Xilinx MicroBlaze Reference Manual page 68

Access Protection
System software uses access protection to protect sensitive memory locations from
improper access. System software can restrict memory accesses for both user-mode and
privileged-mode software. Restrictions can be placed on reads, writes, and instruction
fetches. Access protection is available when virtual protected mode is enabled.
Access control applies to instruction fetches, data loads, and data stores. The TLB entry for
a virtual page specifies the type of access allowed to the page.
The TLB entry also specifies a zone-protection field in the zone-protection register that is
used to override the access controls specified by the TLB entry.
TLB Access-Protection Controls
Each TLB entry controls three types of access:
• Process: Processes are protected from unauthorized access by assigning a unique
process ID (PID) to each process. When system software starts a user-mode application,
it loads the PID for that application into the PID register. As the application executes,
memory addresses are translated using only TLB entries with a TID field in Translation
Look-Aside Buffer High (TLBHI) that matches the PID. This enables system software to
restrict accesses for an application to a specific area in virtual memory.
A TLB entry with TID=0x00 represents a process-independent translation. Pages that
are accessed globally by all processes should be assigned a TID value of 0x00.
• Execution: The processor executes instructions only if they are fetched from a virtual
page marked as executable (TLBLO[EX]=1). Clearing TLBLO[EX] to 0 prevents execution
of instructions fetched from a page, instead causing an instruction-storage interrupt
(ISI) to occur. The ISI does not occur when the instruction is fetched, but instead occurs
when the instruction is executed. This prevents speculatively fetched instructions that
are later discarded (rather than executed) from causing an ISI.
The zone-protection register can override execution protection.
• Read/Write: Data is written only to virtual pages marked as writable (TLBLO[WR]=1).
Clearing TLBLO[WR] to 0 marks a page as read-only. An attempt to write to a read-only
page causes a data-storage interrupt (DSI) to occur.
The zone-protection register can override write protection.
TLB entries cannot be used to prevent programs from reading pages. In virtual mode, zone
protection is used to read-protect pages. This is done by defining a no-access-allowed zone
(ZPR[Zn] = 00) and using it to override the TLB-entry access protection. Only programs
running in user mode can be prevented from reading a page. Privileged programs always
have read access to a page.
MicroBlaze Processor Reference Guide
UG984 (v2018.2) June 21, 2018 www.xilinx.com
Chapter 2: MicroBlaze Architecture
Send Feedback
68