From 3fe6f2616d2ce84a90690c47603f0269fc8de2b3 Mon Sep 17 00:00:00 2001
From: Michael Lyle <mlyle@lyle.org>
Date: Thu, 15 Jun 2017 11:02:20 -0700
Subject: [PATCH 1/3] BL/BU: Disable interrupts early (primask)

Defensive measure against bootloaders (possibly from other projects)
leaving things running.
---
 flight/PiOS/STM32/chibi_main.c  | 2 +-
 flight/PiOS/STM32F30x/startup.c | 3 +++
 flight/PiOS/STM32F4xx/startup.c | 3 +++
 flight/targets/bl/common/main.c | 3 +++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/flight/PiOS/STM32/chibi_main.c b/flight/PiOS/STM32/chibi_main.c
index 49333ca743..2b15f2de14 100644
--- a/flight/PiOS/STM32/chibi_main.c
+++ b/flight/PiOS/STM32/chibi_main.c
@@ -73,7 +73,7 @@ int main()
 	PIOS_heap_initialize_blocks();
 
 	halInit();
-	chSysInit();
+	chSysInit();	/* Enables interrupts */
 
 	boardInit();
 
diff --git a/flight/PiOS/STM32F30x/startup.c b/flight/PiOS/STM32F30x/startup.c
index 65d1085e22..9ec4274c9a 100644
--- a/flight/PiOS/STM32F30x/startup.c
+++ b/flight/PiOS/STM32F30x/startup.c
@@ -67,6 +67,9 @@ _main(void)
 	// that might bounds-check the stack
 	asm volatile ("mov r10, %0" : : "r" (&irq_stack[0]) : );
 
+	/* Disable all interrupts, until proper table etc is installed. */
+	__disable_irq();
+
 	/* enable usage, bus and memory faults */
 	SCB->SHCSR |= SCB_SHCSR_USGFAULTENA_Msk | SCB_SHCSR_BUSFAULTENA_Msk | SCB_SHCSR_MEMFAULTENA_Msk;
 
diff --git a/flight/PiOS/STM32F4xx/startup.c b/flight/PiOS/STM32F4xx/startup.c
index 236d2387c2..0f9196eb0c 100644
--- a/flight/PiOS/STM32F4xx/startup.c
+++ b/flight/PiOS/STM32F4xx/startup.c
@@ -67,6 +67,9 @@ _main(void)
 	// that might bounds-check the stack
 	asm volatile ("mov r10, %0" : : "r" (&irq_stack[0]) : );
 
+	/* Disable all interrupts, until proper table etc is installed. */
+	__disable_irq();
+
 	/* enable usage, bus and memory faults */
 	SCB->SHCSR |= SCB_SHCSR_USGFAULTENA_Msk | SCB_SHCSR_BUSFAULTENA_Msk | SCB_SHCSR_MEMFAULTENA_Msk;
 
diff --git a/flight/targets/bl/common/main.c b/flight/targets/bl/common/main.c
index 8923d15c29..fa4f91395e 100644
--- a/flight/targets/bl/common/main.c
+++ b/flight/targets/bl/common/main.c
@@ -434,6 +434,9 @@ static void process_packet_rx(struct bl_fsm_context * context, const struct bl_m
 
 int main(void)
 {
+	/* Interrupts are OK immediately for the loader */
+	__enable_irq();
+
 	/* Configure and enable system clocks */
 	PIOS_SYS_Init();
 

From 99d4cd2b6be303588222f078611616a47e5a376d Mon Sep 17 00:00:00 2001
From: Michael Corcoran <tracer@outlook.co.nz>
Date: Mon, 3 Jul 2017 20:02:37 +1200
Subject: [PATCH 2/3] BU: Set MSP explicitly at the beggining of _main

Some bootloaders set it to our initial SP and then some compiler generated code increments it off the top of the stack before branching to firmware... so we ensure it is correct before using the stack.
---
 flight/PiOS/STM32F4xx/startup.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/flight/PiOS/STM32F4xx/startup.c b/flight/PiOS/STM32F4xx/startup.c
index 0f9196eb0c..a85ac2599e 100644
--- a/flight/PiOS/STM32F4xx/startup.c
+++ b/flight/PiOS/STM32F4xx/startup.c
@@ -63,8 +63,11 @@ struct cm3_vectors {
 void
 _main(void)
 {
-	// load the stack base for the current stack before we attempt to branch to any function
-	// that might bounds-check the stack
+	/* At least some bootloaders increment the MSP off the top of the stack
+	 * before jumping to here. Let's set it ourselves to make sure it's good */
+	asm volatile ("msr msp, %0" : : "r" (&irq_stack[sizeof(irq_stack)]) : );
+	/* load the stack base for the current stack before we attempt to branch to
+	 * any function that might bounds-check the stack */
 	asm volatile ("mov r10, %0" : : "r" (&irq_stack[0]) : );
 
 	/* Disable all interrupts, until proper table etc is installed. */

From d93fd61adf25a9cf24305dde6cd406f530feb881 Mon Sep 17 00:00:00 2001
From: Michael Corcoran <tracer@outlook.co.nz>
Date: Mon, 3 Jul 2017 20:04:46 +1200
Subject: [PATCH 3/3] BL: Call initial PC using raw asm

