Manualshelf

Specifications

ManualsBrandsARM ManualsComputer equipmentCortex-M3
11121314151617181920
Cortex-M3 / Cortex-M3 with ETM (AT420/AT425)
Date of Issue: 12-Nov-2008 ARM Errata Notice Document Revision 2.0
PR326-PRDC-009450 v2.0
© Copyright ARM Limited 2008. All rights reserved. Page 12 of 20
Non Confidential
511864: Cortex-M3 may fetch instructions using incorrect privilege on return from an
exception
Status
Affects: product Cortex-M3, Cortex-M3 with ETM.
Fault status: Cat 3, Present in: r0p0,r1p0,r1p1,r1p1-00rel0,r1p1-01rel0, Fixed in r2p0-00rel0.
Description
Whilst unstacking registers on return from an exception to a User-privilege thread, Cortex-M3 attempts to
simultaneously prefetch the thread's instruction stream. Before the register unstacking is complete, upto the first
three memory transactions used to perform instruction prefetching may be erroneously marked as Privileged.
This may allow between three and six instructions from a Privileged-access-only region to be executed by a
User-privilege thread.
Once fetched, the instructions are executed with User-privilege. Instruction fetches performed after register
unstacking has completed will be performed with User-privilege. Both the register unstacking, and any data-
transactions generated by executing the erroneously executed instructions will be performed and correctly
marked as User-privilege.
Conditions
1. Exception return is executed
2. The exception return is to user code
Implications
User-privileged code may contrive a situation in order to allow execution of up to three words worth of
instructions intended to be accessible to Privileged-only execution; however, execution of said instructions will
always be performed with User-privilege, thus there are no additional capabilities provided to User-privilege
through this erratum.
There exists a theoretical possibility that User-privilege code could use this erratum to allow limited extraction of
code and or data from Privileged-access only memory.
Note that read sensitive Privileged-access only peripherals should always be placed in an XN region either via
the default memory map, or via the optional memory-protection-unit. Alternatively such peripherals should
ignore transactions with HPROT[0] indicating that the transaction is an instruction fetch.
Workaround
None.