CN110008692B - Information processing method and device and storage medium - Google Patents

Information processing method and device and storage medium Download PDF

Info

Publication number
CN110008692B
CN110008692B CN201910223212.9A CN201910223212A CN110008692B CN 110008692 B CN110008692 B CN 110008692B CN 201910223212 A CN201910223212 A CN 201910223212A CN 110008692 B CN110008692 B CN 110008692B
Authority
CN
China
Prior art keywords
page table
physical memory
memory address
container
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910223212.9A
Other languages
Chinese (zh)
Other versions
CN110008692A (en
Inventor
段立功
刘峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201910223212.9A priority Critical patent/CN110008692B/en
Publication of CN110008692A publication Critical patent/CN110008692A/en
Application granted granted Critical
Publication of CN110008692B publication Critical patent/CN110008692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention discloses an information processing method, which comprises the following steps: configuring memory pages in a host virtual memory space for a container to form a container physical memory; receiving an access request; responding to the access request, and determining a physical memory address of the container according to the virtual memory address of the container; and according to the mapping relation between the physical memory address of the container and the physical memory address of the host, converting the physical memory address of the container into the corresponding physical memory address of the host so as to realize the access of the access request to the physical memory address of the host. The invention also discloses an information processing device and a storage medium.

Description

Information processing method and device and storage medium
Technical Field
The present invention relates to information processing technologies, and in particular, to an information processing method, an information processing apparatus, and a storage medium.
Background
In the prior art, because the working environment and the bearing task of the server are various, a container technology is widely adopted. Based on containers, the server can quickly and conveniently create an independent operating environment for each container, but the mechanism has the following two potential safety hazards: 1) an application running in a container may see data of the host or container application running on the same host; 2) the application code running in the container can control or access the host machine or other containers running on the same host machine through right lifting and the like, and the safe running of the server is influenced.
Disclosure of Invention
The embodiment of the invention provides an information processing method, which can convert a physical memory address of a container into a corresponding host physical memory address according to a mapping relation between the physical memory address of the container and the host physical memory address, so as to avoid direct access to the host physical address, and the technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides an information processing method, which comprises the following steps:
configuring memory pages in a host virtual memory space for a container to form a container physical memory;
receiving an access request;
responding to the access request, and determining a physical memory address of the container according to the virtual memory address of the container;
and according to the mapping relation between the physical memory address of the container and the physical memory address of the host, converting the physical memory address of the container into the corresponding physical memory address of the host so as to realize the access of the access request to the physical memory address of the host.
In the foregoing solution, the converting the physical memory address of the container into a corresponding host physical memory address includes:
reading the physical memory address of the container into a multi-level page table index according to corresponding binary data;
and writing the binary data processed by the multi-level page table index into the position pointed by the pointer of the extended page table so as to acquire the corresponding host physical memory address.
In the above-mentioned scheme, the first step of the method,
when the multi-level page table index is a four-level page table index structure, the physical memory address of the container sequentially enters a fourth-level page table index, a third-level page table index, a second-level page table index and a page table index in the four-level page table index structure according to corresponding binary data.
In the above scheme, the method further comprises:
and when the position pointed by the extended page table pointer exceeds the range of the host physical memory address, triggering a missing page interrupt process.
In the above scheme, the method further comprises:
judging whether the corresponding page table entry is found based on the acquired host physical memory address;
and if the corresponding page table entry is not found, triggering a missing page interruption process.
In the above scheme, the method further comprises:
responding to the missing page interrupt process, and constructing an extended page table;
configuring a multi-level page index structure for the extended page table from the host physical memory page.
In the above scheme, the method further comprises:
parsing the received access request, obtaining a priority identification of the access request,
and adjusting the processing sequence of the access requests based on the priority identification of the access request.
The present invention also provides an information processing apparatus comprising:
the memory management module is used for configuring memory pages in the host virtual memory space for the container to form a container physical memory;
the information transmission module is used for receiving the access request;
the memory management module is used for responding to the access request and determining a physical memory address of the container according to the virtual memory address of the container;
and the page table processing module is used for converting the physical memory address of the container into a corresponding host physical memory address according to the mapping relation between the physical memory address of the container and the host physical memory address so as to realize the access of the access request to the host physical memory address.
