Xtensa: fix stack overlap coproc_area issue (#118)

magicse7en · lundinc2 · web-flow · commit b9748e50eaaf · 2020-10-26T11:07:32.000-07:00
In function pxPortInitialiseStack of port.c:
	sp = ( StackType_t * ) ( ( ( UBaseType_t ) ( pxTopOfStack + 1 )  - XT_CP_SIZE - XT_STK_FRMSZ ) &amp; ~0xf );
We assume XT_CP_SIZE is 0xE4, XT_STK_FRMSZ is 0xA0, pxTopOfStack is 0xA0000000, sp is 0x9FFFFE80.
From port.c, we know the frame-&gt;a1 as below:
	frame-&gt;a1 = ( UBaseType_t ) sp + XT_STK_FRMSZ;  /* physical top of stack frame    */
So frame-&gt;a1 is 0x9FFFFF20. Therefore the interrupt stack frame range is 0x9FFFFE80 ~ 0x9FFFFF20.

The coproc_area is: p = ( uint32_t * ) ( ( ( uint32_t ) pxTopOfStack - XT_CP_SIZE ) &amp; ~0xf );
So its value is 0x9FFFFF10. Obviously, the interrupt stack frame overlaps the coproc_area.

Co-authored-by: Carl Lundin &lt;53273776+lundinc2@users.noreply.github.com&gt;
diff --git a/portable/ThirdParty/XCC/Xtensa/port.c b/portable/ThirdParty/XCC/Xtensa/port.c
@@ -90,55 +90,60 @@ StackType_t *pxPortInitialiseStack( StackType_t *pxTopOfStack, TaskFunction_t px
 StackType_t *pxPortInitialiseStack( StackType_t *pxTopOfStack, TaskFunction_t pxCode, void *pvParameters )
 #endif
 {
-	StackType_t *sp, *tp;
-	XtExcFrame  *frame;
-	#if XCHAL_CP_NUM > 0
-	uint32_t *p;
-	#endif
-
-	/* Create interrupt stack frame aligned to 16 byte boundary */
-	sp = (StackType_t *) (((UBaseType_t)(pxTopOfStack + 1) - XT_CP_SIZE - XT_STK_FRMSZ) & ~0xf);
-
-	/* Clear the entire frame (do not use memset() because we don't depend on C library) */
-	for (tp = sp; tp <= pxTopOfStack; ++tp)
-		*tp = 0;
-
-	frame = (XtExcFrame *) sp;
-
-	/* Explicitly initialize certain saved registers */
-	frame->pc   = (UBaseType_t) pxCode;             /* task entrypoint                */
-	frame->a0   = 0;                                /* to terminate GDB backtrace     */
-	frame->a1   = (UBaseType_t) sp + XT_STK_FRMSZ;  /* physical top of stack frame    */
-	frame->exit = (UBaseType_t) _xt_user_exit;      /* user exception exit dispatcher */
-
-	/* Set initial PS to int level 0, EXCM disabled ('rfe' will enable), user mode. */
-	/* Also set entry point argument parameter. */
-	#ifdef __XTENSA_CALL0_ABI__
-	frame->a2 = (UBaseType_t) pvParameters;
-	frame->ps = PS_UM | PS_EXCM;
-	#else
-	/* + for windowed ABI also set WOE and CALLINC (pretend task was 'call4'd). */
-	frame->a6 = (UBaseType_t) pvParameters;
-	frame->ps = PS_UM | PS_EXCM | PS_WOE | PS_CALLINC(1);
-	#endif
-
-	#ifdef XT_USE_SWPRI
-	/* Set the initial virtual priority mask value to all 1's. */
-	frame->vpri = 0xFFFFFFFF;
-	#endif
-
-	#if XCHAL_CP_NUM > 0
-	/* Init the coprocessor save area (see xtensa_context.h) */
-	/* No access to TCB here, so derive indirectly. Stack growth is top to bottom.
+    StackType_t * sp, * tp;
+    XtExcFrame * frame;
+
+    #if XCHAL_CP_NUM > 0
+        uint32_t * p;
+    #endif
+
+    /* Create interrupt stack frame aligned to 16 byte boundary */
+    sp = ( StackType_t * ) ( ( ( UBaseType_t ) pxTopOfStack - XT_CP_SIZE - XT_STK_FRMSZ ) & ~0xf );
+
+    /* Clear the entire frame (do not use memset() because we don't depend on C library) */
+    for( tp = sp; tp <= pxTopOfStack; ++tp )
+    {
+        *tp = 0;
+    }
+
+    frame = ( XtExcFrame * ) sp;
+
+    /* Explicitly initialize certain saved registers */
+    frame->pc = ( UBaseType_t ) pxCode;             /* task entrypoint                */
+    frame->a0 = 0;                                  /* to terminate GDB backtrace     */
+    frame->a1 = ( UBaseType_t ) sp + XT_STK_FRMSZ;  /* physical top of stack frame    */
+    frame->exit = ( UBaseType_t ) _xt_user_exit;    /* user exception exit dispatcher */
+
+    /* Set initial PS to int level 0, EXCM disabled ('rfe' will enable), user mode. */
+    /* Also set entry point argument parameter. */
+    #ifdef __XTENSA_CALL0_ABI__
+        frame->a2 = ( UBaseType_t ) pvParameters;
+        frame->ps = PS_UM | PS_EXCM;
+    #else
+        /* + for windowed ABI also set WOE and CALLINC (pretend task was 'call4'd). */
+        frame->a6 = ( UBaseType_t ) pvParameters;
+        frame->ps = PS_UM | PS_EXCM | PS_WOE | PS_CALLINC( 1 );
+    #endif
+
+    #ifdef XT_USE_SWPRI
+        /* Set the initial virtual priority mask value to all 1's. */
+        frame->vpri = 0xFFFFFFFF;
+    #endif
+
+    #if XCHAL_CP_NUM > 0
+        /* Init the coprocessor save area (see xtensa_context.h) */
+
+        /* No access to TCB here, so derive indirectly. Stack growth is top to bottom.
          * //p = (uint32_t *) xMPUSettings->coproc_area;
-	 */
-	p = (uint32_t *)(((uint32_t) pxTopOfStack - XT_CP_SIZE) & ~0xf);
-	p[0] = 0;
-	p[1] = 0;
-	p[2] = (((uint32_t) p) + 12 + XCHAL_TOTAL_SA_ALIGN - 1) & -XCHAL_TOTAL_SA_ALIGN;
-	#endif
-
-	return sp;
+         */
+        p = ( uint32_t * ) ( ( ( uint32_t ) pxTopOfStack - XT_CP_SIZE ) & ~0xf );
+        configASSERT( ( uint32_t ) p >= frame->a1 );
+        p[ 0 ] = 0;
+        p[ 1 ] = 0;
+        p[ 2 ] = ( ( ( uint32_t ) p ) + 12 + XCHAL_TOTAL_SA_ALIGN - 1 ) & -XCHAL_TOTAL_SA_ALIGN;
+    #endif
+
+    return sp;
 }
 
 /*-----------------------------------------------------------*/
