From e94696c38dd75236447a720cbd7e7c107c0f9ef7 Mon Sep 17 00:00:00 2001 From: Mubin Usman Sayyed Date: Mon, 30 Nov 2020 01:33:35 +0530 Subject: [PATCH 1/6] MicroblazeV9: Add default implementation for callback functions Signed-off-by: Mubin Usman Sayyed --- portable/GCC/MicroBlazeV9/portmicroblaze.c | 314 +++++++++++++++++++++ 1 file changed, 314 insertions(+) create mode 100755 portable/GCC/MicroBlazeV9/portmicroblaze.c diff --git a/portable/GCC/MicroBlazeV9/portmicroblaze.c b/portable/GCC/MicroBlazeV9/portmicroblaze.c new file mode 100755 index 000000000..dad083b8b --- /dev/null +++ b/portable/GCC/MicroBlazeV9/portmicroblaze.c @@ -0,0 +1,314 @@ +/* + * FreeRTOS Kernel V10.4.2 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (C) 2012 - 2020 Xilinx, Inc. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + * 1 tab == 4 spaces! + */ + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +/* Xilinx includes. */ +#include "xil_printf.h" +#include "xparameters.h" + +#if defined( XPAR_XTMRCTR_NUM_INSTANCES ) + #if( XPAR_XTMRCTR_NUM_INSTANCES > 0 ) + #include "xtmrctr.h" + /* The timer is used to generate the RTOS tick interrupt. */ + static XTmrCtr xTickTimerInstance; + #endif +#elif defined (XPAR_XTTCPS_NUM_INSTANCES) + #if(XPAR_XTTCPS_NUM_INSTANCES > 0) + #include "xttcps.h" + /* The timer is used to generate the RTOS tick interrupt. */ + static XTtcPs xTickTimerInstance; + #endif +#endif + + +/* + * Some FreeRTOSConfig.h settings require the application writer to provide the + * implementation of a callback function that has a specific name, and a linker + * error will result if the application does not provide the required function. + * To avoid the risk of a configuration file setting resulting in a linker error + * this file provides default implementations of each callback that might be + * required. The default implementations are declared as weak symbols to allow + * the application writer to override the default implementation by providing + * their own implementation in the application itself. + */ +void vApplicationAssert( const char *pcFileName, uint32_t ulLine ) __attribute__((weak)); +void vApplicationTickHook( void ) __attribute__((weak)); +void vApplicationIdleHook( void ) __attribute__((weak)); +void vApplicationMallocFailedHook( void ) __attribute((weak)); +void vApplicationStackOverflowHook( TaskHandle_t xTask, char *pcTaskName ) __attribute__((weak)); +void vApplicationSetupTimerInterrupt( void ) __attribute__((weak)); +void vApplicationClearTimerInterrupt( void ) __attribute__((weak)); + +/*-----------------------------------------------------------*/ + + +/* This version of vApplicationAssert() is declared as a weak symbol to allow it +to be overridden by a version implemented within the application that is using +this BSP. */ +void vApplicationAssert( const char *pcFileName, uint32_t ulLine ) +{ +volatile uint32_t ul = 0; +volatile const char *pcLocalFileName = pcFileName; /* To prevent pcFileName being optimized away. */ +volatile uint32_t ulLocalLine = ulLine; /* To prevent ulLine being optimized away. */ + + /* Prevent compile warnings about the following two variables being set but + not referenced. They are intended for viewing in the debugger. */ + ( void ) pcLocalFileName; + ( void ) ulLocalLine; + + xil_printf( "Assert failed in file %s, line %lu\r\n", pcLocalFileName, ulLocalLine ); + + /* If this function is entered then a call to configASSERT() failed in the + FreeRTOS code because of a fatal error. The pcFileName and ulLine + parameters hold the file name and line number in that file of the assert + that failed. Additionally, if using the debugger, the function call stack + can be viewed to find which line failed its