You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nuttx.apache.org by Fabio Pereira <fa...@gmail.com> on 2021/11/05 00:17:18 UTC
Protected threads
Hi!
I am new to this list. I have played with Nuttx in the past but now there
is an opportunity to put it to use in a real application!
While this is exciting, I do have a question: considering an MCU with a
Memory Protection Unit, is it possible to have some threads running
isolated from each other? I understand that using the protected build we
can only have two spaces: kernel and user. So if I wanted to have protected
threads running in such a system, they would have to be built as part of
the kernel blob and thus, would all have access to the same address space.
Is it possible to have multiple protected spaces? What if I wanted that
threads "A" and "B" run on their own address space with segregated RAM
(such that "A" can't access "B"s memory and vice-versa) while threads "C"
and "D" run in user space?
Thanks in advance and sorry if this is not the right place for asking!
--
Fábio Pereira
Embedded Software and Hardware Designer
embeddedsystems.io
github.com/fabiopjve
Re: Protected threads
Posted by MIGUEL ALEXANDRE WISINTAINER <tc...@hotmail.com>.
Nice!
Now 3 Brazilians ? Alan , Fábio and Miguel ?
More ?
Enviado do meu iPhone
> Em 4 de nov. de 2021, à(s) 21:18, Fabio Pereira <fa...@gmail.com> escreveu:
>
> Hi!
>
> I am new to this list. I have played with Nuttx in the past but now there
> is an opportunity to put it to use in a real application!
> While this is exciting, I do have a question: considering an MCU with a
> Memory Protection Unit, is it possible to have some threads running
> isolated from each other? I understand that using the protected build we
> can only have two spaces: kernel and user. So if I wanted to have protected
> threads running in such a system, they would have to be built as part of
> the kernel blob and thus, would all have access to the same address space.
> Is it possible to have multiple protected spaces? What if I wanted that
> threads "A" and "B" run on their own address space with segregated RAM
> (such that "A" can't access "B"s memory and vice-versa) while threads "C"
> and "D" run in user space?
>
> Thanks in advance and sorry if this is not the right place for asking!
>
> --
> Fábio Pereira
> Embedded Software and Hardware Designer
> embeddedsystems.io
> github.com/fabiopjve
Re: Protected threads
Posted by Gregory Nutt <sp...@gmail.com>.
> - You cannot use all normal application interfaces. You have to use
> internal OS interfaces. For example, you cannot call printf() in the OS
> but you can call syslog(). You should not use file descriptors. Instead,
> there are are special OS internal interfaces for file system access,
> network access, etc.
>
> This might actually work .. using application-only interfaces inside the
OS. But there could be some gotchas in doing that and architecturally, it
is a pretty ugly thought: You would have to duplicate the entire user
interface within the OS. That would be quite large and would most likely
have some kind of issues.
Re: Protected threads
Posted by Fabio Pereira <fa...@gmail.com>.
Thank you Gregory!
I have never really had time to dig into ARM's MPU implementation but the
reason I thought it was possible is because FreeRTOS 10 claims that its
unprivileged tasks can run segregated with access limited to its own stack
and up to three user definable memory regions. I guess I am gonna have to
dig and learn more about the MPU!
Thanks again,
On Thu, 4 Nov 2021 at 20:40, Gregory Nutt <sp...@gmail.com> wrote:
> > ... I do have a question: considering an MCU with a
> > Memory Protection Unit, is it possible to have some threads running
> > isolated from each other? I understand that using the protected build we
> > can only have two spaces: kernel and user. So if I wanted to have
> protected
> > threads running in such a system, they would have to be built as part of
> > the kernel blob and thus, would all have access to the same address
> space.
>
> Yea, there are kernel threads can can be created using kthread_create().
> Kernel threads run entirely in the protected address space in supervisor
> mode. There are some differences from user space tasks:
>
> - The cannot be created by application logic. They need to be created by
> you board-specific startup logic (either board_late_initialize() or
> board_app_initialize().
> - They cannot have pthreads. pthreads expect to run in user space.
> - You cannot use all normal application interfaces. You have to use
> internal OS interfaces. For example, you cannot call printf() in the OS
> but you can call syslog(). You should not use file descriptors. Instead,
> there are are special OS internal interfaces for file system access,
> network access, etc.
>
> You basically have to use a completely different programming model.
>
> > Is it possible to have multiple protected spaces? What if I wanted that
> > threads "A" and "B" run on their own address space with segregated RAM
> > (such that "A" can't access "B"s memory and vice-versa) while threads "C"
> > and "D" run in user space?
>
> No, not with an MPU. That is a hardware limitation. An MPU can only
> assign regions to supervisor -ode or user=/spupervisor-mode access. There
> is no other.
>
> If you need that behavior, then you need a CPU with an MMU and you need to
> use the KERNEL build mode, not the PROTECTED build mode. In the KERNEL
> build tasks are normally called "processes" and each process executes in
> its own private, protected virtual address space.
>
--
Fábio Pereira
Embedded Software and Hardware Designer
embeddedsystems.io
github.com/fabiopjve
Re: Protected threads
Posted by Gregory Nutt <sp...@gmail.com>.
> ... I do have a question: considering an MCU with a
> Memory Protection Unit, is it possible to have some threads running
> isolated from each other? I understand that using the protected build we
> can only have two spaces: kernel and user. So if I wanted to have
protected
> threads running in such a system, they would have to be built as part of
> the kernel blob and thus, would all have access to the same address space.
Yea, there are kernel threads can can be created using kthread_create().
Kernel threads run entirely in the protected address space in supervisor
mode. There are some differences from user space tasks:
- The cannot be created by application logic. They need to be created by
you board-specific startup logic (either board_late_initialize() or
board_app_initialize().
- They cannot have pthreads. pthreads expect to run in user space.
- You cannot use all normal application interfaces. You have to use
internal OS interfaces. For example, you cannot call printf() in the OS
but you can call syslog(). You should not use file descriptors. Instead,
there are are special OS internal interfaces for file system access,
network access, etc.
You basically have to use a completely different programming model.
> Is it possible to have multiple protected spaces? What if I wanted that
> threads "A" and "B" run on their own address space with segregated RAM
> (such that "A" can't access "B"s memory and vice-versa) while threads "C"
> and "D" run in user space?
No, not with an MPU. That is a hardware limitation. An MPU can only
assign regions to supervisor -ode or user=/spupervisor-mode access. There
is no other.
If you need that behavior, then you need a CPU with an MMU and you need to
use the KERNEL build mode, not the PROTECTED build mode. In the KERNEL
build tasks are normally called "processes" and each process executes in
its own private, protected virtual address space.