<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 2, 2020 at 5:53 PM Utkarsh Rai <<a href="mailto:utkarsh.rai60@gmail.com">utkarsh.rai60@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<br><div>As discussed in <a href="https://lists.rtems.org/pipermail/devel/2020-November/063341.html" target="_blank">this</a> thread, I have compiled a list of the tests that deal with inter stack communication and fail with the thread stack protection option. Most of these tests pass when, as Sebastian suggested and had provided a wonderful example, I disable memory protection at places where contents of different thread stacks are accessed by the current thread. There are a few tests that still fail due to inter-stack access in the application code itself.</div><div><br></div><div>The changes I have made are - </div><div><br></div><div>diff --git a/bsps/arm/realview-pbx-a9/mmu/bsp-set-mmu-attr.c b/bsps/arm/realview-pbx-a9/mmu/bsp-set-mmu-attr.c<br>index c176d4b8c5..a45b175395 100644<br>--- a/bsps/arm/realview-pbx-a9/mmu/bsp-set-mmu-attr.c<br>+++ b/bsps/arm/realview-pbx-a9/mmu/bsp-set-mmu-attr.c<br>@@ -1,15 +1,49 @@<br> #include <bsp/arm-cp15-start.h><br> #include <rtems/score/memoryprotection.h><br>+#include <rtems/score/threadimpl.h><br> #include <libcpu/arm-cp15.h><br> <br>+bool set_memory_flags(Thread_Control* thread, void* arg)<br>+{<br>+  uintptr_t begin;<br>+  uintptr_t end;<br>+  uint32_t flags;<br>+  rtems_interrupt_level irq_level;<br>+  Thread_Control *executing;<br>+<br>+  executing = _Thread_Executing;<br>+<br>+  if(thread !=  executing) {<br></div></div></blockquote><div>This is not concurrency-safe. By time the check happens, or following code happens, the thread could become executing.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>+ <br>+    flags = *( uint32_t *)( arg );<br>+    begin = thread->Start.Initial_stack.area;<br>+    end = begin + thread->Start.Initial_stack.size; <br>+<br>+    rtems_interrupt_disable(irq_level);<br>+    arm_cp15_set_translation_table_entries(begin, end, flags);<br>+    rtems_interrupt_enable(irq_level);<br>+  }<br>+  <br>+  return false;<br></div></div></blockquote><div>why -- what does the return value mean?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>+}<br>+<br>+rtems_status_code _Memory_protection_Enable( void )<br>+{<br>+  uint32_t access_flags;<br>+<br>+  access_flags = translate_flags(  RTEMS_NO_ACCESS );<br>+<br>+  _Thread_Iterate( set_memory_flags, &access_flags );<br>+<br>+  return RTEMS_SUCCESSFUL; // check the return values for iterating function and current method.<br>+}<br>+<br>+rtems_status_code _Memory_protection_Disable( void )<br>+{<br>+  uint32_t access_flags;<br>+<br>+  access_flags = translate_flags(  RTEMS_READ_WRITE );<br>+<br>+  _Thread_Iterate( set_memory_flags, &access_flags );<br>+<br>+  return RTEMS_SUCCESSFUL;<br> }<br>\ No newline at end of file<br>diff --git a/cpukit/include/rtems/score/coremsgimpl.h b/cpukit/include/rtems/score/coremsgimpl.h<br>index e598dce96a..3719a3d3c8 100644<br>--- a/cpukit/include/rtems/score/coremsgimpl.h<br>+++ b/cpukit/include/rtems/score/coremsgimpl.h<br>@@ -27,6 +27,10 @@<br> #include <rtems/score/threaddispatch.h><br> #include <rtems/score/threadqimpl.h><br> <br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+ #include <rtems/score/memoryprotection.h><br>+#endif<br>+<br> #include <limits.h><br> #include <string.h><br> <br>@@ -586,7 +590,9 @@ RTEMS_INLINE_ROUTINE Thread_Control *_CORE_message_queue_Dequeue_receiver(<br>   if ( the_thread == NULL ) {<br>     return NULL;<br>   }<br>-<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+  _Memory_protection_Disable();<br></div></div></blockquote><div>I wonder if it is necessary to disable all protection, or can you just disable the protection applied to 'the_thread' (or maybe to 'executing')?