CN109947673B - Memory protection method, protection device and single chip microcomputer - Google Patents
Memory protection method, protection device and single chip microcomputer Download PDFInfo
- Publication number
- CN109947673B CN109947673B CN201910232951.4A CN201910232951A CN109947673B CN 109947673 B CN109947673 B CN 109947673B CN 201910232951 A CN201910232951 A CN 201910232951A CN 109947673 B CN109947673 B CN 109947673B
- Authority
- CN
- China
- Prior art keywords
- memory
- protection
- protection set
- data
- memory protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a memory protection method, a memory protection device and a single chip microcomputer, wherein the memory protection method firstly determines the current running state of an embedded real-time operating system; then determining whether the loaded memory protection set needs to be switched or not according to the current running state; if the loaded memory protection set needs to be switched, switching the loaded memory protection set into a memory protection set corresponding to the current running state in the privilege mode; and finally, under the current running state, protecting the memory of the embedded real-time operating system by using a memory protection set corresponding to the current running state. It can be seen that, in the embodiment of the present invention, the loaded memory protection set is switched to the memory protection set corresponding to the current running state of the embedded real-time operating system, and the data access of the memory area is monitored according to the memory data access authority configured by the memory protection set, thereby implementing the memory protection of the embedded operating system during running.
Description
Technical Field
The invention belongs to the technical field of single-chip microcomputers, and particularly relates to a memory protection method and a single-chip microcomputer.
Background
With the continuous development of automobile electronic technology, the application of a single chip microcomputer adopting an automotive open system OS (embedded real-time operating system) in an automobile embedded system is more and more extensive.
The safety of the AUTOSAR OS memory is related to the safety of the driving of the vehicle, and therefore, the memory needs to be protected when the AUTOSAR OS is running.
Disclosure of Invention
In view of the above, the present invention provides a memory protection method, a protection device and a single chip microcomputer, which are used to implement memory protection of an embedded real-time operating system during operation, and the specific scheme is as follows:
a memory protection method includes:
determining the current running state of the embedded real-time operating system;
determining whether the loaded memory protection set needs to be switched or not according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system;
if the loaded memory protection set needs to be switched, switching the loaded memory protection set into a memory protection set corresponding to the current running state in a privilege mode;
and under the current running state, protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state.
Optionally, if it is determined that the loaded memory protection set does not need to be switched, the method further includes:
determining whether to rewrite a data protection range in a data protection range register or a code protection range of a code protection range register configured by the embedded real-time operating system according to application data required to run;
and if the rewriting is determined to be needed, rewriting the data protection range in the data protection register according to the memory address corresponding to the application data needing to be operated or rewriting the code protection range in the code protection register according to the code range corresponding to the application data needing to be operated.
Optionally, the rewriting of the data protection range in the data protection register according to the memory address corresponding to the application data to be operated or the rewriting of the code protection range in the code protection register according to the code range corresponding to the application data to be operated includes:
determining a memory address corresponding to application data to be operated;
determining a data protection register or a code protection register corresponding to the application data;
and rewriting the data protection range in the data protection register or the code protection register corresponding to the application data into the memory address corresponding to the application data needing to be operated.
Optionally, the configuring, by the embedded real-time operating system, multiple sets of memory protection sets, where each set of the memory protection sets is configured with a memory data access right corresponding to each region of the memory of the embedded real-time operating system, includes:
the system is pre-stored with an acquisition configuration table;
dividing a memory protection set of the embedded real-time operating system and a memory area required to be protected by a memory of the embedded real-time operating system according to the configuration strategy of the configuration table;
and configuring the memory data access authority corresponding to each memory region under each divided memory protection set.
Optionally, the dividing the memory protection set of the embedded real-time operating system according to the configuration policy of the configuration table specifically includes:
and dividing the memory protection set into a kernel protection set, a first class interrupt protection set, a second class interrupt protection set and a task protection set.