In the above-mentioned scheme, the first step of the method,
the page table processing module is used for reading the physical memory address of the container into a multi-level page table index according to corresponding binary data;
and the page table processing module is used for writing the binary data processed by the multi-level page table index into a position pointed by the pointer of the extended page table so as to acquire a corresponding host physical memory address.
In the above-mentioned scheme, the first step of the method,
the page table processing module is configured to sequentially enter the physical memory address of the container into a fourth-level page table index, a third-level page table index, a second-level page table index, and a page table index in a fourth-level page table index structure according to corresponding binary data.
In the above-mentioned scheme, the first step of the method,
and the page table processing module is used for triggering a missing page interrupt process when the position pointed by the extended page table pointer exceeds the range of the physical memory address of the host.
In the above-mentioned scheme, the first step of the method,
the page table processing module is used for judging whether the corresponding page table item is found based on the acquired physical memory address of the host;
and the page table processing module is used for triggering the missing page interrupt process when the corresponding page table entry is not found.
In the above-mentioned scheme, the first step of the method,
the memory management module is used for responding to the missing page interrupt process and constructing an extended page table;
the memory management module is configured to configure a multi-level page index structure for the extended page table from the host physical memory page.
In the above-mentioned scheme, the first step of the method,
the page table processing module is used for resolving the received access request, obtaining the priority identification of the access request,
and the page table processing module is used for adjusting the processing sequence of the access request based on the priority identifier obtained by the access request.
The present invention also provides an information processing apparatus including:
a memory for storing executable instructions;
and the processor is used for executing the executable instructions stored in the memory and executing the information processing method provided by the invention.
The invention also provides a storage medium which stores executable instructions and is used for causing a processor to execute the information processing method provided by the invention.
In the embodiment of the invention, in response to the received access request, the memory management module determines the physical memory address of the container according to the virtual memory address of the container; further, according to the mapping relationship between the physical memory address of the container and the physical memory address of the host, the physical memory address of the container is converted into a corresponding physical memory address of the host, so that the access request can access the physical memory address of the host. Therefore, memory isolation between the containers and the host is achieved, isolation at the virtual machine level is achieved in the containers, the possibility of crash of the host and other containers caused by application code errors or malicious codes in the containers is reduced, and the opportunity of illegally accessing data of the other side by using kernel bugs between the containers is reduced.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating an alternative information processing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an alternative structure of an information processing apparatus 200 according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of an alternative information processing method according to an embodiment of the present invention;
FIG. 4A is a schematic view of an alternative use environment for embodiments of the present invention;
FIG. 4B is a schematic view of an alternative environment for use with embodiments of the present invention;
fig. 5 is a schematic diagram of an alternative structure of an information processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) Physical address: the address loaded into the memory address register, the true address of the memory module. The memory addresses transmitted on the front-side bus are all physical memory addresses, numbered from 0 up to the highest end of the available physical memory.
2) The container is an independent operation space separated from other parts of the system, the application program can run in the container, portability and consistency are provided, and users and groups can have privileges for executing certain operations in the container.
3) The Memory Management module (MMU Memory Management Unit) is a control circuit in a Central Processing Unit (CPU) for managing a virtual Memory and a physical Memory, and is also responsible for mapping a virtual address to a physical address, providing a hardware mechanism for Memory access authorization, and providing a multi-user and multi-process operating system.
4) The page table is a data structure, is placed in the page table region of system space, and can be used for storing the correspondent relationship of logical page and physical page frame.
5) Virtual address, the logical address used by the program to access the memory when the program runs in the virtual address space after the processor starts the protection mode.
FIG. 1 is a schematic flow chart diagram illustrating an alternative information processing method according to an embodiment of the present invention; as shown in fig. 1, an optional flowchart of an information processing method according to an embodiment of the present invention illustrates the steps shown.
Step 101: an access request is received.
In an embodiment of the present invention, before receiving the access request, a memory management module of the electronic device configures memory pages in a host virtual memory space for the container to form a container physical memory. The method comprises the steps that a host kernel where a container is located creates and maintains a corresponding data structure, and determines the mapping relation from the physical address of the container to the physical address of a host.
