Hi Thomas,

 

It is only the size of the struct that needs to be aligned to the flash program unit, so that the write size is aligned when the struct is programmed to flash. So indeed the attribute puts too strong a constraint on the compiler as it also forces it to allocate these structs at aligned addresses on the stack.

 

The only vaguely clean, portable way I can think of aligning up the size of the struct alone is something like:

 

struct its_file_meta_t_padded {

    struct its_file_meta_t file_meta;

    uint8_t pad[ITS_FLASH_MAX_ALIGNMENT – (sizeof(struct its_file_meta_t) % ITS_FLASH_MAX_ALIGNMENT)];

};

 

But that has the disadvantage of adding ITS_FLASH_MAX_ALIGNMENT to the size of the struct in the case that it is already aligned (no zero-sized arrays), as well as the extra step of accessing the nested struct each time.

 

Would be happy to hear any alternative solutions though.

 

Kind regards,

Jamie

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M
Sent: 26 June 2020 10:07
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Alignment issues on stack with ITS

 

ITS defines a few structs with specific alignment requirements, like:

struct __attribute__((__aligned__(ITS_FLASH_MAX_ALIGNMENT)))
its_file_meta_t {
    uint32_t lblock;               /*!< Logical datablock where file is
                                    *   stored
                                    */
    size_t data_idx;               /*!< Offset in the logical data block */
    size_t cur_size;               /*!< Size in storage system for this #
                                    *   fragment
                                    */
    size_t max_size;               /*!< Maximum size of this file */
    uint32_t flags;                /*!< Flags set when the file was created */
    uint8_t id[ITS_FILE_ID_SIZE];  /*!< ID of this file */
};

This causes issues with the IAR compiler when these structs are declared as autos:

static psa_status_t its_mblock_copy_remaining_block_meta(
                                              struct its_flash_fs_ctx_t *fs_ctx,
                                              uint32_t lblock)
{
    struct its_block_meta_t block_meta;
    psa_status_t err;
    uint32_t meta_block;
    size_t pos;
    uint32_t scratch_block;
    size_t size;
...

The IAR compiler gives these errors if the alignment is 0x10 (the stack is 8 byte aligned):

      struct its_block_meta_t block_meta;
                              ^
"C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m\secure_fw\partitions\internal_trusted_storage\flash_fs\its_flash_fs_mblock.c",415  Error[Ta121]:
          Auto variable "block_meta" cannot have a stricter alignment than the
          stack

I assume this alignment is only required for the flash, so the alignment attributes should be set when declaring variables in the flash, not on the type.

Comments?

Cheers,
Thomas

--

Thomas Törnblom, Product Engineer
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail:
thomas.tornblom@iar.com Website: www.iar.com
Twitter:
www.twitter.com/iarsystems