Optionally, the dividing, according to the configuration policy of the configuration table, the memory area that needs to be protected by the embedded real-time operating system specifically includes:
storing the memory address range of the kernel code to a first code protection register;
saving the memory address range of the system stack to a first data protection register;
storing the memory address range of the kernel data to a second data protection register;
saving the memory address range of the current task stack to a third data protection register;
storing the memory address range of the current task data to a fourth data protection register;
saving the memory address range of the current interrupt stack to a fifth data protection register;
storing the memory address range of the current interrupt data to a sixth data protection register;
and storing the memory address range of the current application set data to a seventh data protection register.
Optionally, if it is determined that the loaded memory protection set needs to be switched, switching the loaded memory protection set to the memory protection set corresponding to the current operating state in the privilege mode includes:
if the memory protection set corresponding to the current running state is a task protection set, modifying the value of a non-privileged mode in a system stack into the value of a privileged mode;
and switching the loaded memory protection set into the task protection set in the privilege mode.
Optionally, after determining that the loaded memory protection set needs to be switched, the method further includes:
determining a protection set group value of a memory protection set corresponding to the current running state;
and writing the protection set group value into a special flag bit of a program status register so as to trigger the step of switching the loaded memory protection set into the memory protection set corresponding to the current running state in a privileged mode.
Another aspect of the present invention provides a memory protection device, including:
the running state determining module is used for determining the current running state of the embedded real-time operating system;
the judging module is used for determining whether the loaded memory protection set needs to be switched or not according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system;
a switching module, configured to switch the loaded memory protection set to a memory protection set corresponding to the current operating state in a privileged mode if it is determined that the loaded memory protection set needs to be switched;
and the protection module is used for protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state under the current running state.
The invention also discloses a singlechip, which comprises a memory and a processor for operating the memory protection device.
Based on the technical scheme, the invention provides a memory protection method, a memory protection device and a single chip microcomputer, wherein the memory protection method comprises the steps of firstly determining the current running state of an embedded real-time operating system; then determining whether the loaded memory protection set needs to be switched or not according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system; if the loaded memory protection set needs to be switched, switching the loaded memory protection set into a memory protection set corresponding to the current running state in a privilege mode; and finally, under the current running state, protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state. It can be seen that, in the embodiment of the present invention, the loaded memory protection set is switched to the memory protection set corresponding to the current running state of the embedded real-time operating system, and the data access of the memory area is monitored according to the memory data access authority configured by the memory protection set, thereby implementing the memory protection of the embedded operating system during running.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a memory protection method according to an embodiment of the present invention;
FIG. 2 is a block diagram of an exemplary embedded real-time operating system;
fig. 3 is a schematic structural diagram of a memory protection device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a single chip microcomputer disclosed in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the sake of understanding, the technical terms used in the present invention will be explained first.
AUTOSAR (open System architecture) refers to an open System architecture for automobiles.
The AUTOSAR OS is an embedded real-time operating system under the AUTOSAR architecture.
The memory Protection unit of MPU (memory Protection unit) is a hardware processing device of a singlechip, which can prevent system resources and other tasks from being illegally accessed, and if illegal access occurs, the MPU can find the memory Protection unit so as to enter a corresponding software processing module. It is understood that the processing procedure performed by the software processing module may refer to the prior art, and is not described herein in detail.
Referring to fig. 1, a schematic flow chart of a memory protection method according to an embodiment of the present invention may be applied to an MPU of a single chip microcomputer, so as to implement memory security for an embedded real-time operating system, such as an AUTOSAR OS, during operation.
In the embodiment of the invention, the embedded real-time operating system runs in the singlechip, and the MPU of the singlechip is divided into a plurality of groups of Memory protection sets in advance, namely a plurality of Memory protection sets, or Memory protection sets. In the embodiment of the invention, a TC29x singlechip is preferably adopted.
The MPU of the TC29x singlechip supports 16 sets of DPR registers (data protection range registers) and 8 sets of CPR registers (code protection range registers) together, and each set of registers corresponds to the address range of the protected data or the address range of the code.