In one embodiment of the present invention, the address set that can be generated by the processor of the electronic device, such as a 32-bit processor, has a capacity of generating a virtual address of 4G, and the virtual address set is 0-0 xFFFFFFFFFF, wherein each page table has a size of 4K, and the physical address space range is 0x 000000000-0 x0FFFFF (256M); and for a 64-bit processor, its virtual address range is 0 ~ 0 xFFFFFFFFFFFFFFFFFF (64T). The page table is located in a memory of the system, and each entry of the page table corresponds to a mapping from a virtual address to a physical address. The length of each entry is the length of one word.
In an embodiment of the present invention, the host kernel in which the container is located creates and maintains a corresponding data structure, and determines the mapping relationship from the physical address of the container to the host physical address, which may be implemented by the following steps:
1) calling a function: map _ memory _ bank to create memory mapping for the physical memory of the host;
2) calling a function: devicemaps _ init: creating a memory map for the interrupt vector;
3) calling a function: table _ init: to enable creating a memory map for the SOC hardware registers.
Optionally, in some embodiments of the present invention, a virtual machine monitor and at least one virtual machine run on the host, where the target virtual machine is obtained by modifying, by the virtual machine monitor, the control register CR3 of the first virtual machine and the extended page table of the first virtual machine, where the modified first virtual machine shares a host kernel with the host, and the first virtual machine is any one of the at least one virtual machine.
It should be understood that the control register CR3 is one of the control registers (CR0-CR3) used to control and determine the operating mode of the processor and the characteristics of the currently executing task. CR3 contains the page directory physical memory address. Thus, the CR3 Register is also referred to as the Page Directory Base address Register (PDBR).
Step 102: and responding to the access request, and determining the physical memory address of the container according to the virtual memory address of the container.
Step 103: and converting the physical memory address of the container into a corresponding host physical memory address according to the mapping relation between the physical memory address of the container and the host physical memory address.
In an embodiment of the present invention, the converting the physical memory address of the container into a corresponding host physical memory address includes:
reading the physical memory address of the container into a multi-level page table index according to corresponding binary data;
and writing the binary data processed by the multi-level page table index into the position pointed by the pointer of the extended page table so as to acquire the corresponding host physical memory address.
In an embodiment of the present invention, after the container is started, an application program executed by the electronic device can access the corresponding address space by using the virtual memory address of the accessed container in the container. And the memory management module of the electronic equipment determines the physical memory address of the container according to the virtual memory address of the container, wherein the physical memory address of the container is the virtual memory address of the host. Furthermore, the virtual memory addresses corresponding to different containers are different, so as to realize isolation between different containers.
In an embodiment of the present invention, when the multi-level page table index is a four-level page table index structure, the physical memory address of the container sequentially enters a fourth-level page table index, a third-level page table index, a second-level page table index, and a page table index in the four-level page table index structure according to corresponding binary data. Specifically, in a 64-bit server, since the physical address space is very large, the physical addresses are organized to some extent: therefore, in the manner shown in this embodiment, when the information processing method provided by this embodiment is operated in a 64-bit server, in the process of resolving the physical memory address of the container, the page table processing module can sequentially read the physical memory address of the container into the fourth-level page table index, the third-level page table index, the second-level page table index, and the page table index of the page table processing module according to the corresponding binary bits, write the data carried by the application program into the position pointed by the Extended Page Table Pointer (EPTP), and acquire the corresponding host physical memory address.
In one embodiment of the invention, the method further comprises:
and when the position pointed by the extended page table pointer exceeds the range of the host physical memory address, triggering a missing page interrupt process. Specifically, taking a 64-bit server as an example, when the position pointed by the extended page table pointer exceeds the virtual address range of 0-0 xFFFFFFFFFFFFFFFFFFFF, the missing page interrupt process is immediately triggered.
In one embodiment of the invention, the method further comprises:
judging whether the corresponding page table entry is found based on the acquired host physical memory address; and if the corresponding page table entry is not found, triggering a missing page interruption process. Specifically, for example, a 64-bit server is used, when a position pointed by an extended page table pointer does not exceed a virtual address range of 0-0 xfffffffffffffffffff, a corresponding page table entry is searched in the virtual address range, and when it is determined that a page table entry is missing, a missing page interrupt process is triggered.
