Memory protection was Re: change log for rtems (2011-10-21)

Sebastian Huber sebastian.huber at embedded-brains.de
Mon Oct 24 13:55:08 UTC 2011


We are (at the moment) not interested in a general MPU or MMU API.  Currently 
we use a Nios II specific API to do the low level stuff.  We are interested in 
thread stack protection.  This means that stack overflows are detected and 
access to other thread stacks is prohibited.  The basic problem with stack 
protection is in the following pattern (within the Score):

*(type *)the_thread->Wait.return_argument = value_of_type;

_CORE_message_queue_Copy_buffer(
       buffer,
       waitp->return_argument_second.mutable_object,
       size
);

Here a thread B can send data to a thread A.  Normally the storage for received 
events or messages reside on the thread stack.  Thus we copy here data within 
the context of thread B into the thread stack of thread A.  This is not allowed 
in general.  We may allow it in certain situations (like in the Score).  For 
example in the situations above it is save to copy the data (we only protect 
the thread stacks) since thread A already checked the access to it implicitly. 
  (The kernel access functions are not leaf functions, thus we have to store 
the link register on the stack.)

On 10/24/2011 03:17 PM, Gedare Bloom wrote:
> If you have some api for memory protection I would like to know and be happy to
> review it. I have been looking at the gsocmmu code to see about getting it
> mergeable.
>
> On Oct 23, 2011 4:22 AM, "Sebastian Huber" <sebastian.huber at embedded-brains.de
> <mailto:sebastian.huber at embedded-brains.de>> wrote:
>
>     On 22/10/11 19:23, Chris Johns wrote:
>
>         On 21/10/11 8:11 PM, rtems-vc at rtems.org <mailto:rtems-vc at rtems.org> wrote:
>
>             +#else /* ASM */
>             +
>             +    .macro    NIOS2_ASM_DISABLE_INTERRUPTS new_status, current_status
>             +    movhi    \new_status, %hiadj(_Nios2_ISR_Status_mask)
>             +    addi    \new_status, \new_status, %lo(_Nios2_ISR_Status_mask)
>             +    and    \new_status, \current_status, \new_status
>             +    ori    \new_status, \new_status, %lo(_Nios2_ISR_Status_bits)
>             +    wrctl    status, \new_status
>             +    .endm
>             +
>             +#endif /* ASM */
>
>
>         What is this for and do we use it ?
>
>
>     It can be used to disable interrupts in assembler code.  It is used by our
>     not yet committed BSP which has support for the memory protection unit
>     (MPU) to protect the thread stacks.  It will take several weeks until this
>     is ready for integration into the CVS.  We need a couple of changes in the
>     Score.
>
>     --
>     Sebastian Huber, embedded brains GmbH
>
>     Address : Obere Lagerstr. 30, D-82178 Puchheim, Germany
>     Phone   : +49 89 18 90 80 79-6 <tel:%2B49%2089%2018%2090%2080%2079-6>
>     Fax     : +49 89 18 90 80 79-9 <tel:%2B49%2089%2018%2090%2080%2079-9>
>     E-Mail  : sebastian.huber at embedded-__brains.de
>     <mailto:sebastian.huber at embedded-brains.de>
>     PGP     : Public key available on request.
>
>     Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.
>
>     _________________________________________________
>     rtems-vc mailing list
>     rtems-vc at rtems.org <mailto:rtems-vc at rtems.org>
>     http://www.rtems.org/mailman/__listinfo/rtems-vc
>     <http://www.rtems.org/mailman/listinfo/rtems-vc>
>


-- 
Sebastian Huber, embedded brains GmbH

Address : Obere Lagerstr. 30, D-82178 Puchheim, Germany
Phone   : +49 89 18 90 80 79-6
Fax     : +49 89 18 90 80 79-9
E-Mail  : sebastian.huber at embedded-brains.de
PGP     : Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.



More information about the vc mailing list