]> git.sur5r.net Git - freertos/commitdiff
Updates to CM3_MPU GCC port
authorgaurav-aws <gaurav-aws@1d2547de-c912-0410-9cb9-b8ca96c0e9e2>
Thu, 23 Jan 2020 01:50:25 +0000 (01:50 +0000)
committergaurav-aws <gaurav-aws@1d2547de-c912-0410-9cb9-b8ca96c0e9e2>
Thu, 23 Jan 2020 01:50:25 +0000 (01:50 +0000)
- System calls are now only allowed from kernel code. This change can be turned on
  or off using configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY.
- MPU is disabled before reprogramming it and enabled afterwards to be compliant
  with ARM recommendations.

git-svn-id: https://svn.code.sf.net/p/freertos/code/trunk@2806 1d2547de-c912-0410-9cb9-b8ca96c0e9e2

FreeRTOS/Source/portable/GCC/ARM_CM3_MPU/port.c
FreeRTOS/Source/portable/GCC/ARM_CM3_MPU/portmacro.h

index 25eb4130edd200db1da1fc678033ad460b1ee23f..31250095085122ab99db19d5796af93ce7364c64 100644 (file)
@@ -30,8 +30,8 @@
  *----------------------------------------------------------*/\r
 \r
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining\r
-all the API functions to use the MPU wrappers.  That should only be done when\r
-task.h is included from an application file. */\r
+ * all the API functions to use the MPU wrappers.  That should only be done when\r
+ * task.h is included from an application file. */\r
 #define MPU_WRAPPERS_INCLUDED_FROM_API_FILE\r
 \r
 /* Scheduler includes. */\r
@@ -46,7 +46,7 @@ task.h is included from an application file. */
        #define portNVIC_SYSTICK_CLK    ( 1UL << 2UL )\r
 #else\r
        /* The way the SysTick is clocked is not modified in case it is not the same\r
-       as the core. */\r
+        * as the core. */\r
        #define portNVIC_SYSTICK_CLK    ( 0 )\r
 #endif\r
 \r
@@ -86,21 +86,22 @@ task.h is included from an application file. */
 #define portINITIAL_CONTROL_IF_PRIVILEGED              ( 0x02 )\r
 \r
 /* Constants required to check the validity of an interrupt priority. */\r
-#define portFIRST_USER_INTERRUPT_NUMBER                ( 16 )\r
-#define portNVIC_IP_REGISTERS_OFFSET_16        ( 0xE000E3F0 )\r
-#define portAIRCR_REG                                          ( * ( ( volatile uint32_t * ) 0xE000ED0C ) )\r
-#define portMAX_8_BIT_VALUE                                    ( ( uint8_t ) 0xff )\r
-#define portTOP_BIT_OF_BYTE                                    ( ( uint8_t ) 0x80 )\r
-#define portMAX_PRIGROUP_BITS                          ( ( uint8_t ) 7 )\r
-#define portPRIORITY_GROUP_MASK                                ( 0x07UL << 8UL )\r
-#define portPRIGROUP_SHIFT                                     ( 8UL )\r
+#define portFIRST_USER_INTERRUPT_NUMBER                        ( 16 )\r
+#define portNVIC_IP_REGISTERS_OFFSET_16                ( 0xE000E3F0 )\r
+#define portAIRCR_REG                                                  ( * ( ( volatile uint32_t * ) 0xE000ED0C ) )\r
+#define portMAX_8_BIT_VALUE                                            ( ( uint8_t ) 0xff )\r
+#define portTOP_BIT_OF_BYTE                                            ( ( uint8_t ) 0x80 )\r
+#define portMAX_PRIGROUP_BITS                                  ( ( uint8_t ) 7 )\r
+#define portPRIORITY_GROUP_MASK                                        ( 0x07UL << 8UL )\r
+#define portPRIGROUP_SHIFT                                             ( 8UL )\r
 \r
 /* Offsets in the stack to the parameters when inside the SVC handler. */\r
 #define portOFFSET_TO_PC                                               ( 6 )\r
 \r
 /* For strict compliance with the Cortex-M spec the task start address should\r
-have bit-0 clear, as it is loaded into the PC on exit from an ISR. */\r
-#define portSTART_ADDRESS_MASK                         ( ( StackType_t ) 0xfffffffeUL )\r
+ * have bit-0 clear, as it is loaded into the PC on exit from an ISR. */\r
+#define portSTART_ADDRESS_MASK                                 ( ( StackType_t ) 0xfffffffeUL )\r
+/*-----------------------------------------------------------*/\r
 \r
 /*\r
  * Configure a number of standard MPU regions that are used by all tasks.\r
@@ -171,8 +172,8 @@ extern void vPortResetPrivilege( BaseType_t xRunningPrivileged );
 /*-----------------------------------------------------------*/\r
 \r
 /* Each task maintains its own interrupt status in the critical nesting\r
-variable.  Note this is not saved as part of the task context as context\r
-switches can only occur when uxCriticalNesting is zero. */\r
