5.5.24 · D2 · HinglishEmbedded Systems & Real-Time Software

Visual walkthroughMemory protection units (MPU) — preventing stack overflow, access faults

2,249 words10 min read↑ Read in English

5.5.24 · D2 · Coding › Embedded Systems & Real-Time Software › Memory protection units (MPU) — preventing stack overflow, a

Neeche use kiya gaya har symbol wahan define kiya gaya hai jahan woh pehli baar aata hai. Koi bhi prior MPU knowledge assumed nahi hai.


Step 1 — Memory actually kya hai: numbered boxes ki ek line

KYA. "Protection" ka koi matlab banne se pehle, humein agree karna hoga ki kya protect ho raha hai. Memory ek lambi line hai choti-choti boxes ki, jisme se har ek ek byte rakhti hai (byte = 8 on/off switches ka group, ek number 0 se 255 tak store karne ke liye kaafi). Har box ka ek permanent house-number hota hai jise uska address kehte hain. Hum addresses hexadecimal (base-16) mein likhte hain, aage 0x laga ke — toh 0x20000000 bas "box number 536,870,912" hai, compactly likha gaya.

KYUN. MPU ka poora kaam ek yes/no sawaal ka jawab dena hai — "kya CPU ko abhi box number ko touch karne diya ja sakta hai?" — isliye address hi ek-maatra input hai jis par hum dhyan dete hain. Baaki sab kuch ke against comparison hai.

PICTURE. Boxes ki street dekho. RAM chip par, low addresses baayein draw ki gayi hain, high addresses daayein. Magenta arrow ek particular address mark karta hai jise CPU access karna chahta hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

In boxes ko stack mein kaise group kiya jaata hai, uske liye Stack memory layout dekho.


Step 2 — Stack: ek pile jo neeche ki taraf badhti hai

KYA. Stack woh RAM region hai jo ek task apne local variables aur return addresses ke liye use karta hai. Stack pointer (ise SP kaho) ek special CPU register hai — register CPU ke andar ek tiny ultra-fast storage box hota hai — jo hamesha current top of the pile ka address hold karta hai. ARM Cortex-M par, naya data push karne se SP decrease hota hai: stack lower addresses ki taraf badhta hai.

KYUN. Yeh ek fact — neeche ki taraf badhta hai — decide karta hai ki fence kahan lagaani chahiye. Agar stack upar badhti toh hum top par fence lagate; kyunki yeh neeche badhti hai, overflow bottom (lowest) address se takraata hai. Toh guard wahin lagni chahiye.

PICTURE. Task A ke paas bytes 0x20000000 se 0x20000400 tak hain (woh span bytes KB hai). Violet SP arrow upar se shuru hota hai aur har push use neeche slide karta hai. Danger zone bottom edge par hai 0x20000000 par.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Step 3 — Region: woh fence jo MPU samajhta hai

KYA. MPU arbitrary shapes fence nahi kar sakta. Yeh regions fence karta hai. Ek region sirf teen numbers se describe hota hai:

  • BASE — woh lowest address jo region cover karta hai.
  • SIZE — kitne bytes span karta hai (power of two hona chahiye, , ke saath taaki smallest region bytes ho).
  • permissions — andar kya kar sakte ho: read, write, execute, aur kya ordinary (unprivileged) tasks allowed hain ya sirf kernel.

KYUN. Powers of two, aur sirf powers of two, hardware ko membership test karne dete hain bit-mask se instead of slow arithmetic (hum Step 4 mein prove karte hain). Yeh constraint laziness nahi hai — yahi check ko itna fast banata hai ki ek hard real-time system ke liye kaafi ho jahan har access fixed, tiny number of clock cycles mein decide honi chahiye.

PICTURE. Street ke upar ek bracket ki tarah draw ki gayi ek region: uska left edge BASE hai, uski width SIZE hai, aur ek chota tag uski permissions list karta hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Step 4 — BASE aligned kyun hona chahiye: bit-mask trick

KYA. Ab hum dikhate hain kyun BASE ko SIZE ka multiple hona chahiye. Size ki ek region lo. Hardware " andar hai" test karta hai yeh check karke ki ke top bits BASE ke top bits ke barabar hain ya nahi, low bits ko ignore karke. Symbols mein, & ka matlab bitwise-AND:

KYUN. SIZE - 1 binary mein ones ki ek string hai (jaise ). Tilde ~ har bit flip kar deta hai, ek aisa mask deta hai jo high bits rakhta hai aur low ko zero karta hai. ko us se AND karna ko nearest multiple of par snap kar deta hai. Uski BASE se comparison ek single-cycle operation hai — koi adder nahi, koi loop nahi. Lekin yeh tabhi kaam karta hai jab BASE ke low bits zero hon; warna hardware silently BASE & ~(SIZE-1) use karta hai aur tumhara fence wahan shift ho jaata hai jahan tumne kabhi socha nahi tha (parent ka Mistake 1).

PICTURE. 0x20000000 ki binary 32-byte region ke liye: top bits (magenta) region tag hain, bottom 5 bits (orange) force zero hain. Un low bits mein se koi ek set karo aur fence teleport ho jaata hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Step 5 — Same spot par do regions: kaun jeetega?

