Check and fix BSS alignment
GNU zero initialization uses word-sized writes. If a BSS section is not
aligned to a 4-byte boundary, the zero initialization may not cover the
entire section. As a result, the last few bytes could contain garbage
data.
Signed-off-by: Dávid Házi <david.hazi@arm.com>
Change-Id: I7c4580f890bdd360aa01fb5245f93a1f6de9dd52
diff --git a/platform/ext/common/gcc/tfm_common_bl2.ld b/platform/ext/common/gcc/tfm_common_bl2.ld
index cb673db..5b69352 100644
--- a/platform/ext/common/gcc/tfm_common_bl2.ld
+++ b/platform/ext/common/gcc/tfm_common_bl2.ld
@@ -22,6 +22,11 @@
#include "region_defs.h"
+/* Include file with definitions for section alignments.
+ * Note: it should be included after region_defs.h to let platform define
+ * default values if needed. */
+#include "tfm_s_linker_alignments.h"
+
MEMORY
{
FLASH (rx) : ORIGIN = BL2_CODE_START, LENGTH = BL2_CODE_SIZE
@@ -70,18 +75,18 @@
#ifdef CODE_SHARING
LONG (LOADADDR(.tfm_shared_symbols))
LONG (ADDR(.tfm_shared_symbols))
- LONG (SIZEOF(.tfm_shared_symbols) / 4)
+ LONG (SIZEOF(.tfm_shared_symbols) / 4) /* Aligment checked after the section */
#endif
LONG (LOADADDR(.data))
LONG (ADDR(.data))
- LONG (SIZEOF(.data) / 4)
+ LONG (SIZEOF(.data) / 4) /* Aligment checked after the section */
__copy_table_end__ = .;
/* .zero.table */
. = ALIGN(4);
__zero_table_start__ = .;
LONG (ADDR(.bss))
- LONG (SIZEOF(.bss) / 4)
+ LONG (SIZEOF(.bss) / 4) /* Aligment checked after the section */
__zero_table_end__ = .;
KEEP(*(.init))
@@ -106,6 +111,12 @@
KEEP(*(.eh_frame*))
} > FLASH
+#ifdef CODE_SHARING
+ CHECK_ALIGNMENT_4(SIZEOF(.tfm_shared_symbols))
+#endif
+ CHECK_ALIGNMENT_4(SIZEOF(.data))
+ CHECK_ALIGNMENT_4(SIZEOF(.bss))
+
.ARM.extab :
{
*(.ARM.extab* .gnu.linkonce.armextab.*)
diff --git a/platform/ext/common/gcc/tfm_common_s.ld.template b/platform/ext/common/gcc/tfm_common_s.ld.template
index 28adb80..baf8136 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld.template
+++ b/platform/ext/common/gcc/tfm_common_s.ld.template
@@ -241,24 +241,25 @@
/* Copy interrupt vectors from flash to RAM */
LONG (__vectors_start__) /* From */
LONG (__ram_vectors_start__) /* To */
- LONG ((__vectors_end__ - __vectors_start__) / 4) /* Size */
+ LONG ((__vectors_end__ - __vectors_start__) / 4) /* Size, aligment checked after the section */
#endif
LONG (LOADADDR(.TFM_DATA))
LONG (ADDR(.TFM_DATA))
- LONG (SIZEOF(.TFM_DATA) / 4)
+ LONG (SIZEOF(.TFM_DATA) / 4) /* Aligment checked after the section */
LONG (LOADADDR(.TFM_PSA_ROT_LINKER_DATA))
LONG (ADDR(.TFM_PSA_ROT_LINKER_DATA))
- LONG (SIZEOF(.TFM_PSA_ROT_LINKER_DATA) / 4)
+ LONG (SIZEOF(.TFM_PSA_ROT_LINKER_DATA) / 4) /* Aligment checked after the section */
LONG (LOADADDR(.TFM_APP_ROT_LINKER_DATA))
LONG (ADDR(.TFM_APP_ROT_LINKER_DATA))
- LONG (SIZEOF(.TFM_APP_ROT_LINKER_DATA) / 4)
