Pre-allocate secure-side context structures

This commit improves ARMv8-M security by pre-allocating secure-side task
context structures and changing how tasks reference a secure-side
context structure when calling a secure function. The new configuration
constant secureconfigMAX_SECURE_CONTEXTS sets the number of secure
context structures to pre-allocate. secureconfigMAX_SECURE_CONTEXTS
defaults to 8 if left undefined.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

Author: aggarg

portable/ARMv8M/secure/context/portable/GCC/ARM_CM23/secure_context_port.c

@@ -36,56 +36,60 @@
     #error Cortex-M23 does not have a Floating Point Unit (FPU) and therefore configENABLE_FPU must be set to 0.
 #endif
 
-secureportNON_SECURE_CALLABLE void SecureContext_LoadContext( SecureContextHandle_t xSecureContextHandle )
+void SecureContext_LoadContextAsm( SecureContext_t * pxSecureContext )
 {
-    /* xSecureContextHandle value is in r0. */
+    /* pxSecureContext value is in r0. */
     __asm volatile
     (
-        "	.syntax unified							\n"
-        "											\n"
-        "	mrs r1, ipsr							\n"/* r1 = IPSR. */
-        "	cbz r1, load_ctx_therad_mode			\n"/* Do nothing if the processor is running in the Thread Mode. */
-        "	ldmia r0!, {r1, r2}						\n"/* r1 = xSecureContextHandle->pucCurrentStackPointer, r2 = xSecureContextHandle->pucStackLimit. */
+        " .syntax unified                   \n"
+        "                                   \n"
+        " mrs r1, ipsr                      \n" /* r1 = IPSR. */
+        " cbz r1, load_ctx_therad_mode      \n" /* Do nothing if the processor is running in the Thread Mode. */
+        " ldmia r0!, {r1, r2}               \n" /* r1 = pxSecureContext->pucCurrentStackPointer, r2 = pxSecureContext->pucStackLimit. */
+        "                                   \n"
         #if ( configENABLE_MPU == 1 )
-            "	ldmia r1!, {r3}							\n"/* Read CONTROL register value from task's stack. r3 = CONTROL. */
-            "	msr control, r3							\n"/* CONTROL = r3. */
+            " ldmia r1!, {r3}               \n" /* Read CONTROL register value from task's stack. r3 = CONTROL. */
+            " msr control, r3               \n" /* CONTROL = r3. */
         #endif /* configENABLE_MPU */
-        "	msr psplim, r2							\n"/* PSPLIM = r2. */
-        "	msr psp, r1								\n"/* PSP = r1. */
-        "											\n"
-        " load_ctx_therad_mode:						\n"
-        "	nop										\n"
-        "											\n"
+        "                                   \n"
+        " msr psplim, r2                    \n" /* PSPLIM = r2. */
+        " msr psp, r1                       \n" /* PSP = r1. */
+        "                                   \n"
+        " load_ctx_therad_mode:             \n"
+        "    bx lr                          \n"
+        "                                   \n"
         ::: "r0", "r1", "r2"
     );
 }
 /*-----------------------------------------------------------*/
 
