8.2.1. Regions

The MPU regions are:

Memory regions

For more information on how to enable or disable the MPU, see MPU interaction with memory system.

Depending on the implementation, the MPU has a maximum of 12 or 16 regions. You can specify the following for each region:

Region base address

The base address defines the start of the memory region. You must align this to a region-sized boundary. For example, if a region size of 8KB is programmed for a given region, the base address must be a multiple of 8KB.

Note

If the region is not aligned correctly, this results in unpredictable behavior.

Region size

The region size is specified as a 5-bit value, encoding a range of values from 256 bytes to 4GB. Table 4.29 shows the encoding.

Subregions

Each region can be split into eight equal sized non-overlapping subregions. An access to a memory address in a disabled subregion does not use the attributes and permissions defined for that region. Instead, it uses the attributes and permissions of a lower priority region or generates a background fault if no other regions overlap at that address. This enables increased protection and memory attribute granularity.

Region attributes

Each region has a number of attributes associated with it. See Memory types for more information about memory types, and Region attributes for a description of how to assign types and attributes to a region.

Region access permissions

Each region can be given no access, read-only access, or read/write access permissions for privileged or all modes. In addition, each region can be marked as eXecute Never (XN) to prevent instructions being fetched from that region.

For example, if a user mode application attempts to access a Privileged mode access only region, a permission fault occurs.

The ARM architecture uses constants known as inline literals to perform address calculations. The assembler and compiler automatically generate these constants and they are stored inline with the instruction code. To ensure correct operation, only a memory region that has permission for data read access can execute instructions. For more information, see the ARM® Architecture Reference Manual ARMv7-A and ARMv7-R edition. For information about how to program access permissions, see Table 4.31.

Overlapping regions

You can program the MPU with two or more overlapping regions. For overlapping regions, a fixed priority scheme determines attributes and permissions for memory access to the overlapping region. Attributes and permissions for region 11 take highest priority, those for region 0 take lowest priority. For example:

Region 2

Is 4KB in size, starting from address 0x3000. Privileged mode has full access, and user mode has read-only access.

Region 1

Is 16KB in size, starting from address 0x0000. Both privileged and user modes have full access.

When the processor performs a data write to address 0x3010 while in user mode, the address falls into both region 1 and region 2, as Figure 8.1 shows. Because these regions have different permissions, the permissions associated with region 2 are applied. Because user mode is read access only for this region, a permission fault occurs, causing a data abort.

Figure 8.1. Overlapping memory regions

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Example of using regions that overlap

You can use overlapping regions for stack protection, as Figure 8.2 shows. For example:

  • Allocate to region 1 the appropriate size for all stacks.

  • Allocate to region 2 the minimum region size, 256 bytes, and position it at the end of the stack for the current process.

  • Set the region 2 access permissions to No Access.

If the current process overflows the stack it uses, a write access to region 2 by the processor causes the MPU to raise a permission fault.

Figure 8.2. Overlay for stack protection

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Example of using subregions

You can use subregions for stack protection, as Figure 8.3 shows. For example:

  • Allocate to region 1 the appropriate size for all stacks.

  • Set the least-significant subregion disable bit. That is, set the subregion disable field, bits[15:8], of the CP15 MPU Region Size Register to 0x01.

If the current process overflows the stack it uses, a write access by the processor to the disabled subregion causes the MPU to raise a background fault.

Figure 8.3. Overlapping subregion of memory

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


Background regions

Overlapping regions increase the flexibility of how the regions can be mapped onto physical memory devices in the system. You can also use the overlapping properties to specify a background region. For example, you might have a number of physical memory areas sparsely distributed across the 4GB address space. If a programming error occurs, the processor might issue an address that does not fall into any defined region.

If the address that the processor issues falls outside any of the defined regions, the MPU is hard-wired to abort the access. That is, all accesses for an address that is not mapped to a region in the MPU generate a background fault. You can override this behavior by programming region 0 as a 4GB background region. In this way, if the address does not fall into any of the other 11 or 15 regions, the attributes and access permissions you specified for region 0 control the access.

In privileged modes, you can also override this behavior by setting the BR bit, bit[17], of the SCTLR. This causes privileged accesses that fall outside any of the defined regions to use the default memory map. User mode accesses to this background region cause faults.

TCM regions

Any memory address that you configure to be accessed using a TCM is mapped as having Normal, Non-shareable type attributes, regardless of the attributes of any MPU region that the address also belongs to. Access permissions for an address in a TCM region are preserved from the MPU region that the address also belongs to. For more information, see System configurability and QoS and Instruction and data TCM.

Copyright © 2012, 2014 ARM. All rights reserved.ARM DDI 0458C
Non-ConfidentialID112814