* Add better pointer declaration readability
I revised the declaration of single-line pointers by splitting it into
multiple lines. Now, every pointer is declared (and initialized
accordingly) on its own line. This refactoring should enhance
readability and decrease the probability of error when a new pointer is
added/removed or a current one has its initialization value modified.
Signed-off-by: Cristian Cristea <cristiancristea00@gmail.com>
* Remove unnecessary whitespace characters and lines
It removes whitespace characters at the end of lines (empty or
othwerwise) and clear lines at the end of the file (only one remains).
It is an automatic operation done by git.
Signed-off-by: Cristian Cristea <cristiancristea00@gmail.com>
Signed-off-by: Cristian Cristea <cristiancristea00@gmail.com>
It was possible for a third party that had already independently gained
the ability to execute injected code to achieve further privilege
escalation by branching directly inside a FreeRTOS MPU API wrapper
function with a manually crafted stack frame. This commit removes the
local stack variable `xRunningPrivileged` so that a manually crafted
stack frame cannot be used for privilege escalation by branching
directly inside a FreeRTOS MPU API wrapper.
We thank Certibit Consulting, LLC, Huazhong University of Science and
Technology and the SecLab team at Northeastern University for reporting
this issue.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
ARMv7-M allows overlapping MPU regions. When 2 MPU regions overlap, the
MPU configuration of the higher numbered MPU region is applied. For
example, if a memory area is covered by 2 MPU regions 0 and 1, the
memory permissions for MPU region 1 are applied.
We use 5 MPU regions for kernel code and kernel data protections and
leave the remaining for the application writer. We were using lowest
numbered MPU regions (0-4) for kernel protections and leaving the
remaining for the application writer. The application writer could
configure those higher numbered MPU regions to override kernel
protections.
This commit changes the code to use highest numbered MPU regions for
kernel protections and leave the remaining for the application writer.
This ensures that the application writer cannot override kernel
protections.
We thank the SecLab team at Northeastern University for reporting this
issue.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add xPortRemoveInterruptHandler API
This API is added to the MicroBlazeV9 port. It enables the application
writer to remove an interrupt handler.
This was originally contributed in this PR - https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/523
* Change API signature to return void
This makes the API similar to vPortDisableInterrupt.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gavin Lambert <uecasm@users.noreply.github.com>
* Clarify Cortex M7 r0p1 errata number in r0p1 specific port.
* Add ARM Cortex M7 r0p0 / r0p1 Errata 837070 workaround to CM4 MPU ports.
Optionally, enable the errata workaround by defining configTARGET_ARM_CM7_r0p0 or configTARGET_ARM_CM7_r0p1 in FreeRTOSConfig.h.
* Add r0p1 errata support to IAR port as well
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Change macro name to configENABLE_ERRATA_837070_WORKAROUND
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add supposrt for ARM CM55
* Fix file header
* Remove duplicate code
* Refactor portmacro.h
1. portmacro.h is re-factored into 2 parts - portmacrocommon.h which is
common to all ARMv8-M ports and portmacro.h which is different for
different compiler and architecture. This enables us to provide
Cortex-M55 ports without code duplication.
2. Update copy_files.py so that it copies Cortex-M55 ports correctly -
all files except portmacro.h are used from Cortex-M33 ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
This is needed to support the case when SysTick timer is not clocked
from the same source as CPU. This support already exists in other
Cortex-M ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add support for 16 MPU regions to GCC Cortex-M33 TZ port
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add support for 16 MPU regions to Cortex-M33 NTZ GCC port
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* fix alignment exception for ullPortInterruptNesting.
While loading (LDR X5, ullPortInterruptNestingConst) the ullPortInterruptNesting
variable, the program control seems to be stuck and there is no abort or stack
trace observed (as there is no exception handler is installed to catch unaligned
access exception).
Program control moves forward, if one just declares this varible to be 2 bytes
aligned but then varible is not updated properly.
One of my colleague, pointed out that issue is due to the fact that
ullPortInterruptNesting must be at 8 bytes aligned address but since
"vApplicationIRQHandler" (that has 4 bytes of address) is sitting between
two 8 bytes aligned addresses that forces ullPortInterruptNesting to be at
4 byte aligned address, causing all sort of mess.
