Memory Protection Unit (MPU) Enhancements
This commit introduces a new MPU wrapper that places additional
restrictions on unprivileged tasks. The following is the list of changes
introduced with the new MPU wrapper:
1. Opaque and indirectly verifiable integers for kernel object handles:
All the kernel object handles (for example, queue handles) are now
opaque integers. Previously object handles were raw pointers.
2. Saving the task context in Task Control Block (TCB): When a task is
swapped out by the scheduler, the task's context is now saved in its
TCB. Previously the task's context was saved on its stack.
3. Execute system calls on a separate privileged only stack: FreeRTOS
system calls, which execute with elevated privilege, now use a
separate privileged only stack. Previously system calls used the
calling task's stack. The application writer can control the size of
the system call stack using new configSYSTEM_CALL_STACK_SIZE config
macro.
4. Memory bounds checks: FreeRTOS system calls which accept a pointer
and de-reference it, now verify that the calling task has required
permissions to access the memory location referenced by the pointer.
5. System call restrictions: The following system calls are no longer
available to unprivileged tasks:
- vQueueDelete
- xQueueCreateMutex
- xQueueCreateMutexStatic
- xQueueCreateCountingSemaphore
- xQueueCreateCountingSemaphoreStatic
- xQueueGenericCreate
- xQueueGenericCreateStatic
- xQueueCreateSet
- xQueueRemoveFromSet
- xQueueGenericReset
- xTaskCreate
- xTaskCreateStatic
- vTaskDelete
- vTaskPrioritySet
- vTaskSuspendAll
- xTaskResumeAll
- xTaskGetHandle
- xTaskCallApplicationTaskHook
- vTaskList
- vTaskGetRunTimeStats
- xTaskCatchUpTicks
- xEventGroupCreate
- xEventGroupCreateStatic
- vEventGroupDelete
- xStreamBufferGenericCreate
- xStreamBufferGenericCreateStatic
- vStreamBufferDelete
- xStreamBufferReset
Also, an unprivileged task can no longer use vTaskSuspend to suspend
any task other than itself.
We thank the following people for their inputs in these enhancements:
- David Reiss of Meta Platforms, Inc.
- Lan Luo, Xinhui Shao, Yumeng Wei, Zixia Liu, Huaiyu Yan and Zhen Ling
of School of Computer Science and Engineering, Southeast University,
China.
- Xinwen Fu of Department of Computer Science, University of
Massachusetts Lowell, USA.
- Yuequi Chen, Zicheng Wang, Minghao Lin of University of Colorado
Boulder, USA.
Added various ...GetStaticBuffer() functions to get the buffers of statically
created objects.
---------
Co-authored-by: Paul Bartell <pbartell@amazon.com>
Co-authored-by: Nikhil Kamath <110539926+amazonKamath@users.noreply.github.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Adding in ability to support a library for freertos_config and a custom freertos_kernel_port (#558)
* Using single name definition for libraries everywhere. (#558)
* Supporting backwards compatibility with FREERTOS_CONFIG_FILE_DIRECTORY (#571)
* Removing compiler warnings for GNU and Clang. (#571)
* Added in documentation on how to consume from a main project. Added default PORT selection for native POSIX and MINGW platforms.
* Only adding freertos_config if it exists. Removing auto generation of it from a FREERTOS_CONFIG_FILE_DIRECTORY.
* Fixing clang and gnu compiler warnings.
* Adding in project information and how to compile for GNU/clang
* Fixing compiler issue with unused variable - no need to declare variable.
* Adding in compile warnings for linux builds that kernel is okay with using.
* Fixing more extra-semi-stmt clang warnings.
* Moving definition of hooks into header files if features are enabled.
* Fixing formatting with uncrustify.
* Fixing merge conflicts with main merge.
* Fixing compiler errors due to merge issues and formatting.
* Fixing Line feeds.
* Adding 'portNORETURN' into portmacros.h. Other Updates based on PR request
* Further clean-up of clang and clang-tidy issues.
* Removing compiler specific pragmas from common c files.
* Fixing missing lexicon entry and uncrustify formatting changes.
* Resolving merge issue multiple defnitions of proto for prvIdleTask
* Fixing formatting issues that are not covered by uncrustify. Use clang-tidy instead if you want this level of control.
* More uncrustify formatting issues.
* Fixing extra bracket in #if statement.
---------
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Allow ulTaskGetIdleRunTimeCounter and ulTaskGetIdleRunTimePercent to be
used whenever configGENERATE_RUN_TIME_STATS is enabled, as this is the
only requirement for these functions to work.
* Update of three badly terminated macro definitions
- vTaskDelayUntil() to conform to usual pattern do { ... } while(0)
- vTaskNotifyGiveFromISR() and
- vTaskGenericNotifyGiveFromISR() to remove extra terminating semicolons
- This PR addresses issues #553 and #554
* Adjust formatting of task.h
Co-authored-by: Paul Bartell <pbartell@amazon.com>
* Fix support for stepping maximum number of ticks
This commit fixes support for tickless implementations that call
vTaskStepTick() with the maximum number of allowed ticks to step.
vTaskStepTick()
---------------
Function vTaskStepTick() provides a way for the tickless idle
implementation to account for ticks that elapse during tickless idle.
