diff options
| author |  bors[bot] <26634292+bors[bot]@users.noreply.github.com>
| 2023-02-12 01:12:53 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-02-12 01:12:53 +0000 |
| commit | 9d63aa9e135cf319e96863f46699f3ade7f6f333 (patch) | |
| tree | e7716f965ab2dbe1e4feb52e0fd9a3b64d2b2918 | |
| parent | 2bdd95f3172fe741ac1e6fb8659ba06aed1a395d (diff) | |
| parent | 4e86db794f18cb4e1e283022d6f320111a30ee85 (diff) | |
| download | cortex-m-9d63aa9e135cf319e96863f46699f3ade7f6f333.tar.gz cortex-m-9d63aa9e135cf319e96863f46699f3ade7f6f333.tar.zst cortex-m-9d63aa9e135cf319e96863f46699f3ade7f6f333.zip | |
Merge #465
465: Enforce 8-byte initial stack pointer alignment r=adamgreig a=adamgreig
After #463 we discovered that adding a second linker script via another compiler flag could be used to override `_stack_start` without triggering the assert in the main linker script. By masking the value, we force alignment even when the assert doesn't otherwise trigger.
Co-authored-by: Adam Greig <adam@adamgreig.com>
| -rw-r--r-- | cortex-m-rt/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | cortex-m-rt/link.x.in | 8 | ||||
| -rw-r--r-- | cortex-m-rt/src/lib.rs | 9 |
3 files changed, 17 insertions, 4 deletions
diff --git a/cortex-m-rt/CHANGELOG.md b/cortex-m-rt/CHANGELOG.md index 0ee0510..335044b 100644 --- a/cortex-m-rt/CHANGELOG.md +++ b/cortex-m-rt/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +- A linker error is generated if the initial stack pointer is not 8-byte aligned +- The initial stack pointer is now forced to be 8-byte aligned in the linker script, + to defend against it being overridden outside of the cortex-m-rt linker script + ## [v0.7.2] - MSRV is now Rust 1.59. diff --git a/cortex-m-rt/link.x.in b/cortex-m-rt/link.x.in index 9f893d4..551f576 100644 --- a/cortex-m-rt/link.x.in +++ b/cortex-m-rt/link.x.in @@ -68,8 +68,12 @@ SECTIONS { __vector_table = .; - /* Initial Stack Pointer (SP) value */ - LONG(_stack_start); + /* Initial Stack Pointer (SP) value. + * We mask the bottom three bits to force 8-byte alignment. + * Despite having an assert for this later, it's possible that a separate + * linker script could override _stack_start after the assert is checked. + */ + LONG(_stack_start & 0xFFFFFFF8); /* Reset vector */ KEEP(*(.vector_table.reset_vector)); /* this is the `__RESET_VECTOR` symbol */ diff --git a/cortex-m-rt/src/lib.rs b/cortex-m-rt/src/lib.rs index 6e6bf7e..6f72197 100644 --- a/cortex-m-rt/src/lib.rs +++ b/cortex-m-rt/src/lib.rs @@ -56,8 +56,13 @@ //! //! This optional symbol can be used to indicate where the call stack of the program should be //! placed. If this symbol is not used then the stack will be placed at the *end* of the `RAM` -//! region -- the stack grows downwards towards smaller address. This symbol can be used to place -//! the stack in a different memory region, for example: +//! region -- the stack grows downwards towards smaller address. +//! +//! For Cortex-M, the `_stack_start` must always be aligned to 8 bytes, which is enforced by +//! the linker script. If you override it, ensure that whatever value you set is a multiple +//! of 8 bytes. +//! +//! This symbol can be used to place the stack in a different memory region, for example: //! //! ```text //! /* Linker script for the STM32F303VCT6 */ |