+ LONG (SIZEOF(.TFM_APP_ROT_LINKER_DATA) / 4) /* Aligment checked after the section */
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_APP_ROT_LINKER_DATA))
#if defined (S_RAM_CODE_START)
LONG (LOADADDR(.ER_CODE_SRAM))
LONG (ADDR(.ER_CODE_SRAM))
- LONG (SIZEOF(.ER_CODE_SRAM) / 4)
+ LONG (SIZEOF(.ER_CODE_SRAM) / 4) /* Aligment checked after the section */
#endif
__copy_table_end__ = .;
@@ -266,13 +267,16 @@
. = ALIGN(4);
__zero_table_start__ = .;
LONG (ADDR(.TFM_PSA_ROT_LINKER_BSS))
- LONG (SIZEOF(.TFM_PSA_ROT_LINKER_BSS) / 4)
+ LONG (SIZEOF(.TFM_PSA_ROT_LINKER_BSS) / 4) /* Aligment checked after the section */
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_PSA_ROT_LINKER_BSS))
LONG (ADDR(.TFM_APP_ROT_LINKER_BSS))
- LONG (SIZEOF(.TFM_APP_ROT_LINKER_BSS) / 4)
+ LONG (SIZEOF(.TFM_APP_ROT_LINKER_BSS) / 4) /* Aligment checked after the section */
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_APP_ROT_LINKER_BSS))
#if defined(CONFIG_TFM_PARTITION_META)
LONG (ADDR(.TFM_SP_META_PTR))
- LONG (SIZEOF(.TFM_SP_META_PTR) / 4)
+ LONG (SIZEOF(.TFM_SP_META_PTR) / 4) /* Aligment checked after the section */
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_SP_META_PTR))
#endif
__zero_table_end__ = .;
@@ -284,6 +288,21 @@
*libtfm_spm*:*(.rodata*)
} > FLASH
+#ifdef RAM_VECTORS_SUPPORT
+ CHECK_ALIGNMENT_4(__vectors_end__ - __vectors_start__)
+#endif
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_DATA))
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_PSA_ROT_LINKER_DATA))
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_APP_ROT_LINKER_DATA))
+#if defined (S_RAM_CODE_START)
+ CHECK_ALIGNMENT_4(SIZEOF(.ER_CODE_SRAM))
+#endif
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_PSA_ROT_LINKER_BSS))
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_APP_ROT_LINKER_BSS))
+#if defined(CONFIG_TFM_PARTITION_META)
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_SP_META_PTR))
+#endif
+
.TFM_UNPRIV_CODE ALIGN(TFM_LINKER_UNPRIV_CODE_ALIGNMENT) :
{
*(SORT_BY_ALIGNMENT(.text*))
diff --git a/platform/ext/common/gcc/tfm_isolation_s.ld.template b/platform/ext/common/gcc/tfm_isolation_s.ld.template
index 810ef34..07ddeaf 100644
--- a/platform/ext/common/gcc/tfm_isolation_s.ld.template
+++ b/platform/ext/common/gcc/tfm_isolation_s.ld.template
@@ -233,22 +233,22 @@
/* Copy interrupt vectors from flash to RAM */
LONG (__vectors_start__) /* From */
LONG (__ram_vectors_start__) /* To */
- LONG ((__vectors_end__ - __vectors_start__) / 4) /* Size */
+ LONG ((__vectors_end__ - __vectors_start__) / 4) /* Size, aligment checked after the section */
#endif
LONG (LOADADDR(.TFM_DATA))
LONG (ADDR(.TFM_DATA))
- LONG (SIZEOF(.TFM_DATA) / 4)
+ LONG (SIZEOF(.TFM_DATA) / 4) /* Aligment checked after the section */
{% for partition in partitions %}
