All Freescale macros for memory access replaced #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- so far SIM registers were written to in unprivileged mode only by reverting to an SVCall; hence we needed to redefine some symbols here - the SVCall workaround will be replaced with a more consistent set of changes (coming soon), so removing it
- BITBAND_ACCESSXX(x, v) macros now use another macro to calculate the bitband alias and then write to its location - in this way the BITBAND_ADDRESSXX macros can be used somewhere else - also added fallback macros for regular read/write to memory locations (used bu uvisor to re-define how memory accesses are performed)
|
After carefully checking each line of this PR twice, +1 |
|
+1 |
- most of Freescale pre-processor macros have embedded memory access statements like the one below: `#define BW_SOME_REGISTER_BIT(r, b, v) ( *(BITBAND_ACCESS32(r, b)) = (v) )` that are really hard to turn into something different. For example, with uvisor the regular memory access is replaced by something that is easier to check for security assertions - the script here transforms all Freescale macros for read/write to peripheral registers into uvisor-friendly macros like the one below: `#define BW_SOME_REGISTER_BIT(r, b, v) (ADDRESS_WRITE32(BITBAND_ADDRESS32(r, b), v))` - backward compatibility is ensured with ADDRESS_WRITE32 being replace-able by any uvisor-agnostic macro - use the script with `python uvisor_replace.py MK*.h`
- the script from the previous commit used to replace all the macros of the
following classes:
- regular read (of a whole register, of a single bit field, of a multi-bit
field)
- regular write (of a whole register, of a single bit field, of a multi-bit)
- bitband read/write for byte, halfword, word
|
+1, going to merge. Thanks @AlessandroA Just a note for reference, if we ever update to newer KSDK (from 1.0 which we use currently to 1.2) - they changed "slightly" all these headers, and API which uses them. |
0xc0170
added a commit
that referenced
this pull request
Jul 31, 2015
All Freescale macros for memory access replaced
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
tl;dr
Brace yourselves: This is a PR changing ~5k lines. Every Freescale macro containing direct memory accesses (
*addr = val) has been replaced with a memory access macro (ADDRESS_WRITE(addr, val)). In this way memory accesses can be centrally redefined for special requirements. A script was used, with the help of 18 regular expressions.Background
In uVisor we use ACLs to tell if a resource can be granted access to. Peripheral ACLs specify permission levels for whole peripheral slots, but some registers in those slots may still enforce higher restrictions. For example, RTC registers require superuser access unless a certain RTC-specific bit is set.
Accessing these registers might incur in a bus fault. uVisor is able to recover from bus faults, perform the r/w operation if an ACL covers it, and continue execution regularly, but this requires the memory access to be well defined, that is, parse-able.
The Problem
All functions in the Freescale K64F HAL ultimately use macros to perform r/w operations on peripheral registers. These macros have usually a structure like the following:
where
vis the value to write to the bitBITin the registerREGof the peripheralPERIPHat the addressx.BITBAND_ACCESS(x, n)is a macro that de-references the aliased bitband address obtained fromxandn.With this style we are not able to centrally re-define different behaviours for memory accesses. Every single macro implements a memory access explicitly (
*addr = val), which cannot be replaced by a uVisor counterpart.The Solution
The solution is to replace every direct access to memory in the header files with a macro that implements memory access indirectly, so that if uVisor is used it turns into a dedicated function, otherwise the straightforward pointer de-referencing is used.
This is done using a script,
uvisor_replace.py, that scans header files using a total of 18 regular expressions. These capture all the combinations of possible macros, classified as follows:Why Do I Care?
If you only use Freescale K64F HAL functions (or higher level functions that call HAL functions) you are fine - this all happens under the hood. If, instead, you sometimes access registers or their bitfields singularly with a direct memory access then you have 3 options:
B{W,R}_PERIPH_REG_BIT(x, n, v)(Freescale specific)ADDRESS_{READ,WRITE}{32,16,8}(addr(, val)); theaddrfield can also be replaced by a bitband translation withBITBAND_ADDRESS{32,16,8}(addr, bit)(uVisor specific)Changelog
mbed-hal-k64f/device/MK64F12/*.hmbed-hal-k64f/device/MK64F12/fsl_bitaccess.hwith centralised memory access macrombed-hal-k64f/device/MK64F12/MK64F_sim_uvisor.h, superseded by these changes