+ * variable.  Note this is not saved as part of the task context as context\r
+ * switches can only occur when uxCriticalNesting is zero. */\r
 static UBaseType_t uxCriticalNesting = 0xaaaaaaaa;\r
 \r
 /*\r
@@ -185,7 +186,6 @@ static UBaseType_t uxCriticalNesting = 0xaaaaaaaa;
         static uint32_t ulMaxPRIGROUPValue = 0;\r
         static const volatile uint8_t * const pcInterruptPriorityRegisters = ( const volatile uint8_t * const ) portNVIC_IP_REGISTERS_OFFSET_16;\r
 #endif /* configASSERT_DEFINED */\r
-\r
 /*-----------------------------------------------------------*/\r
 \r
 /*\r
@@ -194,7 +194,7 @@ static UBaseType_t uxCriticalNesting = 0xaaaaaaaa;
 StackType_t *pxPortInitialiseStack( StackType_t *pxTopOfStack, TaskFunction_t pxCode, void *pvParameters, BaseType_t xRunPrivileged )\r
 {\r
        /* Simulate the stack frame as it would be created by a context switch\r
-       interrupt. */\r
+        * interrupt. */\r
        pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */\r
        *pxTopOfStack = portINITIAL_XPSR;       /* xPSR */\r
        pxTopOfStack--;\r
@@ -240,10 +240,25 @@ void vPortSVCHandler( void )
 static void prvSVCHandler(     uint32_t *pulParam )\r
 {\r
 uint8_t ucSVCNumber;\r
+uint32_t ulPC;\r
+#if( configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY == 1 )\r
+       #if defined( __ARMCC_VERSION )\r
+               /* Declaration when these variable are defined in code instead of being\r
+                * exported from linker scripts. */\r
+               extern uint32_t * __syscalls_flash_start__;\r
+               extern uint32_t * __syscalls_flash_end__;\r
+       #else\r
+               /* Declaration when these variable are exported from linker scripts. */\r
+               extern uint32_t __syscalls_flash_start__[];\r
+               extern uint32_t __syscalls_flash_end__[];\r
+       #endif /* #if defined( __ARMCC_VERSION ) */\r
+#endif /* #if( configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY == 1 ) */\r
+\r
+       /* The stack contains: r0, r1, r2, r3, r12, LR, PC and xPSR.  The first\r
+        * argument (r0) is pulParam[ 0 ]. */\r
+       ulPC = pulParam[ portOFFSET_TO_PC ];\r
+       ucSVCNumber = ( ( uint8_t * ) ulPC )[ -2 ];\r
 \r
-       /* The stack contains: r0, r1, r2, r3, r12, r14, the return address and\r
-       xPSR.  The first argument (r0) is pulParam[ 0 ]. */\r
-       ucSVCNumber = ( ( uint8_t * ) pulParam[ portOFFSET_TO_PC ] )[ -2 ];\r
        switch( ucSVCNumber )\r
        {\r
                case portSVC_START_SCHEDULER    :       portNVIC_SYSPRI1_REG |= portNVIC_SVC_PRI;\r
@@ -252,14 +267,32 @@ uint8_t ucSVCNumber;
 \r
                case portSVC_YIELD                              :       portNVIC_INT_CTRL_REG = portNVIC_PENDSVSET_BIT;\r
                                                                                        /* Barriers are normally not required\r
-                                                                                       but do ensure the code is completely\r
-                                                                                       within the specified behaviour for the\r
-                                                                                       architecture. */\r
+                                                                                        * but do ensure the code is completely\r
+                                                                                        * within the specified behaviour for the\r
+                                                                                        * architecture. */\r
                                                                                        __asm volatile( "dsb" ::: "memory" );\r
                                                                                        __asm volatile( "isb" );\r
 \r
                                                                                        break;\r
 \r
+\r
+       #if( configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY == 1 )\r
+               case portSVC_RAISE_PRIVILEGE    :       /* Only raise the privilege, if the\r
+                                                                                        * svc was raised from any of the\r
+                                                                                        * system calls. */\r
