I read the source code of FreeRTOS V11 and found a problem. Currently, there is only one dynamic memory allocation function: pvPortMalloc. Consider the following requirements:
Kernel mode can use xTaskCreate to dynamically create privileged tasks.
Dynamic memory allocation in kernel mode.
User mode can use xTaskCreate to dynamically create non-privileged tasks.
User mode can dynamically apply for memory.
a. When the memory managed by the memory manager (vPortDefineHeapRegions) is privileged memory (privileged_data),
Then, 1 and 2 are met, but 3 and 4 are not met
If you want to meet the 3 requirements:
Then pvPortMallocStack must not be equal to pvPortMalloc, and the pvPortMallocStack function must be implemented, which returns non-privileged memory.
If you want to meet the 4 requirements:
You must implement a user-mode dynamic memory allocation function, such as the userModeMalloc function, which returns non-privileged memory.
b. When the memory managed by the memory manager (vPortDefineHeapRegions) is unprivileged memory (unprivileged_data),
The kernel creates privileged tasks and assigns them to unprivileged_data, which has security vulnerabilities.
I think:
There are four functions that should be implemented:
KernelModeMalloc, UserModeMalloc,
Unprivileged tasks can only access their own stack memory. You would need to create a heap in memory for unprivileged tasks access. You could copy the code for one of the heap functions, rename the functions/data block and use that in the unprivileged code.
One question about what you are asking, FreeRTOS doesn’t have a “Kernal Mode” and a “User Mode” for operations.
Some processor, with a MPU, allow the definition of RESTRICTED tasks, that can only access the memory specifically given to them. Because of the limitations on how you specify that memory, these can only be created “statically” with the stack memory being provided to the creation function so it can be made to align with the MPU block requirements. If such a task wants to use some sort of “Heap”, then the user needs to provide that function, and decide what features that heap needs to support (like, do separate restricted tasks get their own heap to keep them separate, or are they get being isolate from the non-restricted tasks).
The second sort of system that has something like what you talk about are the processors with a “Secured” side an a “non-Secured” side. I haven’t used this much, but my impression is that you tend to create either 2 separate programs, (one for each side) with an API to allow the two parts to communicate, or the program is most on the non-secure side (where FreeRTOS runs) and there are a few limited functions made available on the secure side, with a carefully designed API, and care taken so avoid getting any library functions ending up being used by both sides.