MPU Example Confusion

Janeting · November 20, 2024, 12:14pm

I have thoroughly explored the examples located at FreeRTOSv202112.00\FreeRTOS\Demo\CORTEX_MPU_M7_NUCLEO_H743ZI2_GCC_IAR_Keil
I have a question. Both Tasks created in the example run in user mode (because I observed that they did not use portPRIVILEGE_BIT, please correct me if I am wrong). So why can privileged access be performed?
I have a guess that the MPU will be reset according to the content of xRegions before switching Tasks, but if this is the case, it seems that the efficiency will be very low. Can you provide an example of using portPRIVILEGE_BIT to create a privileged task to use the MPU?

karahulx · November 20, 2024, 12:31pm

Hi @Janeting
Welcome to the FreeRTOS Community Forums!

Here is an example on how to create a privileged task

#define DUMMY_TASK_PRIORITY                      2

TaskParameters_t xTaskParameters =
        {
            .pvTaskCode      = prvTask,
            .pcName          = "Task A",
            .usStackDepth    = configMINIMAL_STACK_SIZE,
            .pvParameters    = NULL,
            .uxPriority      = ( DUMMY_TASK_PRIORITY | portPRIVILEGE_BIT ),
            .puxStackBuffer  = xTaskStack,
            .xRegions        =    {
                                    { 0, 0, 0 },
                                    #if ( configTOTAL_MPU_REGIONS == 16 )
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                         { 0, 0, 0 },
                                     #endif
                                     { 0, 0, 0 },
                                     { 0, 0, 0 }
                                  }
         };

   xTaskCreateRestricted( &( xTaskParameters ), NULL );

Janeting · November 21, 2024, 2:05am

I still have a few questions to answer:

Will the MPU registers be reconfigured according to .xRegions every time before switching Tasks?
If the answer to 1 is yes, then I think there should be two ways to create Tasks to implement MPUs:
A. Only create ordinary tasks, but set .xRegions differently
B. Create privileged tasks and ordinary tasks, but set .xRegions the same
Which of these two methods is more recommended?

aggarg · November 21, 2024, 4:44am

Yes.

Let us align on the terminology first. There are 2 type of tasks -

Unprivileged tasks - Do not have access to anything other than their own stack by default. .xRegions member of TaskParameters_t is used to grant access to different memory regions.
Privileged tasks - Have access to everything.

What do you want to achieve? If you want to have 2 different unprivileged tasks which can access different set of memory regions, then you should create unprivileged tasks with different .xRegions. In general, the application should not create privileged task.

I recommend reading the threat model as well - Kernel threat model - FreeRTOS™.