The maximum number of stepped ticks allowed is the number passed to
portSUPPRESS_TICKS_AND_SLEEP(). It is the number of ticks between
xTickCount and xNextTaskUnblockTime.
vTaskStepTick() is specifically intended for use with tickless idle,
so it always executes with the scheduler disabled. For reference,
compare it with the more general function xTaskCatchUpTicks().
Without this Change
-------------------
Prior to this commit, if a task is supposed to wake at xTickCount ==
0xFFFFFFFF, then when tickless idle ends, function vTaskStepTick()
sets the tick to 0xFFFFFFFF but the task remains on the delayed list
because xTaskIncrementTick() does not execute. One tick later,
xTaskIncrementTick() executes because it's time to increment xTickCount
to 0x00000000. An assertion failure occurs in
taskSWITCH_DELAYED_LISTS() because the delayed task list is not
empty. Other examples of valling vTaskStepTick() with the maximum
allowed number of ticks merely result in a task waking one tick late.
Default Tickless Implementations
--------------------------------
Note that the default tickless implementations never pass the maximum
allowed value to vTaskStepTick(). The default implementations use the
tick interrupt to finish the sleep and allow that one tick to be
counted normally via the tick ISR and xTaskIncrementTick().
* Protect xPendedTicks with critical section
Function xTaskIncrementTick() increments xPendedTicks when the
scheduler is disabled. That function typically executes inside the tick
ISR. So code in xTaskCatchUpTicks() must mask interrupts when modifying
xPendedTicks.
* uncrustify tasks.c
* Update tasks.c
Style changes only - added comment and indentation to the two modified files.
* uncrustify
* Add test coverage for new conditional
* Add typecast
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Co-authored-by: Joseph Julicher <jjulicher@mac.com>
Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
* uncrustify with github workflows
* Fix find expression
* Add uncrustify configuration file
* Uncrustify some files
* uncrustify some more files
* uncrustify more files
* Fix whitespace at end of lines
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
* Introduce configRUN_TIME_COUNTER_TYPE which enables developers to define the type used to hold run time statistic counters. Defaults to uint32_t for backward compatibility. #define configRUN_TIME_COUNTER_TYPE to a type (for example, uint64_t) in FreeRTOSConfig.h to override the default.
Introduce ulTaskGetIdleRunTimePercent() to complement the pre-existing ulTaskGetIdleRunTimeCounter(). Whereas the pre-existing function returns the raw run time counter value, the new function returns the percentage of the entire run time consumed by the idle task. Note the amount of idle time is only a good measure of the slack time in a system if there are no other tasks executing at the idle priority, tickless
idle is not used, and configIDLE_SHOULD_YIELD is set to 0.
* Add ultaskgetidleruntimepercent to lexicon.txt.
* Update History file.
Add the MPU version of ulTaskGetIdleRunTimePercent().
* Update include/FreeRTOS.h to correct comment as per aggarg@ suggestion.
* Fix alignment in mpu_wrappers.h.
Commit changes to mpu_prototypes.h which were missed from the original commit.
* updated history.txt for 10.4.4
* Update the release date in History.txt
* added link to SMP branch to History.txt
* Added comment explaining the + in the version string
* corrected typos in the + comment
Co-authored-by: alfred gedeon <28123637+alfred2g@users.noreply.github.com>
Co-authored-by: Paul Bartell <pbartell@amazon.com>
This PR:
Changes the INCLUDE_vTaskDelayUntil compile time constant to INCLUDE_xTaskDelayUntil.
Updates FreeRTOS.h to ensure backward compatibility for projects that already have INCLUDE_vTaskDelayUntil defined.
Updates the MPU prototypes, wrapper and implementation to use the updated xTaskDelayUntil() function.
Tests to be checked into the FreeRTOS/FreeRTOS repository after this PR.
* FreeRTOS Kernel Spelling Update
* Added spell check to kernel repository.
* Fixed small spelling errors in various kernel source files.
* Added documentation for spellcheck.
Note: Only kernel files are checked for spelling, and portable files are ignored.
* Style: make freertos.org = FreeRTOS.org also add https
* Style: Fix freertos into FreeRTOS
* Style: Fix freertos into FreeRTOS
Co-authored-by: Alfred Gedeon <gedeonag@amazon.com>
* Style: Change FreeRTOS websites in comments
* Style: Change freertos to FreeRTOS in comments
* Style: Remove broken link
Co-authored-by: Alfred Gedeon <gedeonag@amazon.com>
* Removing StackMacros.h
* Moving 4 Function Prototypes out of the C files into the headers
* Revert "Removing StackMacros.h"
This reverts commit cdd8307817.
kar-rahul-aws
Nicolas
Darian
phelter
Chris Copeland
tcpluess
Gaurav-Aggarwal-AWS
newbrain
Monika Singh
Muneeb Ahmed
Jeff Tenney
Joseph Julicher
Pramith K V
prplz
Zim Kalinowski
alfred gedeon
Tobias Nießen
swaldhoer
RichardBarry
paulbartell
Paul Bartell
gomonovych
nazar01
Evgeny Ermakov
Cobus van Eeden
David Chalco
alfred gedeon
Spacefish
David Chalco
Ravishankar Bhagavandas
Carl Lundin
Alfred Gedeon