On 20/11/2020 00:49, Joel Sherrill wrote:
On Thu, Nov 19, 2020, 5:00 PM Utkarsh Rai <utkarsh.ra...@gmail.com
<mailto:utkarsh.ra...@gmail.com>> wrote:
On Thu, Nov 19, 2020 at 11:39 PM Gedare Bloom <ged...@rtems.org
<mailto:ged...@rtems.org>> wrote:
Hi Utkarsh,
On Thu, Nov 19, 2020 at 4:59 AM Sebastian Huber
<sebastian.hu...@embedded-brains.de
<mailto:sebastian.hu...@embedded-brains.de>> wrote:
>
> On 19/11/2020 11:47, Utkarsh Rai wrote:
>
> > There are a couple of other areas in RTEMS in which
the stack of
> > another
> > thread may be accessed (events, message queues,
signals). How did you
> > solve this?
> >
> >
> > When we enable the thread stack protection, all the
services in which
> > a different stack is accessed becomes invalid ( This will
have to be
> > documented ).
> > The user has to share the stack of the threads that will
be using
> > services like message queue with each other from the
application using
> > mmap(),shm_open(), etc. (This was a part of the work I did
during GSoC).
>
> This is a bit too restrictive from my point of view.
Consider for
> example this very common use of rtems_event_receive():
>
> rtems_event_set events;
>
> rtems_event_receive(..., &events, ...);
>
Let's try to keep the technical discussion on the mailing list.
Oh sorry, I somehow forgot to cc the mailing list.
I
agree with Sebastian's point here, which is well taken. Maybe
it would
be good for you to determine the set of tests and from that the
features that break with strict task isolation. This way, we can
determine whether each is better handled as imposing a
requirement on
the user, e.g., to mmap/share explicitly in case they want to pass
data (such as with an mq), or if RTEMS needs to make it work
implicitly such as with event sets and maybe these iterators.
I believe that sending a message that unblocks a thread will have to
disable the protection.
The approach of identifying the few places in RTEMS that can
legitimately be expected to copy from one thread to another thread
stack can be identified and protection disabled for those segments of
code. This would at least properly annotate the known cases via
communication and synchronization and you could come back later and
possibly tighten those restrictions.
About eight years ago I added a stack protection to a Nios2 BSP using
the MPU. A single MPU region was used for the thread stack. This region
changed during a context switch. It was quite a hack and not good enough
for general use, but worked quite well for the specific application. I
rebased the patch to the master branch (this was surprisingly easy to do
despite eight years of development and the addition of the SMP support).
It gives an indication in which areas the stack of another thread is
accessed in standard RTEMS service calls.
--
embedded brains GmbH
Sebastian HUBER
Dornierstr. 4
82178 Puchheim
Germany
email: sebastian.hu...@embedded-brains.de
Phone: +49-89-18 94 741 - 16
Fax: +49-89-18 94 741 - 08
PGP: Public key available on request.
embedded brains GmbH
Registergericht: Amtsgericht München
Registernummer: HRB 157899
Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
Unsere Datenschutzerklärung finden Sie hier:
https://embedded-brains.de/datenschutzerklaerung/
>From 60f7dc094e82a2e729c3128f1e889ae1ec954fc9 Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.hu...@embedded-brains.de>
Date: Tue, 10 Apr 2012 12:15:18 +0200
Subject: [PATCH] nios2: MPU support for copy routines
---
cpukit/include/rtems/score/coremsgimpl.h | 10 ++++++++++
cpukit/posix/src/psignalunblockthread.c | 10 ++++++++++
cpukit/rtems/src/eventsurrender.c | 10 ++++++++++
cpukit/rtems/src/regionprocessqueue.c | 10 ++++++++++
