Hi.
We are developing a product which has to achieve some safety requirements. The system is quite simple, non-OS, running in a Privileged mode only on a Cortex-M4. I would like to implement a Memory Protection Unit somehow. Could you please give any advice, in which way could be MPU implemented for that kind of system?
If I am correct, one possibility is to protect system from stack overflow. Any other thoughts?
Thank you
Even without an OS the MPU can be used to provide an OS-like set of protections,
So yes, stack overflow is possible - you just need to position the end of the stack so it hits a fault region (not always true - many implementations will grow the stack downwards towards the heap, so stack overflow won't fault, it will just corrupt the heap). The other common protection it provides is making code sections read-only, stopping invalid pointer bugs corrupting the code randomly.
The big advantage of using the MPU as much as possible is that you will capture faults at the point they happen, rather than randomly corrupting some memory, and then having the software fail in unpredictable ways some time later when that memory is used expecting the non-corrupted value in there (as either code or data). It will cut down on development and debug time if nothing else ...
HTH, Pete
There are a number of reasons setting up the MPU with is worthwhile even on a non-RTOS systems (we advise if an MPU is available to always use it).
For example
I have written about this and setting up the MPU at:
https://blog.feabhas.com/2013/02/setting-up-the-cortex-m34-armv7-m-memory-protection-unit-mpu/
regards,
Niall.
Thanks to both of you for your answers. Now, I understand how MPU can be used and how the registers are defined.
Niall, I really like a post which you linked. It is very understandable. It seems, that your blog will be useful for other topics, too.
I am writing back regarding MPU usage. I implemented it into the software in next ways (note, that program is quite simple - only privileged mode, no RTOS):
1. I enabled background region, thus all addressable memory is fully accessible, unless there is no any other region defined above certain address range.
2. Defined Flash as READ ONLY (except few pages at the end where we store some tables, etc.).
3. Defined SRAM as fully accessible (R/W), but with XN (execute never) property enabled.
4. Defined CCM RAM (all code which is executing run time is stored in CCM, so program in while(1) loop is executed from there, not from flash -> gain in speed) as READ ONLY.
5. Defined the lowest 256 B of stack as non accessible. I do that by first reading the top of the heap (via exported __heap_limit from startup file), then mask out the least significant byte from that address (because of alignment requirements between MPU region size and start address), incremented it by 256 B (0x100) to leave heap unaffected and set this as start address for MPU region.
Now, I would like to ask if there is any other (more direct way) to define start address of MPU region for stack overflow detection?
Second, I would like to ask, if you suggest also any other MPU usage for such system?
And finally, a question regarding "bufferable" property of MPU region. Do I have to (or at least is it better to) enable this property for ROM, SRAM and CCM RAM, if I want to have max performance? Or does it not effect anything?
Best regard.