It was possible for an unprivileged task to invoke any function with
privilege by passing it as a parameter to MPU_xTaskCreate,
MPU_xTaskCreateStatic, MPU_xTimerCreate, MPU_xTimerCreateStatic, or
MPU_xTimerPendFunctionCall.
This commit ensures that MPU_xTaskCreate and MPU_xTaskCreateStatic can
only create unprivileged tasks. It also removes the following APIs:
1. MPU_xTimerCreate
2. MPU_xTimerCreateStatic
3. MPU_xTimerPendFunctionCall
We thank Huazhong University of Science and Technology for reporting
this issue.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
It was possible for a third party that had already independently gained
the ability to execute injected code to achieve further privilege
escalation by branching directly inside a FreeRTOS MPU API wrapper
function with a manually crafted stack frame. This commit removes the
local stack variable `xRunningPrivileged` so that a manually crafted
stack frame cannot be used for privilege escalation by branching
directly inside a FreeRTOS MPU API wrapper.
We thank Certibit Consulting, LLC, Huazhong University of Science and
Technology and the SecLab team at Northeastern University for reporting
this issue.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update of three badly terminated macro definitions
- vTaskDelayUntil() to conform to usual pattern do { ... } while(0)
- vTaskNotifyGiveFromISR() and
- vTaskGenericNotifyGiveFromISR() to remove extra terminating semicolons
- This PR addresses issues #553 and #554
* Adjust formatting of task.h
Co-authored-by: Paul Bartell <pbartell@amazon.com>
* Generalize Thread Local Storage (TLS) support
FreeRTOS's Thread Local Storage (TLS) support used variables and
functions from newlib, thereby making the TLS support specific to
newlib. This commit generalizes the TLS support so that it can be used
with other c-runtime libraries also. The default behavior for newlib
support is still kept same for backward compatibility.
The application writer would need to set configUSE_C_RUNTIME_TLS_SUPPORT
to 1 in their FreeRTOSConfig.h and define the following macros to
support TLS for a c-runtime library:
1. configTLS_BLOCK_TYPE - Type used to define the TLS block in TCB.
2. configINIT_TLS_BLOCK( xTLSBlock ) - Allocate and initialize memory
block for the task's TLS Block.
3. configSET_TLS_BLOCK( xTLSBlock ) - Switch C-Runtime's TLS Block to
point to xTLSBlock.
4. configDEINIT_TLS_BLOCK( xTLSBlock ) - Free up the memory allocated
for the task's TLS Block.
The following is an example to support TLS for picolibc:
#define configUSE_C_RUNTIME_TLS_SUPPORT 1
#define configTLS_BLOCK_TYPE void*
#define configINIT_TLS_BLOCK( xTLSBlock ) _init_tls( xTLSBlock )
#define configSET_TLS_BLOCK( xTLSBlock ) _set_tls( xTLSBlock )
#define configDEINIT_TLS_BLOCK( xTLSBlock )
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Let each stream/message can use its own sbSEND_COMPLETED
In FreeRTOS.h, set the default value of configUSE_SB_COMPLETED_CALLBACK
to zero, and add additional space for the function pointer when
the buffer created statically.
In stream_buffer.c, modify the macro of sbSEND_COMPLETED which let
the stream buffer to use its own implementation, and then add an
pointer to the stream buffer's structure, and modify the
implementation of the buffer creating and initializing
Co-authored-by: eddie9712 <qw1562435@gmail.com>
* Add supposrt for ARM CM55
* Fix file header
* Remove duplicate code
* Refactor portmacro.h
1. portmacro.h is re-factored into 2 parts - portmacrocommon.h which is
common to all ARMv8-M ports and portmacro.h which is different for
different compiler and architecture. This enables us to provide
Cortex-M55 ports without code duplication.
2. Update copy_files.py so that it copies Cortex-M55 ports correctly -
all files except portmacro.h are used from Cortex-M33 ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
vApplicationMallocFailedHook was declared in each Heap file. which forces users to declare it and can cause problems if the prototype of the function changes.
Co-authored-by: Pierre-Noel Bouteville <pnb990@gmail.com>
* Heap improvements
This commit makes the following improvements:
1. Add a check to heap_2 to track if a memory block is allocated to the
application or not. The MSB of the size field is used for this
purpose. The same check already exists in heap_4 and heap_5. This
check prevents against double free.
2. Add a new flag configHEAP_CLEAR_MEMORY_ON_FREE to heap_2, heap_4 and
heap_5. The application writer can set it to 1 in their
FreeRTOSConfig.h to ensure that a block of memory allocated using
pvPortMalloc is cleared (i.e. set to zero) when it is freed using
vPortFree. If left undefined, configHEAP_CLEAR_MEMORY_ON_FREE
defaults to 0 for backward compatibility. We recommend setting
configHEAP_CLEAR_MEMORY_ON_FREE to 1 for better security.