KYA. Hum deliberately do overlapping regions stack bottom par rakhte hain:

  • Region 0 = poora 1 KB stack, permission RW (read/write allowed).
  • Region 1 = bottom 32 bytes, permission no access.

Dono regions us bottom sliver mein kisi bhi address se match karte hain. MPU ka tie-break rule hai: highest-numbered matching region jeetata hai.

KYUN. Hum chahte hain ki restrictive fence wahan permissive wale ko override kare. Guard ko higher number dena (Region 1 > Region 0) overlap mein "no access" ko final verdict banata hai — jabki stack ka baaki hissa, sirf Region 0 se match karta hai, RW rehta hai. Numbers badal do aur guard silently ignore ho jaata hai (parent ka Mistake 2).

PICTURE. Region 0 violet mein poora stack span karta hai; Region 1 (magenta) sirf bottom 32 bytes par baitha hai. Overlap mein magenta verdict jeetata hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Step 6 — Overflow: pehla byte edge ke upar fault karta hai

KYA. Task A bahut zyada push karta hai — ek 1 KB stack mein char buf[2048]. SP 0x20000020 se neeche slide karta hai, phir code 0x2000001F par write karta hai, jo bottom-32 guard ke andar hai. MPU check run karta hai: Region 1 match karta hai, uski permission no access hai, access ek write hai → violation.

KYUN. Yahan value immediacy mein hai. Guard ke bina, woh write silently neighbour ki memory mein land hoti aur ghanton baad kisi alag task ke andar detonate karti. Guard ke saath, pehla illegal byte pakda jaata hai, exact us instruction par jo cause kiya — ek impossible bug ko ek-line stack trace mein badal deta hai. Usi overflow ka attacker version dekhne ke liye Buffer overflow attacks dekho.

PICTURE. SP arrow orange guard line cross karta hai; ek burst 0x2000001F par faulting write mark karta hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Step 7 — Fault kya karta hai: handler par vectoring

KYA. MPU write ko abort kar deta hai memory change hone se pehle aur ek MemManage fault exception signal karta hai. CPU task ko stop karta hai, uski state save karta hai, aur ek fixed function MemManage_Handler() par jump karta hai. MMFAR (MemManage Fault Address Register) naam ka ek hardware register ab offending address 0x2000001F hold karta hai, toh handler ko exactly pata hota hai kya aur kahan hua.

KYUN. Yeh bridge hai "hardware ne na kaha" se "software decide karta hai aage kya" tak — task ko kill karo, log karo, ya reboot karo. Kyunki jump ek fixed vector hai fixed latency ke saath, response time deterministic hai, isliye ek MPU (general MMU nahi) exception-driven real-time code ke liye suit karta hai. Ek context switch ke dauran RTOS regions ko bhi reprogram karta hai taki har task ko apne fences milein.

PICTURE. Ek control-flow jump: task instruction → MPU veto → vector table → MemManage_Handler, MMFAR saath mein display hota hai.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults

Ek-picture summary

Upar sab kuch, compressed: downward-growing stack, do nested regions, highest-number-wins verdict, pehla overflowing byte, aur fault handler mein arrow — ek canvas.

Figure — Memory protection units (MPU) — preventing stack overflow, access faults
Recall Feynman retelling — plain words mein vapas bolo

Memory numbered boxes ki ek street hai; MPU ek guard hai jise box number dikhaya jaata hai har ek touch se pehle aur use allowed ya no bolna hota hai. Guard sirf un stretches ko fence kar sakta hai jo powers of two lambi hain aur matching round number par shuru hoti hain — kyunki yeh membership check karta hai low bits ko mask karke, isliye start ko misalign karne se fence teleport ho jaata hai. Ek task ka stack lower box numbers ki taraf badhta hai, toh main uska bottom fence karta hun. Main do fences same spot par laata hun: ek wide wali poore stack par jo kehti hai "read/write theek hai", aur ek tiny 32-byte wali bilkul bottom par jo kehti hai "koi nahi touch karta". Jab do fences overlap karti hain, bade number wali jeetti hai — toh main tiny strict fence ko bada number deta hun, aur woh "read/write" ko sirf edge par override karti hai. Jis instant ek runaway strcpy us bottom sliver mein ek byte likhta hai, guard kehta hai no, write cancel ho jaati hai memory change hone se pehle, aur "MemManage fault!" chilla deta hai. CPU task ko freeze karta hai, mere handler par jump karta hai, aur mujhe exact address MMFAR mein de deta hai — toh ek corruption jo pehle ghanton baad ek bilkul alag task mein surface hoti thi, ab guilty line par hi band ho jaati hai.

Recall Quick self-check

32-byte region ke base ke low 5 bits zero kyun hone chahiye? ::: Kyunki membership low bits ko mask karke test ki jaati hai jahan ; ek nonzero low bit hardware ko base neeche snap karne par majboor karta hai, fence move ho jaati hai. Stack neeche badhti hai — kaun sa end guard paata hai? ::: Bottom (lowest address), kyunki wahan overflow break through karta hai. Do regions same address match karte hain — ARM par kaun jeetata hai? ::: Highest-numbered matching region. Toh strict guard ko broad stack region se higher ya lower number milna chahiye? ::: Higher, taaki uska "no access" broad "RW" ko override kare. Kaun sa register handler ko faulting address batata hai? ::: MMFAR.