configASSERT() test. Finally, + the debugger can be used to set ul to a non-zero value, then step out of + this function to find where the assert function was entered. */ + taskENTER_CRITICAL(); + { + while( ul == 0 ) + { + __asm volatile( "NOP" ); + } + } + taskEXIT_CRITICAL(); +} +/*-----------------------------------------------------------*/ + +/* This default tick hook does nothing and is declared as a weak symbol to allow +the application writer to override this default by providing their own +implementation in the application code. */ +void vApplicationTickHook( void ) +{ +} +/*-----------------------------------------------------------*/ + +/* This default idle hook does nothing and is declared as a weak symbol to allow +the application writer to override this default by providing their own +implementation in the application code. */ +void vApplicationIdleHook( void ) +{ +} +/*-----------------------------------------------------------*/ + +/* This default malloc failed hook does nothing and is declared as a weak symbol +to allow the application writer to override this default by providing their own +implementation in the application code. */ +void vApplicationMallocFailedHook( void ) +{ + xil_printf( "vApplicationMallocFailedHook() called\n" ); +} +/*-----------------------------------------------------------*/ + +/* This default stack overflow hook will stop the application for executing. It +is declared as a weak symbol to allow the application writer to override this +default by providing their own implementation in the application code. */ +void vApplicationStackOverflowHook( TaskHandle_t xTask, char *pcTaskName ) +{ +/* Attempt to prevent the handle and name of the task that overflowed its stack +from being optimised away because they are not used. */ +volatile TaskHandle_t xOverflowingTaskHandle = xTask; +volatile char *pcOverflowingTaskName = pcTaskName; + + ( void ) xOverflowingTaskHandle; + ( void ) pcOverflowingTaskName; + + xil_printf( "HALT: Task %s overflowed its stack.", pcOverflowingTaskName ); + portDISABLE_INTERRUPTS(); + for( ;; ); +} +/*-----------------------------------------------------------*/ + +#if defined( XPAR_XTMRCTR_NUM_INSTANCES ) + #if( XPAR_XTMRCTR_NUM_INSTANCES > 0 ) + /* This is a default implementation of what is otherwise an application defined + callback function used to install the tick interrupt handler. It is provided as + an application callback because the kernel will run on lots of different + MicroBlaze and FPGA configurations - not all of which will have the same timer + peripherals defined or available. vApplicationSetupTimerInterrupt() is declared + as a weak symbol, allowing the application writer to provide their own + implementation, if this default implementation is not suitable. */ + void vApplicationSetupTimerInterrupt( void ) + { + portBASE_TYPE xStatus; + const unsigned char ucTickTimerCounterNumber = ( unsigned char ) 0U; + const unsigned char ucRunTimeStatsCounterNumber = ( unsigned char ) 1U; + const unsigned long ulCounterValue = ( ( XPAR_TMRCTR_0_CLOCK_FREQ_HZ / configTICK_RATE_HZ ) - 1UL ); + extern void vPortTickISR( void *pvUnused ); + + /* Initialise the timer/counter. */ + xStatus = XTmrCtr_Initialize( &xTickTimerInstance, XPAR_TMRCTR_0_DEVICE_ID ); + + if( xStatus == XST_SUCCESS ) + { + /* Install the tick interrupt handler as the timer ISR. + *NOTE* The xPortInstallInterruptHandler() API function must be used for + this purpose. */ + xStatus = xPortInstallInterruptHandler( XPAR_INTC_0_TMRCTR_0_VEC_ID, vPortTickISR, NULL ); + } + + if( xStatus == pdPASS ) + { + /* Enable the timer interrupt in the interrupt controller. + *NOTE* The vPortEnableInterrupt() API function must be used for this + purpose. */ + vPortEnableInterrupt( XPAR_INTC_0_TMRCTR_0_VEC_ID ); + + /* Configure the timer interrupt handler. This installs the handler + directly, rather than through the Xilinx driver. This is done for + efficiency. */ + XTmrCtr_SetHandler( &xTickTimerInstance, ( void * ) vPortTickISR, NULL ); + + /* Set the correct period for the timer. */ + XTmrCtr_SetResetValue( &xTickTimerInstance, ucTickTimerCounterNumber, ulCounterValue ); + + /* Enable the interrupts. Auto-reload mode is used to generate a + periodic tick. Note that interrupts are disabled when this function is + called, so interrupts will not start to be processed until the first + task has started to run. */ + XTmrCtr_SetOptions( &xTickTimerInstance, ucTickTimerCounterNumber, ( XTC_INT_MODE_OPTION | XTC_AUTO_RELOAD_OPTION | XTC_DOWN_COUNT_OPTION ) ); + + /* Start the timer. */ + XTmrCtr_Start( &xTickTimerInstance, ucTickTimerCounterNumber ); + + + + + /* The second timer is used as the time base for the run time stats. + Auto-reload mode is used to ensure the timer does not stop. */ + XTmrCtr_SetOptions( &xTickTimerInstance, ucRunTimeStatsCounterNumber, XTC_AUTO_RELOAD_OPTION ); + + /* Start the timer. */ + XTmrCtr_Start( &xTickTimerInstance, ucRunTimeStatsCounterNumber ); + } + + /* Sanity check that the function executed as expected. */ + configASSERT( ( xStatus == pdPASS ) ); + } + #endif /* XPAR_XTMRCTR_NUM_INSTANCES > 0 */ +#elif defined (XPAR_XTTCPS_NUM_INSTANCES) + #if(XPAR_XTTCPS_NUM_INSTANCES > 0) + void vApplicationSetupTimerInterrupt( void ) + { + portBASE_TYPE xStatus; + XInterval usInterval; + uint8_t ucPrescaler; + extern void vPortTickISR( void *pvUnused ); + XTtcPs_Config *pxTimerConfiguration; + + /* Initialise the timer/counter. */ + pxTimerConfiguration = XTtcPs_LookupConfig( configTIMER_ID ); + xStatus = XTtcPs_CfgInitialize( &xTickTimerInstance, pxTimerConfiguration, pxTimerConfiguration->BaseAddress ); + + if( xStatus != XST_SUCCESS ) + { + XTtcPs_Stop(&xTickTimerInstance); + xStatus = XTtcPs_CfgInitialize( &xTickTimerInstance, pxTimerConfiguration, pxTimerConfiguration->BaseAddress ); + if( xStatus != XST_SUCCESS ) + { + xil_printf( "In %s: Timer Cfg initialization failed...\r\n", __func__ ); + return; + } + } + + if( xStatus == XST_SUCCESS ) + { + /* Install the tick interrupt handler as the timer ISR. + *NOTE* The xPortInstallInterruptHandler() API function must be used for + this purpose. */ + xStatus = xPortInstallInterruptHandler( configTIMER_INTERRUPT_ID, vPortTickISR, NULL ); + } + + if( xStatus == pdPASS ) + { + XTtcPs_SetOptions( &xTickTimerInstance, XTTCPS_OPTION_INTERVAL_MODE | XTTCPS_OPTION_WAVE_DISABLE ); + /* + * The Xilinx implementation of generating run time task stats uses the same timer used for generating + * FreeRTOS ticks. In case user decides to generate run time stats the timer time out interval is changed + * as "configured tick rate * 10". The multiplying factor of 10 is hard coded for Xilinx FreeRTOS ports. + */ +#if (configGENERATE_RUN_TIME_STATS == 1) + XTtcPs_CalcIntervalFromFreq( &xTickTimerInstance, configTICK_RATE_HZ*10, &usInterval, &ucPrescaler ); +#else + XTtcPs_CalcIntervalFromFreq( &xTickTimerInstance, configTICK_RATE_HZ, &usInterval, &ucPrescaler ); +#endif + XTtcPs_SetInterval( &xTickTimerInstance, usInterval ); + XTtcPs_SetPrescaler( &xTickTimerInstance, ucPrescaler ); + /* Enable the timer interrupt in the interrupt controller. + *NOTE* The vPortEnableInterrupt() API function must be used for this + purpose. */ + vPortEnableInterrupt( configTIMER_INTERRUPT_ID ); + /* Enable the interrupt for timer. */ + XTtcPs_EnableInterrupts( &xTickTimerInstance, XTTCPS_IXR_INTERVAL_MASK ); + + /* Start the timer */ + XTtcPs_Start( &xTickTimerInstance ); + } + + /* Sanity