-secureportNON_SECURE_CALLABLE void SecureContext_SaveContext( SecureContextHandle_t xSecureContextHandle )
+void SecureContext_SaveContextAsm( SecureContext_t * pxSecureContext )
 {
-    /* xSecureContextHandle value is in r0. */
+    /* pxSecureContext value is in r0. */
     __asm volatile
     (
-        "	.syntax unified							\n"
-        "											\n"
-        "	mrs r1, ipsr							\n"/* r1 = IPSR. */
-        "	cbz r1, save_ctx_therad_mode			\n"/* Do nothing if the processor is running in the Thread Mode. */
-        "	mrs r1, psp								\n"/* r1 = PSP. */
+        " .syntax unified                   \n"
+        "                                   \n"
+        " mrs r1, ipsr                      \n" /* r1 = IPSR. */
+        " cbz r1, save_ctx_therad_mode      \n" /* Do nothing if the processor is running in the Thread Mode. */
+        " mrs r1, psp                       \n" /* r1 = PSP. */
+        "                                   \n"
         #if ( configENABLE_MPU == 1 )
-            "	mrs r2, control							\n"/* r2 = CONTROL. */
-            "	subs r1, r1, #4							\n"/* Make space for the CONTROL value on the stack. */
-            "	str r1, [r0]							\n"/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-            "	stmia r1!, {r2}							\n"/* Store CONTROL value on the stack. */
+            " mrs r2, control               \n" /* r2 = CONTROL. */
+            " subs r1, r1, #4               \n" /* Make space for the CONTROL value on the stack. */
+            " str r1, [r0]                  \n" /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+            " stmia r1!, {r2}               \n" /* Store CONTROL value on the stack. */
         #else /* configENABLE_MPU */
-            "	str r1, [r0]							\n"/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
+            " str r1, [r0]                  \n" /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
         #endif /* configENABLE_MPU */
-        "	movs r1, %0								\n"/* r1 = securecontextNO_STACK. */
-        "	msr psplim, r1							\n"/* PSPLIM = securecontextNO_STACK. */
-        "	msr psp, r1								\n"/* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
-        "											\n"
-        " save_ctx_therad_mode:						\n"
-        "	nop										\n"
-        "											\n"
+        "                                   \n"
+        " movs r1, %0                       \n" /* r1 = securecontextNO_STACK. */
+        " msr psplim, r1                    \n" /* PSPLIM = securecontextNO_STACK. */
+        " msr psp, r1                       \n" /* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+        "                                   \n"
+        " save_ctx_therad_mode:             \n"
+        "   bx lr                           \n"
+        "                                   \n"
         ::"i" ( securecontextNO_STACK ) : "r1", "memory"
     );
 }

portable/ARMv8M/secure/context/portable/GCC/ARM_CM33/secure_context_port.c

@@ -32,57 +32,62 @@
 /* Secure port macros. */
 #include "secure_port_macros.h"
 
-secureportNON_SECURE_CALLABLE void SecureContext_LoadContext( SecureContextHandle_t xSecureContextHandle )
+void SecureContext_LoadContextAsm( SecureContext_t * pxSecureContext )
 {
-    /* xSecureContextHandle value is in r0. */
+    /* pxSecureContext value is in r0. */
     __asm volatile
     (
-        "	.syntax unified							\n"
-        "											\n"
-        "	mrs r1, ipsr							\n"/* r1 = IPSR. */
-        "	cbz r1, load_ctx_therad_mode			\n"/* Do nothing if the processor is running in the Thread Mode. */
-        "	ldmia r0!, {r1, r2}						\n"/* r1 = xSecureContextHandle->pucCurrentStackPointer, r2 = xSecureContextHandle->pucStackLimit. */
+        " .syntax unified                   \n"
+        "                                   \n"
+        " mrs r1, ipsr                      \n" /* r1 = IPSR. */
+        " cbz r1, load_ctx_therad_mode      \n" /* Do nothing if the processor is running in the Thread Mode. */
+        " ldmia r0!, {r1, r2}               \n" /* r1 = pxSecureContext->pucCurrentStackPointer, r2 = pxSecureContext->pucStackLimit. */
+        "                                   \n"
         #if ( configENABLE_MPU == 1 )
-            "	ldmia r1!, {r3}							\n"/* Read CONTROL register value from task's stack. r3 = CONTROL. */
-            "	msr control, r3							\n"/* CONTROL = r3. */
+            " ldmia r1!, {r3}               \n" /* Read CONTROL register value from task's stack. r3 = CONTROL. */
+            " msr control, r3               \n" /* CONTROL = r3. */
         #endif /* configENABLE_MPU */
-        "	msr psplim, r2							\n"/* PSPLIM = r2. */
-        "	msr psp, r1								\n"/* PSP = r1. */
-        "											\n"
-        " load_ctx_therad_mode:						\n"
-        "	nop										\n"
-        "											\n"
+        "                                   \n"
+        " msr psplim, r2                    \n" /* PSPLIM = r2. */
+        " msr psp, r1                       \n" /* PSP = r1. */
+        "                                   \n"
+        " load_ctx_therad_mode:             \n"
+        "    bx lr                          \n"
+        "                                   \n"
         ::: "r0", "r1", "r2"
     );
 }
 /*-----------------------------------------------------------*/
 
