FreeRTOS · aggarg · Sep 16, 2022 · Sep 7, 2022 · Sep 7, 2022 · Sep 7, 2022
diff --git a/.github/lexicon.txt b/.github/lexicon.txt
@@ -2533,7 +2533,6 @@ vportgetheapstats
 vportinitialiseblocks
 vportisrstartfirststask
 vportraisebasepri
-vportresetprivilege
 vportsetmpuregistersetone
 vportsetuptimerinterrupt
 vportstartfirststask
@@ -2852,7 +2851,6 @@ xperiod
 xportgetcoreid
 xportgetfreeheapsize
 xportinstallinterrupthandler
-xportraiseprivilege
 xportregistercinterrupthandler
 xportregisterdump
 xportstartfirsttask

diff --git a/.github/workflows/header-checks.yml b/.github/workflows/header-checks.yml
@@ -16,12 +16,12 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      # Get latest checks from master
+      # Get latest checks from main
       - name: Checkout FreeRTOS Tools
         uses: actions/checkout@v2
         with:
           repository: FreeRTOS/FreeRTOS
-          ref:  master
+          ref:  main
           path: tools
 
       # Checkout user pull request changes

diff --git a/History.txt b/History.txt
@@ -1,5 +1,41 @@
 Documentation and download available at https://www.FreeRTOS.org/
 
+Changes between FreeRTOS V10.4.3 LTS Patch 2 and FreeRTOS V10.4.3 LTS Patch 3 released September 16 2022
+
+	+ ARMv7-M and ARMv8-M MPU ports: It was possible for a third party that
+	  already independently gained the ability to execute injected code to
+	  read from or write to arbitrary addresses by passing a negative argument
+	  as the xIndex parameter to pvTaskGetThreadLocalStoragePointer() or
+	  vTaskSetThreadLocalStoragePointer respectively. A check has been added to
+	  ensure that passing a negative argument as the xIndex parameter does not
+	  cause arbitrary read or write.
+	  We thank Certibit Consulting, LLC for reporting this issue.
+	+ ARMv7-M and ARMv8-M MPU ports: It was possible for an unprivileged task
+	  to invoke any function with privilege by passing it as a parameter to
+	  MPU_xTaskCreate, MPU_xTaskCreateStatic, MPU_xTimerCreate,
+	  MPU_xTimerCreateStatic, or MPU_xTimerPendFunctionCall. MPU_xTaskCreate
+	  and MPU_xTaskCreateStatic have been updated to only allow creation of
+	  unprivileged tasks. MPU_xTimerCreate, MPU_xTimerCreateStatic and
+	  MPU_xTimerPendFunctionCall APIs have been removed.
+	  We thank Huazhong University of Science and Technology for reporting
+	  this issue.
+	+ ARMv7-M and ARMv8-M MPU ports: It was possible for a third party that
+	  already independently gained the ability to execute injected code to
+	  achieve further privilege escalation by branching directly inside a
+	  FreeRTOS MPU API wrapper function with a manually crafted stack frame.
+	  The local stack variable `xRunningPrivileged` has been removed so that
+	  a manually crafted stack frame cannot be used for privilege escalation
+	  by branching directly inside a FreeRTOS MPU API wrapper.
+	  We thank Certibit Consulting, LLC, Huazhong University of Science and
+	  Technology and the SecLab team at Northeastern University for reporting
+	  this issue.
+	+ ARMv7-M MPU ports: It was possible to configure overlapping memory
+	  protection unit (MPU) regions such that an unprivileged task could access
+	  privileged data. The kernel now uses highest numbered MPU regions for
+	  kernel protections to prevent such MPU configurations.
+	  We thank the SecLab team at Northeastern University for reporting this
+	  issue.
+
 Changes between FreeRTOS V10.4.3 LTS Patch 1 and FreeRTOS V10.4.3 LTS Patch 2 released November 12 2021
 
 	+ ARMv7-M and ARMv8-M MPU ports – prevent non-kernel code from calling the

diff --git a/include/mpu_wrappers.h b/include/mpu_wrappers.h
@@ -117,13 +117,10 @@
         #endif
 
 /* Map standard timer.h API functions to the MPU equivalents. */
-        #define xTimerCreate                           MPU_xTimerCreate
-        #define xTimerCreateStatic                     MPU_xTimerCreateStatic
         #define pvTimerGetTimerID                      MPU_pvTimerGetTimerID
         #define vTimerSetTimerID                       MPU_vTimerSetTimerID
         #define xTimerIsTimerActive                    MPU_xTimerIsTimerActive
         #define xTimerGetTimerDaemonTaskHandle         MPU_xTimerGetTimerDaemonTaskHandle
-        #define xTimerPendFunctionCall                 MPU_xTimerPendFunctionCall
         #define pcTimerGetName                         MPU_pcTimerGetName
         #define vTimerSetReloadMode                    MPU_vTimerSetReloadMode
         #define uxTimerGetReloadMode                   MPU_uxTimerGetReloadMode
@@ -170,36 +167,6 @@
         #define PRIVILEGED_DATA         __attribute__( ( section( "privileged_data" ) ) )
         #define FREERTOS_SYSTEM_CALL    __attribute__( ( section( "freertos_system_calls" ) ) )
 
-        /**
-         * @brief Calls the port specific code to raise the privilege.
-         *
-         * Sets xRunningPrivileged to pdFALSE if privilege was raised, else sets
-         * it to pdTRUE.
-         */
-        #define xPortRaisePrivilege( xRunningPrivileged )                      \
-        {                                                                      \
-            /* Check whether the processor is already privileged. */           \
-            xRunningPrivileged = portIS_PRIVILEGED();                          \
-                                                                               \
-            /* If the processor is not already privileged, raise privilege. */ \
-            if( xRunningPrivileged == pdFALSE )                                \
-            {                                                                  \
-                portRAISE_PRIVILEGE();                                         \
-            }                                                                  \
-        }
-
-        /**
-         * @brief If xRunningPrivileged is not pdTRUE, calls the port specific
-         * code to reset the privilege, otherwise does nothing.
-         */
-        #define vPortResetPrivilege( xRunningPrivileged )   \
-        {                                                   \
-            if( xRunningPrivileged == pdFALSE )             \
-            {                                               \
-                portRESET_PRIVILEGE();                      \
-            }                                               \
-        }
-
     #endif /* MPU_WRAPPERS_INCLUDED_FROM_API_FILE */
 
 #else /* portUSING_MPU_WRAPPERS */