check that the function executed as expected. */ + configASSERT( ( xStatus == pdPASS ) ); + } + #endif /* XPAR_XTTCPS_NUM_INSTANCES */ +#endif /* XPAR_XTMRCTR_NUM_INSTANCES */ +/*-----------------------------------------------------------*/ + +#if defined( XPAR_XTMRCTR_NUM_INSTANCES ) + #if( XPAR_XTMRCTR_NUM_INSTANCES > 0 ) + /* This is a default implementation of what is otherwise an application defined + callback function used to clear whichever timer interrupt is used to generate + the tick interrupt. It is provided as an application callback because the + kernel will run on lots of different MicroBlaze and FPGA configurations - not + all of which will have the same timer peripherals defined or available. + vApplicationSetupTimerInterrupt() is declared as a weak symbol, allowing the + application writer to provide their own implementation, if this default + implementation is not suitable. */ + void vApplicationClearTimerInterrupt( void ) + { + unsigned long ulCSR; + + /* Clear the timer interrupt */ + ulCSR = XTmrCtr_GetControlStatusReg( XPAR_TMRCTR_0_BASEADDR, 0 ); + XTmrCtr_SetControlStatusReg( XPAR_TMRCTR_0_BASEADDR, 0, ulCSR ); + } + #endif /* XPAR_XTMRCTR_NUM_INSTANCES > 0 */ +#elif defined (XPAR_XTTCPS_NUM_INSTANCES) + #if(XPAR_XTTCPS_NUM_INSTANCES > 0) + + void vApplicationClearTimerInterrupt( void ) + { + uint32_t ulStatusEvent; + + ulStatusEvent = XTtcPs_GetInterruptStatus( &xTickTimerInstance ); + XTtcPs_ClearInterruptStatus( &xTickTimerInstance, ulStatusEvent ); + } + #endif +#endif /* XPAR_XTMRCTR_NUM_INSTANCES */ From 68ca3a9b2a5d6067e26d3e1cf535327b2f9e0b76 Mon Sep 17 00:00:00 2001 From: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Wed, 2 Dec 2020 14:12:16 -0800 Subject: [PATCH 2/6] Update branch of c-sdk repo to main (#223) Also add missing apostrophe to stdint.readme Signed-off-by: Gaurav Aggarwal --- .github/workflows/ci.yml | 2 +- .github/workflows/header-checks.yml | 22 +++++++++++----------- include/stdint.readme | 27 ++++++++++++++++++++++++++- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 377813b07..bc5e1d150 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: - name: Checkout Parent Repo uses: actions/checkout@v2 with: - ref: master + ref: main repository: aws/aws-iot-device-sdk-embedded-C path: main - name: Clone This Repo diff --git a/.github/workflows/header-checks.yml b/.github/workflows/header-checks.yml index c249ea4ee..4d9546c4b 100644 --- a/.github/workflows/header-checks.yml +++ b/.github/workflows/header-checks.yml @@ -1,6 +1,6 @@ name: FreeRTOS-Header-Checker -on: [pull_request] +on: [pull_request] jobs: header-checker: @@ -12,15 +12,15 @@ jobs: uses: actions/setup-python@v2 with: python-version: 3.8.5 - architecture: x64 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + architecture: x64 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Get latest checks from master - name: Checkout FreeRTOS Tools uses: actions/checkout@v2 with: - repository: FreeRTOS/FreeRTOS + repository: FreeRTOS/FreeRTOS ref: master path: tools @@ -29,18 +29,18 @@ jobs: uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} - path: inspect - + path: inspect + # Collect all affected files - name: Collecting changed files uses: lots0logs/gh-action-get-changed-files@2.1.4 with: token: ${{ secrets.GITHUB_TOKEN }} - - # Run checks + + # Run checks - name: Check File Headers run: | cd inspect ../tools/.github/scripts/check-header.py --kernel --json ${HOME}/files.json exit $? - + diff --git a/include/stdint.readme b/include/stdint.readme index 6d86149ca..26592bfbd 100644 --- a/include/stdint.readme +++ b/include/stdint.readme @@ -1,3 +1,28 @@ +/* + * FreeRTOS Kernel V10.4.2 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ #ifndef