[Bug 1000170] SuperH context switch code vulnerable to stack corruption by ISR

[bugzilla at ecoscentric dot com]

http://bugs.ecos.sourceware.org/show_bug.cgi?id=1000170


jifl@ecoscentric.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|MODIFIED                    |NEEDINFO




------- Additional Comments From jifl@ecoscentric.com  2005-19-04 19:35 -------
Thanks for testing the patch.

The possibility of switching from a more permissive to less permissive IRQ level
and getting an interrupt on the "wrong" stack is indeed there. I thought it
might be too onerous to require interrupts to be disabled for something which
most users will not need.

But I think in practice it can be done in a way that isn't too bad at all.
However it is rather more invasive if doing it sensibly. To save duplication in
this critical path, really it is best done by extending hal_cpu_int_merge (in
arch.inc) to also merge a supplied sp.

I'm attaching an *untested* patch which I think should do it. I also noticed
there's a couple of restores further up in hal_thread_load_context of scratch
registers that we can surely avoid. So Michael, want to give this a look, and
better still a test?

As to whether this should be a config option, given the rest of the
interrupt/context switch path has clearly not been optimised yet anyway (e.g. by
implementing CYGDBG_HAL_COMMON_CONTEXT_SAVE_MINIMUM), and the rather obvious
minor optimisation I think I've already found, I'm not sure there's much benefit
for the sake of 2 extra instructions. If people start to be worried, there's a
lot more than this that can be dealt with; and it's more than I care to deal
with right now.




------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.