From 4fa71ecf168e275b24534a5a20e3dd4e178c7bbd Mon Sep 17 00:00:00 2001
From: Keith Packard <keithp@keithp.com>
Date: Sat, 26 Mar 2016 15:54:24 -0700
Subject: [PATCH] altos/stm: Validate current task SP in interrupt by looking
 at PSP

We use a separate stack pointer for task code, which means we can
verify that it is in range in any interrupt handler. This adds checks
for the task stack (under #ifdef DEBUG) that run in ao_wakeup as well
as at every timer interrupt.

Signed-off-by: Keith Packard <keithp@keithp.com>
---
 src/kernel/ao_task.c    |  2 +-
 src/kernel/ao_task.h    |  4 ++++
 src/stm/ao_arch_funcs.h | 16 ++++++++++++++++
 src/stm/ao_timer.c      |  1 +
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/kernel/ao_task.c b/src/kernel/ao_task.c
index 55e423bb..104d1074 100644
--- a/src/kernel/ao_task.c
+++ b/src/kernel/ao_task.c
@@ -355,7 +355,6 @@ ao_yield(void) ao_arch_naked_define
 	 */
 	if (ao_cur_task->wchan == NULL)
 		ao_task_to_run_queue(ao_cur_task);
-	ao_cur_task = NULL;
 	for (;;) {
 		ao_arch_memory_barrier();
 		if (!ao_list_is_empty(&run_queue))
@@ -425,6 +424,7 @@ ao_sleep(__xdata void *wchan)
 void
 ao_wakeup(__xdata void *wchan) __reentrant
 {
+	ao_validate_cur_stack();
 #if HAS_TASK_QUEUE
 	struct ao_task	*sleep, *next;
 	struct ao_list	*sleep_queue;
diff --git a/src/kernel/ao_task.h b/src/kernel/ao_task.h
index c6bec0e3..0e353fe8 100644
--- a/src/kernel/ao_task.h
+++ b/src/kernel/ao_task.h
@@ -56,6 +56,10 @@ extern __data uint8_t ao_num_tasks;
 extern __xdata struct ao_task *__data ao_cur_task;
 extern __data uint8_t ao_task_minimize_latency;	/* Reduce IRQ latency */
 
+#ifndef HAS_ARCH_VALIDATE_CUR_STACK
+#define ao_validate_cur_stack()
+#endif
+
 /*
  ao_task.c
  */
diff --git a/src/stm/ao_arch_funcs.h b/src/stm/ao_arch_funcs.h
index 02b344b1..6b38032c 100644
--- a/src/stm/ao_arch_funcs.h
+++ b/src/stm/ao_arch_funcs.h
@@ -366,6 +366,22 @@ static inline void ao_arch_restore_stack(void) {
 #define HAS_SAMPLE_PROFILE 0
 #endif
 
+#if DEBUG
+#define HAS_ARCH_VALIDATE_CUR_STACK	1
+
+static inline void
+ao_validate_cur_stack(void)
+{
+	uint8_t		*psp;
+
+	asm("mrs %0,psp" : "=&r" (psp));
+	if (ao_cur_task &&
+	    psp <= ao_cur_task->stack &&
+	    psp >= ao_cur_task->stack - 256)
+		ao_panic(AO_PANIC_STACK);
+}
+#endif
+
 #if !HAS_SAMPLE_PROFILE
 #define HAS_ARCH_START_SCHEDULER	1
 
diff --git a/src/stm/ao_timer.c b/src/stm/ao_timer.c
index 8db62e76..91ede84b 100644
--- a/src/stm/ao_timer.c
+++ b/src/stm/ao_timer.c
@@ -41,6 +41,7 @@ volatile __data uint8_t	ao_data_count;
 
 void stm_systick_isr(void)
 {
+	ao_validate_cur_stack();
 	if (stm_systick.csr & (1 << STM_SYSTICK_CSR_COUNTFLAG)) {
 		++ao_tick_count;
 #if HAS_TASK_QUEUE
-- 
2.30.2