FREERTOS_STDINT #define FREERTOS_STDINT @@ -10,7 +35,7 @@ * To use this file: * * 1) Copy this file into the directory that contains your FreeRTOSConfig.h - * header file, as that directory will already be in the compilers include + * header file, as that directory will already be in the compiler's include * path. * * 2) Rename the copied file stdint.h. From b5020cb3d8be05ecb45019a9196fe6c3b2ac3a38 Mon Sep 17 00:00:00 2001 From: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:53:22 -0800 Subject: [PATCH 3/6] Prevent unprivileged task from altering MPU configuration (#227) This change removes the FreeRTOS System Calls (aka MPU wrappers) for the following kernel APIs: - xTaskCreateRestricted - xTaskCreateRestrictedStatic - vTaskAllocateMPURegions A system call allows an unprivileged task to execute a kernel API which is otherwise accessible to privileged software only. The above 3 APIs can create a new task with a different MPU configuration or alter the MPU configuration of an existing task. This an be (mis)used by an unprivileged task to grant itself access to a region which it does not have access to. Removing the system calls for these APIs ensures that an unprivileged task cannot execute this APIs. If an unprivileged task attempts to execute any of these API, it will result in a Memory Fault. Signed-off-by: Gaurav Aggarwal --- include/mpu_prototypes.h | 6 ------ include/mpu_wrappers.h | 2 -- portable/Common/mpu_wrappers.c | 38 ---------------------------------- 3 files changed, 46 deletions(-) diff --git a/include/mpu_prototypes.h b/include/mpu_prototypes.h index 81b1bf845..62601d2f1 100644 --- a/include/mpu_prototypes.h +++ b/include/mpu_prototypes.h @@ -50,12 +50,6 @@ TaskHandle_t MPU_xTaskCreateStatic( TaskFunction_t pxTaskCode, UBaseType_t uxPriority, StackType_t * const puxStackBuffer, StaticTask_t * const pxTaskBuffer ) FREERTOS_SYSTEM_CALL; -BaseType_t MPU_xTaskCreateRestricted( const TaskParameters_t * const pxTaskDefinition, - TaskHandle_t * pxCreatedTask ) FREERTOS_SYSTEM_CALL; -BaseType_t MPU_xTaskCreateRestrictedStatic( const TaskParameters_t * const pxTaskDefinition, - TaskHandle_t * pxCreatedTask ) FREERTOS_SYSTEM_CALL; -void MPU_vTaskAllocateMPURegions( TaskHandle_t xTask, - const MemoryRegion_t * const pxRegions ) FREERTOS_SYSTEM_CALL; void MPU_vTaskDelete( TaskHandle_t xTaskToDelete ) FREERTOS_SYSTEM_CALL; void MPU_vTaskDelay( const TickType_t xTicksToDelay ) FREERTOS_SYSTEM_CALL; BaseType_t MPU_xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, diff --git a/include/mpu_wrappers.h b/include/mpu_wrappers.h index 18fce4daf..cdc34b094 100644 --- a/include/mpu_wrappers.h +++ b/include/mpu_wrappers.h @@ -47,8 +47,6 @@ /* Map standard tasks.h API functions to the MPU equivalents. */ #define xTaskCreate MPU_xTaskCreate #define xTaskCreateStatic MPU_xTaskCreateStatic - #define xTaskCreateRestricted MPU_xTaskCreateRestricted - #define vTaskAllocateMPURegions MPU_vTaskAllocateMPURegions #define vTaskDelete MPU_vTaskDelete #define vTaskDelay MPU_vTaskDelay #define xTaskDelayUntil MPU_xTaskDelayUntil diff --git a/portable/Common/mpu_wrappers.c b/portable/Common/mpu_wrappers.c index 1b6696b6f..2bcabb5cc 100644 --- a/portable/Common/mpu_wrappers.c +++ b/portable/Common/mpu_wrappers.c @@ -85,34 +85,6 @@ void vPortResetPrivilege( BaseType_t xRunningPrivileged ) } /*-----------------------------------------------------------*/ -#if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) - BaseType_t MPU_xTaskCreateRestricted( const TaskParameters_t * const pxTaskDefinition, - TaskHandle_t * pxCreatedTask ) /* FREERTOS_SYSTEM_CALL */ - { - BaseType_t xReturn; - BaseType_t xRunningPrivileged = xPortRaisePrivilege(); - - xReturn = xTaskCreateRestricted( pxTaskDefinition, pxCreatedTask ); - vPortResetPrivilege( xRunningPrivileged ); - return xReturn; - } -#endif /* conifgSUPPORT_DYNAMIC_ALLOCATION */ -/*-----------------------------------------------------------*/ - -#if ( configSUPPORT_STATIC_ALLOCATION == 1 ) - BaseType_t MPU_xTaskCreateRestrictedStatic( const TaskParameters_t * const pxTaskDefinition, - TaskHandle_t * pxCreatedTask ) /* FREERTOS_SYSTEM_CALL */ - { - BaseType_t xReturn; - BaseType_t xRunningPrivileged = xPortRaisePrivilege(); - - xReturn = xTaskCreateRestrictedStatic( pxTaskDefinition, pxCreatedTask ); - vPortResetPrivilege( xRunningPrivileged ); - return xReturn; - } -#endif /* conifgSUPPORT_DYNAMIC_ALLOCATION */ -/*-----------------------------------------------------------*/ - #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) BaseType_t MPU_xTaskCreate( TaskFunction_t pvTaskCode, const char * const pcName, @@ -150,16 +122,6 @@ void vPortResetPrivilege( BaseType_t xRunningPrivileged ) #endif /* configSUPPORT_STATIC_ALLOCATION */ /*-----------------------------------------------------------*/ -void MPU_vTaskAllocateMPURegions( TaskHandle_t xTask, - const MemoryRegion_t * const xRegions ) /* FREERTOS_SYSTEM_CALL */ -{ - BaseType_t xRunningPrivileged = xPortRaisePrivilege(); - - vTaskAllocateMPURegions( xTask, xRegions ); - vPortResetPrivilege( xRunningPrivileged ); -} -/*-----------------------------------------------------------*/ - #if ( INCLUDE_vTaskDelete == 1 ) void MPU_vTaskDelete( TaskHandle_t pxTaskToDelete ) /* FREERTOS_SYSTEM_CALL */ { From c7a9a01c94987082b223d3e59969ede64363da63 Mon Sep 17 00:00:00 2001 From: Cobus van Eeden <35851496+cobusve@users.noreply.github.com> Date: Mon, 7 Dec 2020 10:36:27 -0800 Subject: [PATCH 4/6] Improve heap2 bounds checking (#224) * Improve heap bounds checking in pvPortMalloc --- portable/MemMang/heap_1.c | 19 +++++++++++++------ portable/MemMang/heap_2.c | 24 +++++++++++++++++------- portable/MemMang/heap_4.c | 32 ++++++++++++++++++++------------ portable/MemMang/heap_5.c | 25 ++++++++++++++++--------- 4 files changed, 66 insertions(+), 34 deletions(-) diff --git a/portable/MemMang/heap_1.c b/portable/MemMang/heap_1.c index 4a7f8c2e5..2b7346340 100644 --- a/portable/MemMang/heap_1.c +++ b/portable/MemMang/heap_1.c @@ -22,7 +22,6 @@ * https://www.FreeRTOS.org * https://github.com/FreeRTOS * - * 1 tab == 4 spaces! */ @@ -72,13 +71,20 @@ void * pvPortMalloc( size_t xWantedSize ) void * pvReturn = NULL; static uint8_t * pucAlignedHeap = NULL; - /* Ensure that blocks are always aligned to the required number of bytes. */ + /* Ensure that blocks are always aligned. */ #if ( portBYTE_ALIGNMENT != 1 ) { if( xWantedSize & portBYTE_ALIGNMENT_MASK ) { - /* Byte alignment required. */ - xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + /* Byte alignment required. Check for overflow. */ + if ( (xWantedSize + ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) )) > xWantedSize ) + { + xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + } + else + { + xWantedSize = 0; + } } } #endif @@ -91,8 +97,9 @@ void * pvPortMalloc( size_t xWantedSize ) pucAlignedHeap = ( uint8_t * ) ( ( ( portPOINTER_SIZE_TYPE ) & ucHeap[ portBYTE_ALIGNMENT ] ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); } - /* Check there is enough room left for the allocation. */ - if( ( ( xNextFreeByte + xWantedSize ) < configADJUSTED_HEAP_SIZE ) && + /* Check there is enough room left for the allocation and. */ + if( ( xWantedSize > 0 ) && /* valid size */ + ( ( xNextFreeByte + xWantedSize ) < configADJUSTED_HEAP_SIZE ) && ( ( xNextFreeByte + xWantedSize ) > xNextFreeByte ) ) /* Check for overflow. */ { /* Return the next free byte then increment the index past this diff --git