I am using FreeRTOS 10.5.1 with MPU support on a Cortex M4 microcontroller (STM32F4).
I created some tasks (all privileged → portPRIVILEGE_BIT set) and my system is running fine.
Now I tested again with one task not having the portPRIVILEGE_BIT set (= User Mode). When entering the task right up in the first function (HAL_TIM_Base_Start()) I am getting a memory management exception. The mem manage address register shows an address in the bss (where the timer is located).
Why does the MPU trigger when accessing the bss? (I checked the privileged_data_end ends before) How does a User Mode task behave when accessing an area (like bss) that is not explicitly configured as e.g. portMPU_REGION_READ_WRITE in xRegions?
Access to bss with portPRIVILEGE_BIT set → no problem. Access to bss with portPRIVILEGE_BIT reset → mem management fault.
0x2000AF65 Mem manage address register ← fault location
Edit: I did another test and created a MPU region definition for 0x2000A000 to 0x2000F000 to be portMPU_REGION_READ_WRITE. Now the program is running fine for function no.1 in my task, but it’s failing in function no.2 → fault location is now 0x20006498.
Is it really neccessary for an User mode task to explicitly define all areas that it is allowed to access? Is leaving a memory area undefined not sufficient?
Yes, it is necessary to grant an unprivileged task all the accesses explicitly. By default, an unprivileged task has only access to its stack. The application writer is expected to grant access to required memory regions explicitly.
It was exactly the requirement that a protected (or released) areas start address needs to be aligned with the size of protection. After fixing that, it works as expected.
One last question regarding that answer above: A privilged task always has access to all memory areas (particulary other tasks stacks as well) unless explicitly forbidden by MPU area configuration. Is that correct?
My understanding is that “unrestricted” task are just that, unrestricted, and the MPU is configured to give them full access. There is just one set of MPU settings for ALL unrestricted tasks and the kernel running with elevated privileges so this is needed.