+                                                                                       if( ulPC >= ( uint32_t ) __syscalls_flash_start__ &&\r
+                                                                                               ulPC <= ( uint32_t ) __syscalls_flash_end__ )\r
+                                                                                       {\r
+                                                                                               __asm volatile\r
+                                                                                               (\r
+                                                                                                       "       mrs r1, control         \n" /* Obtain current control value. */\r
+                                                                                                       "       bic r1, #1                      \n" /* Set privilege bit. */\r
+                                                                                                       "       msr control, r1         \n" /* Write back new control value. */\r
+                                                                                                       ::: "r1", "memory"\r
+                                                                                               );\r
+                                                                                       }\r
+                                                                                       break;\r
+       #else\r
                case portSVC_RAISE_PRIVILEGE    :       __asm volatile\r
                                                                                        (\r
                                                                                                "       mrs r1, control         \n" /* Obtain current control value. */\r
@@ -268,6 +301,7 @@ uint8_t ucSVCNumber;
                                                                                                ::: "r1", "memory"\r
                                                                                        );\r
                                                                                        break;\r
+       #endif /* #if( configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY == 1 ) */\r
 \r
                default                                                 :       /* Unknown SVC call. */\r
                                                                                        break;\r
@@ -287,9 +321,23 @@ static void prvRestoreContextOfFirstTask( void )
                "       ldr r1, [r3]                                    \n"\r
                "       ldr r0, [r1]                                    \n" /* The first item in the TCB is the task top of stack. */\r
                "       add r1, r1, #4                                  \n" /* Move onto the second item in the TCB... */\r
+               "                                                                       \n"\r
+               "       dmb                                                             \n" /* Complete outstanding transfers before disabling MPU. */\r
+               "       ldr r2, =0xe000ed94                             \n" /* MPU_CTRL register. */\r
+               "       ldr r3, [r2]                                    \n" /* Read the value of MPU_CTRL. */\r
+               "       bic r3, #1                                              \n" /* r3 = r3 & ~1 i.e. Clear the bit 0 in r3. */\r
+               "       str r3, [r2]                                    \n" /* Disable MPU. */\r
+               "                                                                       \n"\r
                "       ldr r2, =0xe000ed9c                             \n" /* Region Base Address register. */\r
                "       ldmia r1!, {r4-r11}                             \n" /* Read 4 sets of MPU registers. */\r
                "       stmia r2!, {r4-r11}                             \n" /* Write 4 sets of MPU registers. */\r
+               "                                                                       \n"\r
+               "       ldr r2, =0xe000ed94                             \n" /* MPU_CTRL register. */\r
+               "       ldr r3, [r2]                                    \n" /* Read the value of MPU_CTRL. */\r
