diff options
| author |  bors[bot] <26634292+bors[bot]@users.noreply.github.com>
| 2023-02-17 21:26:57 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-02-17 21:26:57 +0000 |
| commit | 88c6f8637f4eccbb44f57be5bc10bcfc88fbb3c8 (patch) | |
| tree | e0c1e8db21c879e833f8e132ecde65043f8063d7 /cortex-m-rt | |
| parent | 8e4b18741d77a57eb0ae4d9a011611d1428a478d (diff) | |
| parent | 9b51b40a96f94a144b6f2006729ac01c52896c67 (diff) | |
| download | cortex-m-88c6f8637f4eccbb44f57be5bc10bcfc88fbb3c8.tar.gz cortex-m-88c6f8637f4eccbb44f57be5bc10bcfc88fbb3c8.tar.zst cortex-m-88c6f8637f4eccbb44f57be5bc10bcfc88fbb3c8.zip | |
Merge #455
455: Add zero-init-ram feature r=adamgreig a=inorick
Add the 'zero-init-ram' feature that initializes the RAM with zeros during startup. This is normally
not necessary but might be required on custom hardware. If this step is skipped on such hardware,
reading from memory that was never written to will cause a hard-fault.
Co-authored-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Co-authored-by: Adam Greig <adam@adamgreig.com>
Diffstat (limited to 'cortex-m-rt')
| -rw-r--r-- | cortex-m-rt/CHANGELOG.md | 3 | ||||
| -rw-r--r-- | cortex-m-rt/Cargo.toml | 1 | ||||
| -rwxr-xr-x | cortex-m-rt/ci/script.sh | 2 | ||||
| -rw-r--r-- | cortex-m-rt/link.x.in | 4 | ||||
| -rw-r--r-- | cortex-m-rt/src/lib.rs | 35 |
5 files changed, 37 insertions, 8 deletions
diff --git a/cortex-m-rt/CHANGELOG.md b/cortex-m-rt/CHANGELOG.md index 65144cf..fd45a1a 100644 --- a/cortex-m-rt/CHANGELOG.md +++ b/cortex-m-rt/CHANGELOG.md @@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +- Add `zero-init-ram` feature to initialize RAM with zeros on startup. This can be necessary on + safety-critical hardware to properly initialize memory integrity measures. + ## [v0.7.3] - Fixed a potential miscompilation caused by the initial stack pointer diff --git a/cortex-m-rt/Cargo.toml b/cortex-m-rt/Cargo.toml index f8438fb..3305d34 100644 --- a/cortex-m-rt/Cargo.toml +++ b/cortex-m-rt/Cargo.toml @@ -45,6 +45,7 @@ required-features = ["device"] device = [] set-sp = [] set-vtor = [] +zero-init-ram = [] [package.metadata.docs.rs] features = ["device"] diff --git a/cortex-m-rt/ci/script.sh b/cortex-m-rt/ci/script.sh index 2941e48..02ba51f 100755 --- a/cortex-m-rt/ci/script.sh +++ b/cortex-m-rt/ci/script.sh @@ -63,6 +63,8 @@ main() { cargo rustc --target "$TARGET" --example minimal --features "set-sp,${needed_features}" -- $linker cargo rustc --target "$TARGET" --example minimal --features "set-sp,${needed_features}" --release -- $linker + cargo rustc --target "$TARGET" --example minimal --features "zero-init-ram,${needed_features}" -- $linker + cargo rustc --target "$TARGET" --example minimal --features "zero-init-ram,${needed_features}" --release -- $linker cargo rustc --target "$TARGET" --example minimal --features "set-vtor,${needed_features}" -- $linker cargo rustc --target "$TARGET" --example minimal --features "set-vtor,${needed_features}" --release -- $linker done diff --git a/cortex-m-rt/link.x.in b/cortex-m-rt/link.x.in index 551f576..01bef98 100644 --- a/cortex-m-rt/link.x.in +++ b/cortex-m-rt/link.x.in @@ -60,7 +60,9 @@ PROVIDE(__pre_init = DefaultPreInit); /* # Sections */ SECTIONS { - PROVIDE(_stack_start = ORIGIN(RAM) + LENGTH(RAM)); + PROVIDE(_ram_start = ORIGIN(RAM)); + PROVIDE(_ram_end = ORIGIN(RAM) + LENGTH(RAM)); + PROVIDE(_stack_start = _ram_end); /* ## Sections in FLASH */ /* ### Vector table */ diff --git a/cortex-m-rt/src/lib.rs b/cortex-m-rt/src/lib.rs index 2070efa..a6d946c 100644 --- a/cortex-m-rt/src/lib.rs +++ b/cortex-m-rt/src/lib.rs @@ -169,6 +169,13 @@ //! `_stack_start` value from the linker script. This is not usually required, but some debuggers //! do not initialise SP when performing a soft reset, which can lead to stack corruption. //! +//! ## `zero-init-ram` +//! +//! If this feature is enabled, RAM is initialized with zeros during startup from the `_ram_start` +//! value to the `_ram_end` value from the linker script. This is not usually required, but might be +//! necessary to properly initialize checksum-based memory integrity measures on safety-critical +//! hardware. +//! //! ## `set-vtor` //! //! If this feature is enabled, the vector table offset register (VTOR) is initialised in the reset @@ -529,9 +536,11 @@ cfg_global_asm! { // Example use cases include disabling default watchdogs or enabling RAM. "bl __pre_init", - // Initialise .bss memory. `__sbss` and `__ebss` come from the linker script. - "ldr r0, =__sbss - ldr r1, =__ebss + // If enabled, initialize RAM with zeros. This is not usually required, but might be necessary + // to properly initialize checksum-based memory integrity measures on safety-critical hardware. + #[cfg(feature = "zero-init-ram")] + "ldr r0, =_ram_start + ldr r1, =_ram_end movs r2, #0 0: cmp r1, r0 @@ -540,17 +549,29 @@ cfg_global_asm! { b 0b 1:", + // Initialise .bss memory. `__sbss` and `__ebss` come from the linker script. + #[cfg(not(feature = "zero-init-ram"))] + "ldr r0, =__sbss + ldr r1, =__ebss + movs r2, #0 + 2: + cmp r1, r0 + beq 3f + stm r0!, {{r2}} + b 2b + 3:", + // Initialise .data memory. `__sdata`, `__sidata`, and `__edata` come from the linker script. "ldr r0, =__sdata ldr r1, =__edata ldr r2, =__sidata - 2: + 4: cmp r1, r0 - beq 3f + beq 5f ldm r2!, {{r3}} stm r0!, {{r3}} - b 2b - 3:", + b 4b + 5:", // Potentially enable an FPU. // SCB.CPACR is 0xE000_ED88. |