Skip to content

MPU Task Creation Check Region Settings #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

MPU Task Creation Check Region Settings #7

wants to merge 3 commits into from

Conversation

Skptak
Copy link
Owner

@Skptak Skptak commented Mar 5, 2024
edited
Loading

Description

This is a POC of how to remove the PRIVILEGED_DATA and PRIVILEGED_FUNCTIONS MPU Regions from the FreeRTOS-Kernel. This is done by inspecting the MPU settings a task is attempting to be created with to determine if it is:

  1. Trying to grant itself write permissions to FLASH
  2. Trying to grant itself execute permissions to RAM
  3. Trying to grant itself read/write to PRIVILEGED_FLASH/PRIVILEGED_DATA when being created as an unprivileged task

There are additional checks for invalid MPU settings as well, to assist end-users when creating MPU enabled tasks.

Test Steps

  1. Modify a task's MPU settings to attempt to grant write permissions to FLASH
  2. Modify a task's MPU settings to attempt to grant execute permissions to RAM
  3. Modify an unprivileged task's MPU Settings to attempt to grant permissions to PRIVILEGED_FLASH/PRIVILEGED_DATA

Checklist:

  • I have tested my changes. No regression in existing tests.
  • I have modified and/or added unit-tests to cover the code changes in this Pull Request.

Related Issue

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Skptak added 3 commits March 5, 2024 11:57
@Skptak
Add in a check for the MPU Regions being used by tasks to ensure unpr…
beb2247 
…ivileged tasks can't access privileged data/function. Also add check for executable permissions to RAM, and a check for write permissions in FLASH.
@Skptak
Remove PRIVILEGED_FLASH and PRIVILEGED_DATA MPU regions, fix incorrec…
308d3b7 
…t checks related to access permissions
@Skptak
Can only grant back privileged data easily. Giving back privileged fu…
16c00ef 
…nctions would require some run-time MPU sub-region stuff, and stealing at minimum an 8th of all of flash.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Skptak