In the embodiment of the invention, a plurality of groups of memory protection sets are divided, and each group of memory protection set is configured with different memory data access permissions, namely, each group of memory protection set corresponds to a group of data read enabling registers DPRE and the readable permission of a data protection range register, a group of data write enabling registers DPWE and the writable permission of a data protection range register, and a group of code executable enabling registers CPXE and the executable permission of a code protection range register are used for realizing the configuration of the memory access permission. And if the MPU finds that the access is not carried out according to the access authority which the memory area should have, the memory area is considered to be abnormal, and an abnormal processing flow is triggered. The configuration process and configuration content of the memory data access right related to each region of the specific memory are described in detail later.
Based on this, referring to fig. 1, a memory protection method provided in an embodiment of the present invention may include:
step S100, determining the current running state of the embedded real-time operating system;
step S200, determining whether the loaded memory protection set needs to be switched according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system;
referring to fig. 2, fig. 2 is a schematic diagram of a typical embedded real-time operating system. It includes several tasks and interrupts, with different tasks and interrupts belonging to different sets of applications, such as OS application set 1 and OS application set 2 in fig. 2. The memory area to be protected by the embedded real-time operating system is divided into a Task Stack area, for example, Stack of Task1 in OS application set 1, a Task Private Data area, for example, Private Data in Task1 in OS application set 1, an interrupt Stack area, for example, Stack of ISR in OS application set 1, an interrupt Data area, for example Private Data in ISR in OS application set 1, an application set Private Data area, for example Private Data in OS application set 1 except for Task1, Task2, and ISR, and a system Stack and kernel Code area Code. The respective region settings in the OS application set 1 can be referred to in the OS application set 2.
It is understood that the number of task, interrupt and application sets in fig. 2 is only illustrated, and the actual situation may be more. The embodiment of the invention can be applied to an embedded real-time operating system and is used for protecting the memory when the embedded real-time operating system runs.
In the embodiment of the invention, the embedded real-time operating system can run in a kernel state, an interrupt state and a task state, wherein the interrupt state can comprise a first-class interrupt state and a second-class interrupt state. Therefore, it is necessary to determine whether the currently running protection set needs to be switched according to the running state of the embedded real-time operating system.
Wherein determining whether the loaded memory protection set needs to be switched according to the current operating state comprises:
determining a memory protection set corresponding to the current running state;
judging whether the memory protection set corresponding to the current running state corresponds to a loaded memory protection set or not;
if the two are the same, determining that the memory protection set does not need to be switched;
otherwise, determining that the memory protection set needs to be switched.
In the embodiment of the present invention, if the loaded memory protection set does not need to be switched, a further determination may be made to determine whether to rewrite the data content of the data protection range register or the code protection range register configured by the embedded real-time operating system according to the application data that needs to be run, which will be described in detail later.
In practical use, a protection set group value of a current memory protection set can be represented by a special flag bit PRS in a program status register PSW, and an embedded real-time operating system can trigger memory protection set switching by changing the protection set group value. When the feature flag bit changes, the current memory protection set is switched to the memory protection set corresponding to the privilege flag bit.
For example, if the protection set group value corresponding to the kernel protection set to be switched is 1, the special flag bit PRS in the program status register PSW is modified to 1.
It can be understood that, in the embodiment of the present invention, when the embedded operating system is initialized, a preset memory protection set, such as a kernel protection set, may also be loaded, or no memory protection set may be loaded, which is not specifically limited.
Step S300, if it is determined that the loaded memory protection set needs to be switched, switching the loaded memory protection set to a memory protection set corresponding to the current operating state in the privilege mode.
And step S400, under the current running state, protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state.
In the embodiment of the invention, whether the loaded memory protection set needs to be switched or not is determined according to the running condition of the embedded real-time operating system, and if the loaded memory protection set needs to be switched, the process of switching the memory protection set is executed.
Specifically, the switching the loaded memory protection set to the memory protection set corresponding to the running state may specifically include:
when the current running state of the embedded real-time operating system is a kernel state, switching the loaded memory protection set into a kernel protection set;
when the running state of the embedded real-time operating system is an interrupt state, switching the loaded memory protection set into an interrupt protection set; the interrupt states can be classified into a first-class interrupt state and a second-class interrupt state, wherein the first-class interrupt state corresponds to a first-class interrupt protection set, and the second-class interrupt state corresponds to a second-class interrupt protection set.