4 files changed, 40 insertions(+)
diff --git a/cpukit/include/rtems/score/coremsgimpl.h b/cpukit/include/rtems/score/coremsgimpl.h
index 0bf5fa52d0..4a19abc451 100644
--- a/cpukit/include/rtems/score/coremsgimpl.h
+++ b/cpukit/include/rtems/score/coremsgimpl.h
@@ -30,6 +30,10 @@
#include <limits.h>
#include <string.h>
+#ifdef __nios2__
+ #include <rtems/score/nios2-utility.h>
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -643,6 +647,9 @@ RTEMS_INLINE_ROUTINE Thread_Control *_CORE_message_queue_Dequeue_receiver(
return NULL;
}
+#ifdef __nios2__
+ uint32_t config = _Nios2_MPU_Disable_protected();
+#endif
*(size_t *) the_thread->Wait.return_argument = size;
the_thread->Wait.count = (uint32_t) submit_type;
@@ -651,6 +658,9 @@ RTEMS_INLINE_ROUTINE Thread_Control *_CORE_message_queue_Dequeue_receiver(
the_thread->Wait.return_argument_second.mutable_object,
size
);
+#ifdef __nios2__
+ _Nios2_MPU_Restore( config );
+#endif
_Thread_queue_Extract_critical(
&the_message_queue->Wait_queue.Queue,
diff --git a/cpukit/posix/src/psignalunblockthread.c b/cpukit/posix/src/psignalunblockthread.c
index 80a0f33a09..8398c488f0 100644
--- a/cpukit/posix/src/psignalunblockthread.c
+++ b/cpukit/posix/src/psignalunblockthread.c
@@ -34,6 +34,10 @@
#include <rtems/posix/pthreadimpl.h>
#include <stdio.h>
+#ifdef __nios2__
+ #include <rtems/score/nios2-utility.h>
+#endif
+
static void _POSIX_signals_Check_signal(
POSIX_API_Control *api,
int signo,
@@ -205,6 +209,9 @@ bool _POSIX_signals_Unblock_thread(
the_info = (siginfo_t *) the_thread->Wait.return_argument;
+#ifdef __nios2__
+ uint32_t config = _Nios2_MPU_Disable_protected();
+#endif
if ( !info ) {
the_info->si_signo = signo;
the_info->si_code = SI_USER;
@@ -212,6 +219,9 @@ bool _POSIX_signals_Unblock_thread(
} else {
*the_info = *info;
}
+#ifdef __nios2__
+ _Nios2_MPU_Restore( config );
+#endif
_Thread_queue_Extract_with_proxy( the_thread );
return _POSIX_signals_Unblock_thread_done( the_thread, api, true );
diff --git a/cpukit/rtems/src/eventsurrender.c b/cpukit/rtems/src/eventsurrender.c
index 49f77d2663..c04ae2a1af 100644
--- a/cpukit/rtems/src/eventsurrender.c
+++ b/cpukit/rtems/src/eventsurrender.c
@@ -23,6 +23,10 @@
#include <rtems/score/threadimpl.h>
#include <rtems/score/watchdogimpl.h>
+#ifdef __nios2__
+ #include <rtems/score/nios2-utility.h>
+#endif
+
static void _Event_Satisfy(
Thread_Control *the_thread,
Event_Control *event,
@@ -31,7 +35,13 @@ static void _Event_Satisfy(
)
{
event->pending_events = _Event_sets_Clear( pending_events, seized_events );
+#ifdef __nios2__
+ uint32_t config = _Nios2_MPU_Disable();
+#endif
*(rtems_event_set *) the_thread->Wait.return_argument = seized_events;
+#ifdef __nios2__
+ _Nios2_MPU_Restore( config );
+#endif
}
static bool _Event_Is_blocking_on_event(
diff --git a/cpukit/rtems/src/regionprocessqueue.c b/cpukit/rtems/src/regionprocessqueue.c
index 4adaf66674..43f6e56fde 100644
--- a/cpukit/rtems/src/regionprocessqueue.c
+++ b/cpukit/rtems/src/regionprocessqueue.c
@@ -22,6 +22,10 @@
#include <rtems/score/status.h>
#include <rtems/score/threadqimpl.h>
+#ifdef __nios2__
+ #include <rtems/score/nios2-utility.h>
+#endif
+
void _Region_Process_queue(
Region_Control *the_region
)
@@ -64,7 +68,13 @@ void _Region_Process_queue(
if ( the_segment == NULL )
break;
+#ifdef __nios2__
+ uint32_t config = _Nios2_MPU_Disable_protected();
+#endif
*(void **)the_thread->Wait.return_argument = the_segment;
+#ifdef __nios2__
+ _Nios2_MPU_Restore( config );
+#endif
_Thread_queue_Extract( the_thread );
the_thread->Wait.return_code = STATUS_SUCCESSFUL;
}
--
2.26.2
_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