It works on QEMU (on ARM64) as it is, since there is no such check for
unaligned access but on real hardware it is prohibited.
Workaround to this problem is, either we skip 4 byets (using .align 4) after
vApplicationIRQHandler declaration or declare it the end of all declarations.
This commit does the latter one.
Signed-off-by: Amit Singh Tomar <atomar25opensource@gmail.com>
* Update portASM.S
Remove 1 tab = 4 spaces
Co-authored-by: Amit Singh Tomar <atomar25opensource@gmail.com>
Co-authored-by: alfred gedeon <28123637+alfred2g@users.noreply.github.com>
Co-authored-by: Joseph Julicher <jjulicher@mac.com>
This commit introduces a new config
configALLOW_UNPRIVILEGED_CRITICAL_SECTIONS which enables developers to
prevent critical sections from unprivileged tasks. It defaults to 1 for
backward compatibility. Application should set it to 0 to disable
critical sections from unprivileged tasks.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Mention that FreeRTOS_IRQ_Handler should not be used for FIQs and the
reason for assuming Group 1 for Interrupt Acknowledge and End Of
Interrupt registers.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Let the FreeRTOS IRQ handler properly store and restore the ICCIAR
register value around the vApplicationIRQHandler() call.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Co-authored-by: Stephane Viau <stephane.viau@oss.nxp.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
The secure side context management code now checks that the secure
context being saved or restored belongs to the task being switched-out
or switched-in respectively.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit improves ARMv8-M security by pre-allocating secure-side task
context structures and changing how tasks reference a secure-side
context structure when calling a secure function. The new configuration
constant secureconfigMAX_SECURE_CONTEXTS sets the number of secure
context structures to pre-allocate. secureconfigMAX_SECURE_CONTEXTS
defaults to 8 if left undefined.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Use cast to fix warnings.
* Remove all empty definitions of portCLEAN_UP_TCB( pxTCB ) and
portALLOCATE_SECURE_CONTEXT( ulSecureStackSize ) from ports.
When these are undefined, the default empty definition is defined
in FreeRTOS.h.
The difference between this port and portable/GCC/ARM_CA53_64_BIT is
that this port uses System Register interface to access CPU interface
while the other one uses Memory-mapped interface.
Signed-off-by: Gaurav Aggarwal
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
* Adjust portPOINTER_SIZE_TYPE to correct size
portPOINTER_SIZE_TYPE wasn't yet set correctly to be 16 bit
* Fixed FreeRTOS file header to comply with automatic checks
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Critical sections in FreeRTOS are implemented using the following two
functions:
void vPortEnterCritical( void )
{
portDISABLE_INTERRUPTS();
uxCriticalNesting++;
}
void vPortExitCritical( void )
{
uxCriticalNesting--;
if( uxCriticalNesting == 0 )
{
portENABLE_INTERRUPTS();
}
}
uxCriticalNesting is initialized to a large value at the start and set
to zero when the scheduler is started (xPortStartScheduler). As a
result, before the scheduler is started, a pair of enter/exit critical
section will leave the interrupts disabled because uxCriticalNesting
will not reach zero in the vPortExitCritical function. This is done to
ensure that the interrupts remain disabled from the time first FreeRTOS
API is called to the time when the scheduler is started. The scheduler
starting code is expected to enure that interrupts are enabled before
the first task starts executing.
Cortex-M33 ports were not enabling interrupts before starting the first
task and as a result, the first task was started with interrupts
disabled. This PR fixes the issue by ensuring that interrupts are
enabled before the first task is started.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Cristian Cristea
Gaurav Aggarwal
Gabor Toth
Jakub Lužný
RichardBarry
Gaurav-Aggarwal-AWS
Gavin Lambert
Paul Bartell
alfred gedeon
niniemann
Ming Yue
Amit Tomar
Fabian
leona
Stephane Viau
swaldhoer
Kristine Jassmann
Joseph Julicher
j4cbo
Tobias Schulte
Cobus van Eeden
David Chalco
Jon Snow