Shuru karne se pehle, is page mein use hone waale har word aur register field ko build karte hain — kuch bhi assumed nahi hai. Vocabulary block padho, phir neeche ke do picture-maps study karo; traps unhi se refer karte hain.
Agla picture dikhata hai ki ek guard region ek stack ke saath kaise overlap karta hai aur alignment aur priority kyun matter karti hai:
Stack ke bottom par amber guard band dekho (low addresses). Broad cyan stack region aur amber guard wahan overlap karte hain — aur kyunki guard ka higher region number hai, uska "no access" rule un bytes par win karta hai.
Doosri picture ek region ko uske 8 subregions mein cut hote aur ek slice disabled hote dikhati hai:
Region ek power-of-two block hai; dashed white lines ise 8 equal eighths mein split karti hain, aur amber-crossed slice woh hai jiska subregion-disable bit set hai — base move kiye bina ek hole punch kiya gaya.
An MPU translates virtual addresses to physical addresses like an MMU does.
False. Ek MPU purely physical addresses par kaam karta hai — yeh sirf accesses ko permit ya deny karta hai, kabhi remap nahi karta; translation ek MMU ka kaam hai.
If no MPU region matches an address, the access is always denied.
False. Yeh PRIVDEFENA par depend karta hai: agar set hai, privileged code ko unmatched addresses ke liye default background map milta hai; agar clear hai, unmatched access fault karta hai.
A stack guard region must be large to catch overflows.
False. Ise sirf minimum 32 bytes hone ki zaroorat hai — overflow boundary cross karta hai aur guard ke andar pehla byte fault karta hai chahe guard kitna bhi choda ho.
Marking the stack Execute-Never (XN) stops all stack overflows.
False. XN stack par injected code ko execute karna rokta hai; yeh overflow karne wali write ko rokne ke liye kuch nahi karta. Uske liye tumhe ek guard region chahiye. Buffer overflow attacks dekho.
When two regions overlap on ARM Cortex-M, the lower-numbered region wins.
False. Highest-numbered matching region win karta hai, isliye restrictive guard ko higher number dena zaroori hai.
An MPU makes a real-time system slower and less predictable.
False. Permission check access ke saath same cycle mein fixed latency ke saath hota hai, isliye yeh determinismpreserve karta hai — faults ek bounded, known time par hote hain.
A 1 KB region can start at address 0x2000_0010.
False. Base region size se align honi chahiye; ek 210 region ke low 10 bits zero hone chahiye, isliye nearest legal base 0x2000_0000 hai.
The MPU can protect a peripheral so user tasks fault but the kernel still writes to it.
True. AP field ko privileged-RW / user-none set karo; peripheral privileged mode mein reachable hai aur user mode mein fault karta hai.
Enabling the MPU without configuring any regions is safe.
False (usually). PRIVDEFENA off ke saath, har address — including code jo tum run kar rahe ho — ka koi matching region nahi hoga aur instantly fault karega, boot hang karega.
Subregion disable lets you protect an arbitrary byte range inside a region.
Partly — yeh sirf poore eighths switch off karne deta hai, aur sirf ≥256 B ke regions ke liye; tum region size ke ek-eighth se zyada fine hole nahi kar sakte.
"I set base = 0x20000010 for a 64-byte region to protect bytes 0x10–0x50."
Hardware ek 26 region ke base ke low 6 bits mask karta hai, isliye yeh silently 0x2000_0000–0x2000_0040 protect karta hai — woh window nahi jo tum chahte the. Apna layout realign karo.
"Guard is Region 0 (I configured it first), broad RW stack is Region 1."
Backwards priority. Higher number (Region 1, RW stack) overlap par win karta hai, isliye guard ignore hota hai aur overflows undetected jaate hain. Guard ko higher number do.
"I placed the guard region at the top of a downward-growing stack."
Ek downward stack apne low end se overflow karta hai, isliye guard bottom boundary par hona chahiye; top guard kabhi hit nahi hota. Stack memory layout mein growth direction check karo.
"MemManage fault fired, so I read the faulting address from a global variable I made."
Tumhe hardware MMFAR register (MemManage Fault Address Register) padhna chahiye aur pehle MMFSR (fault status register) mein uska valid-bit check karna chahiye — woh hardware pair offending address handler ke liye record karta hai.
