Thank you Gregory! I have never really had time to dig into ARM's MPU implementation but the reason I thought it was possible is because FreeRTOS 10 claims that its unprivileged tasks can run segregated with access limited to its own stack and up to three user definable memory regions. I guess I am gonna have to dig and learn more about the MPU!
Thanks again, On Thu, 4 Nov 2021 at 20:40, Gregory Nutt <spudan...@gmail.com> wrote: > > ... I do have a question: considering an MCU with a > > Memory Protection Unit, is it possible to have some threads running > > isolated from each other? I understand that using the protected build we > > can only have two spaces: kernel and user. So if I wanted to have > protected > > threads running in such a system, they would have to be built as part of > > the kernel blob and thus, would all have access to the same address > space. > > Yea, there are kernel threads can can be created using kthread_create(). > Kernel threads run entirely in the protected address space in supervisor > mode. There are some differences from user space tasks: > > - The cannot be created by application logic. They need to be created by > you board-specific startup logic (either board_late_initialize() or > board_app_initialize(). > - They cannot have pthreads. pthreads expect to run in user space. > - You cannot use all normal application interfaces. You have to use > internal OS interfaces. For example, you cannot call printf() in the OS > but you can call syslog(). You should not use file descriptors. Instead, > there are are special OS internal interfaces for file system access, > network access, etc. > > You basically have to use a completely different programming model. > > > Is it possible to have multiple protected spaces? What if I wanted that > > threads "A" and "B" run on their own address space with segregated RAM > > (such that "A" can't access "B"s memory and vice-versa) while threads "C" > > and "D" run in user space? > > No, not with an MPU. That is a hardware limitation. An MPU can only > assign regions to supervisor -ode or user=/spupervisor-mode access. There > is no other. > > If you need that behavior, then you need a CPU with an MMU and you need to > use the KERNEL build mode, not the PROTECTED build mode. In the KERNEL > build tasks are normally called "processes" and each process executes in > its own private, protected virtual address space. > -- Fábio Pereira Embedded Software and Hardware Designer embeddedsystems.io github.com/fabiopjve