+               "       orr r3, #1                                              \n" /* r3 = r3 | 1 i.e. Set the bit 0 in r3. */\r
+               "       str r3, [r2]                                    \n" /* Enable MPU. */\r
+               "       dsb                                                             \n" /* Force memory writes before continuing. */\r
+               "                                                                       \n"\r
                "       ldmia r0!, {r3, r4-r11}                 \n" /* Pop the registers that are not automatically saved on exception entry. */\r
                "       msr control, r3                                 \n"\r
                "       msr psp, r0                                             \n" /* Restore the task stack pointer. */\r
@@ -310,7 +358,7 @@ static void prvRestoreContextOfFirstTask( void )
 BaseType_t xPortStartScheduler( void )\r
 {\r
        /* configMAX_SYSCALL_INTERRUPT_PRIORITY must not be set to 0.  See\r
-       http://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */\r
+        * http://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */\r
        configASSERT( ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) );\r
 \r
        #if( configASSERT_DEFINED == 1 )\r
@@ -320,15 +368,15 @@ BaseType_t xPortStartScheduler( void )
                volatile uint8_t ucMaxPriorityValue;\r
 \r
                /* Determine the maximum priority from which ISR safe FreeRTOS API\r
-               functions can be called.  ISR safe functions are those that end in\r
-               "FromISR".  FreeRTOS maintains separate thread and ISR API functions to\r
-               ensure interrupt entry is as fast and simple as possible.\r
+                * functions can be called.  ISR safe functions are those that end in\r
+                * "FromISR".  FreeRTOS maintains separate thread and ISR API functions\r
+                * to ensure interrupt entry is as fast and simple as possible.\r
 \r
-               Save the interrupt priority value that is about to be clobbered. */\r
+                * Save the interrupt priority value that is about to be clobbered. */\r
                ulOriginalPriority = *pucFirstUserPriorityRegister;\r
 \r
                /* Determine the number of priority bits available.  First write to all\r
-               possible bits. */\r
+                * possible bits. */\r
                *pucFirstUserPriorityRegister = portMAX_8_BIT_VALUE;\r
 \r
                /* Read the value back to see how many bits stuck. */\r
@@ -338,7 +386,7 @@ BaseType_t xPortStartScheduler( void )
                ucMaxSysCallPriority = configMAX_SYSCALL_INTERRUPT_PRIORITY & ucMaxPriorityValue;\r
 \r
                /* Calculate the maximum acceptable priority group value for the number\r
-               of bits read back. */\r
+                * of bits read back. */\r
                ulMaxPRIGROUPValue = portMAX_PRIGROUP_BITS;\r
                while( ( ucMaxPriorityValue & portTOP_BIT_OF_BYTE ) == portTOP_BIT_OF_BYTE )\r
                {\r
@@ -349,8 +397,8 @@ BaseType_t xPortStartScheduler( void )
                #ifdef __NVIC_PRIO_BITS\r
                {\r
                        /* Check the CMSIS configuration that defines the number of\r
-                       priority bits matches the number of priority bits actually queried\r
-                       from the hardware. */\r
+                        * priority bits matches the number of priority bits actually queried\r
+                        * from the hardware. */\r
                        configASSERT( ( portMAX_PRIGROUP_BITS - ulMaxPRIGROUPValue ) == __NVIC_PRIO_BITS );\r
                }\r
                #endif\r
@@ -358,26 +406,26 @@ BaseType_t xPortStartScheduler( void )
                #ifdef configPRIO_BITS\r
                {\r
                        /* Check the FreeRTOS configuration that defines the number of\r
-                       priority bits matches the number of priority bits actually queried\r
-                       from the hardware. */\r
+                        * priority bits matches the number of priority bits actually queried\r
+                        * from the hardware. */\r
                        configASSERT( ( portMAX_PRIGROUP_BITS - ulMaxPRIGROUPValue ) == configPRIO_BITS );\r
                }\r
                #endif\r
 \r
                /* Shift the priority group value back to its position within the AIRCR\r
