support for PSPLIM hardware overflow check register#128
Open
PThierry wants to merge 4 commits into
Open
Conversation
PThierry
added
enhancement
There was a problem hiding this comment.
Pull request overview
This PR aims to add ARMv8‑M Mainline PSPLIM-based stack overflow detection by computing a per-task stack limit during task initialization and applying it during exception return/context switching.
Changes:
- Computes and stores a per-task
stack_limitin the task context during task local-info initialization. - Extends the internal
task_tstructure to carry the computedstack_limit. - Attempts to use PSPLIM (
psplim_ns) in the Cortex‑M handler path to support hardware stack overflow detection.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| kernel/src/managers/task/task_init.c | Computes and stores stack_limit during task initialization (currently includes an inverted check that will panic). |
| kernel/src/managers/task/task_core.h | Adds stack_limit to task_t and adds ACSL annotations on task-table accessors. |
| kernel/src/managers/task/task_core.c | Adds an accessor returning the stored stack limit (name/spec currently inconsistent). |
| kernel/src/arch/asm-cortex-m/handler.c | Adds an ARMv8‑M PSPLIM block in the handler path (currently calls a missing symbol and uses the wrong instruction direction). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
PThierry
force-pushed
the
arm-support-psplim
branch
from
9c96848 to
bb3e7d2
Compare
Comment on lines
+257
to
+261
| if (unlikely(stack_top < meta->stack_size)) { | ||
| pr_err("security invalid stack size, not mappable "); | ||
| panic(PANIC_CONFIGURATION_MISMATCH); | ||
| } | ||
| task_ctx->stack_limit = stack_top - meta->stack_size; |
Comment on lines
+108
to
+119
| kstatus_t status = K_ERROR_INVPARAM; | ||
| task_t *tsk = task_get_from_handle(h); | ||
| if (unlikely(tsk == NULL)) { | ||
| pr_err("invalid task handle!"); | ||
| goto err; | ||
| } | ||
| if (unlikely(stack_limit == NULL)) { | ||
| pr_err("invalid stack limit pointer!"); | ||
| goto err; | ||
| } | ||
| *stack_limit = tsk->stack_limit; | ||
| status = K_STATUS_OKAY; |
Comment on lines
+342
to
+346
| #if CONFIG_ARCH_ARM_ARMV8MML | ||
| /* ARMv8-M Mainline support PSPLIM register to detect stack overflow */ | ||
| size_t stack_limit = 0; | ||
| if (likely(mgr_task_get_stack_size(next, &stack_limit) == K_STATUS_OKAY)) { | ||
| asm volatile ("MSR psplim, %0" : : "r" (stack_limit) ); |
| complete behaviors; | ||
| disjoint behaviors; | ||
| */ | ||
| kstatus_t mgr_task_get_stack_size(const taskh_t h, size_t* stack_limit) |
fvalette
reviewed
Jun 4, 2026
| /* clearing the sysreturn. next job is no more syscall-preempted */ | ||
| mgr_task_clear_sysreturn(next); | ||
| } | ||
| #if CONFIG_ARCH_ARM_ARMV8MML |
Contributor
There was a problem hiding this comment.
This is avaiable for armv8.1m too
To be checked for armv8m-baseline (i.e. cortex m23).
May be use a dedicated config entry (e.g. HAS_STACK_LIMIT_REG which is set to y in the corresponding arch or family config entry)
| complete behaviors; | ||
| disjoint behaviors; | ||
| */ | ||
| kstatus_t mgr_task_get_stack_size(const taskh_t h, size_t* stack_limit) |
Contributor
There was a problem hiding this comment.
function mgr_task_get_stack_size returns stack_limit and not stack size, should be renamed
| task_ctx->sp = mgr_task_initialize_sp(0UL, stack_top, (meta->s_text + meta->entrypoint_offset), meta->s_got); | ||
| #endif | ||
|
|
||
| if (unlikely(stack_top < meta->stack_size)) { |
Contributor
There was a problem hiding this comment.
very (very) unlikely for task, lower memory should always be reserved for kernel.
This could be enforced at build time in babrican too (at memory layout forge time and device tree sanity checks, this may require a dedicated issue, i.e. check for region overlap and out of bound)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adding, for all userspace tasks, overflow check detection using PSPLIM hardware register on ARMv8M Mainline architecture
Fixes #117