When the running state of the embedded real-time operating system is a task state, switching the loaded memory protection set into a task protection set;
in practical use, when the embedded real-time operating system is started, the embedded real-time operating system runs in a kernel state, so that the PRS of the PSW is modified into a value of a kernel protection set corresponding to the kernel state, the loaded memory protection set is switched to the kernel protection set, and when the embedded real-time operating system needs to run a task, the current running state is a task state, and the kernel protection set needs to be switched to a task protection set.
It can be understood that, in the embodiment of the present invention, the memory data access permissions of each region of the memory of the embedded real-time operating system under each memory protection set are pre-configured.
For example, if the currently running kernel protection set is a task state, the kernel protection set is switched to the task protection set.
And after the memory protection set is switched to a new memory protection set, the MPU monitors the operation of the memory area according to the memory data access authority set by the switched memory protection set. If the exception is found, for example, illegal access, the software enters a corresponding software processing module to process the exception. The monitoring of the processing procedure after the occurrence of the anomaly may refer to the prior art, which is not described herein again.
In the embodiment of the present invention, in the operation of the embedded real-time operating system, the MPU supports direct switching of the memory protection set in the hypervisor Mode privileged Mode, and does not support direct switching in the non-privileged Mode, so that the process of switching the memory protection set needs to be performed in the privileged Mode. If the memory protection set needs to be switched in the non-privileged mode, a modification process needs to be executed, and the non-privileged mode is modified into the privileged mode to realize the switching of the memory protection set.
In the embodiment of the invention, the embedded real-time operating system can be automatically switched to the privileged mode under the condition that the embedded real-time operating system triggers the trap instruction of the system trap in the interrupt state, and the kernel code of the operating system runs under the condition that the trap instruction is triggered, so that the embedded real-time operating system can directly switch the memory protection set under the kernel state, the first class interrupt state and the second class interrupt state.
If the current running state is a task state, the switching of the memory protection set can be realized through System scheduling (System Call) in a non-privileged mode. When the embedded real-time operating system triggers system scheduling, the value corresponding to the current non-privileged mode is automatically pressed into the system stack by hardware, then the value corresponding to the non-privileged mode in the system stack is changed into the value of the privileged mode by software with a modification function, for example, after a trap instruction returns out of the system stack, the system is switched into the privileged mode, and the switching of the memory protection set in a task state can be realized.
It can be seen that, in the embodiment of the present invention, the loaded memory protection set is switched to the memory protection set corresponding to the current running state of the embedded real-time operating system, and the data access of the memory area is monitored according to the memory data access authority configured by the memory protection set, thereby implementing the memory protection of the embedded operating system during running.
In the above embodiment, a switching process of the memory protection set is introduced, and in actual use, if the memory protection set does not need to be switched, it is possible that the current running state of the embedded real-time operating system does not change, but only the application data that needs to be run changes, for example, when the embedded real-time operating system runs in a task state, the application data of a task changes, and therefore, it is determined whether to rewrite the data in the data protection range register or the code protection range register configured by the embedded real-time operating system according to the application data that needs to be run.
On the basis of the foregoing embodiment, if it is determined that the loaded memory protection set does not need to be switched, the embodiment of the present invention further includes:
s500, determining whether to rewrite a data protection range in a data protection range register or a code protection range of a code protection range register configured by the embedded real-time operating system according to application data required to run;
s600, if the situation that the data needs to be rewritten is determined, rewriting the data protection range in the data protection register according to the memory address corresponding to the application data needing to be operated or rewriting the code protection range in the code protection register according to the code range corresponding to the application data needing to be operated.
In the embodiment of the invention, whether the data protection range of the data protection range register or the code protection range of the code protection range register configured by the embedded real-time operating system needs to be rewritten or not is also determined. I.e. the data stored in the DPR register or the CPR register as described above.
The rewriting of the data protection range in the data protection register according to the memory address corresponding to the application data to be operated or the rewriting of the code protection range in the code protection register according to the code range corresponding to the application data to be operated specifically includes:
determining a memory address corresponding to application data to be operated;
determining a data protection register or a code protection register corresponding to the application data;
and rewriting the data protection range in the data protection register or the code protection register corresponding to the application data into the memory address corresponding to the application data needing to be operated.
