Questions about MPU implement on ARMv8-M

I have some questions about the MPU’s implement on ARMv8-M, I will someone can answer to me. That would be greatly appreciated.

Q1 : The ulMAIR0 in xMPU_SETTINGS looks like is unnecessary, because the MAIR0 is already configuerd in prvSetupMPU, and the MAIR0 value configured in vPortStoreTaskMPUSettings is exactly the same as the MAIR0 value configured in prvSetupMPU. So why repeatedly configure MAIR0 in PendSV_Handler ?

Q2 : The mpu wrappers v2 use a system call stack when a task call kernel api, but only unprivileged task will use this system call stack, the privileged task wouldn’t use it. My question is what the necessary reason to using this system call stack instead of using the task stack? It looks like a little waste of memory space for me.

Q3 : The funtion MPU_pcTaskGetName will return a pointer which point to task name in TCB,and unprivileged task looks like do not have access permission to TCB memory ? (I should verify this, but I don’t have the test environment.)

It follows the MPU programming algorithm recommended by ARM. We can avoid programming MAIR0 if it retains its value across enabling and disabling MPU.

That is not entirely correct. Both unprivileged and privileged tasks use system call stack when they call any FreeRTOS system call available to all the tasks. There are some APIs which are privileged only and those do not use system call stack. The reason for using system call stack is to prevent code flow alteration and information leak from stack.

You are right here and we should remove it as unprivileged task will not be able to de-reference the returned pointer.

In my understanding, enabing and disabling MPU would not affect the value in MAIR0. But it’s better ask ARM for an official answer.

I’m sorry, I can’t find the code about privileged task use system call stack, can you point it out for me? I have seen the mpu_wrappers_v2_asm.c, and only find out unprivileged task using svc to change the stack, meanwhile the privileged task just directly call MPU_<xxx>Impl without change its stack.

Apologies - you are right!

So the privileged task can’t use system call stack. This is a mistake, or a deliberate design?

It is not a mistake - privileged tasks have access to all the memory and therefore, changing the stack does not provide any extra protection. So the code path does not spend time in switching tasks.

Ok, then it returns to my original question : privileged tasks alloc system call stack, but never use it, it’s a little waste. Is it possible that only unprivileged tasks alloc the system call stack ?

That is right. Currently it is allocated statically as part of TCB as that is why it is allocated for all the tasks. Dynamically allocating it will make MPU not usable in a static only configuration. Another way can be to get it from the application - this likely would require API change.