Gives the compiler no chance to insert garbage code. Before it was inserting in between setting MSP to initial SP and branching to initial PC:
ldmia.w	sp!, {r4, r5, r6, lr}
(ldm = load multiple, ia = increment after... this tries to pop off the stack after setting SP to the new stack top)
---
 flight/targets/aq32/board-info/board-info.mk       | 4 ++--
 flight/targets/bl/common/main.c                    | 2 +-
 flight/targets/brain/board-info/board-info.mk      | 4 ++--
 flight/targets/brainre1/board-info/board-info.mk   | 5 ++---
 flight/targets/dtfc/board-info/board-info.mk       | 5 ++---
 flight/targets/lux/board-info/board-info.mk        | 5 ++---
 flight/targets/pikoblx/board-info/board-info.mk    | 5 ++---
 flight/targets/pipxtreme/board-info/board-info.mk  | 3 +--
 flight/targets/playuavosd/board-info/board-info.mk | 2 +-
 flight/targets/quanton/board-info/board-info.mk    | 4 ++--
 flight/targets/revolution/board-info/board-info.mk | 4 ++--
 flight/targets/seppuku/board-info/board-info.mk    | 4 ++--
 flight/targets/sparky/board-info/board-info.mk     | 5 ++---
 flight/targets/sparky2/board-info/board-info.mk    | 4 ++--
 flight/targets/sprf3e/board-info/board-info.mk     | 5 ++---
 15 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/flight/targets/aq32/board-info/board-info.mk b/flight/targets/aq32/board-info/board-info.mk
index e035df5361..9ce942d997 100644
--- a/flight/targets/aq32/board-info/board-info.mk
+++ b/flight/targets/aq32/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x94
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00
 
 CHIP                := STM32F407VGT6
 BOARD               := STM32F4xx_AQ32
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "AeroQuad"
 USB_PROD            := "AQ32"
diff --git a/flight/targets/bl/common/main.c b/flight/targets/bl/common/main.c
index fa4f91395e..036c85850e 100644
--- a/flight/targets/bl/common/main.c
+++ b/flight/targets/bl/common/main.c
@@ -357,7 +357,7 @@ static void go_jumping_to_app(struct bl_fsm_context * context)
 	__set_MSP(initial_sp);
 
 	/* Jump to the application entry point */
-	((void (*)(void))initial_pc)();
+	asm volatile("bx %r0" : : "r" (initial_pc) : );
 }
 
 static void go_dfu_idle(struct bl_fsm_context * context)
diff --git a/flight/targets/brain/board-info/board-info.mk b/flight/targets/brain/board-info/board-info.mk
index aefc15ca51..e7bb82041f 100644
--- a/flight/targets/brain/board-info/board-info.mk
+++ b/flight/targets/brain/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x8A
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F405RGT
 BOARD               := STM32F4xx_BRAIN
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "BrainFPV"
 USB_PROD            := "BrainFPV"
diff --git a/flight/targets/brainre1/board-info/board-info.mk b/flight/targets/brainre1/board-info/board-info.mk
index 4d9b1024d7..5d77868361 100644
--- a/flight/targets/brainre1/board-info/board-info.mk
+++ b/flight/targets/brainre1/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x8B
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F446RET
 BOARD               := STM32F4xx_BRAINFPVRE1
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "BrainFPV"
 USB_PROD            := "RE1"
@@ -35,4 +35,3 @@ SYSCLK_FREQ         := 180000000
 # Include these here, so they get included in the firmware and bootloader
 SRC += $(BOARD_INFO_DIR)/../re1fpga/fpga_drv.c
 EXTRAINCDIRS += $(BOARD_INFO_DIR)/../re1fpga/
-
diff --git a/flight/targets/dtfc/board-info/board-info.mk b/flight/targets/dtfc/board-info/board-info.mk
index 50e69e8287..2fe6d6a217 100644
--- a/flight/targets/dtfc/board-info/board-info.mk
+++ b/flight/targets/dtfc/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0xD7
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00
 
 CHIP                := STM32F303VCT
 BOARD               := STM32F30x_DTFc
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "DTF Air"
 USB_PROD            := "DTFc"
@@ -31,4 +31,3 @@ EF_BANK_SIZE        := 0x00040000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-
diff --git a/flight/targets/lux/board-info/board-info.mk b/flight/targets/lux/board-info/board-info.mk
index 1dfcf390a7..b43a7ced10 100644
--- a/flight/targets/lux/board-info/board-info.mk
+++ b/flight/targets/lux/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0xCA
 BOARD_REVISION      := 0x02
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F303VCT
 BOARD               := STM32F30x_lux
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "Lumenier"
 USB_PROD            := "LUX"
@@ -31,4 +31,3 @@ EF_BANK_SIZE        := 0x00040000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-
diff --git a/flight/targets/pikoblx/board-info/board-info.mk b/flight/targets/pikoblx/board-info/board-info.mk
index ec1dde4150..5e38ebfa62 100644
--- a/flight/targets/pikoblx/board-info/board-info.mk
+++ b/flight/targets/pikoblx/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0xA2
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F303VCT
 BOARD               := STM32F30x_PIKOBLX
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "dRonin"
 USB_PROD            := "PikoBLX"
@@ -31,4 +31,3 @@ EF_BANK_SIZE        := 0x00040000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-
diff --git a/flight/targets/pipxtreme/board-info/board-info.mk b/flight/targets/pipxtreme/board-info/board-info.mk
index 2b20a3f3ca..d7d79e7e05 100644
--- a/flight/targets/pipxtreme/board-info/board-info.mk
+++ b/flight/targets/pipxtreme/board-info/board-info.mk
@@ -1,6 +1,6 @@
 BOARD_TYPE          := 0x03
 BOARD_REVISION      := 0x02
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x01
 
