G3P-22238: honor osThreadZone() in osThreadNew (FreeRTOS shim)#16
Draft
nickfritz33 wants to merge 1 commit into
Draft
G3P-22238: honor osThreadZone() in osThreadNew (FreeRTOS shim)#16nickfritz33 wants to merge 1 commit into
nickfritz33 wants to merge 1 commit into
Conversation
Stock CMSIS-RTOS2 v2.1.x for FreeRTOS does not read osThreadZone() bits
from osThreadAttr_t.attr_bits, so application code written against the
FuSa-shape zone API has zero effect at task creation. Tasks created
with osThreadZone(N) silently get no MPU isolation beyond defaults.
Patch osThreadNew to, when osThreadZone_Valid is set:
- extract the 6-bit zone ID from attr_bits
- call ZoneGetTaskRegions(zone) -- provided by the application's
zones.c -- to get a pointer to the zone's per-task MPU regions
(rows 5-7 of the global zone table)
- translate each ARM_MPU_Region_t (RBAR/RLAR) into FreeRTOS's
MemoryRegion_t (base/length/parameter flags), decoding AP/XN bits
and ATTR_INDEX
- build TaskParameters_t and call xTaskCreateRestrictedStatic instead
of xTaskCreateStatic
Tasks without osThreadZone() in attr_bits fall through to the existing
xTaskCreateStatic call unchanged -- the patch is strictly opt-in.
ZoneGetTaskRegions is declared extern; the application's zones.c
provides the definition. The shim treats the returned pointer as
uint32_t[][2] (RBAR/RLAR pairs) to avoid pulling CMSIS Core MPU
headers into cmsis_os2.c.
At FuSa-RTS migration this block is removed entirely. FuSa's runtime
implements zone enforcement natively via osZoneSetup_Callback on every
zone change; application code, zone table, and callback are unchanged.
PATCH REQUIRED comment block added matching the existing one for the
opt-in privilege patch -- if cmsis_os2.c is regenerated or the
middleware package is upgraded, this block (and the matching code
path in osThreadNew) must be re-applied.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
osThreadNew()incmsis_os2.cto honorosThreadZone(N)bits inosThreadAttr_t.attr_bits. When the valid bit is set, the wrapper extracts the 6-bit zone ID, calls the application-providedZoneGetTaskRegions(zone)to fetch a pointer to the zone's per-task MPU regions (rows 5–7 of the application's global zone table), translates eachARM_MPU_Region_t(RBAR/RLAR) into FreeRTOS'sMemoryRegion_t(base/length/parameter flags), buildsTaskParameters_t, and routes throughxTaskCreateRestrictedStaticinstead ofxTaskCreateStatic.osThreadZone()in theirattr_bitsfall through the existingxTaskCreateStaticpath unchanged. No behavior change for any existing task.PATCH REQUIREDcomment style used for the opt-in privilege patch — ifcmsis_os2.cis regenerated or the middleware package is upgraded, the block (and the matching code path inosThreadNew) must be re-applied.osZoneSetup_Callback()are unchanged across runtimes; only this shim disappears at migration when FuSa's runtime implements zone enforcement natively.The companion change in the Gen3-Panel main repo lives on
nick/G3P-22238/create-unprivileged-task— it introduceszones.{h,c}(providingZoneGetTaskRegions) and convertsCounterTaskto useosThreadZone(ZONE_UNPRIVILEGED_STUB). That branch is not slated for merge in its current form.JIRA: G3P-22238
Test plan
Verified on Branch-Production hardware (STM32H573):
configENABLE_MPU=1,configSUPPORT_STATIC_ALLOCATION=1).xTaskCreateStaticpath).CounterTaskopted intoosThreadZone(ZONE_UNPRIVILEGED_STUB) | osThreadUnprivileged.CounterTaskFunchalts withCONTROL = 0x3(nPRIV=1 unprivileged, SPSEL=1 PSP).prvSetupMPUfrom linker symbols (privileged code, app code, syscalls, kernel SRAM).Reviewer notes:
PATCH REQUIREDcomment style and placement match the convention used for the existing opt-in privilege patch (lines ~590).MemoryRegion_ttranslation (AP, XN, ATTR_INDEX) round-trips correctly throughvPortStoreTaskMPUSettingsinport.c.(const uint32_t (*)[2])ZoneGetTaskRegions(zone)is acceptable for avoiding a CMSIS-Core MPU header dependency incmsis_os2.c.🤖 Generated with Claude Code