一些嵌入式系统都具有多任务的能力,在这些系统上会涉及到多个任务对于系统资源的使用,对这些系统资源的保护,也就是本章的主题。
有两种方法控制对系统资源的访问。第一种是unprotected:这种系统依赖于软件层面对于资源的保护,没有专用的硬件监管内存和外设的使用。第二种是protected system:通过软件和硬件对系统资源进行保护,具有专用的硬件确认和限制对资源的访问。在这种系统中,任务行为需要符合运行环境定义的一系列规则也要接受硬件的制约,硬件层面给程序监控资源提供了特权。因此第二种方法比第一种方法具有更好的保护能力。
ARM提供了一系列具有硬件层面保护系统资源的处理器。分为2类,第一类是配备了MPU(memory protection units)的处理器, hardware protection over several software-designated regions.第二类是配备MMU的处理器,提供了硬件保护并且增加了虚拟内存的能力。
本章就是讲述MPU的处理器,下一章再讲解MMU。
本章内容如下
1. Protected Regions
2. Initializing the MPU, Caches , and Write buffer
3. Demonstration of an MPU System
在开始本章之前先大致讲解一下region是什么,才能进一步讲解MPU是如何在regions的基础上提供硬件保护能力的。
Region
A region is a set of attributes associated with an area of memory.The processor core holds these attributes in several CP15 registers and identifies each region by a number, which ranges between 0 and 7.
A region’s memory boundaries are configured using two attributes,
attributes | |
---|---|
the starting address | |
its length | which can be any power of two between 4 KB and 4 GB |
the operation system assigns additional attributes to these regions
additional attributes | |
---|---|
access rights | The access to a region in memory is set as read-write, read-only, or no access and is subject to additional rights based on the current processor mode, which is either privileged or user. |
the cache and write buffer policies | which controls cache and write buffer attributes. |
For example, one region can be set to access memory using a writethrough policy, while another operates as noncached and nonbuffered.
访问region过程:
When the processor accesses a region in main memory, the MPU compares the region’s access permission attributes with the current processor mode to determine what action it will take. If the request satisfies the region access criteria, the core is allowed to read or write to main memory. However, if the memory request results in a memory access violation, the MPU will generate an abort signal.
abort handler会决定abort类型是prefetch or data abort。
region生命周期
region可以被创建并且持续整个嵌入式系统的生命周期,又或者临时创建用来满足某一特殊的操作然后就移除。
如何安排和创建regions就是接下来一节的内容。
Protected Regions |
当前的ARM产品中包含MPU的有如下几个:
the ARM740T, ARM940T, ARM946E-S, and the ARM1026EJ-S.
The ARM740T, ARM946E-S, and ARM1026EJ-S each contain 8 protection regions;
The ARM940T contains 16 protection regions
Regions是独立于冯诺依曼和哈弗架构的。每个region都有region number范围0~7.
第一类包含8个regions的芯片使用了统一的指令和数据regions。第二类芯片使用了独立的指令和数据regions,每个region number具有一对regions,所以有16个regions。
There are several rules that govern regions
1. Regions can overlap other regions.
2. Regions are assigned a priority number that is independent of the privilege assigned to the region.
3. When regions overlap, the attributes of the region with the highest priority number take precedence over the other regions. The priority only applies over the addresses within the areas that overlap.
4. A region’s starting address must be a multiple of its size.
5. A region’s size can be any power of two between 4 KB and 4 GB—in other words, any of the following values: 4 KB, 8 KB, 16 KB, 32 KB, 64 KB, … , 2 GB, 4 GB.
6. Accessing an area of main memory outside of a defined region results in an abort. The MPU generates a prefetch abort if the core was fetching an instruction or a data abort if the memory request was for data.
13.1.1-Overlapping Regions |
13.1.2-Background Regions |
13.2 Initializing the MPU,Caches , and Write buffer |
在控制系统开启protection unit之前必须最少定义一个data region和一个instruction region。The protection unit必须在caches and write buffer使能的同时或者之前使能(enable)。
控制系统使用CP15 register c1,c2,c3,c5 and c6来配置MPU。如下图所示:
初始化 the MPU, caches, and write buffer 的步骤如下:
1. Define the size and location of the instruction and data regions using CP15:c6.
2. Set the access permission for each region using CP15:c5.
3. Set the cache and write buffer attributes for each region using CP15:c2 for cache and CP15:c3 for the write buffer.
4. Enable the caches and the MPU using CP15:c1.
13.2.1-Defining Region Size and Location |
为了定义每个region的尺寸和位置,嵌入式系统需要写入到八个secondary registers之一,CP5:c6:c0:0 to CP5:c6:c7:0. Each secondary coprocessor register number maps to the corresponding region number identifier.
The bit fields and the format of the eight secondary registers CP15:c6:c0 to CP15:c6:c7 are shown in Figure 13.3 and Table 13.3.