"To carve a hole in a big region I lowered its size."
Size shrink karna poori boundary move karta hai; hole punch karne ke liye subregion disable use karo (har region 8 eighths mein split hota hai aur tum individual slices switch off karte ho), jo base touch kiye bina one-eighth pieces remove karta hai.
"I gave the heap AP = RW and left XN clear because heaps only hold data."
XN (execute-never) clear karna heap par injected bytes ko execute hone deta hai; ek code-injection attack wahan jump kar sakta hai. Data regions XN hone chahiye. Buffer overflow attacks dekho.
Why does the guard region trigger on the very first overflowing write, not later?
MPU har access ko complete hone se pehle check karta hai, isliye jis moment stack pointer ki write no-access guard ke andar land karti hai, CPU fault par vector karta hai neighbouring memory corrupt karne ki jagah.
Why must the most restrictive region get the highest number?
Kyunki overlap ties highest number winning se break hote hain; agar permissive background guard ko outrank karta, guard ka "no access" override ho jaata aur useless ho jaata.
Why prefer an MPU over an MMU in a car ECU or pacemaker?
Koi page tables nahi matlab fixed, low, predictable fault latency aur koi translation stalls nahi — critical hai jahan ek missed deadline safety failure hai, slowdown nahi.
Why does XN on the stack defend against classic exploits even if the attacker fully controls stack bytes?
Return address overwrite execution ko stack ke andar point kar sakta hai, lekin XN stack addresses se kisi bhi instruction-fetch ko fault karta hai, isliye redirected code run nahi kar sakta.
Why does the MPU raise a fault instead of just returning a garbage value on a bad read?
Ek silent garbage value bug ko invisibly propagate hone deta; faulting immediately control MemManage_Handler ko deta hai taaki tum exact instruction par culprit task pakad sako.
Why re-program MPU regions on every RTOS task switch?
Har task ka alag stack aur permission set hota hai; scheduler ko region config swap karni padti hai taaki incoming task ke fences (aur sirf uske apne) enforce hon.
Why does a region size always have to be a power of two?
MPU "kya yeh address region mein hai?" low bits mask karke decide karta hai — ek test jo sirf tab cleanly kaam karta hai jab size 2n ho aur base ke low n bits zero hon, jo arbitrary comparator se kaafi sasta hai.
What happens with a zero-size or size-below-32-bytes region?
Yeh illegal hai — minimum ARM MPU region 32 bytes hai (25); chhoti values encodable nahi hain aur region simply woh protect nahi karega jo tum chahte ho.
What if a single access straddles two regions with different permissions?
Aligned access ke liye yeh ho nahi sakta, lekin ek unaligned access jo boundary cross kare har part ke liye winning region ke against evaluate hota hai aur fault karta hai agar koi bhi part denied ho — data naturally aligned rakhne ki ek aur wajah.
What if PRIVDEFENA is set and a privileged task overflows into unmapped-by-region space?
Background default map privileged write ko silently succeed karne deta hai — isliye guard regions explicit regions hone chahiye, background par nahi chhodne chahiye, warna privileged overflows undetected rahengi.
What happens to an execute access on an XN region that otherwise allows read/write?
Read/write succeed karte hain lekin instruction fetch fault karta hai; XN, AP data permissions se orthogonal hai, sirf access ke fetch dimension ko control karta hai.
What if two guard regions and a stack region all overlap the same byte?
Sirf single highest-numbered matching region ke rules apply hote hain — doosre us byte ke liye bilkul ignore hote hain, isliye guards stack karna kuch nahi laata; inhe number karo taaki strictest highest ho.
Can you subregion-disable a 64-byte region to skip its middle 32 bytes?
Nahi — 8 subregions mein se har ek sirf 8 bytes hoga, 32-byte floor se neeche, isliye subregion disable 256 bytes se chhote regions ke liye unavailable hai.
Recall Quick self-test
The guard wins because it has the ::: highest region number among matching regions.
A region base must align to ::: its own size (size is a power of two, low n bits zero for a 2n region).
XN (execute-never) protects against ::: executing injected code, not against the overflowing write itself.
Minimum ARM MPU region size is ::: 32 bytes (25).
MMFAR holds the ::: faulting address on a MemManage fault, with its validity flagged in MMFSR.
A region is internally split into ::: 8 equal subregions, each individually disable-able.