For example, the embedded real-time operating system needs to run a task1 and a task2, the memory address of the task stack corresponding to the task1 is 1-3, the memory address of the task stack corresponding to the task2 is 4-6, the memory address of the task data of the task1 is 7-8, the memory address of the task data of the task2 is 9-10, the embedded real-time operating system is running in a task state and is executing the task1, at this time, the loaded memory protection set is a task protection set, the data protection range in the current task stack register DPR2 is 1-3, and the data protection range in the current task data register DPR3 is 7-8. If the task2 with the task priority higher than that of the currently running task1 is received at this time, the application data of the task2 needs to be run, and because the running states of the task1 and the task2 embedded real-time operating systems are both in the task state, the memory protection set does not need to be switched, but because the memory addresses of the task stacks of the task1 and the task2 are different from the memory address of the task data, the application data needing to be run, that is, the data content in the current task stack register DPR2 corresponding to the task2 needs to be rewritten to 4-6, and the data content in the current task data register DPR3 needs to be rewritten to 9-10, so as to switch the data protection range. Of course, the modification of the code protection scope can be implemented with reference to the data protection scope.
Of course, it is understood that if it is determined that overwriting is not necessary after S400, the process returns to step S100.
It can be seen that, in the embodiment of the present invention, when the AUTOSAR OS is running, if there is a change in application data, the memory address range in the data protection range register or the code protection range register in the MPU is automatically modified, so as to implement memory protection of different application data in the same running state. And the illegal access of tasks and system resources in the embedded system is avoided, and the running safety of system software is improved.
In the above real-time description, the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with the memory data access permission corresponding to each region of the memory of the embedded real-time operating system, and the following describes in detail the process of configuring a plurality of groups of memory protection sets and configuring the memory data access permission corresponding to each memory region of each group of memory protection sets.
In the embodiment of the present invention, preferably, the address range, the corresponding register, and the data access authority of each group of memory protection sets of the embedded real-time operating system are configured according to the following configuration table.
Configuration table
Where X represents executable, R represents readable, W represents writeable, and-represents unreadable-and-writeable execution.
In the embodiment of the present invention, configuring respective memory data access permissions corresponding to each region of a memory in an embedded real-time operating system includes:
the system is pre-stored with an acquisition configuration table;
dividing a memory protection set of the embedded real-time operating system and a memory area required to be protected by a memory of the embedded real-time operating system according to a configuration strategy of a configuration table;
and configuring the memory data access authority corresponding to each memory region under each divided memory protection set.
In the embodiment of the invention, the memory protection set is configured as a kernel protection set, a first class interrupt protection set, a second class interrupt protection set and a task protection set. And each memory protection set is respectively operated in different operation states of the embedded real-time operating system.
In the embodiment of the present invention, the memory area may be divided into the following memory areas according to different attributes of the memory to be protected: kernel code, system stack, kernel data, current task stack, current task data, current interrupt stack, current interrupt data, and current application set data.
Configuring a data protection range register or a code protection range register corresponding to each divided memory area according to the configuration strategy;
the method specifically comprises the following steps:
saving the memory address range of the kernel code to a first code protection register CPR 0;
saving the memory address range of the system stack to a first data protection register DPR 0;
saving the memory address range of the kernel data to a second data protection register DPR 1;
saving the memory address range of the current task stack to a third data protection register DPR 2;
saving the memory address range of the current task data to a fourth data protection register DPR 3;
saving the memory address range of the current interrupt stack to a fifth data protection register DPR 4;
saving the memory address range of the current interrupt data to a sixth data protection register DPR 5;
and saving the memory address range of the current application set data to a seventh data protection register DPR 6.
And then configuring the memory data access authority corresponding to each memory region under each divided memory protection set.
Configuring the memory data access authority of a kernel protection set, setting the data access authority of the kernel code as executable, and enabling the data access authority of the system stack, the kernel data, the current task stack, the current task data, the current interrupt stack, the current interrupt data and the current application set data to be readable and writable.
