Skip to content

Commit

Permalink
ARMv8.1-M: Add task dedicated PAC key support (FreeRTOS#1195)
Browse files Browse the repository at this point in the history 
armv8.1-m: Add task dedicated PAC key

To harden the security, each task is assigned a dedicated PAC key, so that attackers needs to guess the all the tasks' PAC keys right to exploit the system using Return Oriented Programming.

The kernel is now updated to support the following:
* A PAC key set with a random number generated and is saved in the task's context when a task is created.
* As part of scheduling, the task's PAC key is stored/restored to/from the task's context when a task is unscheduled/scheduled from/to run.

stack-overflow-check: Introduce portGET_CURRENT_TOP_OF_STACK macro

When MPU wrapper v2 is used, the task's context is stored in TCB and `pxTopOfStack`` member of TCB points to the context location in TCB. We, therefore, need to read PSP to find the task's current top of stack.

Signed-off-by: Ahmed Ismail <[email protected]>
  • Loading branch information
@AhmedIsmail02
AhmedIsmail02 authored Jan 14, 2025
1 parent c38427e commit 78e0cc7
Show file tree
Hide file tree
Showing 87 changed files with 6,725 additions and 3,593 deletions.
2 changes: 2 additions & 0 deletions .github/.cSpellWords.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ CLKSOURCE
CLKSTA
CLRB
CLRF
clrm
CLRPSW
CMCNT
CMCON
Expand Down Expand Up @@ -678,6 +679,7 @@ pylint
pytest
pyyaml
RAMPZ
randomisation
RASR
Rationalised
Raynald
Expand Down
4 changes: 4 additions & 0 deletions include/portable.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,10 @@
#define portBASE_TYPE_EXIT_CRITICAL() taskEXIT_CRITICAL()
#endif

#ifndef portGET_CURRENT_TOP_OF_STACK
#define portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ) { pxCurrentTopOfStack = ( StackType_t * ) pxCurrentTCB->pxTopOfStack; }
#endif

#ifndef configSTACK_DEPTH_TYPE
#define configSTACK_DEPTH_TYPE StackType_t
#endif
Expand Down
68 changes: 40 additions & 28 deletions include/stack_macros.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,13 @@

/* Only the current stack state is to be checked. */
#define taskCHECK_FOR_STACK_OVERFLOW() \
do { \
do \
{ \
StackType_t * pxCurrentTopOfStack; \
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
\
/* Is the currently saved stack pointer within the stack limit? */ \
if( pxCurrentTCB->pxTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) \
if( pxCurrentTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
Expand All @@ -72,36 +76,42 @@
#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH > 0 ) )

/* Only the current stack state is to be checked. */
#define taskCHECK_FOR_STACK_OVERFLOW() \
do { \
\
/* Is the currently saved stack pointer within the stack limit? */ \
if( pxCurrentTCB->pxTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
} \
#define taskCHECK_FOR_STACK_OVERFLOW() \
do \
{ \
StackType_t * pxCurrentTopOfStack; \
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
\
/* Is the currently saved stack pointer within the stack limit? */ \
if( pxCurrentTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
} \
} while( 0 )

#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */
/*-----------------------------------------------------------*/

#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) )

#define taskCHECK_FOR_STACK_OVERFLOW() \
do { \
const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5U; \
\
if( ( pxCurrentTCB->pxTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) || \
( pulStack[ 0 ] != ulCheckValue ) || \
( pulStack[ 1 ] != ulCheckValue ) || \
( pulStack[ 2 ] != ulCheckValue ) || \
( pulStack[ 3 ] != ulCheckValue ) ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
} \
#define taskCHECK_FOR_STACK_OVERFLOW() \
do \
{ \
const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5U; \
StackType_t * pxCurrentTopOfStack; \
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
\
if( ( pxCurrentTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) || \
( pulStack[ 0 ] != ulCheckValue ) || \
( pulStack[ 1 ] != ulCheckValue ) || \
( pulStack[ 2 ] != ulCheckValue ) || \
( pulStack[ 3 ] != ulCheckValue ) ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pcOverflowTaskName ); \
} \
} while( 0 )

#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */
Expand All @@ -110,18 +120,20 @@
#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH > 0 ) )

#define taskCHECK_FOR_STACK_OVERFLOW() \
do { \
do \
{ \
int8_t * pcEndOfStack = ( int8_t * ) pxCurrentTCB->pxEndOfStack; \
static const uint8_t ucExpectedStackBytes[] = { tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE }; \
\
StackType_t * pxCurrentTopOfStack; \
portGET_CURRENT_TOP_OF_STACK( pxCurrentTopOfStack ); \
\
pcEndOfStack -= sizeof( ucExpectedStackBytes ); \
\
if( ( pxCurrentTCB->pxTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) || \
if( ( pxCurrentTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) || \
( memcmp( ( void * ) pcEndOfStack, ( void * ) ucExpectedStackBytes, sizeof( ucExpectedStackBytes ) ) != 0 ) ) \
{ \
char * pcOverflowTaskName = pxCurrentTCB->pcTaskName; \
Expand Down
Loading

0 comments on commit 78e0cc7

Please sign in to comment.