3. Add a new API pvPortCalloc to heap_2, heap_4 and heap_5. This API
has the following signature:
void * pvPortCalloc( size_t xNum, size_t xSize );
It allocates memory for an array of xNum objects each of which is of
xSize and initializes all bytes in the allocated storage to zero. If
allocation succeeds, it returns a pointer to the lowest byte in the
allocated memory block. On failure, it returns a null pointer.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add configUSE_MINI_LIST_ITEM configuration option to enable the MiniListItem_t type.
When configUSE_MINI_LIST_ITEM == 0:
MiniListItem_t and ListItem_t are both typedefs of struct xLIST_ITEM.
When configUSE_MINI_LIST_ITEM == 1 (the default in projdefs.h):
MiniListItem_t is a typedef of struct xMINI_LIST_ITEM, which contains 3 fewer fields than a struct xLIST_ITEM.
This configuration saves approximately sizeof(TickType_t) + 2 * sizeof( void * ) bytes of ram, however it also violates strict aliasing rules which some compilers depend on for optimization.
configUSE_MINI_LIST_ITEM defaults to 1 when not defined.
* Add pp_indent_brace option to uncrustify config
Improves compliance with the FreeRTOS code style guide:
https://www.freertos.org/FreeRTOS-Coding-Standard-and-Style-Guide.html
* Fix support for stepping maximum number of ticks
This commit fixes support for tickless implementations that call
vTaskStepTick() with the maximum number of allowed ticks to step.
vTaskStepTick()
---------------
Function vTaskStepTick() provides a way for the tickless idle
implementation to account for ticks that elapse during tickless idle.
The maximum number of stepped ticks allowed is the number passed to
portSUPPRESS_TICKS_AND_SLEEP(). It is the number of ticks between
xTickCount and xNextTaskUnblockTime.
vTaskStepTick() is specifically intended for use with tickless idle,
so it always executes with the scheduler disabled. For reference,
compare it with the more general function xTaskCatchUpTicks().
Without this Change
-------------------
Prior to this commit, if a task is supposed to wake at xTickCount ==
0xFFFFFFFF, then when tickless idle ends, function vTaskStepTick()
sets the tick to 0xFFFFFFFF but the task remains on the delayed list
because xTaskIncrementTick() does not execute. One tick later,
xTaskIncrementTick() executes because it's time to increment xTickCount
to 0x00000000. An assertion failure occurs in
taskSWITCH_DELAYED_LISTS() because the delayed task list is not
empty. Other examples of valling vTaskStepTick() with the maximum
allowed number of ticks merely result in a task waking one tick late.
Default Tickless Implementations
--------------------------------
Note that the default tickless implementations never pass the maximum
allowed value to vTaskStepTick(). The default implementations use the
tick interrupt to finish the sleep and allow that one tick to be
counted normally via the tick ISR and xTaskIncrementTick().
* Protect xPendedTicks with critical section
Function xTaskIncrementTick() increments xPendedTicks when the
scheduler is disabled. That function typically executes inside the tick
ISR. So code in xTaskCatchUpTicks() must mask interrupts when modifying
xPendedTicks.
* uncrustify tasks.c
* Update tasks.c
Style changes only - added comment and indentation to the two modified files.
* uncrustify
* Add test coverage for new conditional
* Add typecast
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Co-authored-by: Joseph Julicher <jjulicher@mac.com>
Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
The example was trying to create a timer with period 0 which is not a
valid period.
This was reported here - https://forums.freertos.org/t/multiple-timers/13884
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
The public function xEventGroupWaitBits passes xTicksToWait to the
function vTaskPlaceOnUnorderedEventList, which passes the number of
ticks to prvAddCurrentTaskToDelayedList and sets xCanBlockIndefinitely
to pdTRUE, causing the latter to block indefinitely if
xTicksToWait == portMAX_DELAY and INCLUDE_vTaskSuspend == 1.
Example usage is actually correct, so remove the -1. but update
the incorrect parameter description for pucStreamBufferStorageArea
and pucMessageBufferStorageArea.
* uncrustify with github workflows
* Fix find expression
* Add uncrustify configuration file
* Uncrustify some files
* uncrustify some more files
* uncrustify more files
* Fix whitespace at end of lines
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Paul Bartell
tcpluess
Gaurav-Aggarwal-AWS
Gaurav Aggarwal
newbrain
Monika Singh
Paul Bartell
RichardBarry
Ravishankar Bhagavandas
alfred gedeon
Robert Berger
Anton Lagerholm
pierrenoel-bouteville-act
mikisama
Muneeb Ahmed
Tobias Nießen
isus-ipanienko
Jeff Tenney
Jon Enz
Joseph Julicher
Pramith K V
Tobias Nießen
prplz
Zim Kalinowski
Paul Adelsbach
Craig Kewley