armv9: fix stack overflow method 2 watermark read for MTE

The watermark bytes at the bottom of the stack must be read through
the original heap-tagged pointer (pxStack). Stripping the tag creates
a pointer with tag=0 that triggers an MTE synchronous fault when
accessing memory physically tagged by the heap allocator.

Strip tags only for the pointer comparison (pxTopOfStack vs pxStack),
not for the memory dereference.
This commit is contained in:
Richard Elberger 2026-06-26 11:00:06 -04:00
parent f025e433e0
commit 045427105c

View file

@ -107,10 +107,10 @@
#define taskCHECK_FOR_STACK_OVERFLOW() \
do \
{ \
const uint32_t * const pulStack = ( uint32_t * ) portSTRIP_ADDRESS_TAG( pxCurrentTCB->pxStack ); \
const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5U; \
\
if( ( portSTRIP_ADDRESS_TAG( pxCurrentTCB->pxTopOfStack ) <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) || \
if( ( portSTRIP_ADDRESS_TAG( pxCurrentTCB->pxTopOfStack ) <= ( StackType_t * ) portSTRIP_ADDRESS_TAG( pxCurrentTCB->pxStack ) + portSTACK_LIMIT_PADDING ) || \
( pulStack[ 0 ] != ulCheckValue ) || \
( pulStack[ 1 ] != ulCheckValue ) || \
( pulStack[ 2 ] != ulCheckValue ) || \