In one embodiment of the present invention, the reason for the page fault interrupt may be because the relevant page table has been loaded into the memory but not registered with the MMU, or the page table has been removed from the working set of the processor but not swapped into the corresponding storage medium, further, the status of the current EPTP pointer and the attribute information of the corresponding page where the page fault exception occurred may be determined by the virtual machine context information in the VMCS in the EPT page table page fault exception handling function, if the current EPTP pointer points to the EPT-S page table and the page where the page fault exception occurred is a shared library page, the EPTP pointer is directly modified to point to the EPT-L page table, if the current EPTP pointer points to the EPT-L page table and the page where the page fault exception occurred is an application page, the EPTP pointer is directly modified to point to the EPT-S page table, otherwise nothing is done.
In one embodiment of the invention, the method further comprises:
responding to the missing page interrupt process, and constructing an extended page table; configuring a multi-level page index structure for the extended page table from the host physical memory page. Specifically, for example, a 64-bit server is taken as an example, the process may trigger the building of the extended page table program in response to the page fault interrupt, and the building of the extended page table program allocates an appropriate memory page from the host physical memory page and creates a page index table, a 2-level page table index, a 3-level page table index and a 4-level page table index, so as to form a complete page table index. There are 512 entries in each page table, each entry contains 4096 bytes of memory, which contains the next level of page table index address.
In one embodiment of the invention, the method further comprises:
analyzing the received access request, acquiring the priority identifier of the access request, and adjusting the processing sequence of the access request based on the priority identifier of the access request. Specifically, when an access request with a high priority is detected during the parallel processing of the access requests, the MMU may suspend the access request with a low priority in the wait queue and preferentially execute the access request with a high priority.
Step 104: and accessing the converted host physical memory address according to the received access request.
Fig. 2 is a schematic diagram of an alternative structure of an information processing apparatus 200 according to an embodiment of the present invention, and as shown in fig. 2, the information processing apparatus 200 according to the embodiment of the present invention includes:
the memory management module 201 is configured to configure memory pages in the host virtual memory space for the container, so as to form a container physical memory.
And an information transmission module 202, configured to receive the access request.
In an embodiment of the present invention, before receiving the access request, a memory management module of the electronic device configures memory pages in a host virtual memory space for the container to form a container physical memory. The method comprises the steps that a host kernel where a container is located creates and maintains a corresponding data structure, and determines the mapping relation from the physical address of the container to the physical address of a host.
In one embodiment of the present invention, the memory management module 201 can generate an address set, such as a 32-bit processor, which has a capacity of generating a virtual address of 4G, the virtual address set is 0-0 xFFFFFFFF, wherein the size of each page table is 4K, and the physical address space range is 0x 000000000-0 x0FFFFF (256M); and for a 64-bit processor, its virtual address range is 0 ~ 0 xFFFFFFFFFFFFFFFFFF (64T). The page table is located in a memory of the system, and each entry of the page table corresponds to a mapping from a virtual address to a physical address. The length of each entry is the length of one word.
In an embodiment of the present invention, the memory management module 201 creates and maintains a corresponding data structure, and determines a mapping relationship from the physical address of the container to the physical address of the host, which may be implemented by:
1) calling a function: map _ memory _ bank to create memory mapping for the physical memory of the host;
2) calling a function: devicemaps _ init: creating a memory map for the interrupt vector;
3) calling a function: table _ init: to enable creating a memory map for the SOC hardware registers.
The memory management module 201 is configured to, in response to the access request, determine a physical memory address of the container according to the virtual memory address of the container;
the page table processing module 203 is configured to convert the physical memory address of the container into a corresponding host physical memory address according to a mapping relationship between the physical memory address of the container and the host physical memory address, so as to implement access of the access request to the host physical memory address.
In an embodiment of the present invention, the page table processing module 203 is configured to read a physical memory address of the container into a multi-level page table index according to corresponding binary data;
the page table processing module 203 is configured to write the binary data processed by the multi-level page table index into a location pointed by the extended page table pointer, so as to obtain a corresponding host physical memory address.
In an embodiment of the present invention, after the container is started, an application program executed by the electronic device can access the corresponding address space by using the virtual memory address of the container accessed in the container through the page table processing module 203. The memory management module 201 can determine the physical memory address of the container according to the virtual memory address of the container, where the physical memory address of the container is the virtual memory address of the host. Furthermore, the virtual memory addresses corresponding to different containers are different, so as to realize isolation between different containers.
