0

I need to implement a multitasking system with MPU for ARM Cortex M3/M4 processors.

In that system, there will be a Kernel which manages resource in Privileged mode and user applications in Unprivilege mode. And I want to seperate User Application from rest of it and system resources.

Therefore, when I switch to a new task, I am releasing Stack and Global Memory area of user application. It can be done easily using ARM Cortex MPU registers.

But problem is that, when a context switching is occurred, I need to use also some global variables of Kernel.

For example, I am calling a function to get next TCB in PendSV Handler during context switching but task pool is out of user app area and it is protected from user application.

So, it seems there should be balance, right? What are the secure and efficient strategies for memory protection?

Privilieged mode can be raised before context switching when Yield function is called but it does not seem a good solution.

What are the general strategies on that issue?

artless noise
  • 21,212
  • 6
  • 68
  • 105
muratcakmak
  • 325
  • 2
  • 14
  • 1
    It would seem that any operating system function that can result in context switch will need to go into privileged mode, reverting back to unprivileged only after it "returns" to complete the context switch. This is how the kernels I've worked with handle context switches. While in privileged mode, which areas of memory are protected can be changed as needed as part of the context switch. – rcgldr Oct 22 '16 at 07:43

1 Answers1

2

Perhaps you might take a look at an existing open source implementation and see what design decisions were made there. FreeRTOS for example has Cortex-M MPU support here; it may not answer your exact question directly and you may have to inspect the source code to get complete details.

Possibly divide the data memory into three regions - user, kernel and shared.

Clifford
  • 88,407
  • 13
  • 85
  • 165