Quality RTOS & Embedded Software

 Real time embedded FreeRTOS RSS feed 
Real time embedded FreeRTOS mailing list 
Quick Start Supported MCUs PDF Books Trace Tools Ecosystem TCP & FAT Training


Question about MPU default configuration

Posted by mpu-user on October 14, 2016


I was looking at the default MPU configuration for ARM Cortex M-4 microcontrollers in FreeRTOS, I have the following questions regarding it:

It seems that the configuration for the priviliged data is (rwx for priviliged only) and the user stack is (rwx). This means that malicous code injection is possible, I am wondering what is the reason behind this configuration?(why is write XOR execute not enforced)


Question about MPU default configuration

Posted by rtel on October 14, 2016

Are you referring to the fact that portMPUREGIONPRIVILEGEDREADWRITE sets the AP field of the MPU_RASR register to 1, but leaves XN at 0?

It is feasible that a legitimate program would want to copy executable code to, and then execute that code from, the privileged RAM. As an example, that would be necessary if the application was re-programming the flash memory, making execution from flash temporarily impossible. An unprivileged application could not write executable code to the privileged RAM though (I'm not sure if unprivileged code could execute code from privileged RAM it didn't have read access to though, I would have to check the documentation).

Question about MPU default configuration

Posted by mpu-user on October 17, 2016

I know from ARM's documents to execute code read access is required, so unprivileged code will not be able to execute code from privileged RAM. However, it looks like for the default configuration an unprivileged thread is able to write code to unprivileged RAM and then execute it. Is there anything preventing this?

Question about MPU default configuration

Posted by davedoors on October 17, 2016

I think unprivileged code would expect to be able to write and execute from unprivileged RAM, doing so would not give it the ability to do anything more than it could do already. It could not make itself privileged by doing that.

[ Back to the top ]    [ About FreeRTOS ]    [ Sitemap ]    [ ]

Copyright (C) 2004-2010 Richard Barry. Copyright (C) 2010-2016 Real Time Engineers Ltd.
Any and all data, files, source code, html content and documentation included in the FreeRTOSTM distribution or available on this site are the exclusive property of Real Time Engineers Ltd.. See the files license.txt (included in the distribution) and this copyright notice for more information. FreeRTOSTM and FreeRTOS.orgTM are trade marks of Real Time Engineers Ltd.

Latest News:

FreeRTOS V9.0.0 is now available for download.

Free TCP/IP and file system demos for the RTOS

Sponsored Links

⇓ Now With No Code Size Limit! ⇓
⇑ Free Download Without Registering ⇑

FreeRTOS Partners

ARM Connected RTOS partner for all ARM microcontroller cores

Renesas Electronics Gold Alliance RTOS Partner.jpg

Microchip Premier RTOS Partner

RTOS partner of NXP for all NXP ARM microcontrollers

Atmel RTOS partner supporting ARM Cortex-M3 and AVR32 microcontrollers

STMicro RTOS partner supporting ARM7, ARM Cortex-M3, ARM Cortex-M4 and ARM Cortex-M0

Xilinx Microblaze and Zynq partner

Silicon Labs low power RTOS partner

Altera RTOS partner for Nios II and Cortex-A9 SoC

Freescale Alliance RTOS Member supporting ARM and ColdFire microcontrollers

Infineon ARM Cortex-M microcontrollers

Texas Instruments MCU Developer Network RTOS partner for ARM and MSP430 microcontrollers

Cypress RTOS partner supporting ARM Cortex-M3

Fujitsu RTOS partner supporting ARM Cortex-M3 and FM3

Microsemi (previously Actel) RTOS partner supporting ARM Cortex-M3

Atollic Partner

IAR Partner

Keil ARM Partner

Embedded Artists