In an embodiment of the present invention, the page table processing module 203 is configured to sequentially enter the physical memory address of the container into a fourth-level page table index, a third-level page table index, a second-level page table index, and a page table index in a fourth-level page table index structure according to corresponding binary data. Specifically, in a 64-bit server, since the physical address space is very large, the physical addresses are organized to some extent: therefore, in the manner shown in this embodiment, when the information processing method provided by this embodiment is operated in a 64-bit server, in the process of resolving the physical memory address of the container, the page table processing module can sequentially read the physical memory address of the container into the fourth-level page table index, the third-level page table index, the second-level page table index, and the page table index of the page table processing module according to the corresponding binary bits, write the data carried by the application program into the position pointed by the Extended Page Table Pointer (EPTP), and acquire the corresponding host physical memory address.
In an embodiment of the present invention, the page table processing module 203 is configured to trigger a page fault interrupt process when the location pointed to by the extended page table pointer exceeds the range of the host physical memory address. Specifically, taking a 64-bit server as an example, when the position pointed by the extended page table pointer exceeds the virtual address range of 0-0 xFFFFFFFFFFFFFFFFFFFF, the missing page interrupt process is immediately triggered; for example, in a 32-bit processor, when the position pointed by the extended page table pointer exceeds the virtual address range of 0-0 xFFFFFFFF, the missing page interrupt process is triggered.
In one embodiment of the present invention, the reason for the page fault interrupt may be because the relevant page table has been loaded into the memory but not registered with the MMU, or the page table has been removed from the working set of the processor but not swapped into the corresponding storage medium, further, the page table processing module 203 may determine the status of the current EPTP pointer and the attribute information of the corresponding page where the page fault exception occurred through the virtual machine context information in the VMCS in the EPT page table page fault exception handling function, directly modify the EPTP pointer to point to the EPT-L page table if the current EPTP pointer points to the EPT-S page table and the page where the page fault exception occurred is the shared library page, directly modify the EPTP pointer to point to the EPT-L page table if the current EPTP pointer points to the EPT-L page table and the page where the page fault exception occurred is the application page, otherwise nothing is done.
In an embodiment of the present invention, the page table processing module 203 is configured to determine whether to find a corresponding page table entry based on the obtained host physical memory address;
the page table processing module 203 is configured to trigger a missing page interrupt process if a corresponding page table entry is not found.
In an embodiment of the present invention, the memory management module 201 is configured to construct an extended page table in response to the missing page interrupt process;
the memory management module 201 is configured to configure a multi-level page index structure for the extended page table from the host physical memory page. Specifically, for example, a 64-bit server is taken as an example, the process may trigger the building of the extended page table program in response to the page fault interrupt, and the building of the extended page table program allocates an appropriate memory page from the host physical memory page and creates a page index table, a 2-level page table index, a 3-level page table index and a 4-level page table index, so as to form a complete page table index. There are 512 entries in each page table, each entry contains 4096 bytes of memory, which contains the next level of page table index address.
In one embodiment of the present invention, the page table processing module 203 is configured to parse the received access request, obtain a priority identifier of the access request,
the page table processing module 203 is configured to adjust a processing order of the access request based on the priority identifier obtained by the access request. When an access request with high priority is detected, the MMU may suspend an access request with low priority in the wait queue and preferentially execute an access request with high priority.
FIG. 3 is a schematic flow chart of an alternative information processing method according to an embodiment of the present invention; referring to fig. 3, an alternative flow chart of the information processing method according to the embodiment of the present invention is shown, and the usage environment thereof is a 64-bit processor, which illustrates the steps shown.
Step 301: the memory management module configures memory pages in the host virtual memory space for the container to form a container physical memory.
Specifically, for the 64-bit processor of the use environment, the virtual address range is 0-0 xFFFFFFFFFFFFFFFFFFFF, and the memory management module completes the mapping from the virtual address to the physical address through the page table entry, so that each page table maps a physical page with the size of 4K. The page table under a 64-bit processor occupies 64 bits. Wherein. A single page table may hold 512 page tables, and all page tables may map 2MB (512 × 4KB) virtual addresses, resulting in a 4-level index structure with 4096 bytes of memory in each page table entry, including the page table index address of the next level.