LONG (LOADADDR(.ER_{{partition.manifest.name}}_DATA))
LONG (ADDR(.ER_{{partition.manifest.name}}_DATA))
- LONG (SIZEOF(.ER_{{partition.manifest.name}}_DATA) / 4)
+ LONG (SIZEOF(.ER_{{partition.manifest.name}}_DATA) / 4) /* Aligment checked after the section */
{% endfor %}
#ifdef S_RAM_CODE_START
LONG (LOADADDR(.ER_CODE_SRAM))
LONG (ADDR(.ER_CODE_SRAM))
- LONG (SIZEOF(.ER_CODE_SRAM) / 4)
+ LONG (SIZEOF(.ER_CODE_SRAM) / 4) /* Aligment checked after the section */
#endif
__copy_table_end__ = .;
@@ -257,12 +257,12 @@
__zero_table_start__ = .;
{% for partition in partitions %}
LONG (ADDR(.ER_{{partition.manifest.name}}_BSS))
- LONG (SIZEOF(.ER_{{partition.manifest.name}}_BSS) / 4)
+ LONG (SIZEOF(.ER_{{partition.manifest.name}}_BSS) / 4) /* Aligment checked after the section */
{% endfor %}
#ifdef CONFIG_TFM_PARTITION_META
LONG (ADDR(.TFM_SP_META_PTR))
- LONG (SIZEOF(.TFM_SP_META_PTR) / 4)
+ LONG (SIZEOF(.TFM_SP_META_PTR) / 4) /* Aligment checked after the section */
#endif
__zero_table_end__ = .;
@@ -272,6 +272,21 @@
*(SORT_BY_ALIGNMENT(EXCLUDE_FILE(*libflash_drivers*) .text*))
} > FLASH
+#ifdef RAM_VECTORS_SUPPORT
+ CHECK_ALIGNMENT_4(__vectors_end__ - __vectors_start__)
+#endif
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_DATA))
+#ifdef S_RAM_CODE_START
+ CHECK_ALIGNMENT_4(SIZEOF(.ER_CODE_SRAM))
+#endif
+#ifdef CONFIG_TFM_PARTITION_META
+ CHECK_ALIGNMENT_4(SIZEOF(.TFM_SP_META_PTR))
+#endif
+{% for partition in partitions %}
+ CHECK_ALIGNMENT_4(SIZEOF(.ER_{{partition.manifest.name}}_DATA))
+ CHECK_ALIGNMENT_4(SIZEOF(.ER_{{partition.manifest.name}}_BSS))
+{% endfor %}
+
/* Position tag: End of PSA RoT code (privileged) */
. = ALIGN(TFM_LINKER_PT_PSA_ROT_CODE_ALIGNMENT);
Image$$PT_PSA_ROT_CODE_END$$Base = .;
@@ -428,6 +443,7 @@
{% endif %}
*({{partition.manifest.name}}_APP-ROT_ATTR_ZI)
. += (. - start_of_{{partition.manifest.name}}_bss) ? 0 : 4;
+ . = ALIGN(4);
} > RAM
/* Position tag: End of Application RoT partition's private data */
@@ -535,6 +551,7 @@
{% endif %}
*({{partition.manifest.name}}_PSA-ROT_ATTR_ZI)
. += (. - start_of_{{partition.manifest.name}}_bss) ? 0 : 4;
+ . = ALIGN(4);
} > RAM
/* Position tag: End of PSA RoT partition's private data */
diff --git a/platform/ext/common/tfm_s_linker_alignments.h b/platform/ext/common/tfm_s_linker_alignments.h
index 4f8408b..0d11557 100644
--- a/platform/ext/common/tfm_s_linker_alignments.h
+++ b/platform/ext/common/tfm_s_linker_alignments.h
@@ -19,6 +19,8 @@
#define ROUND_UP_TO_MULTIPLE(number, multiple) \
((((number) + (multiple) - 1) / (multiple)) * (multiple))
+#define CHECK_ALIGNMENT_4(size) ASSERT((size) % 4 == 0, #size)
+
/* Default alignment for linker file sections is set to 32 because ARM TrustZone
* protection units (SAU and MPU) require regions to be 32 bytes aligned. */
#ifndef TFM_LINKER_DEFAULT_ALIGNMENT