mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-04-19 21:11:57 -04:00
78e0cc778a
armv8.1-m: Add task dedicated PAC key To harden the security, each task is assigned a dedicated PAC key, so that attackers needs to guess the all the tasks' PAC keys right to exploit the system using Return Oriented Programming. The kernel is now updated to support the following: * A PAC key set with a random number generated and is saved in the task's context when a task is created. * As part of scheduling, the task's PAC key is stored/restored to/from the task's context when a task is unscheduled/scheduled from/to run. stack-overflow-check: Introduce portGET_CURRENT_TOP_OF_STACK macro When MPU wrapper v2 is used, the task's context is stored in TCB and `pxTopOfStack`` member of TCB points to the context location in TCB. We, therefore, need to read PSP to find the task's current top of stack. Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
155 lines
10 KiB
C
155 lines
10 KiB
C
/*
|
|
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
|
|
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
*
|
|
* SPDX-License-Identifier: MIT
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
* this software and associated documentation files (the "Software"), to deal in
|
|
* the Software without restriction, including without limitation the rights to
|
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
* the Software, and to permit persons to whom the Software is furnished to do so,
|
|
* subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
* copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
*
|
|
* https://www.FreeRTOS.org
|
|
* https://github.com/FreeRTOS
|
|
*
|
|
*/
|
|
|
|
#ifndef STACK_MACROS_H
|
|
#define STACK_MACROS_H
|
|
|
|
/*
|
|
* Call the stack overflow hook function if the stack of the task being swapped
|
|
* out is currently overflowed, or looks like it might have overflowed in the
|
|
* past.
|
|
*
|
|
* Setting configCHECK_FOR_STACK_OVERFLOW to 1 will cause the macro to check
|
|
* the current stack state only - comparing the current top of stack value to
|
|
* the stack limit. Setting configCHECK_FOR_STACK_OVERFLOW to greater than 1
|
|
* will also cause the last few stack bytes to be checked to ensure the value
|
|
* to which the bytes were set when the task was created have not been
|
|
* overwritten. Note this second test does not guarantee that an overflowed
|
|
* stack will always be recognised.
|
|
*/
|
|
|
|
/*-----------------------------------------------------------*/
|
|
|
|
/*
|
|
* portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
|
|
* use on the stack.
|
|
*/
|
|
#ifndef portSTACK_LIMIT_PADDING
|
|
#define portSTACK_LIMIT_PADDING 0
|
|
#endif
|
|
|
|
#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH < 0 ) )
|
|
|
|
/* Only the current stack state is to be checked. */
|
|
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
|
do \
|
|
{ \
|
|
StackType_t * pxCurrentTopOfStack; \
|
|
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
|
|
\
|
|
/* Is the currently saved stack pointer within the stack limit? */ \
|
|
if( pxCurrentTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) \
|
|
{ \
|
|
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
|
|
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */
|
|
/*-----------------------------------------------------------*/
|
|
|
|
#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH > 0 ) )
|
|
|
|
/* Only the current stack state is to be checked. */
|
|
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
|
do \
|
|
{ \
|
|
StackType_t * pxCurrentTopOfStack; \
|
|
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
|
|
\
|
|
/* Is the currently saved stack pointer within the stack limit? */ \
|
|
if( pxCurrentTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) \
|
|
{ \
|
|
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
|
|
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */
|
|
/*-----------------------------------------------------------*/
|
|
|
|
#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) )
|
|
|
|
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
|
do \
|
|
{ \
|
|
const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \
|
|
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5U; \
|
|
StackType_t * pxCurrentTopOfStack; \
|
|
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
|
|
\
|
|
if( ( pxCurrentTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) || \
|
|
( pulStack[ 0 ] != ulCheckValue ) || \
|
|
( pulStack[ 1 ] != ulCheckValue ) || \
|
|
( pulStack[ 2 ] != ulCheckValue ) || \
|
|
( pulStack[ 3 ] != ulCheckValue ) ) \
|
|
{ \
|
|
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
|
|
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */
|
|
/*-----------------------------------------------------------*/
|
|
|
|
#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH > 0 ) )
|
|
|
|
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
|
do \
|
|
{ \
|
|
int8_t * pcEndOfStack = ( int8_t * ) pxCurrentTCB->pxEndOfStack; \
|
|
static const uint8_t ucExpectedStackBytes[] = { tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
|
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
|
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
|
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
|
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE }; \
|
|
StackType_t * pxCurrentTopOfStack; \
|
|
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
|
|
\
|
|
pcEndOfStack -= sizeof( ucExpectedStackBytes ); \
|
|
\
|
|
if( ( pxCurrentTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) || \
|
|
( memcmp( ( void * ) pcEndOfStack, ( void * ) ucExpectedStackBytes, sizeof( ucExpectedStackBytes ) ) != 0 ) ) \
|
|
{ \
|
|
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
|
|
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */
|
|
/*-----------------------------------------------------------*/
|
|
|
|
/* Remove stack overflow macro if not being used. */
|
|
#ifndef taskCHECK_FOR_STACK_OVERFLOW
|
|
#define taskCHECK_FOR_STACK_OVERFLOW()
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* STACK_MACROS_H */
|