Configuring the memory data access authority of an interrupt protection set, setting the data access authority of the kernel code as executable, and setting the data access authority of the system stack, the current task stack and the current task data as unreadable, unwritable and inexecutable, wherein the data access authority of the kernel data is readable, and the data access authority of the current interrupt stack, the current interrupt data and the current application set data is readable and writable.
The configuration of the memory data access right is realized by configuring the data read enable register DPRE, the data write enable register DPWE and the code executable enable register CPXE.
In the embodiment of the invention, when the embedded real-time operating system is initialized, the MPU loads the configuration table and executes the configuration process according to the configuration strategy.
It can be understood that the above configuration mode may be applied to the TC29x single chip microcomputer, and if the model of the single chip microcomputer changes, the configuration mode may be changed according to actual needs, and the memory protection may also be implemented, which is not described herein again.
In accordance with the memory protection method, another aspect of the embodiments of the present invention further provides a memory protection device.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a memory protection device according to an embodiment of the present invention.
A memory protection device, comprising:
the running state determining module 1 is used for determining the current running state of the embedded real-time operating system;
the judging module 2 is used for determining whether the loaded memory protection set needs to be switched according to the current running state; the embedded real-time operating system is pre-configured with a plurality of groups of memory protection sets, and each group of memory protection set is provided with memory data access permission corresponding to each region of a memory of the embedded real-time operating system;
a switching module 3, configured to switch the loaded memory protection set to a memory protection set corresponding to the current operating state in a privileged mode if it is determined that the loaded memory protection set needs to be switched;
and the protection module 4 is used for protecting the memory of the embedded real-time operating system by using the switched memory protection set in the current running state.
Fig. 4 is a schematic structural diagram of a single chip microcomputer disclosed in the embodiment of the present invention. The invention also discloses a singlechip. Which may include a memory 10 and a processor for running a memory protection device 20 as described above. The processor may be an MPU.
It can be understood that the functions of each module of the memory protection device in the present invention may implement each step in the foregoing memory protection method embodiment, which is not described herein again.
It can be seen that, in the embodiment of the present invention, the loaded memory protection set is switched to the memory protection set corresponding to the current running state of the embedded real-time operating system, and the data access of the memory area is monitored according to the memory data access authority configured by the memory protection set, thereby implementing the memory protection of the embedded operating system during running.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A memory protection method, comprising:
determining the current running state of the embedded real-time operating system, wherein the current running state is a kernel state, an interrupt state or a task state;
determining whether the loaded memory protection set needs to be switched or not according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system;
if the loaded memory protection set needs to be switched, switching the loaded memory protection set into a memory protection set corresponding to the current running state in a privilege mode;
under the current running state, protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state;
the determining whether the loaded memory protection set needs to be switched according to the current operating state includes:
determining a memory protection set corresponding to the current running state;
if the memory protection set corresponding to the current running state corresponds to the loaded memory protection set, determining that the memory protection set does not need to be switched;
and if the memory protection set corresponding to the current running state does not correspond to the loaded memory protection set, determining that the memory protection set needs to be switched.
2. The method of claim 1, wherein if it is determined that the loaded memory protection set does not need to be switched, the method further comprises:
determining whether to rewrite a data protection range in a data protection register or a code protection range in a code protection register configured by the embedded real-time operating system according to application data required to run;
and if the rewriting is determined to be needed, rewriting the data protection range in the data protection register according to the memory address corresponding to the application data needing to be operated or rewriting the code protection range in the code protection register according to the code range corresponding to the application data needing to be operated.
3. The method according to claim 2, wherein the overwriting of the data protection range in the data protection register according to the memory address corresponding to the application data required to be run or the overwriting of the code protection range in the code protection register according to the code range corresponding to the application data required to be run comprises:
determining a memory address corresponding to the application data needing to be operated;
determining a data protection register or a code protection register corresponding to the application data;
and rewriting the data protection range in the data protection register or the code protection register corresponding to the application data into the memory address corresponding to the application data needing to be operated.
