It was possible for a third party that had already independently gained
the ability to execute injected code to achieve further privilege
escalation by branching directly inside a FreeRTOS MPU API wrapper
function with a manually crafted stack frame. This commit removes the
local stack variable `xRunningPrivileged` so that a manually crafted
stack frame cannot be used for privilege escalation by branching
directly inside a FreeRTOS MPU API wrapper.
We thank Certibit Consulting, LLC, Huazhong University of Science and
Technology and the SecLab team at Northeastern University for reporting
this issue.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Generalize Thread Local Storage (TLS) support
FreeRTOS's Thread Local Storage (TLS) support used variables and
functions from newlib, thereby making the TLS support specific to
newlib. This commit generalizes the TLS support so that it can be used
with other c-runtime libraries also. The default behavior for newlib
support is still kept same for backward compatibility.
The application writer would need to set configUSE_C_RUNTIME_TLS_SUPPORT
to 1 in their FreeRTOSConfig.h and define the following macros to
support TLS for a c-runtime library:
1. configTLS_BLOCK_TYPE - Type used to define the TLS block in TCB.
2. configINIT_TLS_BLOCK( xTLSBlock ) - Allocate and initialize memory
block for the task's TLS Block.
3. configSET_TLS_BLOCK( xTLSBlock ) - Switch C-Runtime's TLS Block to
point to xTLSBlock.
4. configDEINIT_TLS_BLOCK( xTLSBlock ) - Free up the memory allocated
for the task's TLS Block.
The following is an example to support TLS for picolibc:
#define configUSE_C_RUNTIME_TLS_SUPPORT 1
#define configTLS_BLOCK_TYPE void*
#define configINIT_TLS_BLOCK( xTLSBlock ) _init_tls( xTLSBlock )
#define configSET_TLS_BLOCK( xTLSBlock ) _set_tls( xTLSBlock )
#define configDEINIT_TLS_BLOCK( xTLSBlock )
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Let each stream/message can use its own sbSEND_COMPLETED
In FreeRTOS.h, set the default value of configUSE_SB_COMPLETED_CALLBACK
to zero, and add additional space for the function pointer when
the buffer created statically.
In stream_buffer.c, modify the macro of sbSEND_COMPLETED which let
the stream buffer to use its own implementation, and then add an
pointer to the stream buffer's structure, and modify the
implementation of the buffer creating and initializing
Co-authored-by: eddie9712 <qw1562435@gmail.com>
* Add supposrt for ARM CM55
* Fix file header
* Remove duplicate code
* Refactor portmacro.h
1. portmacro.h is re-factored into 2 parts - portmacrocommon.h which is
common to all ARMv8-M ports and portmacro.h which is different for
different compiler and architecture. This enables us to provide
Cortex-M55 ports without code duplication.
2. Update copy_files.py so that it copies Cortex-M55 ports correctly -
all files except portmacro.h are used from Cortex-M33 ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
vApplicationMallocFailedHook was declared in each Heap file. which forces users to declare it and can cause problems if the prototype of the function changes.
Co-authored-by: Pierre-Noel Bouteville <pnb990@gmail.com>
The configuration was updated using
uncrustify -c .github/uncrustify.cfg -o .github/uncrustify.cfg --update-config-with-doc
to align with the actually used uncrustify version used, i.e., all
configuration is now explicitly set (and no longer implicit).
The files that are common to all ports ("portable/MemMang*" and
"portable/Common/mpu_wrappers.c" are now also autoformatted.
Co-authored-by: alfred gedeon <28123637+alfred2g@users.noreply.github.com>
* Add configUSE_MINI_LIST_ITEM configuration option to enable the MiniListItem_t type.
When configUSE_MINI_LIST_ITEM == 0:
MiniListItem_t and ListItem_t are both typedefs of struct xLIST_ITEM.
When configUSE_MINI_LIST_ITEM == 1 (the default in projdefs.h):
MiniListItem_t is a typedef of struct xMINI_LIST_ITEM, which contains 3 fewer fields than a struct xLIST_ITEM.