 CHIP                := STM32F103CBT
@@ -28,4 +28,3 @@ EF_BANK_SIZE        := 0x00020000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-
diff --git a/flight/targets/playuavosd/board-info/board-info.mk b/flight/targets/playuavosd/board-info/board-info.mk
index 2841c2f9aa..741dfa2201 100644
--- a/flight/targets/playuavosd/board-info/board-info.mk
+++ b/flight/targets/playuavosd/board-info/board-info.mk
@@ -1,6 +1,6 @@
 BOARD_TYPE          := 0xCB
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F405RGT
diff --git a/flight/targets/quanton/board-info/board-info.mk b/flight/targets/quanton/board-info/board-info.mk
index 856280e0ed..c11f966330 100644
--- a/flight/targets/quanton/board-info/board-info.mk
+++ b/flight/targets/quanton/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x86
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F405RGT
 BOARD               := STM32F4xx_QUANTON
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "Quantec"
 USB_PROD            := "Quanton"
diff --git a/flight/targets/revolution/board-info/board-info.mk b/flight/targets/revolution/board-info/board-info.mk
index ae10137237..ec22d04f8d 100644
--- a/flight/targets/revolution/board-info/board-info.mk
+++ b/flight/targets/revolution/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x09
 BOARD_REVISION      := 0x03
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00
 
 CHIP                := STM32F405RGT
 BOARD               := STM32F4xx_RM
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "OpenPilot"
 USB_PROD            := "Revolution"
diff --git a/flight/targets/seppuku/board-info/board-info.mk b/flight/targets/seppuku/board-info/board-info.mk
index 410c478dfa..c7745c45ee 100644
--- a/flight/targets/seppuku/board-info/board-info.mk
+++ b/flight/targets/seppuku/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0xA1
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x88
+BOOTLOADER_VERSION  := 0x89
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F405RGT
 BOARD               := STM32F4xx_SEPPUKU
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "dRonin"
 USB_PROD            := "Seppuku"
diff --git a/flight/targets/sparky/board-info/board-info.mk b/flight/targets/sparky/board-info/board-info.mk
index 01ac5e609a..f4da36bfdf 100644
--- a/flight/targets/sparky/board-info/board-info.mk
+++ b/flight/targets/sparky/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x88
 BOARD_REVISION      := 0x02
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F303VCT
 BOARD               := STM32F30x_SPARKY
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "Tau Labs"
 USB_PROD            := "Sparky"
@@ -31,4 +31,3 @@ EF_BANK_SIZE        := 0x00040000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-
diff --git a/flight/targets/sparky2/board-info/board-info.mk b/flight/targets/sparky2/board-info/board-info.mk
index 5ca12a833f..c76d3045a0 100644
--- a/flight/targets/sparky2/board-info/board-info.mk
+++ b/flight/targets/sparky2/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0x92
 BOARD_REVISION      := 0x01
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00
 
 CHIP                := STM32F405RGT
 BOARD               := STM32F4xx_RM
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "Tau Labs"
 USB_PROD            := "Sparky2"
diff --git a/flight/targets/sprf3e/board-info/board-info.mk b/flight/targets/sprf3e/board-info/board-info.mk
index d8a246ed97..05b0b07ad9 100644
--- a/flight/targets/sprf3e/board-info/board-info.mk
+++ b/flight/targets/sprf3e/board-info/board-info.mk
@@ -1,12 +1,12 @@
 BOARD_TYPE          := 0xCF
 BOARD_REVISION      := 0x02
-BOOTLOADER_VERSION  := 0x87
+BOOTLOADER_VERSION  := 0x88
 HW_TYPE             := 0x00		# seems to be unused
 
 CHIP                := STM32F303CCT
 BOARD               := STM32F30x_sprf3e
 MODEL               := HD
-MODEL_SUFFIX        := 
+MODEL_SUFFIX        :=
 
 USB_VEND            := "dRonin"
 USB_PROD            := "SPRF3E"
@@ -31,4 +31,3 @@ EF_BANK_SIZE        := 0x00040000  # Size of the entire flash image (from bootlo
 
 OSCILLATOR_FREQ     :=   8000000
 SYSCLK_FREQ         :=  72000000
-