4. The method according to any one of claims 1 to 3, wherein the embedded real-time operating system is configured with a plurality of sets of memory protection sets, and each set of memory protection sets is configured with memory data access permissions corresponding to respective regions of the memory of the embedded real-time operating system, including:
a configuration table is stored in the system in advance;
dividing a memory protection set of the embedded real-time operating system and a memory area required to be protected by the embedded real-time operating system according to the configuration strategy of the configuration table;
and configuring the memory data access authority corresponding to each memory region under each divided memory protection set.
5. The method of claim 4, wherein the partitioning the memory protection set of the embedded real-time operating system according to the configuration policy of the configuration table specifically comprises:
and dividing the memory protection set into a kernel protection set, a first class interrupt protection set, a second class interrupt protection set and a task protection set.
6. The method according to claim 4, wherein the dividing the memory area required to be protected by the embedded real-time operating system according to the configuration policy of the configuration table specifically comprises:
storing the memory address range of the kernel code to a first code protection register;
saving the memory address range of the system stack to a first data protection register;
storing the memory address range of the kernel data to a second data protection register;
saving the memory address range of the current task stack to a third data protection register;
storing the memory address range of the current task data to a fourth data protection register;
saving the memory address range of the current interrupt stack to a fifth data protection register;
storing the memory address range of the current interrupt data to a sixth data protection register;
and storing the memory address range of the current application set data to a seventh data protection register.
7. The method of claim 1, wherein if it is determined that the loaded memory protection set needs to be switched, the switching the loaded memory protection set to the memory protection set corresponding to the current operating state in the privileged mode comprises:
if the memory protection set corresponding to the current running state is a task protection set, modifying the value of a non-privileged mode in a system stack into the value of a privileged mode;
and switching the loaded memory protection set into the task protection set in a privileged mode.
8. The method of claim 1, wherein the determining that the loaded memory protection set needs to be switched further comprises:
determining a protection set group value of a memory protection set corresponding to the current running state;
and writing the protection set group value into a special flag bit of a program status register so as to trigger the step of switching the loaded memory protection set into the memory protection set corresponding to the current running state in a privileged mode.
9. A memory protection device, comprising:
the operating state determining module is used for determining the current operating state of the embedded real-time operating system, wherein the current operating state is a kernel state, an interrupt state or a task state;
the judging module is used for determining whether the loaded memory protection set needs to be switched or not according to the current running state; the embedded real-time operating system is configured with a plurality of groups of memory protection sets, and each group of memory protection sets is configured with memory data access authority corresponding to each region of the memory of the embedded real-time operating system;
a switching module, configured to switch the loaded memory protection set to a memory protection set corresponding to the current operating state in a privileged mode if it is determined that the loaded memory protection set needs to be switched;
the protection module is used for protecting the memory of the embedded real-time operating system by using the memory protection set corresponding to the current running state under the current running state;
the judging module is specifically configured to determine a memory protection set corresponding to the current operating state; if the memory protection set corresponding to the current running state corresponds to the loaded memory protection set, determining that the memory protection set does not need to be switched; and if the memory protection set corresponding to the current running state does not correspond to the loaded memory protection set, determining that the memory protection set needs to be switched.
