begriffs open source - freertos/commit

author	Gaurav Aggarwal <aggarg@amazon.com>
	Wed, 7 Sep 2022 10:31:11 +0000 (16:01 +0530)
committer	Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
	Fri, 16 Sep 2022 16:48:35 +0000 (22:18 +0530)
commit	acd9279fc2c198119e7430aa745f9723b5f683fc
tree	b702aa333da60c2aabf29e61fc0363b26356b2cd	tree \| snapshot
parent	1e0843929477c8f2e2679b70d18341ee312a5fce	commit \| diff

Use highest numbered MPU regions for kernel

ARMv7-M allows overlapping MPU regions. When 2 MPU regions overlap, the
MPU configuration of the higher numbered MPU region is applied. For
example, if a memory area is covered by 2 MPU regions 0 and 1, the
memory permissions for MPU region 1 are applied.

We use 5 MPU regions for kernel code and kernel data protections and
leave the remaining for the application writer. We were using lowest
numbered MPU regions (0-4) for kernel protections and leaving the
remaining for the application writer. The application writer could
configure those higher numbered MPU regions to override kernel
protections.

This commit changes the code to use highest numbered MPU regions for
kernel protections and leave the remaining for the application writer.
This ensures that the application writer cannot override kernel
protections.

We thank the SecLab team at Northeastern University for reporting this
issue.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

portable/GCC/ARM_CM3_MPU/port.c		diff \| blob \| history
portable/GCC/ARM_CM3_MPU/portmacro.h		diff \| blob \| history
portable/GCC/ARM_CM4_MPU/port.c		diff \| blob \| history
portable/GCC/ARM_CM4_MPU/portmacro.h		diff \| blob \| history
portable/IAR/ARM_CM4F_MPU/port.c		diff \| blob \| history
portable/IAR/ARM_CM4F_MPU/portmacro.h		diff \| blob \| history
portable/RVDS/ARM_CM4_MPU/port.c		diff \| blob \| history
portable/RVDS/ARM_CM4_MPU/portmacro.h		diff \| blob \| history