Restrict unpriv task to invoke code with privilege

It was possible for an unprivileged task to invoke any function with privilege by passing it as a parameter to MPU_xTaskCreate, MPU_xTaskCreateStatic, MPU_xTimerCreate, MPU_xTimerCreateStatic, or MPU_xTimerPendFunctionCall. This commit ensures that MPU_xTaskCreate and MPU_xTaskCreateStatic can only create unprivileged tasks. It also removes the following APIs: 1. MPU_xTimerCreate 2. MPU_xTimerCreateStatic 3. MPU_xTimerPendFunctionCall We thank Huazhong University of Science and Technology for reporting this issue. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2025-08-19 17:48:33 -04:00 · 2022-09-07 14:58:52 +05:30 · 2022-09-07 14:58:52 +05:30 · 331362d45a
commit 331362d45a
parent 79704b8213
2 changed files with 6 additions and 93 deletions
--- a/portable/Common/mpu_wrappers.c
+++ b/portable/Common/mpu_wrappers.c
@ -65,6 +65,9 @@
                portRAISE_PRIVILEGE();
                portMEMORY_BARRIER();

+                uxPriority = uxPriority & ~( portPRIVILEGE_BIT );
+                portMEMORY_BARRIER();
+
                xReturn = xTaskCreate( pvTaskCode, pcName, usStackDepth, pvParameters, uxPriority, pxCreatedTask );
                portMEMORY_BARRIER();

@ -97,6 +100,9 @@
                portRAISE_PRIVILEGE();
                portMEMORY_BARRIER();

+                uxPriority = uxPriority & ~( portPRIVILEGE_BIT );
+                portMEMORY_BARRIER();
+
                xReturn = xTaskCreateStatic( pxTaskCode, pcName, ulStackDepth, pvParameters, uxPriority, puxStackBuffer, pxTaskBuffer );
                portMEMORY_BARRIER();

@ -1708,67 +1714,6 @@
    }
 /*-----------------------------------------------------------*/

-    #if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) )
-        TimerHandle_t MPU_xTimerCreate( const char * const pcTimerName,
-                                        const TickType_t xTimerPeriodInTicks,
-                                        const UBaseType_t uxAutoReload,
-                                        void * const pvTimerID,
-                                        TimerCallbackFunction_t pxCallbackFunction ) /* FREERTOS_SYSTEM_CALL */
-        {
-            TimerHandle_t xReturn;
-
-            if( portIS_PRIVILEGED() == pdFALSE )
-            {
-                portRAISE_PRIVILEGE();
-                portMEMORY_BARRIER();
-
-                xReturn = xTimerCreate( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction );
-                portMEMORY_BARRIER();
-
-                portRESET_PRIVILEGE();
-                portMEMORY_BARRIER();
-            }
-            else
-            {
-                xReturn = xTimerCreate( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction );
-            }
-
-            return xReturn;
-        }
-    #endif /* if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
-    #if ( ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) )
-        TimerHandle_t MPU_xTimerCreateStatic( const char * const pcTimerName,
-                                              const TickType_t xTimerPeriodInTicks,
-                                              const UBaseType_t uxAutoReload,
-                                              void * const pvTimerID,
-                                              TimerCallbackFunction_t pxCallbackFunction,
-                                              StaticTimer_t * pxTimerBuffer ) /* FREERTOS_SYSTEM_CALL */
-        {
-            TimerHandle_t xReturn;
-
-            if( portIS_PRIVILEGED() == pdFALSE )
-            {
-                portRAISE_PRIVILEGE();
-                portMEMORY_BARRIER();
-
-                xReturn = xTimerCreateStatic( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction, pxTimerBuffer );
-                portMEMORY_BARRIER();
-
-                portRESET_PRIVILEGE();
-                portMEMORY_BARRIER();
-            }
-            else
-            {
-                xReturn = xTimerCreateStatic( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction, pxTimerBuffer );
-            }
-
-            return xReturn;
-        }
-    #endif /* if ( ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
    #if ( configUSE_TIMERS == 1 )
        void * MPU_pvTimerGetTimerID( const TimerHandle_t xTimer ) /* FREERTOS_SYSTEM_CALL */
        {
@ -1870,35 +1815,6 @@
    #endif /* if ( configUSE_TIMERS == 1 ) */
 /*-----------------------------------------------------------*/

-    #if ( ( INCLUDE_xTimerPendFunctionCall == 1 ) && ( configUSE_TIMERS == 1 ) )
-        BaseType_t MPU_xTimerPendFunctionCall( PendedFunction_t xFunctionToPend,
-                                               void * pvParameter1,
-                                               uint32_t ulParameter2,
-                                               TickType_t xTicksToWait ) /* FREERTOS_SYSTEM_CALL */
-        {
-            BaseType_t xReturn;
-
-            if( portIS_PRIVILEGED() == pdFALSE )
-            {
-                portRAISE_PRIVILEGE();
-                portMEMORY_BARRIER();
-
-                xReturn = xTimerPendFunctionCall( xFunctionToPend, pvParameter1, ulParameter2, xTicksToWait );
-                portMEMORY_BARRIER();
-
-                portRESET_PRIVILEGE();
-                portMEMORY_BARRIER();
-            }
-            else
-            {
-                xReturn = xTimerPendFunctionCall( xFunctionToPend, pvParameter1, ulParameter2, xTicksToWait );
-            }
-
-            return xReturn;
-        }
-    #endif /* if ( ( INCLUDE_xTimerPendFunctionCall == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
    #if ( configUSE_TIMERS == 1 )
        void MPU_vTimerSetReloadMode( TimerHandle_t xTimer,
                                      const UBaseType_t uxAutoReload ) /* FREERTOS_SYSTEM_CALL */