-secureportNON_SECURE_CALLABLE void SecureContext_SaveContext( SecureContextHandle_t xSecureContextHandle )
+void SecureContext_SaveContextAsm( SecureContext_t * pxSecureContext )
 {
-    /* xSecureContextHandle value is in r0. */
+    /* pxSecureContext value is in r0. */
     __asm volatile
     (
-        "	.syntax unified							\n"
-        "											\n"
-        "	mrs r1, ipsr							\n"/* r1 = IPSR. */
-        "	cbz r1, save_ctx_therad_mode			\n"/* Do nothing if the processor is running in the Thread Mode. */
-        "	mrs r1, psp								\n"/* r1 = PSP. */
+        " .syntax unified                   \n"
+        "                                   \n"
+        " mrs r1, ipsr                      \n" /* r1 = IPSR. */
+        " cbz r1, save_ctx_therad_mode      \n" /* Do nothing if the processor is running in the Thread Mode. */
+        " mrs r1, psp                       \n" /* r1 = PSP. */
+        "                                   \n"
         #if ( configENABLE_FPU == 1 )
-            "	vstmdb r1!, {s0}						\n"/* Trigger the defferred stacking of FPU registers. */
-            "	vldmia r1!, {s0}						\n"/* Nullify the effect of the pervious statement. */
+            " vstmdb r1!, {s0}              \n" /* Trigger the defferred stacking of FPU registers. */
+            " vldmia r1!, {s0}              \n" /* Nullify the effect of the pervious statement. */
         #endif /* configENABLE_FPU */
+        "                                   \n"
         #if ( configENABLE_MPU == 1 )
-            "	mrs r2, control							\n"/* r2 = CONTROL. */
-            "	stmdb r1!, {r2}							\n"/* Store CONTROL value on the stack. */
+            " mrs r2, control               \n" /* r2 = CONTROL. */
+            " stmdb r1!, {r2}               \n" /* Store CONTROL value on the stack. */
         #endif /* configENABLE_MPU */
-        "	str r1, [r0]							\n"/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-        "	movs r1, %0								\n"/* r1 = securecontextNO_STACK. */
-        "	msr psplim, r1							\n"/* PSPLIM = securecontextNO_STACK. */
-        "	msr psp, r1								\n"/* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
-        "											\n"
-        " save_ctx_therad_mode:						\n"
-        "	nop										\n"
-        "											\n"
+        "                                   \n"
+        " str r1, [r0]                      \n" /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+        " movs r1, %0                       \n" /* r1 = securecontextNO_STACK. */
+        " msr psplim, r1                    \n" /* PSPLIM = securecontextNO_STACK. */
+        " msr psp, r1                       \n" /* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+        "                                   \n"
+        " save_ctx_therad_mode:             \n"
+        "    bx lr                          \n"
+        "                                   \n"
         ::"i" ( securecontextNO_STACK ) : "r1", "memory"
     );
 }

portable/ARMv8M/secure/context/portable/IAR/ARM_CM23/secure_context_port.c

@@ -26,52 +26,56 @@
  *
  */
 
-	SECTION .text:CODE:NOROOT(2)
-	THUMB
+    SECTION .text:CODE:NOROOT(2)
+    THUMB
 
-	PUBLIC SecureContext_LoadContextAsm
-	PUBLIC SecureContext_SaveContextAsm
+    PUBLIC SecureContext_LoadContextAsm
+    PUBLIC SecureContext_SaveContextAsm
 
