|Non-Confidential||PDF version||ARM 100400_0001_03_en|
|Home > Determinism Support > Memory Protection Unit > Regions|
The MPU regions are memory regions, overlapping regions, background regions, and TCM regions.
The MPU can have 12, 16, 20, or 24 regions, depending on the implementation. For each memory region you can define the region base address, size, access permissions, and region attributes. Each region can be split into eight equal-sized non-overlapping subregions.
The base address defines the start of the memory region. You must align this to a region-sized boundary. For example, if a region size of 8KB is programmed for a given region, the base address must be a multiple of 8KB.
The region size is specified as a 5-bit value, encoding a range of values from 256 bytes to 4GB. See the DRSR bit assignments for the encoding.
Each region can be split into eight equal sized non-overlapping subregions. An access to a memory address in a disabled subregion does not use the attributes and permissions defined for that region. Instead, it uses the attributes and permissions of a lower priority region or generates a background fault if no other regions overlap at that address. This enables increased protection and memory attribute granularity.
Each region can have attributes assigned for Memory type, Shareable or Non-Shareable, Non-Cacheable, and Write-Back Write Allocate.
Each region can be given no access, read-only access, or read/write access permissions for privileged or all modes. In addition, each region can be marked as eXecute Never (XN) to prevent instructions being fetched from that region.
For example, if a user mode application attempts to access a Privileged mode access only region, a permission fault occurs.
For more information, see the ARM® Architecture Reference Manual ARMv7‑A and ARMv7‑R edition. For access data permission bit encodings, see the information for the MPU Region Access Control Registers.
You can program the MPU with two or more overlapping regions. For overlapping regions, a fixed priority scheme determines attributes and permissions for memory access to the overlapping region. In an MPU with 12 regions, attributes and permissions for region 11 take highest priority, those for region 0 take lowest priority.
0x3000. Privileged mode has full access, and user mode has read-only access.
0x0000. Both privileged and user modes have full access.
When the core performs a data write to address
in user mode, the address falls into both region 1 and region 2,
as the following figure shows. Because these regions have different
permissions, the permissions associated with region 2 are applied.
Because user mode is read access only for this region, a permission
fault occurs, causing a Data Abort.
You can use overlapping regions for stack protection.
For example: If the current process overflows the stack it uses, a write access to region 2 by the core causes the MPU to raise a permission fault.
You can use subregions for stack protection.
If the current process overflows the stack it uses, a write access by the core to the disabled subregion causes the MPU to raise a background fault. The following figure shows an example of using subregions for stack protection.
Overlapping regions increase the flexibility of how the regions can be mapped onto physical memory devices in the system. You can also use the overlapping properties to specify a background region.
For example, you might have several physical memory areas sparsely distributed across the 4GB address space. If a programming error occurs, the core might issue an address that does not fall into any defined region.
If the address that the core issues falls outside any of the defined regions, the MPU is hard-wired to abort the access. That is, all accesses for an address that is not mapped to a region in the MPU generate a background fault. You can override this behavior by programming region 0 as a 4GB background region. In this way, if the address does not fall into any of the other 11, 15, 19, or 23 regions, the attributes, and access permissions you specified for region 0 control the access.
In privileged modes, you can also override this behavior by setting the BR bit, bit, of the SCTLR. This causes privileged accesses that fall outside any of the defined regions to use the default memory map. User mode accesses to this background region cause faults.
Any memory address that you configure to be accessed using a TCM is mapped as having Normal, Non-Shareable type attributes, regardless of the attributes of any MPU region that the address also belongs to. Access permissions for an address in a TCM region are preserved from the MPU region that the address also belongs to.