理解與應(yīng)用mpu用戶模式

（MPU_RASR）配置成某一個(gè)值，在特權(quán)(Privilegedpermissions)和用戶模式(Unprivilegedpermissions)的訪問(wèn)許可是不同解這些名詞，并討論在STM32MCU代碼中如何使用內(nèi)存保護(hù)單元MPU的特權(quán)與用戶模式。MPU(MemoryProtection用來(lái)設(shè)置內(nèi)存屬性的MPU_RASR寄存器字段描述如下：位26:數(shù)據(jù)訪問(wèn)許可(RO,RW或者無(wú)權(quán)限21:SCB155AP[2MPU（MPU_RASR）配置成某一個(gè)值，在特權(quán)(Privilegedpermissions)和用戶模式(Unprivilegedpermissions)的訪問(wèn)許可是不同STM32MCUMPU的特權(quán)與用戶模式。MPU(MemoryProtectionSRAM區(qū)域定義成不可執(zhí)行，來(lái)阻止代碼注入型攻擊。也可以用來(lái)改變內(nèi)存的性質(zhì)，例如是否允許緩存(Cache)。MPU_RASR寄存器字段描述如下：位26:數(shù)據(jù)訪問(wèn)許可(RO,RW或者無(wú)權(quán)限21:SCB155AP[2代碼擁有所有的訪問(wèn)許可；而代碼運(yùn)行在用戶模式，則訪問(wèn)權(quán)限受限制。限制包括在系統(tǒng)設(shè)計(jì)階段就定義的可運(yùn)行指令限制，PU3開(kāi)發(fā)板：STM32L476RGAP[2CorexPUPU代碼擁有所有的訪問(wèn)許可；而代碼運(yùn)行在用戶模式，則訪問(wèn)權(quán)限受限制。限制包括在系統(tǒng)設(shè)計(jì)階段就定義的可運(yùn)行指令限制，PU單元?jiǎng)討B(tài)所定義的內(nèi)存訪問(wèn)規(guī)則。圖表3在代碼中結(jié)合特權(quán)與用戶模式使用開(kāi)發(fā)板：STM32L476RGAP[2，和復(fù)制CORTEXM_MPU\Src\stm32_mpu.c到CORTEXM_ModePrivilege\Src目錄下STM32CubeSTM32Cube_FW_L4_V1.6.0可以發(fā)現(xiàn)，固件庫(kù)已分別實(shí)現(xiàn)了特權(quán)模式與用戶模式的切換（CORTEXM_ModePrivilege）MPU的配置（CORTEXM_MPU）。STM32MPU功能。CORTEXM_MPU\Src\stm32_mpu.cCORTEXM_ModePrivilege\Src目錄下在IAR下只需添加C文件。/*/*#include#include"stm32_mpu.h"/**@addtogroup*/**@addtogroup*/*GettheThreadmodestackused*/if((/*GettheThreadmodestackused*/if((get_CONTROL()&0x02)==SP_MAIN){/*Mainstackisusedasthecurrentstack*/CurrentStack=SP_MAIN;}{/*Processstackisusedasthecurrentstack*/CurrentStack=SP_PROCESS;/*Getprocessstackpointervalue*/PSPValue=get_PSP();}MPU_Config();/*added*/CORTEXM_ModePrivilegestm32_mpu.cstm32_mpu.h添加到工程文件中。IARKeil略有不同，IARC文件。/*/*#include#include"stm32_mpu.h"/**@addtogroup*/**@addtogroup*/*/*GettheThreadmodestackused*/if((get_CONTROL()&0x02)==SP_MAIN){/*Mainstackisusedasthecurrentstack*/CurrentStack=SP_MAIN;}{/*Processstackisusedasthecurrentstack*/CurrentStack=SP_PROCESS;/*Getprocessstackpointervalue*/PSPValue=get_PSP();}MPU_Config();/*added*/MPU_AccessPermConfig();/*added*/voidvoid{/*ConfigureregionforPrivilegedReadOnlyArrayasREGIONN?,32byteandRonlyinprivilegedmode*//*DisableMPU*/voidvoid{/*ConfigureregionforPrivilegedReadOnlyArrayasREGIONN?,32byteandRonlyinprivilegedmode*//*DisableMPU*/MPU_InitStruct.Enable=MPU_REGION_ENABLE;MPU_InitStruct.BaseAddressMPU_InitStruct.Enable=MPU_REGION_ENABLE;MPU_InitStruct.BaseAddress=ARRAY_ADDRESS_START;MPU_InitStruct.Size=ARRAY_SIZE;MPU_InitStruct.AccessPermission=portMPU_REGION_PRIVILEGED_READ_WRITE;MPU_InitStruct.IsBufferable=MPU_ACCESS_NOT_BUFFERABLE;MPU_InitStruct.IsCacheable=MPU_ACCESS_NOT_CACHEABLE;MPU_InitStruct.IsShareable=MPU_ACCESS_NOT_SHAREABLE;MPU_InitStruct.Number=ARRAY_REGION_NUMBER;MPU_InitStruct.TypeExtField=MPU_TEX_LEVEL0;MPU_InitStruct.SubRegionDisable=0x00;MPU_InitStruct.DisableExec=MPU_INSTRUCTION_ACCESS_ENABLE;/*EnableMPU(anyaccessnotcoveredbyanyenabledregionwillcauseafault)*//*ReadfromPrivilegedReadOnlyArray.Thiswillnotgenerateerror*/{PrivilegedReadOnlyArray[0]=}/*UncommentthefollowinglinetowritetoPrivilegedReadOnlyArray.Thiswillgenerateerror*/PrivilegedReadOnlyArray[0]=}/*Switch/*SwitchThreadmodefromprivilegedto /*Threadmodehasunprivilegedaccessset_CONTROL(THREAD_MODE_UNPRIVILEGED|/*ExecuteISBinstructiontoflushpipelineasrecommendedbyArm/*UnprivilegedaccessmainlyaffectabilityUseornotusecertaininstructionssuchasMSRAccessSystemControlSpace(SCS)registerssuchasNVICandSysTick/*CheckThreadmodeprivilegestatusif((get_CONTROL()&0x01)=={/*Threadmodehasprivilegedaccess*/ThreadMode=THREAD_MODE_PRIVILEGED;}{MPU_InitStruct.Enable=MPU_REGION_ENABLE;MPU_InitStruct.BaseAddressMPU_InitStruct.Enable=MPU_REGION_ENABLE;MPU_InitStruct.BaseAddress=ARRAY_ADDRESS_START;MPU_InitStruct.Size=ARRAY_SIZE;MPU_InitStruct.AccessPermission=portMPU_REGION_PRIVILEGED_READ_WRITE;MPU_InitStruct.IsBufferable=MPU_ACCESS_NOT_BUFFERABLE;MPU_InitStruct.IsCacheable=MPU_ACCESS_NOT_CACHEABLE;MPU_InitStruct.IsShareable=MPU_ACCESS_NOT_SHAREABLE;MPU_InitStruct.Number=ARRAY_REGION_NUMBER;MPU_InitStruct.TypeExtField=MPU_TEX_LEVEL0;MPU_InitStruct.SubRegionDisable=0x00;MPU_InitStruct.DisableExec=MPU_INSTRUCTION_ACCESS_ENABLE;/*EnableMPU(anyaccessnotcoveredbyanyenabledregionwillcauseafault)*//*ReadfromPrivilegedReadOnlyArray.Thiswillnotgenerateerror*/{PrivilegedReadOnlyArray[0]=}/*UncommentthefollowinglinetowritetoPrivilegedReadOnlyArray.Thiswillgenerateerror*/PrivilegedReadOnlyArray[0]=}/*Switch/*SwitchThreadmodefromprivilegedto /*Threadmodehasunprivilegedaccessset_CONTROL(THREAD_MODE_UNPRIVILEGED|/*ExecuteISBinstructiontoflushpipelineasrecommendedbyArm/*UnprivilegedaccessmainlyaffectabilityUseornotusecertaininstructionssuchasMSRAccessSystemControlSpace(SCS)registerssuchasNVICandSysTick/*CheckThreadmodeprivilegestatusif((get_CONTROL()&0x01)=={/*Threadmodehasprivilegedaccess*/ThreadMode=THREAD_MODE_PRIVILEGED;}{/*/*Threadmodehasunprivilegedaccess*/ThreadMode=THREAD_MODE_UNPRIVILEGED;}{PrivilegedReadOnlyArray[0]=}PrivilegedReadOnlyArray[0]=/*/*SwitchThreadmodefromprivilegedto /*Threadmodehasunprivilegedaccessset_CONTROL(THREAD_MODE_UNPRIVILEGED|/*/*Generateasystemcallexception,andintheISRswitchbackThreadmodetoprivileged*/@briefThisfunctionhandlesSVCall@param@retvalvoid{/*SwitchbackThreadmodetoprivilegedset_CONTROL(THREAD_MODE_PRIVILEGED|/*ExecuteISBinstructiontoflushpipelineasrecommendedbyArm}@briefThisfunctionhandlesMemoryManage@param@retvalvoid{/*GotoinfiniteloopwhenMemoryManageexceptionoccurs*/while(1)/*/*Threadmodehasunprivilegedaccess*/ThreadMode=THREAD_MODE_UNPRIVILEGED;}{PrivilegedReadOnlyArray[0]=}PrivilegedReadOnlyArray[0]=/*/*SwitchThreadmodefromprivilegedto /*Threadmodehasunprivilegedaccessset_CONTROL(THREAD_MODE_UNPRIVILEGED|/*/*Generateasystemcallexception,andintheISRswitchbackThreadmodetoprivileged*/@briefThisfunct