 #if ( configENABLE_FPU == 1 )
-	#error Cortex-M23 does not have a Floating Point Unit (FPU) and therefore configENABLE_FPU must be set to 0.
+    #error Cortex-M23 does not have a Floating Point Unit (FPU) and therefore configENABLE_FPU must be set to 0.
 #endif
 /*-----------------------------------------------------------*/
 
 SecureContext_LoadContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, load_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	ldmia r0!, {r1, r2}						/* r1 = xSecureContextHandle->pucCurrentStackPointer, r2 = xSecureContextHandle->pucStackLimit. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                    /* r1 = IPSR. */
+    cbz r1, load_ctx_therad_mode    /* Do nothing if the processor is running in the Thread Mode. */
+    ldmia r0!, {r1, r2}             /* r1 = pxSecureContext->pucCurrentStackPointer, r2 = pxSecureContext->pucStackLimit. */
+
 #if ( configENABLE_MPU == 1 )
-	ldmia r1!, {r3}							/* Read CONTROL register value from task's stack. r3 = CONTROL. */
-	msr control, r3							/* CONTROL = r3. */
+    ldmia r1!, {r3}                 /* Read CONTROL register value from task's stack. r3 = CONTROL. */
+    msr control, r3                 /* CONTROL = r3. */
 #endif /* configENABLE_MPU */
-	msr psplim, r2							/* PSPLIM = r2. */
-	msr psp, r1								/* PSP = r1. */
 
-	load_ctx_therad_mode:
-		bx lr
+    msr psplim, r2                  /* PSPLIM = r2. */
+    msr psp, r1                     /* PSP = r1. */
+
+    load_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/
 
 SecureContext_SaveContextAsm:
-	/* xSecureContextHandle value is in r0. */
-	mrs r1, ipsr							/* r1 = IPSR. */
-	cbz r1, save_ctx_therad_mode			/* Do nothing if the processor is running in the Thread Mode. */
-	mrs r1, psp								/* r1 = PSP. */
+    /* pxSecureContext value is in r0. */
+    mrs r1, ipsr                    /* r1 = IPSR. */
+    cbz r1, save_ctx_therad_mode    /* Do nothing if the processor is running in the Thread Mode. */
+    mrs r1, psp                     /* r1 = PSP. */
+
 #if ( configENABLE_MPU == 1 )
-	mrs r2, control							/* r2 = CONTROL. */
-	subs r1, r1, #4							/* Make space for the CONTROL value on the stack. */
-	str r1, [r0]							/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
-	stmia r1!, {r2}							/* Store CONTROL value on the stack. */
+    mrs r2, control                 /* r2 = CONTROL. */
+    subs r1, r1, #4                 /* Make space for the CONTROL value on the stack. */
+    str r1, [r0]                    /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
+    stmia r1!, {r2}                 /* Store CONTROL value on the stack. */
 #else /* configENABLE_MPU */
-	str r1, [r0]							/* Save the top of stack in context. xSecureContextHandle->pucCurrentStackPointer = r1. */
+    str r1, [r0]                    /* Save the top of stack in context. pxSecureContext->pucCurrentStackPointer = r1. */
 #endif /* configENABLE_MPU */
-	movs r1, #0								/* r1 = securecontextNO_STACK. */
-	msr psplim, r1							/* PSPLIM = securecontextNO_STACK. */
-	msr psp, r1								/* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
 
-	save_ctx_therad_mode:
-		bx lr
+    movs r1, #0                     /* r1 = securecontextNO_STACK. */
+    msr psplim, r1                  /* PSPLIM = securecontextNO_STACK. */
+    msr psp, r1                     /* PSP = securecontextNO_STACK i.e. No stack for thread mode until next task's context is loaded. */
+
+    save_ctx_therad_mode:
+        bx lr
 /*-----------------------------------------------------------*/
 
-	END
+    END