How MPU achieves memory protection
Leave a message
Simply put, it means protecting all data that is not related to the currently executing code.
Taking RTOS tasks A and B as an example: Tasks A and B should not interact with each other's data, but there is an error that Task A may accidentally write certain data that Task B occasionally uses, which will not affect the correct operation of Task A. However, when Task B attempts to use corrupt data, Task B may unexpectedly fail.
If MPU is not configured to prevent task A from writing data to task B, this error may take a long time for developers to track. If the error is small, or if Task B rarely uses this data, it will be difficult to solve the bug. However, if MPU is used, the bug will be discovered early.
On some architectures, MPU can even help you detect NULL pointer references because you can set the MPU region to prevent non privileged code from accessing memory 0x0.
A well-designed set of MPU areas in an application can effectively protect important memory areas from specific issues.
A good example is to prevent buffer overflow by placing a buffer at the end of the MPU area, and you can also place the task stack in an area that is inaccessible to any non privileged code. If this is done, each task must use one of its own MPU regions to set its own access permissions to its own stack.
The benefits of using MPU
Whether it is an operating system or a bare metal system, without the ability to prevent malicious access to incorrect memory, the system will have significant security issues and a minefield of security vulnerabilities.
The memory protection unit (MPU) used has many advantages. MPUs typically allow you to run in privileged or non privileged mode and use a set of "regions" to determine whether the currently executing code has access to code and data.
Each region is a contiguous block of memory with a set of permissions, privileged, and non privileged access to that memory. Compared to a subset of non privileged code, privileged code often has access to most (but not all) of memory.
These areas do not need to be the same throughout the entire system runtime. The MPU area can be modified based on each task, and each task can have its own unique set of areas that are configured when the task is moved to the running state.
This allows you to set access permissions only for tasks that require code and data, and the embedded operating system using MPU will manage the region and privilege level of each task during each context switch.
