hujun260 opened a new pull request, #18185: URL: https://github.com/apache/nuttx/pull/18185
## Overview This PR implements comprehensive dynamic memory protection for ARM64 Armv8-R architecture using the Memory Protection Unit (MPU). It enables fine-grained access control for both user task stacks and heaps during runtime context switches and task execution. ## Changes ### 1. Dynamic Stack Protection (14df25d5352) - Enables `CONFIG_ARCH_STACK_PROTECT` mode for user stack isolation - Configures MPU regions to protect stack boundaries via `up_addrenv_ustackswitch()` - Prevents unauthorized stack access by creating kernel-only background regions - Regions are dynamically reconfigured on every context switch based on task stack allocation ### 2. Dynamic Heap Protection (0ec49386002) - Enables `CONFIG_MM_TASK_HEAP` mode for per-task heap isolation - Implements `mpu_update()` function to dynamically configure heap MPU regions - Creates isolated heap regions with user read/write permissions - Surrounds heap with kernel-only background regions for access control ## Technical Details ### MPU Region Layout +-----------------------------------+ | Kernel Background Region (RW) | +-----------------------------------+ | User Heap (RW) or Stack (RW) | Dynamic regions +-----------------------------------+ | Kernel Background Region (RW) | +-----------------------------------+ | User Stack (RW) or Heap (RW) | Dynamic regions +-----------------------------------+ | Kernel Background Region (RW) | +-----------------------------------+ ### Key Functions - `mpu_update()`: Configures MPU regions based on task's current stack/heap allocation - `mpu_init_heap_region()`: Allocates and initializes heap-related MPU regions - `up_addrenv_ustackswitch()`: Updates MPU configuration during context switch ### Memory Attributes - User regions: `NOT_EXEC | P_RW_U_RW_MSK | SHAREABLE_MSK` - Kernel background: `NOT_EXEC | P_RW_U_NA_MSK | SHAREABLE_MSK` - All regions use SRAM memory attribute ## Build Configuration This feature requires the following NuttX configuration options: - `CONFIG_ARCH_HAVE_MPU=y` - Enable MPU support - `CONFIG_ARCH_USE_MPU=y` - Use MPU for address environment - `CONFIG_MM_TASK_HEAP=y` - Enable per-task heap - `CONFIG_ARCH_STACK_PROTECT=y` - Enable stack protection (optional) ## Testing Tested on: - FVP-V8R (ARM64 Armv8-R Full Virtual Platform) - Cortex-R82 based platforms ## References - ARM64 Armv8-R Architecture Profile - ARM Memory Protection Unit (MPU) Specification - NuttX Address Environment Interface (`include/nuttx/addrenv.h`) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
