Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-overlapping MPU gap-filling needs to be optional #19067

Closed
andrewboie opened this issue Sep 11, 2019 · 4 comments
Closed

non-overlapping MPU gap-filling needs to be optional #19067

andrewboie opened this issue Sep 11, 2019 · 4 comments
Assignees
@vonhust
Labels
area: Memory Protection Enhancement Changes/Updates/Additions to existing features
Milestone
v2.3.0

Comments

@andrewboie
Copy link
Contributor

ARMv8, and ARC MPU v3 are newer MPUs which allow for great flexibility on MPU region sizes, but regions are not allowed to overlap.

Currently, MPU regions are set up to control supervisor mode access, so that supervisor mode reads/writes to invalid memory generate faults. Implementing overlapping regions for memory domain requires that these base regions be split.

Unfortunately, this gap-filling has drawbacks:

  1. The number of MPU regions available to applications is cut roughly in half, due to the need for additional regions to fill in the gaps
  2. The gap-filling introduces overhead, currently during context switch

The overhead can be looked at (see #15223) but halving the number of free regions may in a lot of cases be a dealbreaker for applications.

This gap-filling is NOT needed to properly support user mode. This is a feature to catch stray memory access in supervisor mode and is orthogonal to CONFIG_USERSPACE requirements.

Add a Kconfig option for these MPUs which allows this to be disabled, maximizing the number of memory domain partitions available to applications.
@andrewboie andrewboie added the Enhancement Changes/Updates/Additions to existing features label Sep 11, 2019
@andrewboie
Copy link
Contributor Author

@ioannisg would this be something you could look at, at least for ARMv8?

@andrewboie andrewboie mentioned this issue Sep 23, 2019
Closed
11 tasks
@ioannisg ioannisg added this to the v2.1.0 milestone Sep 24, 2019
@erwango erwango mentioned this issue Oct 7, 2019
Merged
3 tasks
@ioannisg
Copy link
Member

ioannisg commented Oct 9, 2019

This gap-filling is NOT needed to properly support user mode. This is a feature to catch stray memory access in supervisor mode and is orthogonal to CONFIG_USERSPACE requirements.

@andrewboie in ARMv8-M, the reason for the gap-filling is to prevent supervisor mode to (accidentally) execute from SRAM (where, normally, it should have RW access only). We need MPU to block execution - the background policy unfortunately allows it.
So, yes, it is orthogonal to USERSPACE; it is just a "security" issue; are we ok with not preventing SUP mode to accidentally execute from SRAM?

Also it is a nice debug issue that catches bugs, e.g. wrong pointer dereferencing (this is not a hard requirement of course).

@ioannisg ioannisg mentioned this issue Oct 25, 2019
Merged
@ioannisg ioannisg removed their assignment Nov 7, 2019
@andrewboie
Copy link
Contributor Author

This is now done on ARM, still needs a PR for ARC.

@vonhust vonhust mentioned this issue Nov 28, 2019
Merged
@dleach02 dleach02 modified the milestones: v2.1.0, v2.2.0 Dec 10, 2019
@jhedberg jhedberg modified the milestones: v2.2.0, v2.3.0 Mar 10, 2020
@vonhust
Copy link

vonhust commented Mar 30, 2020

Fixed by #21050

@vonhust vonhust closed this as completed Mar 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vonhust vonhust

Labels
area: Memory Protection Enhancement Changes/Updates/Additions to existing features
Projects
None yet
Milestone
v2.3.0
Development

No branches or pull requests
5 participants
@jhedberg @ioannisg @andrewboie @vonhust @dleach02