Re: [lwip-users] lwip and MPU (FreeRTOS-MPU)

[Richard Barry]

On 30/08/2012 10:07, Simon Goldschmidt wrote:
> 
> Consider this example (be warned: I don't know FreeRTOS too much): A
> pointer to a semaphore is stored on the task stack, which gets
> corrupted. This pointer is then passed to a kernel function, which
> changes the semaphore's counter. Now if the pointer accidentally
> pointed to kernel variables, the kernel could get corrupted, right?
> 

If the pointer was corrupted such that it pointed outside of the RAM the
task was permitted to access, and you dereferenced that pointer from a
task, you would get a protection fault *before* any data was modified.
The kernels own data is only accessible to it, so you could not corrupt
the kernel's data in this scenario.

If the pointer was corrupted in any way, and was passed into a kernel
function, then (as per my previous email) the kernel does not check the
pointer's value and as the kernel is privileged it could cause a
problem.  SafeRTOS would protect against that because it checks the
validity of what the pointer is pointing to using mirror variables,
etc., but FreeRTOS-MPU does not.  The application can protect against
that however by performing extra tests in its own code.  For example,
you can have a "check_pointer()" function that is called before the
pointer is passed to the kernel - or even wrap that up in a macro so it
happens automatically.  The implementation of check_pointer() can then
use guards around the pointer, or bitwise mirrors, etc.


Regards,
Richard.

+ http://www.FreeRTOS.org
Designed for microcontrollers.  More than 7000 downloads per month.

+ http://www.FreeRTOS.org/trace
15 interconnected trace views. An indispensable productivity tool.