Step 302: receiving an access request A and a request B;
wherein, the access requests A and B are respectively operated in corresponding containers;
step 303: analyzing the received access requests A and B to obtain priority identifiers of the access requests A and B;
step 304: when the priority of the access request A is higher than that of the access request B, suspending the processing flow of the access request A;
because the access requests with lower priorities occupy less system resources, the access requests with lower priorities are processed preferentially, the number of the access requests to be processed in the request waiting queue can be effectively reduced, and the overall processing efficiency of the processor is improved.
Step 305: responding to the access request B, and determining a physical memory address of the container according to the virtual memory address of the container;
step 306: and according to the mapping relation between the physical memory address of the container and the physical memory address of the host, sequentially entering a fourth-stage page table index, a third-stage page table index, a second-stage page table index and a page table index in the four-stage page table index structure according to corresponding binary data.
Step 307: determining whether the location pointed to by the extended page table pointer exceeds the host physical memory address range, if so, performing step 308, otherwise, performing step 309;
step 308: triggering a missing page interrupt process;
step 309: and writing the binary data processed by the multi-level page table index into the position pointed by the pointer of the extended page table so as to acquire the corresponding host physical memory address.
In an embodiment of the present invention, fig. 4A is a schematic view of an optional usage environment in an embodiment of the present invention, as shown in fig. 4A, when a virtual memory address of a host is not set, a physical address of the host can be directly accessed through the virtual memory address of a container 1, and when an application program in the container 1 has malicious code, the malicious code in the container 1 directly causes a crash of the host. Meanwhile, because the container 1 and the container 2 are not isolated, malicious code in the container 1 can also invade an application program in the container 2 and access data in the container 2.
In an embodiment of the present invention, fig. 4B is a schematic diagram of an optional usage environment in the embodiment of the present invention, as shown in fig. 4B, when a host virtual memory address is set, a container 1 and a container 2 achieve memory isolation, and at the same time, the container 1 and the host also achieve memory isolation. After an application program in the container 1 sends an access request, the memory management unit determines a physical memory address of the container 1 according to a virtual memory address of the container 1, wherein the physical memory address is a virtual memory address of the host, and then converts the physical memory address of the container into a corresponding physical memory address of the host through the page table processing module according to a mapping relation between the physical memory address of the container and the physical memory address of the host, so as to realize access to the physical memory address of the host.
Step 310: responding to the missing page interrupt process, and constructing an extended page table; configuring a 4-level page index structure for the extended page table from the host physical memory page.
Fig. 5 is an alternative configuration diagram of an information processing apparatus according to an embodiment of the present invention, and as shown in fig. 5, the information processing apparatus 500 may be a mobile phone, a computer, a digital broadcast terminal, an information transceiver device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, etc. with information processing functions. The information processing apparatus 500 shown in fig. 5 includes: at least one processor 501, memory 502, at least one network interface 504, and a user interface 503. The various components in the information processing apparatus 500 are coupled together by a bus system 505. It is understood that the bus system 505 is used to enable connection communications between these components. The bus system 505 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 505 in FIG. 5.
The user interface 503 may include a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, a touch screen, or the like, among others.
It will be appreciated that the memory 502 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Wherein, the nonvolatile Memory can be Read Only Memory (ROM), PROM, EPROM, EEPROM, FRAM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM; the magnetic surface storage may be disk storage or tape storage. Volatile memory can be RAM, which acts as external cache memory. By way of example but not limitation, many forms of RAM are available, such as SRAM, SSRAM, DRAM, SDRAM, DDRSDRAM, ESDRAM, SLDRAM, DRRAM. The memory 502 described in connection with the embodiments of the invention is intended to comprise these and any other suitable types of memory.
Memory 502 in embodiments of the present invention includes, but is not limited to: the ternary content addressable memory, static random access memory, is capable of receiving access requests and storing a mapping of the physical memory address of the container to the physical memory address of the host to support the operation of the information processing apparatus 500. Examples of such data include: any computer program for operating on the information processing apparatus 500, such as an operating system 5021 and application programs 5022, state information, connection relationships, application programs running in a received container, and the like. The operating system 5021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The application 5022 may comprise various applications, such as a client with information processing function, or an application, and the like, for implementing operations including: configuring memory pages in a host virtual memory space for a container to form a container physical memory;
receiving an access request; responding to the access request, and determining a physical memory address of the container according to the virtual memory address of the container; and according to the mapping relation between the physical memory address of the container and the physical memory address of the host, converting the physical memory address of the container into the corresponding physical memory address of the host so as to realize the access of the access request to the physical memory address of the host. A program for implementing the information processing method according to the embodiment of the present invention may be included in the application program 5022.
