Part IV: Memory Protection
QuantumRT integrates robust Memory Protection capabilities designed to enhance system stability, security, and reliability by isolating tasks and system resources. Utilizing the hardware MPU available on ARM Cortex processors, QuantumRT provides key capabilities described in this chapter.
Privileged and Unprivileged Modes
QuantumRT operates using two execution levels:
Privileged Mode - Full access to system memory, peripherals, and kernel functions
Unprivileged Mode - Restricted access enforced by the MPU
Threads in QuantumRT can run in either mode, while the kernel, idle thread, and ISRs execute in privileged mode. This ensures user threads cannot directly modify critical system resources, significantly enhancing system stability and security.
Thread Stack Isolation
QuantumRT isolates individual thread stacks, preventing tasks from inadvertently accessing or corrupting each other’s memory. Stack isolation ensures that a fault within one thread will not propagate to other threads, enhancing system reliability. Thread stack memory must not be shared with devices such as DMA engines or Ethernet controllers, as device-side writes can corrupt the stack and break context switching.
Kernel Isolation
QuantumRT safeguards the kernel’s internal data structures and memory regions, ensuring tasks cannot directly access or modify kernel memory. Kernel isolation provides critical protection against accidental corruption and malicious exploits.
RAM and Peripheral Access Control
QuantumRT allows fine-grained control over RAM and peripheral access by restricting which tasks can access specific hardware resources. RAM regions are configured as normal memory to optimize performance through caching and efficient memory access, while peripheral regions are configured as device memory to ensure predictable, sequential access to hardware registers.
Memory Regions
QuantumRT defines a fixed set of memory regions configured at thread creation. These regions isolate ROM, RAM, peripherals, system control, and thread stacks.
Region Type |
Memory Type |
Shareable |
Execute |
Privileged Access |
Unprivileged Access |
|---|---|---|---|---|---|
ROM |
Normal, Write-Through |
No |
Yes |
Read-Only |
Read-only |
RAM |
Normal, Write-Back Write-Allocate¹ |
Yes |
No |
Read/Write |
No Access |
QRT ROM |
Normal, Write-Through |
No |
Yes |
Read-Only |
No Access |
QRT RAM |
Normal, Write-Back Write-Allocate¹ |
No |
No |
Read/Write |
No Access |
Peripheral |
Device / Device-nGnRE |
Yes |
No |
Read/Write |
No Access |
Thread Stack |
Normal, Write-Back¹ |
No |
No |
Read/Write |
Read/Write |
Note
¹ Read-Allocate is supported only on ARMv8-M. ARMv7-M supports Write-Allocate as part of fixed Write-Back behavior but does not allow explicit control over allocation policy.
Users can define additional thread memory regions with qrt_mpu_regionadd() as needed.
Memory Fault Reporting
QuantumRT provides detailed memory fault reporting to assist developers in diagnosing and resolving MPU violations efficiently. When an MPU fault occurs, QuantumRT captures and reports the following critical details:
Faulting Thread - The identifier of the thread that caused the violation
Fault Address - The memory address that triggered the fault
Faulting Instruction - The Program Counter (PC) at the time of the fault
Fault Status Code - The raw Configurable Fault Status Register (CFSR) value for full debugging insight
The most recent fault details are passed to the custom fault callback if set using qrt_mpu_faultcallbackset().
Upon detection, the violating thread is terminated, and all mutexes it holds are unlocked to prevent deadlocks.
Note
Memory Fault reporting is not available on ARMv6-M and ARMv8-M Baseline.
Configuration
If the MPU is enabled, it must be initialized with qrt_mpu_init() before the kernel is started with qrt_kernelstart().
If the MPU is enabled but not properly initialized, the kernel initialization may fail or trigger an assertion.
QuantumRT requires a correctly configured linker script to define memory regions and ensure proper task and kernel placement. Users are encouraged to refer to the demo application for a working example of a linker script configuration. Modify the script as needed to match your specific hardware requirements.