-               register. */\r
+                * register. */\r
                ulMaxPRIGROUPValue <<= portPRIGROUP_SHIFT;\r
                ulMaxPRIGROUPValue &= portPRIORITY_GROUP_MASK;\r
 \r
                /* Restore the clobbered interrupt priority register to its original\r
-               value. */\r
+                * value. */\r
                *pucFirstUserPriorityRegister = ulOriginalPriority;\r
        }\r
        #endif /* conifgASSERT_DEFINED */\r
 \r
        /* Make PendSV and SysTick the same priority as the kernel, and the SVC\r
-       handler higher priority so it can be used to exit a critical section (where\r
-       lower priorities are masked). */\r
+        * handler higher priority so it can be used to exit a critical section (where\r
+        * lower priorities are masked). */\r
        portNVIC_SYSPRI2_REG |= portNVIC_PENDSV_PRI;\r
        portNVIC_SYSPRI2_REG |= portNVIC_SYSTICK_PRI;\r
 \r
@@ -385,7 +433,7 @@ BaseType_t xPortStartScheduler( void )
        prvSetupMPU();\r
 \r
        /* Start the timer that generates the tick ISR.  Interrupts are disabled\r
-       here already. */\r
+        * here already. */\r
        vPortSetupTimerInterrupt();\r
 \r
        /* Initialise the critical nesting count ready for the first task. */\r
@@ -413,7 +461,7 @@ BaseType_t xPortStartScheduler( void )
 void vPortEndScheduler( void )\r
 {\r
        /* Not implemented in ports where there is nothing to return to.\r
-       Artificially force an assert. */\r
+        * Artificially force an assert. */\r
        configASSERT( uxCriticalNesting == 1000UL );\r
 }\r
 /*-----------------------------------------------------------*/\r
@@ -471,9 +519,23 @@ void xPortPendSVHandler( void )
                "       ldr r1, [r3]                                            \n"\r
                "       ldr r0, [r1]                                            \n" /* The first item in the TCB is the task top of stack. */\r
                "       add r1, r1, #4                                          \n" /* Move onto the second item in the TCB... */\r
+               "                                                                               \n"\r
+               "       dmb                                                                     \n" /* Complete outstanding transfers before disabling MPU. */\r
+               "       ldr r2, =0xe000ed94                                     \n" /* MPU_CTRL register. */\r
+               "       ldr r3, [r2]                                            \n" /* Read the value of MPU_CTRL. */\r
+               "       bic r3, #1                                                      \n" /* r3 = r3 & ~1 i.e. Clear the bit 0 in r3. */\r
+               "       str r3, [r2]                                            \n" /* Disable MPU. */\r
+               "                                                                               \n"\r
                "       ldr r2, =0xe000ed9c                                     \n" /* Region Base Address register. */\r
                "       ldmia r1!, {r4-r11}                                     \n" /* Read 4 sets of MPU registers. */\r
                "       stmia r2!, {r4-r11}                                     \n" /* Write 4 sets of MPU registers. */\r
+               "                                                                               \n"\r
+               "       ldr r2, =0xe000ed94                                     \n" /* MPU_CTRL register. */\r
+               "       ldr r3, [r2]                                            \n" /* Read the value of MPU_CTRL. */\r
+               "       orr r3, #1                                                      \n" /* r3 = r3 | 1 i.e. Set the bit 0 in r3. */\r
+               "       str r3, [r2]                                            \n" /* Enable MPU. */\r
+               "       dsb                                                                     \n" /* Force memory writes before continuing. */\r
+               "                                                                               \n"\r
                "       ldmia r0!, {r3, r4-r11}                         \n" /* Pop the registers that are not automatically saved on exception entry. */\r
                "       msr control, r3                                         \n"\r
