Restrict unpriv task to invoke code with privilege

aggarg · aggarg · commit da73aa632974 · 2022-09-16T22:18:35.000+05:30
It was possible for an unprivileged task to invoke any function with
privilege by passing it as a parameter to MPU_xTaskCreate,
MPU_xTaskCreateStatic, MPU_xTimerCreate, MPU_xTimerCreateStatic, or
MPU_xTimerPendFunctionCall.

This commit ensures that MPU_xTaskCreate and MPU_xTaskCreateStatic can
only create unprivileged tasks. It also removes the following APIs:
1. MPU_xTimerCreate
2. MPU_xTimerCreateStatic
3. MPU_xTimerPendFunctionCall

We thank Huazhong University of Science and Technology for reporting
this issue.

Signed-off-by: Gaurav Aggarwal &lt;aggarg@amazon.com&gt;
diff --git a/include/mpu_wrappers.h b/include/mpu_wrappers.h
@@ -117,13 +117,10 @@
         #endif
 
 /* Map standard timer.h API functions to the MPU equivalents. */
-        #define xTimerCreate                           MPU_xTimerCreate
-        #define xTimerCreateStatic                     MPU_xTimerCreateStatic
         #define pvTimerGetTimerID                      MPU_pvTimerGetTimerID
         #define vTimerSetTimerID                       MPU_vTimerSetTimerID
         #define xTimerIsTimerActive                    MPU_xTimerIsTimerActive
         #define xTimerGetTimerDaemonTaskHandle         MPU_xTimerGetTimerDaemonTaskHandle
-        #define xTimerPendFunctionCall                 MPU_xTimerPendFunctionCall
         #define pcTimerGetName                         MPU_pcTimerGetName
         #define vTimerSetReloadMode                    MPU_vTimerSetReloadMode
         #define uxTimerGetReloadMode                   MPU_uxTimerGetReloadMode
diff --git a/portable/Common/mpu_wrappers.c b/portable/Common/mpu_wrappers.c
@@ -61,6 +61,9 @@
             portRAISE_PRIVILEGE();
             portMEMORY_BARRIER();
 
+            uxPriority = uxPriority & ~( portPRIVILEGE_BIT );
+            portMEMORY_BARRIER();
+
             xReturn = xTaskCreate( pvTaskCode, pcName, usStackDepth, pvParameters, uxPriority, pxCreatedTask );
             portMEMORY_BARRIER();
 
@@ -93,6 +96,9 @@
             portRAISE_PRIVILEGE();
             portMEMORY_BARRIER();
 
+            uxPriority = uxPriority & ~( portPRIVILEGE_BIT );
+            portMEMORY_BARRIER();
+
             xReturn = xTaskCreateStatic( pxTaskCode, pcName, ulStackDepth, pvParameters, uxPriority, puxStackBuffer, pxTaskBuffer );
             portMEMORY_BARRIER();
 
@@ -1678,67 +1684,6 @@ void MPU_vQueueDelete( QueueHandle_t xQueue ) /* FREERTOS_SYSTEM_CALL */
 }
 /*-----------------------------------------------------------*/
 
-#if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) )
-    TimerHandle_t MPU_xTimerCreate( const char * const pcTimerName,
-                                    const TickType_t xTimerPeriodInTicks,
-                                    const UBaseType_t uxAutoReload,
-                                    void * const pvTimerID,
-                                    TimerCallbackFunction_t pxCallbackFunction ) /* FREERTOS_SYSTEM_CALL */
-    {
-        TimerHandle_t xReturn;
-
-        if( portIS_PRIVILEGED() == pdFALSE )
-        {
-            portRAISE_PRIVILEGE();
-            portMEMORY_BARRIER();
-
-            xReturn = xTimerCreate( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction );
-            portMEMORY_BARRIER();
-
-            portRESET_PRIVILEGE();
-            portMEMORY_BARRIER();
-        }
-        else
-        {
-            xReturn = xTimerCreate( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction );
-        }
-
-        return xReturn;
-    }
-#endif /* if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
-#if ( ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) )
-    TimerHandle_t MPU_xTimerCreateStatic( const char * const pcTimerName,
-                                          const TickType_t xTimerPeriodInTicks,
-                                          const UBaseType_t uxAutoReload,
-                                          void * const pvTimerID,
-                                          TimerCallbackFunction_t pxCallbackFunction,
-                                          StaticTimer_t * pxTimerBuffer ) /* FREERTOS_SYSTEM_CALL */
-    {
-        TimerHandle_t xReturn;
-
-        if( portIS_PRIVILEGED() == pdFALSE )
-        {
-            portRAISE_PRIVILEGE();
-            portMEMORY_BARRIER();
-
-            xReturn = xTimerCreateStatic( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction, pxTimerBuffer );
-            portMEMORY_BARRIER();
-
-            portRESET_PRIVILEGE();
-            portMEMORY_BARRIER();
-        }
-        else
-        {
-            xReturn = xTimerCreateStatic( pcTimerName, xTimerPeriodInTicks, uxAutoReload, pvTimerID, pxCallbackFunction, pxTimerBuffer );
-        }
-
-        return xReturn;
-    }
-#endif /* if ( ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
 #if ( configUSE_TIMERS == 1 )
     void * MPU_pvTimerGetTimerID( const TimerHandle_t xTimer ) /* FREERTOS_SYSTEM_CALL */
     {
@@ -1840,35 +1785,6 @@ void MPU_vQueueDelete( QueueHandle_t xQueue ) /* FREERTOS_SYSTEM_CALL */
 #endif /* if ( configUSE_TIMERS == 1 ) */
 /*-----------------------------------------------------------*/
 
-#if ( ( INCLUDE_xTimerPendFunctionCall == 1 ) && ( configUSE_TIMERS == 1 ) )
-    BaseType_t MPU_xTimerPendFunctionCall( PendedFunction_t xFunctionToPend,
-                                           void * pvParameter1,
-                                           uint32_t ulParameter2,
-                                           TickType_t xTicksToWait ) /* FREERTOS_SYSTEM_CALL */
-    {
-        BaseType_t xReturn;
-
-        if( portIS_PRIVILEGED() == pdFALSE )
-        {
-            portRAISE_PRIVILEGE();
-            portMEMORY_BARRIER();
-
-            xReturn = xTimerPendFunctionCall( xFunctionToPend, pvParameter1, ulParameter2, xTicksToWait );
-            portMEMORY_BARRIER();
-
-            portRESET_PRIVILEGE();
-            portMEMORY_BARRIER();
-        }
-        else
-        {
-            xReturn = xTimerPendFunctionCall( xFunctionToPend, pvParameter1, ulParameter2, xTicksToWait );
-        }
-
-        return xReturn;
-    }
-#endif /* if ( ( INCLUDE_xTimerPendFunctionCall == 1 ) && ( configUSE_TIMERS == 1 ) ) */
-/*-----------------------------------------------------------*/
-
 #if ( configUSE_TIMERS == 1 )
     void MPU_vTimerSetReloadMode( TimerHandle_t xTimer,
                                   const UBaseType_t uxAutoReload ) /* FREERTOS_SYSTEM_CALL */
