RTX: Main thread should not write MAGIC_WORD to stack #827
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a fix for issue #285. This fix is similar to that proposed by @oresths in the original issue. There is code in rt_init_stack() which compares the task_id against the value of 1 before writing MAGIC_WORD to the bottom of the stack. This is supposed to stop the write from occurring for the main thread but svcThreadCreate() doesn't initialize the P_TCB's task_id field until after rt_init_stack() is executed. If any dynamic memory allocation has occurred before the main thread is started (from the standard C startup code) then this write could overwrite data in that allocation. This change: * moves the task_id initialization in svcThreadCreate() to happen before the call to rt_init_context() is made. * cleans up some comments in svcThreadCreate() which appear to reference older versions of the code which would automatically allocate stack memory if size == 0. * still keeps the call to rt_dispatch() occurring after the call to rt_init_context() so that the task is not dispatched to the scheduler until the task fields have been populated. I stepped through the rt_init_stack() code on my mbedLPC1768 after this change was made to make sure that the write of MAGIC_WORD is now skipped. ----------------------------------------------------------------------- (gdb) break HAL_CM.c:95 Breakpoint 1 at 0x482c: file ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c, line 95. (gdb) c Continuing. Note: automatically using hardware breakpoints for read-only addresses. Breakpoint 1, rt_init_stack (p_TCB=0x10000774 <os_idle_TCB>, task_body=0x4899 <os_idle_demon>) at ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c:95 95 if (p_TCB->task_id != 0x01) (gdb) p *p_TCB $1 = { cb_type = 0 '\000', state = 1 '\001', prio = 0 '\000', task_id = 255 '\377', p_lnk = 0x0 <_reclaim_reent>, p_rlnk = 0x0 <_reclaim_reent>, p_dlnk = 0x0 <_reclaim_reent>, p_blnk = 0x0 <_reclaim_reent>, delta_time = 0, interval_time = 0, events = 0, waits = 0, msg = 0x0 <_reclaim_reent>, stack_frame = 0 '\000', reserved = 0 '\000', priv_stack = 128, tsk_stack = 268437480, stack = 0x100007a8 <idle_task_stack>, ptask = 0x4899 <os_idle_demon> } (gdb) c Continuing. Breakpoint 1, rt_init_stack (p_TCB=0x10000120 <os_thread_def_main+16>, task_body=0x620d <__wrap_main()>) at ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c:95 95 if (p_TCB->task_id != 0x01) (gdb) p *p_TCB $2 = { cb_type = 0 '\000', state = 1 '\001', prio = 4 '\004', task_id = 1 '\001', p_lnk = 0x0 <_reclaim_reent>, p_rlnk = 0x0 <_reclaim_reent>, p_dlnk = 0x0 <_reclaim_reent>, p_blnk = 0x0 <_reclaim_reent>, delta_time = 0, interval_time = 0, events = 0, waits = 0, msg = 0x0 <_reclaim_reent>, stack_frame = 0 '\000', reserved = 0 '\000', priv_stack = 26968, tsk_stack = 268467136, stack = 0x100012a8, ptask = 0x620d <__wrap_main()> } (gdb) n 97 } When the p_TCB for ptask==__wrap_main() is encountered, the task_id now has a value of 1 and the write of MAGIC_WORD on line 96 is skipped.
0xc0170
added a commit
that referenced
this pull request
Jan 5, 2015
RTOS: Main thread should not write MAGIC_WORD to stack
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a fix for issue #285. This fix is similar to that proposed by
@oresths in the original issue.
There is code in rt_init_stack() which compares the task_id against the
value of 1 before writing MAGIC_WORD to the bottom of the stack. This
is supposed to stop the write from occurring for the main thread but
svcThreadCreate() doesn't initialize the P_TCB's task_id field until
after rt_init_stack() is executed. If any dynamic memory allocation
has occurred before the main thread is started (from the standard C
startup code) then this write could overwrite data in that allocation.
This change:
before the call to rt_init_context() is made.
reference older versions of the code which would automatically
allocate stack memory if size == 0.
rt_init_context() so that the task is not dispatched to the
scheduler until the task fields have been populated.
I stepped through the rt_init_stack() code on my mbedLPC1768 after this
change was made to make sure that the write of MAGIC_WORD is now
skipped.
When the p_TCB for ptask==__wrap_main() is encountered, the task_id
now has a value of 1 and the write of MAGIC_WORD on line 96 is
skipped.