                "                                                                               \n"\r
@@ -542,8 +604,8 @@ extern uint32_t __privileged_data_end__[];
                                                                                ( portMPU_REGION_ENABLE );\r
 \r
                /* Setup the first 16K for privileged only access (even though less\r
-               than 10K is actually being used).  This is where the kernel code is\r
-               placed. */\r
+                * than 10K is actually being used).  This is where the kernel code is\r
+                * placed. */\r
                portMPU_REGION_BASE_ADDRESS_REG =       ( ( uint32_t ) __FLASH_segment_start__ ) | /* Base address. */\r
                                                                                        ( portMPU_REGION_VALID ) |\r
                                                                                        ( portPRIVILEGED_FLASH_REGION );\r
@@ -554,7 +616,7 @@ extern uint32_t __privileged_data_end__[];
                                                                                ( portMPU_REGION_ENABLE );\r
 \r
                /* Setup the privileged data RAM region.  This is where the kernel data\r
-               is placed. */\r
+                * is placed. */\r
                portMPU_REGION_BASE_ADDRESS_REG =       ( ( uint32_t ) __privileged_data_start__ ) | /* Base address. */\r
                                                                                        ( portMPU_REGION_VALID ) |\r
                                                                                        ( portPRIVILEGED_RAM_REGION );\r
@@ -565,7 +627,7 @@ extern uint32_t __privileged_data_end__[];
                                                                                ( portMPU_REGION_ENABLE );\r
 \r
                /* By default allow everything to access the general peripherals.  The\r
-               system peripherals and registers are protected. */\r
+                * system peripherals and registers are protected. */\r
                portMPU_REGION_BASE_ADDRESS_REG =       ( portPERIPHERALS_START_ADDRESS ) |\r
                                                                                        ( portMPU_REGION_VALID ) |\r
                                                                                        ( portGENERAL_PERIPHERALS_REGION );\r
@@ -588,7 +650,7 @@ static uint32_t prvGetMPURegionSizeSetting( uint32_t ulActualSizeInBytes )
 uint32_t ulRegionSize, ulReturnValue = 4;\r
 \r
        /* 32 is the smallest region size, 31 is the largest valid value for\r
-       ulReturnValue. */\r
+        * ulReturnValue. */\r
        for( ulRegionSize = 32UL; ulReturnValue < 31UL; ( ulRegionSize <<= 1UL ) )\r
        {\r
                if( ulActualSizeInBytes <= ulRegionSize )\r
@@ -602,7 +664,7 @@ uint32_t ulRegionSize, ulReturnValue = 4;
        }\r
 \r
        /* Shift the code by one before returning so it can be written directly\r
-       into the the correct bit position of the attribute register. */\r
+        * into the the correct bit position of the attribute register. */\r
        return ( ulReturnValue << 1UL );\r
 }\r
 /*-----------------------------------------------------------*/\r
@@ -661,7 +723,7 @@ uint32_t ul;
                                ( portMPU_REGION_ENABLE );\r
 \r
                /* Re-instate the privileged only RAM region as xRegion[ 0 ] will have\r
-               just removed the privileged only parameters. */\r
+                * just removed the privileged only parameters. */\r
                xMPUSettings->xRegion[ 1 ].ulRegionBaseAddress =\r
                                ( ( uint32_t ) __privileged_data_start__ ) | /* Base address. */\r
                                ( portMPU_REGION_VALID ) |\r
@@ -683,9 +745,9 @@ uint32_t ul;
        else\r
        {\r
                /* This function is called automatically when the task is created - in\r
-               which case the stack region parameters will be valid.  At all other\r
-               times the stack parameters will not be valid and it is assumed that the\r
-               stack region has already been configured. */\r
+                * which case the stack region parameters will be valid.  At all other\r
+                * times the stack parameters will not be valid and it is assumed that the\r
+                * stack region has already been configured. */\r