为了设置region的大小,N的值可以参考Table 13.4
N的取值被硬件设计所限制,范围11~31,相应大小范围为4KB~4GB。Base address需要大于4KB并且是[5:1]bits 所表示size的整数倍。
在The ARM740T, ARM946E-S, and ARM1026EJ-S processors each have eight regions中.为了设置size和location需要写入到secondary register in CP5 : c6 : cX.
如下面的例子,就是设置region 3的大小和位置。
Example
MOV r1, #0x300000 // set starting address
MOV r1, r1, #0x11 << 1 // set size to 256KB
MCR p15, 0, r1, c6, c3, 0
ARM940T data and intsurction各有8个regions,所以有着不同的设置方法,具体参考p468.
此外设置起始地址,region大小和enable位的具体代码,参照p469~470.
13.2.2-Access Permission |
There are two sets of access permission schemes avaliable, a standard set and a extended set.
所有核心都支持标准级-包含了4层访问权限。较新的ARM946E-S和ARM1026EJ-S支持扩展集-其中增加了2层访问级(如table 13.5,0101,0110两种情况,其余的是不可预知的)
支持扩展集的处理器也支持软件运行在标准集上。其实际运行的 permission类型取决于最后一次向CP15 AP register的写入操作。如果最后一次是写入标准AP寄存器,则核心使用标准集;如果最后一次写入扩展AP寄存器,则核心使用扩展集。之所以有这样的效果,是因为向标准AP寄存器写入也会更新扩展AP寄存器,意味着扩展AP region entry的high bits[2:3]会被清除。
当使用标准AP的时候,每个region使用CP15:c5:c0:0 sets the AP for data, and CP15:c5:c0:1 sets the instruction region.
MRC p15, 0, r1, c5, c0, 0; Std AP Data Regions
MRC p15, 0, r2, c5, c0, 1; Std AP Inst Regions
此外使用扩展AP代码如下:
MRC p15, 0, r3, c5, c0, 2; Extended AP Data Regions
MRC p15, 0, r4, c5, c0, 3; Extended AP Inst Regions
(具体的很多内容请参照p472~474)
13.2.3-Setting Region Cache and Write buffer Attributes |
三个 CP15 寄存器控制着cache and write buffer attributes。
如图:
The cache bit determines if the cache is enabled for a given address within the region. In the ARM740T and ARM940T, the cache is always searched, regardless of the state of the cache bit. If the controller finds a valid cache entry, it will use the cached data over data in external memory.
Because of this cache behavior, the MPU control system must do operations when changing cache policy(see following table).
operations | when changing cache policy |
---|---|
flush the cache | from writethrough to noncached |
clean and flush the cache | from writeback to noncached |
clean the cache | from writeback to writethrough |
The eight region write buffer bits in the register CP15:c3:c0:0 enable or disable the write
buffer for each region (again see Figure 13.5).
When configuring data regions, the region cache and write buffer bits together determine the policy of the region. The write buffer bit has two uses; it enables or disables the write buffer for a region and sets the region cache write policy.Table 13.8 gives a tabular view of thevarious states of the cache and write buffer bits and their meanings.
书上使用代码例子现实了如何设置cache and write buffer attributes。具体参照p476~477
13.2.4-Enabling Regions and the MPU |
13.3 Demonstration of an MPU System |
We have provided a set of routines to use as building blocks to initialize and control a protected system. This section uses the routines described to initialize and control a simple protected system using a fixed memory map.
Here is a demonstration that uses the examples presented in the previous sections of this chapter to create a functional protection system. It provides an infrastructure that enables the running of three tasks in a simple protected multi-tasking system. We believe it provides a suitable demonstration of the concepts underlying the ARM MPU hardware. It is written in C and uses standard access permission.
具体内容暂时不学习了,以后有功夫再继续学习,参照p478~487
13.3.1-System Requirements |
13.3.2-Assigning Regions using a Memory map |
13.3.3-Initializing the MPU |
13.3.4-Initializing and configure the a region |
13.3.5-Putting it all together , initializing the MPU |
13.3.6-A protected Context Switch |
13.3.7-MPUSLOS |
Summary |
There are two methods to handle memory protection. The first method is known as unprotected and uses voluntarily enforced software control routines to manage rules for task interaction. The second method is known as protected and uses hardware and software to enforce rules for task interaction. In a protected system the hardware protects areas of memory by generating an abort when access permission is violated and software responds to handle the abort routines and manage control to memory-based resources.
An ARM MPU uses regions as the primary construct for system protection. A region is a set of attributes associated with an area of memory. Regions can overlap, allowing the use of a background region to shield a dormant task’s memory areas from unwanted access by the current running task.
Several steps are required to initialize the MPU, included are routines to set various region attributes. The first step sets the size and location of the instruction and data regions using CP15:c6. The second step sets the access permission for each region using CP15:c5. The third step sets the cache and write buffer attributes for each region using CP15:c2 for