arch: arm: userspace: set PSPLIM to guard default stack in SVCall
Thread will be in privileged mode after returning from SCVall. It will use the default (user) stack before switching to the privileged stack to execute the system call. We need to protect the user stack against stack overflows until this stack transition. We update the note in z_arm_do_syscall(), stating clearly that it executing with stack protection when building with stack limit checking support (ARMv8-M only). Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit is contained in:
parent
a5ecd71163
commit
f00dfce891
2 changed files with 18 additions and 3 deletions
|
@ -549,6 +549,16 @@ valid_syscall_id:
|
|||
*/
|
||||
isb
|
||||
|
||||
#if defined(CONFIG_BUILTIN_STACK_GUARD)
|
||||
/* Thread is now in privileged mode; after returning from SCVall it
|
||||
* will use the default (user) stack before switching to the privileged
|
||||
* stack to execute the system call. We need to protect the user stack
|
||||
* against stack overflows until this stack transition.
|
||||
*/
|
||||
ldr r1, [r0, #_thread_offset_to_stack_info_start] /* stack_info.start */
|
||||
msr PSPLIM, r1
|
||||
#endif /* CONFIG_BUILTIN_STACK_GUARD */
|
||||
|
||||
/* return from SVC to the modified LR - z_arm_do_syscall */
|
||||
bx lr
|
||||
#endif /* CONFIG_USERSPACE */
|
||||
|
|
|
@ -250,13 +250,18 @@ SECTION_FUNC(TEXT,z_arm_userspace_enter)
|
|||
*/
|
||||
SECTION_FUNC(TEXT, z_arm_do_syscall)
|
||||
|
||||
/* The function is executing in privileged mode. This implies that we
|
||||
/* Note [when using MPU-based stack guarding]:
|
||||
* The function is executing in privileged mode. This implies that we
|
||||
* shall not be allowed to use the thread's default unprivileged stack,
|
||||
* (i.e push to or pop from it), to avoid a possible stack corruption.
|
||||
*
|
||||
* Rationale: since we execute in PRIV mode and no MPU guard or PSPLIM
|
||||
* register is guarding the end of the default stack, we won't be able
|
||||
* Rationale: since we execute in PRIV mode and no MPU guard
|
||||
* is guarding the end of the default stack, we won't be able
|
||||
* to detect any stack overflows.
|
||||
*
|
||||
* Note [when using built-in stack limit checking on ARMv8-M]:
|
||||
* At this point PSPLIM is already configured to guard the default (user)
|
||||
* stack, so pushing to the default thread's stack is safe.
|
||||
*/
|
||||
|
||||
#if defined(CONFIG_BUILTIN_STACK_GUARD)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue