Hello,
I am working on a simple demo for the imxRT1170 with a Cortex-M7 core. In this demo, I am creating two FreeRTOS tasks: a critical task and a non-critical task. These tasks must be isolated from each other, meaning they should not share peripherals or memory. I understand the concept of task isolation and plan to create two domains with specific policies for each. However, I am stuck on the initial step of assigning each task to a different domain.
Here are the steps I have taken so far:
Now, my question is: How can I dynamically change the execution domain for each task?Specifically, how can I ensure that the critical task executes with the permissions of domain 0 and the non-critical task with the permissions of domain 1?
I am able to detect context switches between FreeRTOS tasks and identify which task is going to be executed using this function, but I need to implement the assignDomain function to change the execution domain of the core.
void myTraceTaskSwitchedIn(void)
{
TaskHandle_t xTaskHandle = xTaskGetCurrentTaskHandle();
if(xTaskHandle == criticalTaskHandle) {
PRINTF("Critical task started to run\r\n");
assignDomain(domain_critical);
} else if(xTaskHandle == noncriticalTaskHandle) {
PRINTF("Noncritical task stated to run\r\n");
assignDomain(domain_noncritical);
} else {
const char *taskName = pcTaskGetName(xTaskHandle);
PRINTF("Unknwon task: %s\r\n",taskName);
}
}
I have reviewed the SDK examples, which are helpful for understanding many aspects, but they do not address this particular point.
Any guidance on how to dynamically modify the execution domain for each task would be greatly appreciated.
Thank you in advance for your help.
Best regards,
Hello Sam.
What you are mentioning is exactly what we are not able to solve … ☹, to try to go on lets focus on first question.
Q1: Our only and main doubt is how to do (eg: a value in a register must be written) one critical task is inside a domain and another one (non critical) is in other domain. How could we modified this registers/values to tell the MDAC that a portion of code (critical part) or another portion of code (non critical) is running in a domain?
A: I supposed, there have two options. the two tasks will be executed on one core or on two cores. If two cores case, it's not related to MDAC, RDC will be responsibility for binding the domain of masters and memories and peripherals statically. If one core case, there is no such requirement. Please see RDC chapter for reference in detailed. xRDC2 MDAC is responsible for the generation of the DID, non-secure and privileged attributes for every system bus transaction in the device based on pre-programmed Master Domain Assignment (MDA) registers.
For Table 43-22. i.MX RT1170 XRDC2 MDAC Details ID information:
• XID: AHB bus version of the Extended ID format
• AWXID/ARXID: AXI bus version of the Extended ID format
• AWUSER/ ARUSER: AXI bus user bits
• AWICID/ARICID: AXI Write/Read Isolation Context Identifiers(ICID) from
CAAM
• PID: Process id from M4 MCM. See the Arm Cortex M4 Platform chapter for more
information
• CHANNEL_ID: channel id from EDMA, indicates DMA channel index
• HMASTER: Master id from EDMA, indicates the master id of master that
programmed the DMA channel that is active
For Extended ID format, please refer to Table 43-3.
Case of customer is “the two tasks will be executed on one core”, in this case which values of the XRDC2 MDAC registers should customer use (XID, AWUSER, … ) or it must be done using the MCU and the XDC2 MDAC is not valid for isolation of two task resources inside the same core (this means the XRDC2 objective is just for multimaster exclusion (ENET, DMA, AHB, AXI, ..) without any relation with the software tasks ?
Please take a look and let us know.
Hi @Argui
Yeah, if you don't care about any non-core master, there is no requirement to set their MDACs. If you used one non-core master to do something, please config the non-core master's MDAC.
We supposed, the two tasks (application) maybe have a requirement on non-core master, memory and peripheral, then non-core master maybe have a requirement on its memory and its peripheral. If like that, you need to config MDAC.
I supposed that tasks should use the core AHB, AXI 's MDAC. then
XID,AWXID/ARXID,AWUSER/ ARUSER, please refer to M7's AHB/AXI reference manual or M4's AHB reference manual provided by ARM and Table 43-3. Extended ID provided by 1170RM.