a/portable/MemMang/heap_2.c b/portable/MemMang/heap_2.c index 640cd54fd..e132ae3ea 100644 --- a/portable/MemMang/heap_2.c +++ b/portable/MemMang/heap_2.c @@ -22,7 +22,6 @@ * https://www.FreeRTOS.org * https://github.com/FreeRTOS * - * 1 tab == 4 spaces! */ /* @@ -132,21 +131,32 @@ void * pvPortMalloc( size_t xWantedSize ) xHeapHasBeenInitialised = pdTRUE; } - /* The wanted size is increased so it can contain a BlockLink_t + /* The wanted size must be increased so it can contain a BlockLink_t * structure in addition to the requested amount of bytes. */ - if( xWantedSize > 0 ) + if( ( xWantedSize > 0 ) && + ( ( xWantedSize + heapSTRUCT_SIZE ) > xWantedSize ) ) /* Overflow check */ { xWantedSize += heapSTRUCT_SIZE; - /* Ensure that blocks are always aligned to the required number of bytes. */ - if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0 ) + /* Byte alignment required. Check for overflow. */ + if( ( xWantedSize + ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ) ) + > xWantedSize ) { - /* Byte alignment required. */ xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + configASSERT( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) == 0 ); } + else + { + xWantedSize = 0; + } + } + else + { + xWantedSize = 0; } - if( ( xWantedSize > 0 ) && ( xWantedSize < configADJUSTED_HEAP_SIZE ) ) + + if( ( xWantedSize > 0 ) && ( xWantedSize <= xFreeBytesRemaining ) ) { /* Blocks are stored in byte order - traverse the list from the start * (smallest) block until one of adequate size is found. */ diff --git a/portable/MemMang/heap_4.c b/portable/MemMang/heap_4.c index 7e5357ccf..2a1ee20ff 100644 --- a/portable/MemMang/heap_4.c +++ b/portable/MemMang/heap_4.c @@ -136,34 +136,42 @@ void * pvPortMalloc( size_t xWantedSize ) * kernel, so it must be free. */ if( ( xWantedSize & xBlockAllocatedBit ) == 0 ) { - /* The wanted size is increased so it can contain a BlockLink_t + /* The wanted size must be increased so it can contain a BlockLink_t * structure in addition to the requested amount of bytes. */ - if( xWantedSize > 0 ) + if( ( xWantedSize > 0 ) && + ( ( xWantedSize + xHeapStructSize ) > xWantedSize ) ) /* Overflow check */ { xWantedSize += xHeapStructSize; - /* Ensure that blocks are always aligned to the required number - * of bytes. */ + /* Ensure that blocks are always aligned. */ if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0x00 ) { - /* Byte alignment required. */ - xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); - configASSERT( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) == 0 ); + /* Byte alignment required. Check for overflow. */ + if( ( xWantedSize + ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ) ) + > xWantedSize ) + { + xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + configASSERT( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) == 0 ); + } + else + { + xWantedSize = 0; + } } else { mtCOVERAGE_TEST_MARKER(); } - } - else + } + else { - mtCOVERAGE_TEST_MARKER(); + xWantedSize = 0; } if( ( xWantedSize > 0 ) && ( xWantedSize <= xFreeBytesRemaining ) ) { /* Traverse the list from the start (lowest address) block until - * one of adequate size is found. */ + * one of adequate size is found. */ pxPreviousBlock = &xStart; pxBlock = xStart.pxNextFreeBlock; @@ -174,7 +182,7 @@ void * pvPortMalloc( size_t xWantedSize ) } /* If the end marker was reached then a block of adequate size - * was not found. */ + * was not found. */ if( pxBlock != pxEnd ) { /* Return the memory space pointed to - jumping over the diff --git a/portable/MemMang/heap_5.c b/portable/MemMang/heap_5.c index 90c0b5bdf..fe194a6a0 100644 --- a/portable/MemMang/heap_5.c +++ b/portable/MemMang/heap_5.c @@ -22,7 +22,6 @@ * https://www.FreeRTOS.org * https://github.com/FreeRTOS * - * 1 tab == 4 spaces! */ /* @@ -150,16 +149,24 @@ void * pvPortMalloc( size_t xWantedSize ) { /* The wanted size is increased so it can contain a BlockLink_t * structure in addition to the requested amount of bytes. */ - if( xWantedSize > 0 ) + if( ( xWantedSize > 0 ) && + ( ( xWantedSize + xHeapStructSize ) > xWantedSize ) ) /* Overflow check */ { xWantedSize += xHeapStructSize; - /* Ensure that blocks are always aligned to the required number - * of bytes. */ + /* Ensure that blocks are always aligned */ if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0x00 ) { - /* Byte alignment required. */ - xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + /* Byte alignment required. Check for overflow */ + if( ( xWantedSize + ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ) ) > + xWantedSize ) + { + xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); + } + else + { + xWantedSize = 0; + } } else { @@ -168,13 +175,13 @@ void * pvPortMalloc( size_t xWantedSize ) } else { - mtCOVERAGE_TEST_MARKER(); + xWantedSize = 0; } if( ( xWantedSize > 0 ) && ( xWantedSize <= xFreeBytesRemaining ) ) { /* Traverse the list from the start (lowest address) block until - * one of adequate size is found. */ + * one of adequate size is found. */ pxPreviousBlock = &xStart; pxBlock = xStart.pxNextFreeBlock; @@ -185,7 +192,7 @@ void * pvPortMalloc( size_t xWantedSize ) } /* If the end marker was reached then a block of adequate size - * was not found. */ + * was not found. */ if( pxBlock != pxEnd ) { /* Return the memory space pointed to - jumping over the From d05b9c123f2bf9090bce386a244fc934ae44db5b Mon Sep 17 00:00:00 2001 From: Cobus van Eeden <35851496+cobusve@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:07:31 -0800 Subject: [PATCH 5/6] Add addition overflow check for stream buffer (#226) --- stream_buffer.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/stream_buffer.c b/stream_buffer.c index 03cfc0615..fec03a781 100644 --- a/stream_buffer.c +++ b/stream_buffer.c @@ -258,8 +258,16 @@ static void prvInitialiseNewStreamBuffer( StreamBuffer_t * const pxStreamBuffer, * this is a quirk of the implementation that means otherwise the free * space would be reported as one byte smaller than would be logically * expected. */ - xBufferSizeBytes++; - pucAllocatedMemory = ( uint8_t * ) pvPortMalloc( xBufferSizeBytes + sizeof( StreamBuffer_t ) ); /*lint !e9079 malloc() only returns void*. */ + if( xBufferSizeBytes < ( xBufferSizeBytes + 1 + sizeof( StreamBuffer_t ) ) ) + { + xBufferSizeBytes++; + pucAllocatedMemory = ( uint8_t * ) pvPortMalloc( xBufferSizeBytes + sizeof( StreamBuffer_t ) ); /*lint !e9079 malloc() only returns void*. */ + } + else + { + pucAllocatedMemory = NULL; + } + if( pucAllocatedMemory != NULL ) { From 47338393f1f79558f6144213409f09f81d7c4837 Mon Sep 17 00:00:00 2001 From: Cobus van Eeden <35851496+cobusve@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:48:51 -0800 Subject: [PATCH 6/6] add assert for addition overflow on queue creation (#225) --- queue.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/queue.c b/queue.c index d2e27e55a..b01dfd11f 100644 --- a/queue.c +++ b/queue.c @@ -397,6 +397,9 @@ BaseType_t xQueueGenericReset( QueueHandle_t xQueue, /* Check for multiplication overflow. */ configASSERT( ( uxItemSize == 0 ) || ( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) ) ); + /* Check for addition overflow. */ + configASSERT( ( sizeof( Queue_t ) + xQueueSizeInBytes ) > xQueueSizeInBytes ); + /* Allocate the queue and storage area. Justification for MISRA * deviation as follows: pvPortMalloc() always ensures returned memory * blocks are aligned per the requirements of the MCU stack. In this case