Merge branch 'bugfix/memprot_s2_intr_peri1_v5.4' into 'release/v5.4'

pacucha42 · pacucha42 · commit 8a44211856dc · 2025-02-21T01:57:46.000+08:00
fix(security): ESP32S2 memory protection check for Peri1 RTCSLOW interrupt (v5.4)

See merge request espressif/esp-idf!37117
diff --git a/components/hal/esp32s2/include/hal/memprot_peri_ll.h b/components/hal/esp32s2/include/hal/memprot_peri_ll.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -112,7 +112,7 @@ static inline intptr_t memprot_ll_peri1_rtcslow_get_fault_address(void)
 
 static inline bool memprot_ll_peri1_rtcslow_is_intr_mine(void)
 {
-    if (memprot_ll_dram0_is_assoc_intr()) {
+    if (memprot_ll_peri1_is_assoc_intr()) {
         uint32_t faulting_address = (uint32_t)memprot_ll_peri1_rtcslow_get_fault_address();
         return faulting_address >= PERI1_RTCSLOW_ADDRESS_LOW && faulting_address <= PERI1_RTCSLOW_ADDRESS_HIGH;
     }
@@ -123,7 +123,7 @@ static inline memprot_hal_err_t memprot_ll_peri1_rtcslow_set_prot(uint32_t *spli
 {
     uint32_t addr = (uint32_t)split_addr;
 
-    //check corresponding range fit & aligment to 32bit boundaries
+    //check corresponding range fit & alignment to 32bit boundaries
     if (addr < PERI1_RTCSLOW_ADDRESS_LOW || addr > PERI1_RTCSLOW_ADDRESS_HIGH) {
         return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;
     }
@@ -281,7 +281,7 @@ static inline memprot_hal_err_t memprot_ll_peri2_rtcslow_0_set_prot(uint32_t *sp
 {
     uint32_t addr = (uint32_t)split_addr;
 
-    //check corresponding range fit & aligment to 32bit boundaries
+    //check corresponding range fit & alignment to 32bit boundaries
     if (addr < PERI2_RTCSLOW_0_ADDRESS_LOW || addr > PERI2_RTCSLOW_0_ADDRESS_HIGH) {
         return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;
     }
@@ -369,7 +369,7 @@ static inline memprot_hal_err_t memprot_ll_peri2_rtcslow_1_set_prot(uint32_t *sp
 {
     uint32_t addr = (uint32_t)split_addr;
 
-    //check corresponding range fit & aligment to 32bit boundaries
+    //check corresponding range fit & alignment to 32bit boundaries
     if (addr < PERI2_RTCSLOW_1_ADDRESS_LOW || addr > PERI2_RTCSLOW_1_ADDRESS_HIGH) {
         return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;
     }
diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt
@@ -1025,7 +1025,6 @@ tools/test_apps/system/build_test/main/test_main.c
 tools/test_apps/system/cxx_no_except/main/main.cpp
 tools/test_apps/system/gdb_loadable_elf/main/hello_world_main.c
 tools/test_apps/system/longjmp_test/main/hello_world_main.c
-tools/test_apps/system/memprot/main/esp32s2/test_memprot_main.c
 tools/test_apps/system/no_embedded_paths/check_for_file_paths.py
 tools/test_apps/system/no_embedded_paths/main/test_no_embedded_paths_main.c
 tools/test_apps/system/startup/main/test_startup_main.c
diff --git a/tools/test_apps/system/memprot/main/esp32s2/test_memprot_main.c b/tools/test_apps/system/memprot/main/esp32s2/test_memprot_main.c
@@ -1,11 +1,18 @@
-/* MEMPROT IramDram testing code */
+/*
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
 #include <stdio.h>
 #include <string.h>
 #include "sdkconfig.h"
 #include "esp_log.h"
 #include "esp32s2/memprot.h"
 #include "soc/soc.h"
 
+static const char *TAG = "memprot_test_ESP32S2";
+
 /*
  * ESP32S2 MEMORY PROTECTION MODULE TEST
  * =====================================
@@ -107,7 +114,6 @@ static uint8_t RTC_SLOW_ATTR rtcslow_dummy_buffer[2 * SRAM_TEST_BUFFER_SIZE] = {
  * testing regions and splitting address scheme
  *
  */
-
 static uint32_t *test_memprot_dram0_rtcfast_get_min_split_addr(void)
 {
     return (uint32_t *)(rtcfast_dummy_buffer + sizeof(rtcfast_dummy_buffer) / 2);
@@ -186,7 +192,6 @@ static uint32_t *test_memprot_addr_high(mem_type_prot_t mem_type)
     }
 }
 
-
 static uint32_t *test_memprot_get_split_addr(mem_type_prot_t mem_type)
 {
     switch (mem_type) {
@@ -209,7 +214,6 @@ static uint32_t *test_memprot_get_split_addr(mem_type_prot_t mem_type)
     }
 }
 
-
 /*
  * testing setup of the memory-protection module
  */
@@ -274,7 +278,7 @@ static void test_memprot_set_prot(uint32_t *mem_type_mask, bool use_panic_handle
         esp_memprot_set_prot_peri2(MEMPROT_PERI2_RTCSLOW_1, test_memprot_peri2_rtcslow_1_get_min_split_addr(), WR_LOW_DIS, RD_LOW_DIS, EX_LOW_DIS, WR_HIGH_DIS, RD_HIGH_DIS, EX_HIGH_DIS);
     }
 
-    //reenable protection (bus based)
+    //re-enable protection (bus based)
     if (use_iram0) {
         esp_memprot_intr_ena(MEMPROT_IRAM0_SRAM, true);
     }
@@ -355,9 +359,11 @@ static void test_memprot_read(mem_type_prot_t mem_type)
     bool write_perm_low, write_perm_high, read_perm_low, read_perm_high;
     esp_memprot_get_perm_write(mem_type, &write_perm_low, &write_perm_high);
     esp_memprot_get_perm_read(mem_type, &read_perm_low, &read_perm_high);
+    ESP_EARLY_LOGD(TAG, "TEST_READ (low: r=%u w=%u, high: r=%u w=%u):", read_perm_low, write_perm_low, read_perm_high, write_perm_high);
 
     volatile uint32_t *ptr_low = test_memprot_addr_low(mem_type);
     volatile uint32_t *ptr_high = test_memprot_addr_high(mem_type);
+    ESP_EARLY_LOGD(TAG, "[test_addr_low=0x%08X test_addr_high=0x%08X]", ptr_low, ptr_high);
 
     //temporarily allow WRITE for setting the test values
     esp_memprot_set_write_perm(mem_type, true, true);
@@ -397,12 +403,14 @@ static void test_memprot_write(mem_type_prot_t mem_type)
     bool write_perm_low, write_perm_high, read_perm_low, read_perm_high;
     esp_memprot_get_perm_write(mem_type, &write_perm_low, &write_perm_high);
     esp_memprot_get_perm_read(mem_type, &read_perm_low, &read_perm_high);
+    ESP_EARLY_LOGD(TAG, "TEST_WRITE (low: r=%u w=%u, high: r=%u w=%u):", read_perm_low, write_perm_low, read_perm_high, write_perm_high);
 
     //temporarily allow READ operation
     esp_memprot_set_read_perm(mem_type, true, true);
 
     volatile uint32_t *ptr_low = test_memprot_addr_low(mem_type);
     volatile uint32_t *ptr_high = test_memprot_addr_high(mem_type);
+    ESP_EARLY_LOGD(TAG, "[test_addr_low=0x%08X test_addr_high=0x%08X]", ptr_low, ptr_high);
 
     //perform WRITE in low region
     const uint32_t test_val = 10;
@@ -447,8 +455,13 @@ static void test_memprot_exec(mem_type_prot_t mem_type)
     bool exec_perm_low, exec_perm_high;
     esp_memprot_get_perm_exec(mem_type, &exec_perm_low, &exec_perm_high);
 
+    bool read_perm_low, read_perm_high;
+    esp_memprot_get_perm_read(mem_type, &read_perm_low, &read_perm_high);
+    ESP_EARLY_LOGD(TAG, "TEST_EXEC (low: r=%u w=%u x=%u, high: r=%u w=%u x=%u):", read_perm_low, write_perm_low, exec_perm_low, read_perm_high, write_perm_high, exec_perm_high);
+
     volatile uint32_t *fnc_ptr_low = test_memprot_addr_low(mem_type);
     volatile uint32_t *fnc_ptr_high = test_memprot_addr_high(mem_type);
+    ESP_EARLY_LOGD(TAG, "[test_addr_low=0x%08X test_addr_high=0x%08X]", fnc_ptr_low, fnc_ptr_high);
 
     //enable WRITE permission for both segments
     esp_memprot_set_write_perm(mem_type, true, true);

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD`
	`2`	`+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD`
`3`	`3`	`*`
`4`	`4`	`* SPDX-License-Identifier: Apache-2.0`
`5`	`5`	`*/`
`@@ -112,7 +112,7 @@ static inline intptr_t memprot_ll_peri1_rtcslow_get_fault_address(void)`
`112`	`112`
`113`	`113`	`static inline bool memprot_ll_peri1_rtcslow_is_intr_mine(void)`
`114`	`114`	`{`
`115`		`- if (memprot_ll_dram0_is_assoc_intr()) {`
	`115`	`+ if (memprot_ll_peri1_is_assoc_intr()) {`
`116`	`116`	`uint32_t faulting_address = (uint32_t)memprot_ll_peri1_rtcslow_get_fault_address();`
`117`	`117`	`return faulting_address >= PERI1_RTCSLOW_ADDRESS_LOW && faulting_address <= PERI1_RTCSLOW_ADDRESS_HIGH;`
`118`	`118`	`}`
`@@ -123,7 +123,7 @@ static inline memprot_hal_err_t memprot_ll_peri1_rtcslow_set_prot(uint32_t *spli`
`123`	`123`	`{`
`124`	`124`	`uint32_t addr = (uint32_t)split_addr;`
`125`	`125`
`126`		`- //check corresponding range fit & aligment to 32bit boundaries`
	`126`	`+ //check corresponding range fit & alignment to 32bit boundaries`
`127`	`127`	`if (addr < PERI1_RTCSLOW_ADDRESS_LOW \|\| addr > PERI1_RTCSLOW_ADDRESS_HIGH) {`
`128`	`128`	`return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;`
`129`	`129`	`}`
`@@ -281,7 +281,7 @@ static inline memprot_hal_err_t memprot_ll_peri2_rtcslow_0_set_prot(uint32_t *sp`
`281`	`281`	`{`
`282`	`282`	`uint32_t addr = (uint32_t)split_addr;`
`283`	`283`
`284`		`- //check corresponding range fit & aligment to 32bit boundaries`
	`284`	`+ //check corresponding range fit & alignment to 32bit boundaries`
`285`	`285`	`if (addr < PERI2_RTCSLOW_0_ADDRESS_LOW \|\| addr > PERI2_RTCSLOW_0_ADDRESS_HIGH) {`
`286`	`286`	`return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;`
`287`	`287`	`}`
`@@ -369,7 +369,7 @@ static inline memprot_hal_err_t memprot_ll_peri2_rtcslow_1_set_prot(uint32_t *sp`
`369`	`369`	`{`
`370`	`370`	`uint32_t addr = (uint32_t)split_addr;`
`371`	`371`
`372`		`- //check corresponding range fit & aligment to 32bit boundaries`
	`372`	`+ //check corresponding range fit & alignment to 32bit boundaries`
`373`	`373`	`if (addr < PERI2_RTCSLOW_1_ADDRESS_LOW \|\| addr > PERI2_RTCSLOW_1_ADDRESS_HIGH) {`
`374`	`374`	`return MEMP_HAL_ERR_SPLIT_ADDR_INVALID;`
`375`	`375`	`}`