Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Arch arm userspace syscalls stack fix #17146

Conversation

ioannisg
Copy link
Member

@ioannisg ioannisg commented Jun 28, 2019

In addition to some minor typo fixes, this patch forces z_arm_do_syscall to only use the privilege stack for system calls.

Fixes #17177

@ioannisg ioannisg requested a review from wentongwu June 28, 2019 15:30
@ioannisg ioannisg added the bug The issue is a bug, or the PR is fixing a bug label Jun 28, 2019
@ioannisg
Copy link
Member Author

I think this one should be back-ported to the LTS

@zephyrbot zephyrbot added area: ARM ARM (32-bit) Architecture area: Kernel labels Jun 28, 2019
ioannisg added 3 commits June 30, 2019 16:23
System call arguments are indexed from 1 to 6, so arg0
is corrected to arg1 in two occasions. In addition, the
ARM function for system calls is now called z_arm_do_syscall,
so we update the inline comment in __svc handler.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We need to correct the inline comment in swap_helper.S,
which is suggesting that system call attempts with
invalid syscall IDs (i.e. above the limit) do not force
the CPU to elevate privileges. This is in fact not true,
since the execution flow moves into valid syscall ID
handling.

In other words, all we do for system calls with invalid
ID numbers is to treat them as valid syscalls with the
K_SYSCALL_BAD ID value.

We fix the inline documentation to reflect the actual
execution flow.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
z_arm_do_syscall is executing in privileged mode. This implies
that we shall not be allowed to use the thread's default
unprivileged stack, (i.e push to or pop from it), to avoid any
possible stack corruptions.

Note that since we execute in PRIV mode and no MPU guard or
PSPLIM register is guarding the end of the default stack, we
won't be able to detect any stack overflows.

This commit implement the above change, by forcing
z_arm_do_syscall() to FIRST switch to privileged
stack and then do all the preparations to execute
the system call.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
@ioannisg ioannisg force-pushed the arch_arm_userspace_syscalls_stack_fix branch from a89c568 to 4881c79 Compare June 30, 2019 14:23
@nashif nashif merged commit da735b9 into zephyrproject-rtos:master Jul 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: ARM ARM (32-bit) Architecture area: Kernel bug The issue is a bug, or the PR is fixing a bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ARM: userspace/test_bad_syscall fails on ARMv8-M
4 participants