                if( ulStackDepth > 0 )\r
                {\r
                        /* Define the region that allows access to the stack. */\r
@@ -708,8 +770,8 @@ uint32_t ul;
                        if( ( xRegions[ lIndex ] ).ulLengthInBytes > 0UL )\r
                        {\r
                                /* Translate the generic region definition contained in\r
-                               xRegions into the CM3 specific MPU settings that are then\r
-                               stored in xMPUSettings. */\r
+                                * xRegions into the CM3 specific MPU settings that are then\r
+                                * stored in xMPUSettings. */\r
                                xMPUSettings->xRegion[ ul ].ulRegionBaseAddress =\r
                                                ( ( uint32_t ) xRegions[ lIndex ].pvBaseAddress ) |\r
                                                ( portMPU_REGION_VALID ) |\r
@@ -750,48 +812,46 @@ uint32_t ul;
                        ucCurrentPriority = pcInterruptPriorityRegisters[ ulCurrentInterrupt ];\r
 \r
                        /* The following assertion will fail if a service routine (ISR) for\r
-                       an interrupt that has been assigned a priority above\r
-                       configMAX_SYSCALL_INTERRUPT_PRIORITY calls an ISR safe FreeRTOS API\r
-                       function.  ISR safe FreeRTOS API functions must *only* be called\r
-                       from interrupts that have been assigned a priority at or below\r
-                       configMAX_SYSCALL_INTERRUPT_PRIORITY.\r
-\r
-                       Numerically low interrupt priority numbers represent logically high\r
-                       interrupt priorities, therefore the priority of the interrupt must\r
-                       be set to a value equal to or numerically *higher* than\r
-                       configMAX_SYSCALL_INTERRUPT_PRIORITY.\r
-\r
-                       Interrupts that use the FreeRTOS API must not be left at their\r
-                       default priority of     zero as that is the highest possible priority,\r
-                       which is guaranteed to be above configMAX_SYSCALL_INTERRUPT_PRIORITY,\r
-                       and     therefore also guaranteed to be invalid.\r
-\r
-                       FreeRTOS maintains separate thread and ISR API functions to ensure\r
-                       interrupt entry is as fast and simple as possible.\r
-\r
-                       The following links provide detailed information:\r
-                       http://www.freertos.org/RTOS-Cortex-M3-M4.html\r
-                       http://www.freertos.org/FAQHelp.html */\r
+                        * an interrupt that has been assigned a priority above\r
+                        * configMAX_SYSCALL_INTERRUPT_PRIORITY calls an ISR safe FreeRTOS API\r
+                        * function.  ISR safe FreeRTOS API functions must *only* be called\r
+                        * from interrupts that have been assigned a priority at or below\r
+                        * configMAX_SYSCALL_INTERRUPT_PRIORITY.\r
+\r
+                        * Numerically low interrupt priority numbers represent logically high\r
+                        * interrupt priorities, therefore the priority of the interrupt must\r
+                        * be set to a value equal to or numerically *higher* than\r
+                        * configMAX_SYSCALL_INTERRUPT_PRIORITY.\r
+\r
+                        * Interrupts that      use the FreeRTOS API must not be left at their\r
+                        * default priority of  zero as that is the highest possible priority,\r
+                        * which is guaranteed to be above configMAX_SYSCALL_INTERRUPT_PRIORITY,\r
+                        * and  therefore also guaranteed to be invalid.\r
+\r
+                        * FreeRTOS maintains separate thread and ISR API functions to ensure\r
+                        * interrupt entry is as fast and simple as possible.\r
+\r
+                        * The following links provide detailed information:\r
+                        * http://www.freertos.org/RTOS-Cortex-M3-M4.html\r
+                        * http://www.freertos.org/FAQHelp.html */\r
                        configASSERT( ucCurrentPriority >= ucMaxSysCallPriority );\r
                }\r
 \r