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>+#endif<br>    *(size_t *) the_thread->Wait.return_argument = size;<br>    the_thread->Wait.count = (uint32_t) submit_type;<br> <br>@@ -595,6 +601,9 @@ RTEMS_INLINE_ROUTINE Thread_Control *_CORE_message_queue_Dequeue_receiver(<br>     the_thread->Wait.return_argument_second.mutable_object,<br>     size<br>   );<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+  _Memory_protection_Enable();<br>+#endif<br> <br>   _Thread_queue_Extract_critical(<br>     &the_message_queue->Wait_queue.Queue,<br><br>diff --git a/cpukit/posix/src/psignalunblockthread.c b/cpukit/posix/src/psignalunblockthread.c<br>index 80a0f33a09..e0f8468de6 100644<br>--- a/cpukit/posix/src/psignalunblockthread.c<br>+++ b/cpukit/posix/src/psignalunblockthread.c<br>@@ -24,6 +24,9 @@<br> #include <signal.h><br> <br> #include <rtems/score/isr.h><br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+#include <rtems/score/memoryprotection.h><br>+#endif<br> #include <rtems/score/threadimpl.h><br> #include <rtems/score/threadqimpl.h><br> #include <rtems/score/watchdogimpl.h><br>@@ -205,6 +208,10 @@ bool _POSIX_signals_Unblock_thread(<br> <br>       the_info = (siginfo_t *) the_thread->Wait.return_argument;<br> <br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+_Memory_protection_Disable();<br>+#endif<br>+<br>       if ( !info ) {<br>         the_info->si_signo = signo;<br>         the_info->si_code = SI_USER;<br>@@ -212,6 +219,9 @@ bool _POSIX_signals_Unblock_thread(<br>       } else {<br>         *the_info = *info;<br>       }<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+_Memory_protection_Enable();<br>+#endif<br> <br>       _Thread_queue_Extract_with_proxy( the_thread );<br>       return _POSIX_signals_Unblock_thread_done( the_thread, api, true );<br>diff --git a/cpukit/rtems/src/eventsurrender.c b/cpukit/rtems/src/eventsurrender.c<br>index 49f77d2663..5de62ec292 100644<br>--- a/cpukit/rtems/src/eventsurrender.c<br>+++ b/cpukit/rtems/src/eventsurrender.c<br>@@ -23,6 +23,10 @@<br> #include <rtems/score/threadimpl.h><br> #include <rtems/score/watchdogimpl.h><br> <br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+  #include <rtems/score/memoryprotection.h><br>+#endif<br>+<br> static void _Event_Satisfy(<br>   Thread_Control  *the_thread,<br>   Event_Control   *event,<br>@@ -31,7 +35,13 @@ static void _Event_Satisfy(<br> )<br> {<br>   event->pending_events = _Event_sets_Clear( pending_events, seized_events );<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+    _Memory_protection_Disable();<br>+#endif<br>   *(rtems_event_set *) the_thread->Wait.return_argument = seized_events;<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+    _Memory_protection_Enable();<br>+#endif<br> }<br> <br> static bool _Event_Is_blocking_on_event(<br>diff --git a/cpukit/rtems/src/regionprocessqueue.c b/cpukit/rtems/src/regionprocessqueue.c<br>index 4adaf66674..29b078a38c 100644<br>--- a/cpukit/rtems/src/regionprocessqueue.c<br>+++ b/cpukit/rtems/src/regionprocessqueue.c<br>@@ -22,6 +22,10 @@<br> #include <rtems/score/status.h><br> #include <rtems/score/threadqimpl.h><br> <br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+ #include <rtems/score/memoryprotection.h><br>+#endif<br>+<br> void _Region_Process_queue(<br>   Region_Control *the_region<br> )<br>@@ -63,8 +67,13 @@ void _Region_Process_queue(<br> <br>     if ( the_segment == NULL )<br>       break;<br>-<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+    _Memory_protection_Disable();<br>+#endif     <br>     *(void **)the_thread->Wait.return_argument = the_segment;<br>+#if defined RTEMS_THREAD_STACK_PROTECTION<br>+    _Memory_protection_Enable();<br>+#endif<br>     _Thread_queue_Extract( the_thread );<br>     the_thread->Wait.return_code = STATUS_SUCCESSFUL;<br>   }<br></div><div><br></div></div>
_______________________________________________<br>
devel mailing list<br>
<a href="mailto:devel@rtems.org" target="_blank">devel@rtems.org</a><br>
<a href="http://lists.rtems.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.rtems.org/mailman/listinfo/devel</a></blockquote></div></div>