Skip to content

Swap FMC base address #2211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 3, 2025
Merged

Swap FMC base address #2211

merged 2 commits into from
Sep 3, 2025

Conversation

labbott
Copy link
Collaborator

@labbott labbott commented Sep 2, 2025

The default attributes for the FMC region are normal and executable. This allows speculative accesses. This doesn't apply to most hubris tasks but it does apply to the kernel. Swap the FMC banks to use a different default memory map which marks it as device/execute never to avoid speculation.

@labbott labbott requested a review from mkeeter September 2, 2025 19:41
@mkeeter
Copy link
Collaborator

mkeeter commented Sep 2, 2025
edited
Loading

We talked about this in chat, and I think we want to switch to having peek32 and poke32 return a Result type with a clear error about the old address space. The change will break existing scripts anyways, and it would be a better UX to break them in a way that leaves a bread crumb.

Alternatively, we could silently remap 0x60000000 to 0xC0000000. This... might not be as awful as it sounded in my head? (network requests could do the same, obviating the need for the new error variant)

@labbott
Swap FMC base address
f34639c 
The default attributes for the FMC region are normal and executable.
This allows speculative accesses. This doesn't apply to most hubris
tasks but it does apply to the kernel. Swap the FMC banks to use
a different default memory map which marks it as device/execute never
to avoid speculation. As part of this, fix up the FMC demo server
to translate addresses to the new region.
@labbott
Copy link
Collaborator Author

labbott commented Sep 3, 2025

Alternatively, we could silently remap 0x60000000 to 0xC0000000. This... might not be as awful as it sounded in my head? (network requests could do the same, obviating the need for the new error variant)

The remap was much cleaner than I expected. Nobody should be poking anything outside the FMC region anyway.

@labbott labbott enabled auto-merge (rebase) September 3, 2025 17:44
@labbott labbott mentioned this pull request Sep 3, 2025
Closed
@labbott labbott merged commit 4ad2aa7 into master Sep 3, 2025
135 checks passed
@labbott labbott deleted the swap_fmc_base branch September 3, 2025 17:53
This was referenced Sep 3, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkeeter mkeeter mkeeter approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@labbott @mkeeter