arch: arm: mpu: Lock irqs while reprogramming the nxp mpu

MaureenHelm · nashif · commit 34f383789680 · 2019-04-15T20:37:27.000-04:00
The nxp mpu uses the logical OR of access permissions when multiple region descriptors apply to a given memory access. This means that we must partition the sram into two non-overlapping regions to implement the mpu stack guard. This partitioning gets reconfigured at every context switch, and if an interrupt occurs during this time, it can cause a fault because we do not have a valid mpu region descriptor for the sram. This scenario was observed on frdm_k64f in tests/posix/common before commit 2895da0, which changed timing. In this case, we couldn't even print fault information to the console and the hardware would reset. It looked a lot like a watchdog reset, unless you attached a debugger to see the fault. A similar problem was fixed in commit ec424b7, but this change temporarily disabled the mpu. Fix both cases by locking interrupts during the critical sections, as this is more secure than disabling the mpu. Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
diff --git a/arch/arm/core/cortex_m/mpu/nxp_mpu.c b/arch/arm/core/cortex_m/mpu/nxp_mpu.c
@@ -254,14 +254,17 @@ static int mpu_configure_regions(const struct k_mem_partition
 
 #if defined(CONFIG_MPU_STACK_GUARD)
 		if (regions[i]->attr.ap_attr == MPU_REGION_SU_RX) {
+			unsigned int key;
 
 			/* Attempt to configure an MPU Stack Guard region; this
 			 * will require splitting of the underlying SRAM region
 			 * into two SRAM regions, leaving out the guard area to
 			 * be programmed afterwards.
 			 */
+			key = irq_lock();
 			reg_index =
 				mpu_sram_partitioning(reg_index, regions[i]);
+			irq_unlock(key);
 		}
 #endif /* CONFIG_MPU_STACK_GUARD */
 
@@ -322,6 +325,8 @@ static int mpu_configure_static_mpu_regions(const struct k_mem_partition
 static int mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	*dynamic_regions[], u8_t regions_num)
 {
+	unsigned int key;
+
 	/* Reset MPU regions inside which dynamic memory regions may
 	 * be programmed.
 	 *
@@ -330,10 +335,10 @@ static int mpu_configure_dynamic_mpu_regions(const struct k_mem_partition
 	 * This might trigger memory faults if ISRs occurring during
 	 * re-programming perform access in those areas.
 	 */
-	arm_core_mpu_disable();
+	key = irq_lock();
 	region_init(mpu_config.sram_region, (const struct nxp_mpu_region *)
 		&mpu_config.mpu_regions[mpu_config.sram_region]);
-	arm_core_mpu_enable();
+	irq_unlock(key);
 
 	int mpu_reg_index = static_regions_num;
 