This configuration saves approximately sizeof(TickType_t) + 2 * sizeof( void * ) bytes of ram, however it also violates strict aliasing rules which some compilers depend on for optimization.
configUSE_MINI_LIST_ITEM defaults to 1 when not defined.
* Add pp_indent_brace option to uncrustify config
Improves compliance with the FreeRTOS code style guide:
https://www.freertos.org/FreeRTOS-Coding-Standard-and-Style-Guide.html
* uncrustify with github workflows
* Fix find expression
* Add uncrustify configuration file
* Uncrustify some files
* uncrustify some more files
* uncrustify more files
* Fix whitespace at end of lines
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
* Introduce configRUN_TIME_COUNTER_TYPE which enables developers to define the type used to hold run time statistic counters. Defaults to uint32_t for backward compatibility. #define configRUN_TIME_COUNTER_TYPE to a type (for example, uint64_t) in FreeRTOSConfig.h to override the default.
Introduce ulTaskGetIdleRunTimePercent() to complement the pre-existing ulTaskGetIdleRunTimeCounter(). Whereas the pre-existing function returns the raw run time counter value, the new function returns the percentage of the entire run time consumed by the idle task. Note the amount of idle time is only a good measure of the slack time in a system if there are no other tasks executing at the idle priority, tickless
idle is not used, and configIDLE_SHOULD_YIELD is set to 0.
* Add ultaskgetidleruntimepercent to lexicon.txt.
* Update History file.
Add the MPU version of ulTaskGetIdleRunTimePercent().
* Update include/FreeRTOS.h to correct comment as per aggarg@ suggestion.
* Fix alignment in mpu_wrappers.h.
Commit changes to mpu_prototypes.h which were missed from the original commit.
Adding text into this new field updates the following macros in task.h in the main branch:
tskKERNEL_VERSION_NUMBER (alphanumeric string)
tskKERNEL_VERSION_MAJOR (numeric only)
tskKERNEL_VERSION_MINOR (numeric only)
tskKERNEL_VERSION_BUILD (numeric only)
* Add an LCOV_BRANCH exception for the check that sizeof( StaticQueue_t ) == sizeof( Queue_t )
* Add LCOV_BRANCH coverage exception for a configASSERT on pxQueueSetContainer with a condition that is unreachable.
* Add configASSERTs to alert when invalid parameters are passed into Queue Registry related functions.
* Assert that the semaphore handle passed into xQueueGetMutexHolder is not NULL.
* Correct some typos in queue.c
* Update lexicon.txt
The change adds support for allocating task stacks from separate heap.
When configSTACK_ALLOCATION_FROM_SEPARATE_HEAP is defined as 1 in
FreeRTOSConfig.h, task stacks are allocated and freed using
pvPortMallocStack and vPortFreeStack functions. This allows the
application writer to provide a separate allocator for task stacks.
When configSTACK_ALLOCATION_FROM_SEPARATE_HEAP is defined as 0, task
stacks are allocated and freed using FreeRTOS heap functions
pvPortMalloc and vPortFree.
For backward compatibility, configSTACK_ALLOCATION_FROM_SEPARATE_HEAP
defaults to 0.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Revert "Reintroduce Espressif's IDF v4.2 changes to ESP32 port (#193)"
This reverts commit 3d4d17178f.
* Update ESP32 port files to work with ESP-IDF v4.2 as well as ESP-IDF v3.3
Add changes required to support ESP32-S2
* portmacro.h: Change return type of vApplicationSleep to void
This fixes build failure when automatic light sleep is enabled
* prevent header checks for files with different licensing
Co-authored-by: David Chalco <david@chalco.io>
Paul Bartell
Aniruddha Kanhere
Gaurav Aggarwal
Monika Singh
Gaurav-Aggarwal-AWS
Xin Lin
Ravishankar Bhagavandas
Tanmoy Sen
alfred gedeon
pierrenoel-bouteville-act
swaldhoer
Jon Enz
Joseph Julicher
Laukik Hase
prplz
Zim Kalinowski
Graham Sanderson
Ming Yue
RichardBarry
Raul Rojas
j4cbo
Evgeny Ermakov
Paul Bartell
xuelix
Carl Lundin
Cobus van Eeden
David Chalco
nazar01
Shubham Kulkarni