                /* Priority grouping:  The interrupt controller (NVIC) allows the bits\r
-               that define each interrupt's priority to be split between bits that\r
-               define the interrupt's pre-emption priority bits and bits that define\r
-               the interrupt's sub-priority.  For simplicity all bits must be defined\r
-               to be pre-emption priority bits.  The following assertion will fail if\r
-               this is not the case (if some bits represent a sub-priority).\r
-\r
-               If the application only uses CMSIS libraries for interrupt\r
-               configuration then the correct setting can be achieved on all Cortex-M\r
-               devices by calling NVIC_SetPriorityGrouping( 0 ); before starting the\r
-               scheduler.  Note however that some vendor specific peripheral libraries\r
-               assume a non-zero priority group setting, in which cases using a value\r
-               of zero will result in unpredicable behaviour. */\r
+                * that define each interrupt's priority to be split between bits that\r
+                * define the interrupt's pre-emption priority bits and bits that define\r
+                * the interrupt's sub-priority.  For simplicity all bits must be defined\r
+                * to be pre-emption priority bits.  The following assertion will fail if\r
+                * this is not the case (if some bits represent a sub-priority).\r
+\r
+                * If the application only uses CMSIS libraries for interrupt\r
+                * configuration then the correct setting can be achieved on all Cortex-M\r
+                * devices by calling NVIC_SetPriorityGrouping( 0 ); before starting the\r
+                * scheduler.  Note however that some vendor specific peripheral libraries\r
+                * assume a non-zero priority group setting, in which cases using a value\r
+                * of zero will result in unpredicable behaviour. */\r
                configASSERT( ( portAIRCR_REG & portPRIORITY_GROUP_MASK ) <= ulMaxPRIGROUPValue );\r
        }\r
 \r
 #endif /* configASSERT_DEFINED */\r
 /*-----------------------------------------------------------*/\r
-\r
-\r
index ff8ddb6c65370c36197985682db2117781f492ee..415255f6fd5ba8717f30fe51b9774f02928d7c9d 100644 (file)
@@ -73,12 +73,13 @@ typedef unsigned long UBaseType_t;
 #define portUSING_MPU_WRAPPERS         1\r
 #define portPRIVILEGE_BIT                      ( 0x80000000UL )\r
 \r
-#define portMPU_REGION_READ_WRITE                              ( 0x03UL << 24UL )\r
-#define portMPU_REGION_PRIVILEGED_READ_ONLY            ( 0x05UL << 24UL )\r
-#define portMPU_REGION_READ_ONLY                               ( 0x06UL << 24UL )\r
-#define portMPU_REGION_PRIVILEGED_READ_WRITE   ( 0x01UL << 24UL )\r
-#define portMPU_REGION_CACHEABLE_BUFFERABLE            ( 0x07UL << 16UL )\r
-#define portMPU_REGION_EXECUTE_NEVER                   ( 0x01UL << 28UL )\r
+#define portMPU_REGION_READ_WRITE                                                              ( 0x03UL << 24UL )\r
+#define portMPU_REGION_PRIVILEGED_READ_ONLY                                            ( 0x05UL << 24UL )\r
+#define portMPU_REGION_READ_ONLY                                                               ( 0x06UL << 24UL )\r
+#define portMPU_REGION_PRIVILEGED_READ_WRITE                                   ( 0x01UL << 24UL )\r
+#define portMPU_REGION_PRIVILEGED_READ_WRITE_UNPRIV_READ_ONLY  ( 0x02UL << 24UL )\r
+#define portMPU_REGION_CACHEABLE_BUFFERABLE                                            ( 0x07UL << 16UL )\r
+#define portMPU_REGION_EXECUTE_NEVER                                                   ( 0x01UL << 28UL )\r
 \r
 #define portUNPRIVILEGED_FLASH_REGION          ( 0UL )\r
 #define portPRIVILEGED_FLASH_REGION                    ( 1UL )\r
@@ -293,6 +294,11 @@ portFORCE_INLINE static void vPortSetBASEPRI( uint32_t ulNewMaskValue )
 \r
 #define portMEMORY_BARRIER() __asm volatile( "" ::: "memory" )\r
 \r
+#ifndef configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY\r
+       #warning "configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY is not defined. We recommend defining it to 1 in FreeRTOSConfig.h for better security."\r
+       #define configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY 0\r
+#endif\r
+/*-----------------------------------------------------------*/\r
 #ifdef __cplusplus\r
 }\r
 #endif\r