Memory protection around location 0

Andrei Chichak · ‎2017-02-28

Posted on February 28, 2017 at 19:57

I've been putting together an article on DMA and one of my examples uses DMA to CRC the Flash memory array of a '407 processor.

In comparing the speed of DMA to iterative assignment, I found that DMA will succeed in moving 1MB starting at location 0, whereas dereferencing a pointer that points at location 0 gives me IBUSERR. By using the same code, just going after the code Flash at location 0x0800 0000 gets around the issue.

Is there some sort of default memory protection for programatically reading Flash around location 0? Is it execute only? Does it even exist?

Thanks

Andrei

#memory-protection

Andrei Chichak · ‎2017-02-28

Posted on March 01, 2017 at 04:51

I solved it.

GCC has a flag, set by default, that will insert an undefined instruction trap instruction if the compiler detects that you are trying to dereference 0 (NULL). If you specify

-fno-delete-null-pointer-checks

as a GCC parameter, then the compiler will not insert the trap on your behalf.

Details: I used the code:

uint32_t

* flashPointer;

flashPointer = (

uint32_t

*) 0U;

CRC->

DR

= *flashPointer;

and GCC produced the sequence:

08001a9c: movs r3, #0

08001a9e: ldr r3, [r3, #0]

08001aa0: udf #255 ; 0xff

Stepping through this code, 0 is loaded into R3. Then the value at 0 bytes past the address in R3 is loaded into R3, this worked.

Finally, the udf instruction was executed with the parameter 255. udf is a permanently undefined instruction, along the

lines of a piece of paper that is marked as being intentionally left blank. The purpose of this instruction is to generate an

Undefined Instruction exception.

Without generating a warning, GCC inserted code that protected me from myself. I guess I learned something today.

Andrei