B.R.
Sam
Hi Sam,
Thank you for your explanation, I am going to try to focus the situation with comments to parts of your answer, and I have written the main question / doubt at the end.
- "I supposed that tasks should use the core AHB, AXI 's MDAC" => That is our case.
- "XID,AWXID/ARXID,AWUSER/ ARUSER, please refer to M7's AHB/AXI reference manual or M4's AHB reference manual provided by ARM and Table 43-3. Extended ID provided by 1170RM."
"Extended ID provided by 1170RM" => We have been reading the manuals that you describe and Table 43-3.
As the RM describes, in our case we have the following match options:
M7 AHB MDAC | 0~15 | 0 | N/A | MATCH[5:0]= XID[5:0] |
M7 AXI MDAC | 0~15 | 1 | N/A | MATCH[27:0]= {AWUSER[15:8],AWXID[5:0],ARUSER[15:8],ARXID[ 5:0]} |
a) In the case of bits AWUSER,ARUSER, we don´t know how to modify them inside the M7 v7 core by software, if there is a way, please tell us.
b) In the case of XID / AWXID / ARXID
Extended ID | Field Name | Description |
[7:6] | RDC domain ID[1:0] | Transmit CID from input to output transparently |
[5] | Instruction Fetch Flag | Indicates if the access is instruction fetch. In AHB bus version, it is equal to ~HPROT[0], In AXI bus version, it is equal to ARPORT[2] |
[4] | Reserved | - |
[3] | Access Region Match | Indicate if ADDR is in defined 8 regions. See APC IOMUXC GPR register descriptions for more information |
[2:0] | Access Region ID[2:0] | Indicates ADDR is in which region. See APC chapter for more informatio |
It seems that the only way is using the APC (because the other ones can not be changed by software, isn´t it?).
So, the main question is: which registers (APC, XRDC2, M7 v7 registers) suggest us to modify inside our software (tasks) to run in diferent domains?
Many thanks in advance,
Luis
Hi @oayastuy
Thanks for your questions. Please see the below comments from my side, hope this help you more.
Q: How can I dynamically change the execution domain for each task? Specifically, how can I ensure that the critical task executes with the permissions of domain 0 and the non-critical task with the permissions of domain 1? Any guidance on how to dynamically modify the execution domain for each task would be greatly appreciated.
Sam: Plz see "evkmimxrt1170_xrdc2_cm7" sdk example to find function "DEMO_AssignDomain" which shows how to assign domain, also some reference about how to access periph, mem, etc based on XRDC.
For the question "dynamically change the execution domain", As far as I understand (I am NOT sure), this is determined once the domain assignment is completed, it should not be dynamically changed for runtime case.
Have a nice day!
Sam
Hi @Sam_Gao,
Thank you for your response.
As I mentioned in my initial post, I have already reviewed the "evkmimxrt1170_xrdc2_cm7" SDK example. While it provides a basic understanding, it simply assigns a single domain to each master and performs different operations, which doesn't address my specific requirement.
Regarding the static domain assignment, you are correct. However, I believe my question was not fully understood. Let me rephrase it:
To my understanding, when configuring the Master Domain Access Control (MDAC), we can assign multiple domains to each bus master. Each assignment will have its match and mask. When a transaction from the bus arrives at the MDAC, it is responsible for reviewing the transaction, checking its assignment table, and if there is a match, assigning the domain to the transaction. If this is the case, who is responsible for assigning that information which the MDAC will then verify for a match? What is that information?
From what I have seen, this information is detailed in Table 43-2 of the Reference Manual. However, the bits used for the match are not editable in most cases. I only see that we can differentiate domains based on the match in the case of the EDMA, where the match bits form the channel and the master ID. Given this, among all the bus masters, does it only make sense to assign multiple domains to the EDMA masters?
Additionally, what is the purpose of being able to add multiple domains, for example, to the Master M7 AHB MDAC if we cannot change the MATCH bits of the transaction?
I would appreciate any insights you might have on this.
Best regards,
Q1: Our only and main doubt is how to do (eg: a value in a register must be written) one critical task is inside a domain and another one (non critical) is in other domain. How could we modified this registers/values to tell the MDAC that a portion of code (critical part) or another portion of code (non critical) is running in a domain?
A: I supposed, there have two options. the two tasks will be executed on one core or on two cores. If two cores case, it's not related to MDAC, RDC will be responsibility for binding the domain of masters and memories and peripherals statically. If one core case, there is no such requirement. Please see RDC chapter for reference in detailed. xRDC2 MDAC is responsible for the generation of the DID, non-secure and privileged attributes for every system bus transaction in the device based on pre-programmed Master Domain Assignment (MDA) registers.
For Table 43-22. i.MX RT1170 XRDC2 MDAC Details ID information:
• XID: AHB bus version of the Extended ID format
• AWXID/ARXID: AXI bus version of the Extended ID format
• AWUSER/ ARUSER: AXI bus user bits
• AWICID/ARICID: AXI Write/Read Isolation Context Identifiers(ICID) from
CAAM
• PID: Process id from M4 MCM. See the Arm Cortex M4 Platform chapter for more
information
• CHANNEL_ID: channel id from EDMA, indicates DMA channel index
• HMASTER: Master id from EDMA, indicates the master id of master that
programmed the DMA channel that is active
For Extended ID format, please refer to Table 43-3.
Q2: Is it possible to have 4 domains inside the M7 core , customer mean M7 AHB and M7 AXI masters (the example is just one domain)? their use case is to have 4 task inside the M7 core, and they would like to have isolation (peripherals and memory) between tasks, isolation means that one task can not write the memory of the other task and can not access the other tasks peripheral. How could have they do it?
A: For 4 tasks inside the M7 core, please use M7 thread/handle and MPU to do the core isolation, xRDC2 is for others isolation (SOC's other masters and peripherals and memory) in M7 core domain. this same as one core case.
Q3: How can I dynamically change the execution domain for each task? how can I ensure that the critical task executes with the permissions of domain 0 and the non-critical task with the permissions of domain 1? How to implement the assignDomain
A: Domain can't be changed dynamically. You could use shared peripheral and memory in two cores case. In one core case, task isolation could be changed and configured dynamically.
Q4: When configuring the Master Domain Access Control (MDAC), we can assign multiple domains to each bus master. Each assignment will have its match and mask. When a transaction from the bus arrives at the MDAC, it is responsible for reviewing the transaction, checking its assignment table, and if there is a match, assigning the domain to the transaction. If this is the case, who is responsible for assigning that information which the MDAC will then verify for a match? What is that information?
A: The XRDC2 memory protection scheme has two components. 1. First each bus mastering resource has an associated Master Domain Assignment Controller (MDAC) for assigning a domain identifier (DID) attribute to each bus transaction. 2. Second each memory and peripheral has an associated access control submodule that enforces access control policies based on the DID and privilege level of the transaction.
The MDAC submodule is responsible for the generation of the DID, nonsecure and privileged attributes for every system bus transaction in the device. The MDAC compares its match input to the MATCH field for each enabled MDA descriptor for each bus transaction.
Q5: From what I have seen, this information is detailed in Table 43-2 of the Reference Manual. However, the bits used for the match are not editable in most cases. I only see that we can differentiate domains based on the match in the case of the EDMA, where the match bits form the channel and the master ID. Given this, among all the bus masters, does it only make sense to assign multiple domains to the EDMA masters?
A: I supposed that you did some mis-understanding on "domain", please also read the RDC chapter, then it will help you to understand MDAC.
Q6: Additionally, what is the purpose of being able to add multiple domains, for example, to the Master M7 AHB MDAC if we cannot change the MATCH bits of the transaction?
A: Please search and refer "MATCH field" description in register map - Master Domain Assignment (MDAC0_MDA0_W0 - MDAC31_MDA31_W0).