Merge branch 'doc/fatal_errors_memprot' into 'master'

docs: describe memprot faults in the panic handler documentation

See merge request espressif/esp-idf!14916

Author: mahavirj

docs/en/api-guides/fatal-errors.rst

@@ -12,14 +12,17 @@ In certain situations, execution of the program can not be continued in a well d
 - CPU Exceptions: |CPU_EXCEPTIONS_LIST|
 - System level checks and safeguards:
 
-  - :doc:`Interrupt watchdog <../api-reference/system/wdts>` timeout
-  - :doc:`Task watchdog <../api-reference/system/wdts>` timeout (only fatal if :ref:`CONFIG_ESP_TASK_WDT_PANIC` is set)
-  - Cache access error
-  - Brownout detection event
-  - Stack overflow
-  - Stack smashing protection check
-  - Heap integrity check
-  - Undefined behavior sanitizer (UBSAN) checks
+  .. list::
+
+     - :doc:`Interrupt watchdog <../api-reference/system/wdts>` timeout
+     - :doc:`Task watchdog <../api-reference/system/wdts>` timeout (only fatal if :ref:`CONFIG_ESP_TASK_WDT_PANIC` is set)
+     - Cache access error
+     :CONFIG_ESP_SYSTEM_MEMPROT_FEATURE: - Memory protection fault
+     - Brownout detection event
+     - Stack overflow
+     - Stack smashing protection check
+     - Heap integrity check
+     - Undefined behavior sanitizer (UBSAN) checks
 
 - Failed assertions, via ``assert``, ``configASSERT`` and similar macros.
 
@@ -373,6 +376,20 @@ Indicates that interrupt watchdog timeout has occured. See :doc:`Watchdogs <../a
 
 In some situations ESP-IDF will temporarily disable access to external SPI Flash and SPI RAM via caches. For example, this happens with spi_flash APIs are used to read/write/erase/mmap regions of SPI Flash. In these situations, tasks are suspended, and interrupt handlers not registered with ``ESP_INTR_FLAG_IRAM`` are disabled. Make sure that any interrupt handlers registered with this flag have all the code and data in IRAM/DRAM. Refer to the :ref:`SPI flash API documentation <iram-safe-interrupt-handlers>` for more details.
 
+.. only:: CONFIG_ESP_SYSTEM_MEMPROT_FEATURE
+
+    Memory protection fault
+    ^^^^^^^^^^^^^^^^^^^^^^^
+
+    {IDF_TARGET_NAME} Permission Control feature is used in ESP-IDF to prevent the following types of memory access:
+
+    * writing to instruction RAM after the program is loaded
+    * executing code from data RAM (areas used for heap and static .data and .bss)
+
+    Such operations are not necessary for most programs. Prohibiting such operations typically makes software vulnerabilities harder to exploit. Applications which rely on dynamic loading or self-modifying code may disable this protection using :ref:`CONFIG_ESP_SYSTEM_MEMPROT_FEATURE` Kconfig option.
+
+    When the fault occurs, the panic handler reports the address of the fault and the type of memory access that caused it.
+
 Other Fatal Errors
 ------------------
 

docs/en/api-reference/storage/spi_flash_concurrency.rst

@@ -24,7 +24,7 @@ There are no such constraints and impacts for flash chips on other SPI buses tha
 
 For differences between IRAM, DRAM, and flash cache, please refer to the :ref:`application memory layout <memory-layout>` documentation.
 
-.. only: not CONFIG_FREERTOS_UNICORE
+.. only:: not CONFIG_FREERTOS_UNICORE
 
     To avoid reading flash cache accidentally, when one CPU initiates a flash write or erase operation, the other CPU is put into a blocked state, and all non-IRAM-safe interrupts are disabled on all CPUs until the flash operation completes.
 

docs/zh_CN/api-reference/storage/spi_flash_concurrency.rst

@@ -24,7 +24,7 @@ SPI1 Flash 并发约束
 
 请参阅 :ref:`应用程序内存分布 <memory-layout>`，查看 IRAM、DRAM 和 flash cache 的区别。
 
-.. only: not CONFIG_FREERTOS_UNICORE
+.. only:: not CONFIG_FREERTOS_UNICORE
 
     为避免意外读取 flash cache，一个 CPU 在启动 flash 写入或擦除操作时，另一个 CPU 将阻塞，并且在 flash 操作完成前，所有 CPU 上，所有的非 IRAM 安全的中断都会被禁用。