10. A single chip microcomputer comprising a memory and a processor for operating the memory protection device of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910232951.4A CN109947673B (en) | 2019-03-26 | 2019-03-26 | Memory protection method, protection device and single chip microcomputer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910232951.4A CN109947673B (en) | 2019-03-26 | 2019-03-26 | Memory protection method, protection device and single chip microcomputer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109947673A CN109947673A (en) | 2019-06-28 |
| CN109947673B true CN109947673B (en) | 2021-10-15 |
Family
ID=67010763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910232951.4A Active CN109947673B (en) | 2019-03-26 | 2019-03-26 | Memory protection method, protection device and single chip microcomputer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109947673B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100745640B1 (en) * | 2005-08-11 | 2007-08-02 | 주식회사 웨어플러스 | Method for protecting kernel memory and apparatus thereof |
| CN103440176A (en) * | 2013-09-13 | 2013-12-11 | 北京经纬恒润科技有限公司 | Protection method and device for memory in real-time operation system |
| CN105787360A (en) * | 2016-03-02 | 2016-07-20 | 杭州字节信息技术有限公司 | Method for technically controlling secure access to embedded system memory |
| CN108052461A (en) * | 2017-12-29 | 2018-05-18 | 普华基础软件股份有限公司 | A kind of method for protecting EMS memory of operating system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11146508B2 (en) * | 2017-05-12 | 2021-10-12 | Xilinx, Inc. | Data processing system |
| CN108153486A (en) * | 2017-11-27 | 2018-06-12 | 深圳市有方科技股份有限公司 | The running parameter guard method of embedded system and relevant device |
| CN108460287A (en) * | 2018-03-21 | 2018-08-28 | 南通大学 | The division methods in user's control region and memory protect system in memory protection location |
-
2019
- 2019-03-26 CN CN201910232951.4A patent/CN109947673B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100745640B1 (en) * | 2005-08-11 | 2007-08-02 | 주식회사 웨어플러스 | Method for protecting kernel memory and apparatus thereof |
| CN103440176A (en) * | 2013-09-13 | 2013-12-11 | 北京经纬恒润科技有限公司 | Protection method and device for memory in real-time operation system |
| CN105787360A (en) * | 2016-03-02 | 2016-07-20 | 杭州字节信息技术有限公司 | Method for technically controlling secure access to embedded system memory |
| CN108052461A (en) * | 2017-12-29 | 2018-05-18 | 普华基础软件股份有限公司 | A kind of method for protecting EMS memory of operating system |
Non-Patent Citations (1)
| Title |
|---|
| 面向高可用计算机的驱动隔离系统设计与实现;吴楠等;《计算机工程与设计》;20130430;第34卷(第4期);第1280-1286页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109947673A (en) | 2019-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8595487B2 (en) | Virtualization hardware for device driver isolation | |
| EP1966706B1 (en) | Identifier associated with memory locations for managing memory accesses | |
| RU2313126C2 (en) | System and method for protection from non-trusted system control mode code by means of redirection of system management mode interrupt and creation of virtual machine container | |
| US10146940B2 (en) | Multiple hardware-separated computer operating systems within a single processor computer system to prevent cross-contamination between systems | |
| US7827326B2 (en) | Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral | |
| US7529916B2 (en) | Data processing apparatus and method for controlling access to registers | |
| KR20130036189A (en) | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag | |
| US20090019437A1 (en) | Application management and execution system and method thereof | |
| JP2009530715A (en) | Secure operating system switching | |
| CN111414626B (en) | Real-time guaranteeing method and system based on TEE expansion | |
| US10380336B2 (en) | Information-processing device, information-processing method, and recording medium that block intrusion of malicious program to kernel | |
| KR20060130200A (en) | Autonomous memory checkers and their methods for ensuring runtime safety | |
| WO2022001514A1 (en) | Method and apparatus for isolating kernel from task | |
| CN109522099B (en) | Method and system for improving instantaneity of non-instantaneity operating system | |
| US10108800B1 (en) | ARM processor-based hardware enforcement of providing separate operating system environments for mobile devices with capability to employ different switching methods | |
| CN114556348A (en) | Method and apparatus for operating a computing device | |
| US20040243783A1 (en) | Method and apparatus for multi-mode operation in a semiconductor circuit | |
| CN104866762A (en) | Safety hypervisor function | |
| WO2018104711A1 (en) | Memory protection logic | |
| US8789169B2 (en) | Microcomputer having a protection function in a register | |
| JP2009009232A (en) | Computer, kernel protection method, and computer software | |
| CN109947673B (en) | Memory protection method, protection device and single chip microcomputer | |
| CN108573153B (en) | Vehicle-mounted operating system and using method thereof | |
| US20150261979A1 (en) | Method for monitoring an arithmetic unit | |
| CN112464182A (en) | Safety management and control method, device, medium and equipment for mobile equipment management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 4 / F, building 1, No.14 Jiuxianqiao Road, Chaoyang District, Beijing 100020 Applicant after: Beijing Jingwei Hengrun Technology Co., Ltd Address before: 8 / F, block B, No. 11, Anxiang Beili, Chaoyang District, Beijing 100101 Applicant before: Beijing Jingwei HiRain Technologies Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |