base: reduce size of initial stack from 32K to 4K

The initial stack is solely used to initialize the Genode environment
along with the application stack located in the stack area. It never
executes application code. Hence, we can make it small. To check that it
is not dimensioned too small, the patch introduces a sanity check right
before switching to the application stack.

repos/base-hw/src/core/kernel/thread.cc

@@ -615,6 +615,9 @@ void Thread::print(Genode::Output &out) const
 }
 
 
+Genode::uint8_t __initial_stack_base[DEFAULT_STACK_SIZE];
+
+
 /*****************
  ** Core_thread **
  *****************/
@@ -624,7 +627,6 @@ Core_thread::Core_thread()
 {
 	using Genode::Native_utcb;
 
-	static Genode::uint8_t stack[DEFAULT_STACK_SIZE];
 	static Native_utcb * const utcb =
 		unmanaged_singleton<Native_utcb, Genode::get_page_size()>();
 
@@ -637,7 +639,7 @@ Core_thread::Core_thread()
 	utcb->cap_add(cap_id_invalid());
 
 	/* start thread with stack pointer at the top of stack */
-	sp = (addr_t)&stack + DEFAULT_STACK_SIZE;
+	sp = (addr_t)&__initial_stack_base[0] + DEFAULT_STACK_SIZE;
 	ip = (addr_t)&_core_start;
 
 	affinity(cpu_pool()->primary_cpu());

repos/base-hw/src/lib/startup/spec/riscv/crt0.s

@@ -36,5 +36,7 @@ _start:
 
 .bss
 	.p2align 8
-	.space 32*1024
+	.global __initial_stack_base
+	__initial_stack_base:
+	.space 4*1024
 	_stack_high:

repos/base/src/include/base/internal/crt0.h

@@ -28,8 +28,8 @@ extern void (*_dtors_start)();  /* begin of destructor table */
 extern void (*_dtors_end)();    /* end of destructor table */
 
 extern unsigned _start;         /* program entry point */
-extern unsigned _stack_low;     /* lower bound of intial stack */
-extern unsigned _stack_high;    /* upper bound of intial stack */
+
+extern unsigned char _initial_stack_base[];
 
 
 /***************************************************

repos/base/src/lib/startup/init_main_thread.cc

@@ -40,6 +40,12 @@ enum { MAIN_THREAD_STACK_SIZE = 16UL * 1024 * sizeof(Genode::addr_t) };
 extern "C" void init_rtld() __attribute__((weak));
 void init_rtld() { }
 
+/**
+ * Lower bound of the stack, solely used for sanity checking
+ */
+extern unsigned char __initial_stack_base[];
+
+
 /**
  * The first thread in a program
  */
@@ -101,8 +107,24 @@ extern "C" void init_main_thread()
 	 * The new stack pointer enables the caller to switch from its current
 	 * environment to the those that the thread object provides.
 	 */
-	addr_t sp = reinterpret_cast<addr_t>(main_thread()->stack_top());
+	addr_t const sp = reinterpret_cast<addr_t>(main_thread()->stack_top());
 	init_main_thread_result = sp;
+
+	/*
+	 * Sanity check for the usage of the initial stack
+	 *
+	 * Because the initial stack is located in the BSS, it is zero-initialized.
+	 * We check that the stack still contains zeros at its lower boundary after
+	 * executing all the initialization code.
+	 */
+	enum { STACK_PAD = 256U };
+	for (unsigned i = 0; i < STACK_PAD; i++) {
+		if (__initial_stack_base[i] == 0)
+			continue;
+
+		error("initial stack overflow detected");
+		for (;;);
+	}
 }
 
 

repos/base/src/lib/startup/spec/arm/crt0.s

@@ -57,7 +57,9 @@
 
 	/* stack of the temporary initial environment */
 	.p2align 4
-	.space 32 * 1024
+	.global __initial_stack_base
+	__initial_stack_base:
+	.space 4*1024
 	_stack_high:
 
 	/* initial value of the SP register */

repos/base/src/lib/startup/spec/x86_32/crt0.s

@@ -90,7 +90,9 @@
 
 	/* stack of the temporary initial environment */
 	.p2align 4
-	.space 32 * 1024
+	.global __initial_stack_base
+	__initial_stack_base:
+	.space 4*1024
 	_stack_high:
 
 	/* initial value of the ESP, EAX and EDI register */

repos/base/src/lib/startup/spec/x86_64/crt0.s

@@ -89,16 +89,18 @@
 
 	/* stack of the temporary initial environment */
 	.p2align 8
-	.space 32 * 1024
+	.global __initial_stack_base
+	__initial_stack_base:
+	.space 8*1024
 	_stack_high:
 
 	/* initial value of the RSP, RAX and RDI register */
-	.globl __initial_sp
+	.global __initial_sp
 	__initial_sp:
 	.space 8
-	.globl __initial_ax
+	.global __initial_ax
 	__initial_ax:
 	.space 8
-	.globl __initial_di
+	.global __initial_di
 	__initial_di:
 	.space 8