8.2.1 Regions

The MPU regions are memory regions, overlapping regions, background regions, and TCM regions.

Memory regions

The MPU can have 12, 16, 20, or 24 regions, depending on the implementation. For each memory region you can define the region base address, size, access permissions, and region attributes. Each region can be split into eight equal-sized non-overlapping subregions.

Region base address

The base address defines the start of the memory region. You must align this to a region-sized boundary. For example, if a region size of 8KB is programmed for a given region, the base address must be a multiple of 8KB.

Note:

If the region is not aligned correctly, this results in unpredictable behavior.
Region size

The region size is specified as a 5-bit value, encoding a range of values from 256 bytes to 4GB. See the DRSR bit assignments for the encoding.

Subregions

Each region can be split into eight equal sized non-overlapping subregions. An access to a memory address in a disabled subregion does not use the attributes and permissions defined for that region. Instead, it uses the attributes and permissions of a lower priority region or generates a background fault if no other regions overlap at that address. This enables increased protection and memory attribute granularity.

Region attributes

Each region can have attributes assigned for Memory type, Shareable or Non-Shareable, Non-Cacheable, and Write-Back Write Allocate.

Region access permissions

Each region can be given no access, read-only access, or read/write access permissions for privileged or all modes. In addition, each region can be marked as eXecute Never (XN) to prevent instructions being fetched from that region.

For example, if a user mode application attempts to access a Privileged mode access only region, a permission fault occurs.

For more information, see the ARM® Architecture Reference Manual ARMv7‑A and ARMv7‑R edition. For access data permission bit encodings, see the information for the MPU Region Access Control Registers.

Overlapping regions

You can program the MPU with two or more overlapping regions. For overlapping regions, a fixed priority scheme determines attributes and permissions for memory access to the overlapping region. In an MPU with 12 regions, attributes and permissions for region 11 take highest priority, those for region 0 take lowest priority.

For example:

Region 2
Is 4KB in size, starting from address 0x3000. Privileged mode has full access, and user mode has read-only access.
Region 1
Is 16KB in size, starting from address 0x0000. Both privileged and user modes have full access.

When the core performs a data write to address 0x3010 while in user mode, the address falls into both region 1 and region 2, as the following figure shows. Because these regions have different permissions, the permissions associated with region 2 are applied. Because user mode is read access only for this region, a permission fault occurs, causing a Data Abort.

Figure 8-1 Overlapping memory regions
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Example of using regions that overlap

You can use overlapping regions for stack protection.

For example: If the current process overflows the stack it uses, a write access to region 2 by the core causes the MPU to raise a permission fault.

  • Allocate to region 1 the appropriate size for all stacks.
  • Allocate to region 2 the minimum region size, 256 bytes, and position it at the end of the stack for the current process.
  • Set the region 2 access permissions to No Access.
Figure 8-2 Overlay for stack protection
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Example of using subregions

You can use subregions for stack protection.

For example:

  • Allocate to region 1 the appropriate size for all stacks.
  • Set the least-significant subregion disable bit. That is, set the subregion disable field, bits[15:8], of the CP15 MPU Region Size Register to 0x01.

If the current process overflows the stack it uses, a write access by the core to the disabled subregion causes the MPU to raise a background fault. The following figure shows an example of using subregions for stack protection.

Figure 8-3 Overlapping subregion of memory
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Background regions

Overlapping regions increase the flexibility of how the regions can be mapped onto physical memory devices in the system. You can also use the overlapping properties to specify a background region.

For example, you might have several physical memory areas sparsely distributed across the 4GB address space. If a programming error occurs, the core might issue an address that does not fall into any defined region.

If the address that the core issues falls outside any of the defined regions, the MPU is hard-wired to abort the access. That is, all accesses for an address that is not mapped to a region in the MPU generate a background fault. You can override this behavior by programming region 0 as a 4GB background region. In this way, if the address does not fall into any of the other 11, 15, 19, or 23 regions, the attributes, and access permissions you specified for region 0 control the access.

In privileged modes, you can also override this behavior by setting the BR bit, bit[17], of the SCTLR. This causes privileged accesses that fall outside any of the defined regions to use the default memory map. User mode accesses to this background region cause faults.

TCM regions

Any memory address that you configure to be accessed using a TCM is mapped as having Normal, Non-Shareable type attributes, regardless of the attributes of any MPU region that the address also belongs to. Access permissions for an address in a TCM region are preserved from the MPU region that the address also belongs to.

Non-ConfidentialPDF file icon PDF versionARM 100400_0001_03_en
Copyright © 2015–2017 ARM Limited or its affiliates. All rights reserved.