCM33.c | 2 + .../ac5/src/tx_thread_secure_stack.c | 42 ++++++++++----- .../Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct | 4 ++ .../ARMCM33_DSP_FP_TZ/startup_ARMCM33.c | 3 +- .../Device/ARMCM33_DSP_FP_TZ/system_ARMCM33.c | 1 - .../ac6/src/tx_thread_secure_stack.c | 51 ++++++++++++------ .../gnu/src/tx_thread_secure_stack.c | 42 ++++++++++----- .../iar/src/tx_thread_secure_stack.c | 52 +++++++++++++------ 22 files changed, 303 insertions(+), 120 deletions(-) diff --git a/common/inc/tx_api.h b/common/inc/tx_api.h index 2397552d..80f36f95 100644 --- a/common/inc/tx_api.h +++ b/common/inc/tx_api.h @@ -26,7 +26,7 @@ /* APPLICATION INTERFACE DEFINITION RELEASE */ /* */ /* tx_api.h PORTABLE C */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* William E. Lamie, Microsoft Corporation */ @@ -51,6 +51,9 @@ /* added macros for casting */ /* pointers to ALIGN_TYPE, */ /* resulting in version 6.1 */ +/* 10-16-2020 William E. Lamie Modified comment(s), and */ +/* increased patch version, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ @@ -83,7 +86,7 @@ extern "C" { #define AZURE_RTOS_THREADX #define THREADX_MAJOR_VERSION 6 #define THREADX_MINOR_VERSION 1 -#define THREADX_PATCH_VERSION 0 +#define THREADX_PATCH_VERSION 1 /* Define the following symbol for backward compatibility */ #define EL_PRODUCT_THREADX diff --git a/common/src/tx_thread_stack_error_handler.c b/common/src/tx_thread_stack_error_handler.c index 9c90b1a7..6d62c3f3 100644 --- a/common/src/tx_thread_stack_error_handler.c +++ b/common/src/tx_thread_stack_error_handler.c @@ -26,7 +26,7 @@ /* Include necessary system files. */ #include "tx_api.h" -#ifdef TX_MISRA_ENABLE +#if defined(TX_MISRA_ENABLE) || defined(TX_ENABLE_STACK_CHECKING) #include "tx_thread.h" @@ -35,7 +35,7 @@ /* FUNCTION RELEASE */ /* */ /* _tx_thread_stack_error_handler PORTABLE C */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* William E. Lamie, Microsoft Corporation */ @@ -69,6 +69,9 @@ /* 09-30-2020 Yuxin Zhou Modified comment(s), */ /* update misra support, */ /* resulting in version 6.1 */ +/* 10-16-2020 William E. Lamie Modified comment(s), */ +/* fixed link issue, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ VOID _tx_thread_stack_error_handler(TX_THREAD *thread_ptr) diff --git a/common/src/tx_thread_suspend.c b/common/src/tx_thread_suspend.c index 764158b7..dc4fc076 100644 --- a/common/src/tx_thread_suspend.c +++ b/common/src/tx_thread_suspend.c @@ -35,7 +35,7 @@ /* FUNCTION RELEASE */ /* */ /* _tx_thread_suspend PORTABLE C */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* William E. Lamie, Microsoft Corporation */ @@ -70,6 +70,10 @@ /* 05-19-2020 William E. Lamie Initial Version 6.0 */ /* 09-30-2020 Yuxin Zhou Modified comment(s), */ /* resulting in version 6.1 */ +/* 10-16-2020 Yuxin Zhou Modified comment(s), and */ +/* added type cast to address */ +/* a MISRA compliance issue, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ UINT _tx_thread_suspend(TX_THREAD *thread_ptr) @@ -103,7 +107,7 @@ UINT status; status = TX_SUCCESS; /* Determine if we are in a thread context. */ - if (TX_THREAD_GET_SYSTEM_STATE() == 0) + if (TX_THREAD_GET_SYSTEM_STATE() == ((ULONG) 0)) { /* Yes, we are in a thread context. */ @@ -264,7 +268,7 @@ ULONG time_stamp = ((ULONG) 0); status = TX_SUCCESS; /* Determine if we are in a thread context. */ - if (TX_THREAD_GET_SYSTEM_STATE() == 0) + if (TX_THREAD_GET_SYSTEM_STATE() == ((ULONG) 0)) { /* Yes, we are in a thread context. */ diff --git a/common_smp/inc/tx_api.h b/common_smp/inc/tx_api.h index 4dc3a839..f67d8fdc 100644 --- a/common_smp/inc/tx_api.h +++ b/common_smp/inc/tx_api.h @@ -26,7 +26,7 @@ /* APPLICATION INTERFACE DEFINITION RELEASE */ /* */ /* tx_api.h PORTABLE SMP */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* William E. Lamie, Microsoft Corporation */ @@ -44,6 +44,9 @@ /* DATE NAME DESCRIPTION */ /* */ /* 09-30-2020 William E. Lamie Initial Version 6.1 */ +/* 10-16-2020 William E. Lamie Modified comment(s), and */ +/* increased patch version, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ @@ -83,7 +86,7 @@ extern "C" { #define AZURE_RTOS_THREADX #define THREADX_MAJOR_VERSION 6 #define THREADX_MINOR_VERSION 1 -#define THREADX_PATCH_VERSION 0 +#define THREADX_PATCH_VERSION 1 /* Define the following symbol for backward compatibility */ #define EL_PRODUCT_THREADX diff --git a/common_smp/src/tx_thread_stack_error_handler.c b/common_smp/src/tx_thread_stack_error_handler.c index 219df6de..b03d64fb 100644 --- a/common_smp/src/tx_thread_stack_error_handler.c +++ b/common_smp/src/tx_thread_stack_error_handler.c @@ -26,7 +26,7 @@ /* Include necessary system files. */ #include "tx_api.h" -#ifdef TX_MISRA_ENABLE +#if defined(TX_MISRA_ENABLE) || defined(TX_ENABLE_STACK_CHECKING) #include "tx_thread.h" @@ -35,7 +35,7 @@ /* FUNCTION RELEASE */ /* */ /* _tx_thread_stack_error_handler