The method disclosed by the above-mentioned embodiments of the present invention may be applied to the processor 501, or implemented by the processor 501. The processor 501 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method may be implemented by integrated logic circuits of hardware or operations in the form of software in the processor 501. The processor 501 described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 501 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 502, and the processor 501 reads the information in the memory 502 and performs the steps of the aforementioned methods in conjunction with its hardware.
In an exemplary embodiment, the information processing apparatus 500 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general-purpose processors, controllers, MCUs, microprocessors, or other electronic components for performing the information processing method.
In an exemplary embodiment, the present invention further provides a computer readable storage medium, such as the memory 502 including a computer program, which can be executed by the processor 501 of the information processing apparatus 500 to perform the steps of the foregoing method. The computer readable storage medium can be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM; or may be a variety of devices including one or any combination of the above memories, such as a mobile phone, computer, tablet device, personal digital assistant, etc.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs:
configuring memory pages in a host virtual memory space for a container to form a container physical memory;
receiving an access request;
responding to the access request, and determining a physical memory address of the container according to the virtual memory address of the container;
and according to the mapping relation between the physical memory address of the container and the physical memory address of the host, converting the physical memory address of the container into the corresponding physical memory address of the host so as to realize the access of the access request to the physical memory address of the host.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, embodiments of the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including magnetic disk storage, optical storage, and the like) having computer-usable program code embodied in the medium.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program operations. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the operations performed by the processor of the computer or other programmable data processing apparatus produce means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program operations may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the operations stored in the computer-readable memory produce an article of manufacture including operating means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program operations may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the operations executed on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. that are within the spirit and principle of the present invention should be included in the present invention.

Claims (7)

1. An information processing method, characterized in that the method comprises:
configuring memory pages in a host virtual memory space for a container to form a container physical memory;
receiving an access request;
responding to the access request, and determining a physical memory address of the container according to the virtual memory address of the container;
reading the physical memory address of the container into a multi-level page table index according to corresponding binary data according to the mapping relation between the physical memory address of the container and the physical memory address of the host; writing the binary data processed by the multi-level page table index into a position pointed by an extended page table pointer to obtain a corresponding host physical memory address so as to realize the access of the access request to the host physical memory address; judging whether the corresponding page table entry is found based on the acquired host physical memory address; if the corresponding page table entry is not found, triggering a missing page interruption process;
or, when the position pointed by the extended page table pointer exceeds the range of the host physical memory address, triggering a missing page interrupt process.
2. The method of claim 1,
when the multi-level page table index is a four-level page table index structure, the physical memory address of the container sequentially enters a fourth-level page table index, a third-level page table index, a second-level page table index and a page table index in the four-level page table index structure according to corresponding binary data.
3. The method of claim 1, further comprising:
responding to the missing page interrupt process, and constructing an extended page table;
configuring a multi-level page index structure for the extended page table from the host physical memory page.
4. The method of claim 1, further comprising:
parsing the received access request, obtaining a priority identification of the access request,
and adjusting the processing sequence of the access requests based on the priority identification of the access requests.
5. An information processing apparatus characterized in that the apparatus comprises:
the memory management module is used for configuring memory pages in the host virtual memory space for the container to form a container physical memory;
the information transmission module is used for receiving the access request;
the memory management module is used for responding to the access request and determining a physical memory address of the container according to the virtual memory address of the container;
the page table processing module is used for reading the physical memory address of the container into the multi-level page table index according to the corresponding binary data according to the mapping relation between the physical memory address of the container and the physical memory address of the host; writing the binary data processed by the multi-level page table index into a position pointed by an extended page table pointer to obtain a corresponding host physical memory address so as to realize the access of the access request to the host physical memory address; judging whether the corresponding page table entry is found based on the acquired host physical memory address; if the corresponding page table entry is not found, triggering a missing page interruption process;
or, when the position pointed by the extended page table pointer exceeds the range of the host physical memory address, triggering a missing page interrupt process.