PORTABLE C */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* William E. Lamie, Microsoft Corporation */ @@ -66,6 +66,9 @@ /* DATE NAME DESCRIPTION */ /* */ /* 09-30-2020 William E. Lamie Initial Version 6.1 */ +/* 10-16-2020 William E. Lamie Modified comment(s), */ +/* fixed link issue, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ VOID _tx_thread_stack_error_handler(TX_THREAD *thread_ptr) diff --git a/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct b/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct index abbe02af..a833a90d 100644 --- a/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct +++ b/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct @@ -71,4 +71,8 @@ LR_ROM __RO_BASE __RO_SIZE { ; load region size_region ARM_LIB_STACK __STACK_TOP EMPTY -__STACK_SIZE { ; Reserve empty region for stack } + SEAL +0 + { + *.o(.seal+FIRST) + } } diff --git a/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c b/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c index 30dc1dfd..eb5fdfc5 100644 --- a/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c +++ b/ports/cortex_m23/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c @@ -117,6 +117,9 @@ extern const pFunc __VECTOR_TABLE[240]; #pragma GCC diagnostic pop #endif +/* The linker will place this value at the bottom of the stack to seal the secure main stack. */ +const int stack_seal __attribute__((section (".seal"))) = 0xFEF5EDA5; + /*---------------------------------------------------------------------------- Reset Handler called on controller reset *----------------------------------------------------------------------------*/ diff --git a/ports/cortex_m23/ac5/src/tx_thread_secure_stack.c b/ports/cortex_m23/ac5/src/tx_thread_secure_stack.c index 43a31427..ad4a7119 100644 --- a/ports/cortex_m23/ac5/src/tx_thread_secure_stack.c +++ b/ports/cortex_m23/ac5/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M23/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -116,7 +122,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M23/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -191,8 +200,8 @@ ULONG sp; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -202,6 +211,9 @@ ULONG sp; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -240,7 +252,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M23/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -272,7 +284,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -321,7 +335,7 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M23/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -353,7 +367,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -403,7 +419,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M23/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -434,7 +450,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct b/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct index abbe02af..a833a90d 100644 --- a/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct +++ b/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/ARMCM23_ac6.sct @@ -71,4 +71,8 @@ LR_ROM __RO_BASE __RO_SIZE { ; load region size_region ARM_LIB_STACK __STACK_TOP EMPTY -__STACK_SIZE { ; Reserve empty region for stack } + SEAL +0 + { + *.o(.seal+FIRST) + } } diff --git a/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c b/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c index 30dc1dfd..eb5fdfc5 100644 --- a/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c +++ b/ports/cortex_m23/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM23_TZ/startup_ARMCM23.c @@ -117,6 +117,9 @@ extern const pFunc __VECTOR_TABLE[240]; #pragma GCC diagnostic pop #endif +/* The linker will place this value at the bottom of the stack to seal the secure main stack. */ +const int stack_seal __attribute__((section (".seal"))) = 0xFEF5EDA5; + /*---------------------------------------------------------------------------- Reset Handler called on controller reset *----------------------------------------------------------------------------*/ diff --git a/ports/cortex_m23/ac6/src/tx_thread_secure_stack.c b/ports/cortex_m23/ac6/src/tx_thread_secure_stack.c index 0a48556e..311e67b6 100644 --- a/ports/cortex_m23/ac6/src/tx_thread_secure_stack.c +++ b/ports/cortex_m23/ac6/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M23/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -116,7 +122,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M23/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -165,7 +174,7 @@ UINT status; TX_THREAD_SECURE_STACK_INFO *info_ptr; UCHAR *stack_mem; ULONG sp; - + status = TX_SUCCESS; /* Make sure function is called from interrupt (threads should not call). */ @@ -191,8 +200,8 @@ ULONG sp; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -202,6 +211,9 @@ ULONG sp; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -240,7 +252,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M23/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -272,7 +284,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -321,7 +335,7 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M23/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -353,7 +367,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -403,7 +419,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M23/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -434,7 +450,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m23/gnu/src/tx_thread_secure_stack.c b/ports/cortex_m23/gnu/src/tx_thread_secure_stack.c index 0c9317c8..9ca7ccff 100644 --- a/ports/cortex_m23/gnu/src/tx_thread_secure_stack.c +++ b/ports/cortex_m23/gnu/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M23/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -116,7 +122,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M23/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -191,8 +200,8 @@ ULONG sp; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -202,6 +211,9 @@ ULONG sp; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -240,7 +252,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M23/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -272,7 +284,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -321,7 +335,7 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M23/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -353,7 +367,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -403,7 +419,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M23/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -434,7 +450,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m23/iar/src/tx_thread_secure_stack.c b/ports/cortex_m23/iar/src/tx_thread_secure_stack.c index 8cc66628..b9ba72ff 100644 --- a/ports/cortex_m23/iar/src/tx_thread_secure_stack.c +++ b/ports/cortex_m23/iar/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M23/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -116,7 +122,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M23/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -191,8 +200,8 @@ ULONG sp; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -202,6 +211,9 @@ ULONG sp; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -240,7 +252,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M23/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -272,7 +284,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -321,7 +335,7 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M23/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -353,7 +367,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -403,7 +419,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M23/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -434,7 +450,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct b/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct index 3baa3455..f1424c35 100644 --- a/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct +++ b/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct @@ -71,4 +71,8 @@ LR_ROM __RO_BASE __RO_SIZE { ; load region size_region ARM_LIB_STACK __STACK_TOP EMPTY -__STACK_SIZE { ; Reserve empty region for stack } + SEAL +0 + { + *.o(.seal+FIRST) + } } diff --git a/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c b/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c index 50dbd45f..4fcc5dbc 100644 --- a/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c +++ b/ports/cortex_m33/ac5/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c @@ -116,6 +116,8 @@ extern const pFunc __VECTOR_TABLE[496]; /* Interrupts 10 .. 480 are left out */ }; +/* The linker will place this value at the bottom of the stack to seal the secure main stack. */ +const int stack_seal __attribute__((section (".seal"))) = 0xFEF5EDA5; /*---------------------------------------------------------------------------- Reset Handler called on controller reset diff --git a/ports/cortex_m33/ac5/src/tx_thread_secure_stack.c b/ports/cortex_m33/ac5/src/tx_thread_secure_stack.c index bcd204f1..fed7daca 100644 --- a/ports/cortex_m33/ac5/src/tx_thread_secure_stack.c +++ b/ports/cortex_m33/ac5/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M33/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -116,7 +122,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M33/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -190,8 +199,8 @@ UCHAR *stack_mem; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -201,6 +210,9 @@ UCHAR *stack_mem; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -237,7 +249,7 @@ UCHAR *stack_mem; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M33/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -269,7 +281,9 @@ UCHAR *stack_mem; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -318,7 +332,7 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M33/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -350,7 +364,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -400,7 +416,7 @@ ULONG sp; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M33/AC5 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -431,7 +447,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct index 3baa3455..f1424c35 100644 --- a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct +++ b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/ARMCM33_AC6.sct @@ -71,4 +71,8 @@ LR_ROM __RO_BASE __RO_SIZE { ; load region size_region ARM_LIB_STACK __STACK_TOP EMPTY -__STACK_SIZE { ; Reserve empty region for stack } + SEAL +0 + { + *.o(.seal+FIRST) + } } diff --git a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c index 5ee4322c..4fcc5dbc 100644 --- a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c +++ b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/startup_ARMCM33.c @@ -116,6 +116,8 @@ extern const pFunc __VECTOR_TABLE[496]; /* Interrupts 10 .. 480 are left out */ }; +/* The linker will place this value at the bottom of the stack to seal the secure main stack. */ +const int stack_seal __attribute__((section (".seal"))) = 0xFEF5EDA5; /*---------------------------------------------------------------------------- Reset Handler called on controller reset @@ -128,7 +130,6 @@ void Reset_Handler(void) __PROGRAM_START(); /* Enter PreMain (C library entry point) */ } - /*---------------------------------------------------------------------------- Default Handler for Exceptions / Interrupts *----------------------------------------------------------------------------*/ diff --git a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/system_ARMCM33.c b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/system_ARMCM33.c index 9e1fcd22..36cb0c63 100644 --- a/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/system_ARMCM33.c +++ b/ports/cortex_m33/ac6/example_build/demo_secure_zone/RTE/Device/ARMCM33_DSP_FP_TZ/system_ARMCM33.c @@ -99,7 +99,6 @@ void SystemInit (void) *(uint32_t *)0xE000ED24 = 0x000F0000; /* S: enable secure, usage, bus, mem faults */ *(uint32_t *)0xE002ED24 = 0x000F0000; /* NS: enable secure, usage, bus, mem faults */ - } #if !defined(TX_SINGLE_MODE_SECURE) && !defined(TX_SINGLE_MODE_NON_SECURE) diff --git a/ports/cortex_m33/ac6/src/tx_thread_secure_stack.c b/ports/cortex_m33/ac6/src/tx_thread_secure_stack.c index d53cb715..e66a7bf1 100644 --- a/ports/cortex_m33/ac6/src/tx_thread_secure_stack.c +++ b/ports/cortex_m33/ac6/src/tx_thread_secure_stack.c @@ -41,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -59,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M33/AC6 */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -91,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -115,8 +121,8 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_mode_stack_allocate PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_mode_stack_allocate Cortex-M33/AC6 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -155,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -185,14 +194,13 @@ UCHAR *stack_mem; else { - /* Allocate space for secure stack info. */ info_ptr = calloc(1, sizeof(TX_THREAD_SECURE_STACK_INFO)); if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -202,6 +210,9 @@ UCHAR *stack_mem; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -237,8 +248,8 @@ UCHAR *stack_mem; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_mode_stack_free PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_mode_stack_free Cortex-M33/AC6 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -270,7 +281,9 @@ UCHAR *stack_mem; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -318,8 +331,8 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_stack_context_save PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_stack_context_save Cortex-M33/AC6 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -351,7 +364,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -400,8 +415,8 @@ ULONG sp; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_stack_context_restore PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_stack_context_restore Cortex-M33/AC6 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -432,7 +447,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m33/gnu/src/tx_thread_secure_stack.c b/ports/cortex_m33/gnu/src/tx_thread_secure_stack.c index 79d8e9e0..396aefb3 100644 --- a/ports/cortex_m33/gnu/src/tx_thread_secure_stack.c +++ b/ports/cortex_m33/gnu/src/tx_thread_secure_stack.c @@ -40,6 +40,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -58,7 +62,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M33/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -90,7 +94,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -118,7 +124,7 @@ void _tx_thread_secure_stack_initialize(void) /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_allocate Cortex-M33/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -156,7 +162,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -194,8 +203,8 @@ ULONG psplim_ns; if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -205,6 +214,9 @@ ULONG psplim_ns; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -242,7 +254,7 @@ ULONG psplim_ns; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_mode_stack_free Cortex-M33/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -274,7 +286,9 @@ ULONG psplim_ns; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -325,7 +339,7 @@ ULONG ipsr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_save Cortex-M33/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -357,7 +371,9 @@ ULONG ipsr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -409,7 +425,7 @@ ULONG ipsr; /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_context_restore Cortex-M33/GNU */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -440,7 +456,9 @@ ULONG ipsr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) diff --git a/ports/cortex_m33/iar/src/tx_thread_secure_stack.c b/ports/cortex_m33/iar/src/tx_thread_secure_stack.c index d1a9d182..d790bca0 100644 --- a/ports/cortex_m33/iar/src/tx_thread_secure_stack.c +++ b/ports/cortex_m33/iar/src/tx_thread_secure_stack.c @@ -20,6 +20,7 @@ /**************************************************************************/ /**************************************************************************/ + #include "tx_api.h" /* If TX_SINGLE_MODE_SECURE or TX_SINGLE_MODE_NON_SECURE is defined, @@ -40,6 +41,10 @@ #define TX_THREAD_SECURE_STACK_MAXIMUM 1024 #endif +/* 8 bytes added to stack size to "seal" stack. */ +#define TX_THREAD_STACK_SEAL_SIZE 8 +#define TX_THREAD_STACK_SEAL_VALUE 0xFEF5EDA5 + /* Secure stack info struct to hold stack start, stack limit, current stack pointer, and pointer to owning thread. This will be allocated for each thread with a secure stack. */ @@ -58,7 +63,7 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* FUNCTION RELEASE */ /* */ /* _tx_thread_secure_stack_initialize Cortex-M33/IAR */ -/* 6.1 */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -90,7 +95,9 @@ typedef struct TX_THREAD_SECURE_STACK_INFO_STRUCT /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -114,8 +121,8 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_mode_stack_allocate PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_mode_stack_allocate Cortex-M33/IAR */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -154,7 +161,10 @@ void _tx_thread_secure_stack_initialize(void) /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* added stack sealing, */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -184,14 +194,13 @@ UCHAR *stack_mem; else { - /* Allocate space for secure stack info. */ info_ptr = calloc(1, sizeof(TX_THREAD_SECURE_STACK_INFO)); if(info_ptr != TX_NULL) { - /* If stack info allocated, allocate a stack. */ - stack_mem = malloc(stack_size); + /* If stack info allocated, allocate a stack & seal. */ + stack_mem = malloc(stack_size + TX_THREAD_STACK_SEAL_SIZE); if(stack_mem != TX_NULL) { @@ -201,6 +210,9 @@ UCHAR *stack_mem; info_ptr -> tx_thread_secure_stack_ptr = info_ptr -> tx_thread_secure_stack_start; info_ptr -> tx_thread_ptr = thread_ptr; + /* Seal bottom of stack. */ + *(ULONG*)info_ptr -> tx_thread_secure_stack_start = TX_THREAD_STACK_SEAL_VALUE; + /* Save info pointer in thread. */ thread_ptr -> tx_thread_secure_stack_context = info_ptr; @@ -236,8 +248,8 @@ UCHAR *stack_mem; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_mode_stack_free PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_mode_stack_free Cortex-M33/IAR */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -269,7 +281,9 @@ UCHAR *stack_mem; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -317,8 +331,8 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_stack_context_save PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_stack_context_save Cortex-M33/IAR */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -350,7 +364,9 @@ TX_THREAD_SECURE_STACK_INFO *info_ptr; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry)) @@ -399,8 +415,8 @@ ULONG sp; /* */ /* FUNCTION RELEASE */ /* */ -/* _tx_thread_secure_stack_context_restore PORTABLE C */ -/* 6.1 */ +/* _tx_thread_secure_stack_context_restore Cortex-M33/IAR */ +/* 6.1.1 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -431,7 +447,9 @@ ULONG sp; /* */ /* DATE NAME DESCRIPTION */ /* */ -/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* 10-16-2020 Scott Larson Modified comment(s), */ +/* resulting in version 6.1.1 */ /* */ /**************************************************************************/ __attribute__((cmse_nonsecure_entry))