6. An information processing apparatus characterized by comprising:
a memory for storing executable instructions;
a processor for executing the executable instructions stored in the memory to perform the information processing method of any one of claims 1 to 4.
7. A storage medium storing executable instructions for causing a processor to execute an information processing method according to any one of claims 1 to 4.
CN201910223212.9A 2019-03-22 2019-03-22 Information processing method and device and storage medium Active CN110008692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910223212.9A CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910223212.9A CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Publications (2)

Publication Number Publication Date
CN110008692A CN110008692A (en) 2019-07-12
CN110008692B true CN110008692B (en) 2021-08-17

Family

ID=67168006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910223212.9A Active CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Country Status (1)

Country Link
CN (1) CN110008692B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111221758B (en) * 2019-09-30 2023-06-27 华为技术有限公司 Method and computer device for processing remote direct memory access request
CN112925606B (en) * 2019-12-06 2024-05-28 阿里巴巴集团控股有限公司 Memory management method, device and equipment
CN111935095A (en) * 2020-07-15 2020-11-13 广东电网有限责任公司 Source code leakage monitoring method and device and computer storage medium
CN112631720B (en) * 2020-12-23 2023-05-23 海光信息技术股份有限公司 Memory control method, medium and equipment
CN114936064B (en) * 2022-04-08 2023-03-31 科东(广州)软件科技有限公司 Access method, device, equipment and storage medium of shared memory
CN117331643A (en) * 2022-06-27 2024-01-02 中兴通讯股份有限公司 Method for controlling transparent macro page, device and storage medium thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765371A (en) * 2011-08-26 2014-04-30 威睿公司 Data storage system exporting logical volumes as storage objects
CN105677879A (en) * 2016-01-12 2016-06-15 诸葛晴凤 Data organizing method and accessing method for relational database in memory
CN107085535A (en) * 2017-03-30 2017-08-22 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN107341115A (en) * 2017-06-30 2017-11-10 联想(北京)有限公司 Virutal machine memory access method, system and electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765371A (en) * 2011-08-26 2014-04-30 威睿公司 Data storage system exporting logical volumes as storage objects
CN105677879A (en) * 2016-01-12 2016-06-15 诸葛晴凤 Data organizing method and accessing method for relational database in memory
CN107085535A (en) * 2017-03-30 2017-08-22 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN107341115A (en) * 2017-06-30 2017-11-10 联想(北京)有限公司 Virutal machine memory access method, system and electronic equipment

Also Published As

Publication number Publication date
CN110008692A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN110008692B (en) Information processing method and device and storage medium
US9195623B2 (en) Multiple address spaces per adapter with address translation
CN111090628A (en) Data processing method and device, storage medium and electronic equipment
EP2430539B1 (en) Controlling a rate at which adapter interruption requests are processed
US9323715B2 (en) Method and apparatus to represent a processor context with fewer bits
US20210089468A1 (en) Memory management unit, address translation method, and processor
CN110196757B (en) TLB filling method and device of virtual machine and storage medium
US7822924B2 (en) Processing of self-modifying code in multi-address-space and multi-processor systems
US20190004800A1 (en) Smart memory data store or load method and apparatus
US9740624B2 (en) Selectable address translation mechanisms within a partition
WO2017044198A1 (en) Application execution enclave memory page cache management method and apparatus
WO2011160714A1 (en) Enable/disable adapters of a computing environment
EP3163451B1 (en) Memory management method and device, and memory controller
US11030030B2 (en) Enhanced address space layout randomization
EP3789881A1 (en) Method and device for monitoring memory access behavior of sample process
CN104885063A (en) Overlap checking for a translation lookaside buffer (TLB)
CN113326094A (en) Host memory mapping method and device, electronic equipment and computer readable medium
WO2020091850A1 (en) Secure memory access in a virtualized computing environment
US20230289295A1 (en) Virtual Memory Management Method and Apparatus Supporting Physical Addresses Larger Than Virtual Addresses
US8751724B2 (en) Dynamic memory reconfiguration to delay performance overhead
US20170003914A1 (en) Inaccessibility status indicator
US7685381B2 (en) Employing a data structure of readily accessible units of memory to facilitate memory access
TW200305079A (en) Method for extending the local memory address space of a processor
US11544069B2 (en) Universal pointers for data exchange in a computer system having independent processors
CN115587053A (en) Memory area determination method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant