CN110554911A

CN110554911A - Memory access and allocation method, memory controller and system

Info

Publication number: CN110554911A
Application number: CN201810542504.4A
Authority: CN
Inventors: 曹政; 高山渊; 刘兴奎
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2018-05-30
Filing date: 2018-05-30
Publication date: 2019-12-10

Abstract

The embodiment of the application provides a memory access and allocation method, a memory controller and a system. In the embodiment of the application, a function of checking the memory access authority is added to the storage controller. Therefore, the storage controller checks the authority of the user-mode process based on the key value in the memory access instruction generated in the execution process of the user-mode process and the corresponding relation between the pre-stored virtual memory space and the key value, and accesses the virtual memory space which is requested to be accessed when the user-mode process has the memory access authority, so that the memory protection under the user-mode protocol stack is realized, and the problem that one process illegally accesses the memories used by other processes to cause the abnormality or the crash of other processes is solved.

Description

memory access and allocation method, memory controller and system

Technical Field

The present application relates to the field of memory management technologies, and in particular, to a memory access and allocation method, a memory controller, and a memory system.

Background

In the memory management technology of the computer operating system, all initial memory accesses pass through the operating system, and the operating system performs permission check on all accesses, which causes high overhead on the operating system. With the advent of high-speed Storage devices, the advent of user-mode protocol stacks such as the Storage Performance Development Kit (SPDK) has been forced.

in a user mode protocol stack, a management process applies a large block of memory to an operating system in advance to form a memory pool, and the operating system performs permission check in the process; the subsequent process can directly distribute the memory from the memory pool without the permission check of the operating system; the process may then read and write the allocated memory via a storage controller, such as NVMe. Such memory management mechanisms have been increasingly becoming a trend to reduce operating system overhead.

The memory management mechanism does not have problems in a normal operation process, but once a process crash, a code error or a malicious code occurs, a serious isolation problem is caused, namely, one process illegally accesses a memory used by another process to cause abnormality or crash of the other process.

Disclosure of Invention

Aspects of the present application provide a memory access and allocation method, a memory controller, and a system, so as to solve the isolation problem in a user-mode memory management scheme and improve the security of memory access.

An embodiment of the present application provides a memory allocation method, including:

registering a target virtual memory space for a user mode process according to a request of applying the virtual memory space by the user mode process, and distributing a target key value corresponding to the target virtual memory space;

and storing the corresponding relation between the target virtual memory space and the target key value and the mapping information of virtual and real addresses from the target virtual memory space to the physical memory space.

an embodiment of the present application provides a memory access method, including:

When a target virtual memory space needs to be accessed in the execution process of a user mode process, generating a memory access instruction according to a target key value corresponding to the target virtual memory space;

and sending the memory access instruction to a storage controller, so that the storage controller can perform access control on the target virtual memory space according to a target key value in the memory access instruction.

An embodiment of the present application further provides a memory access method, including:

Receiving a memory access instruction generated in the execution process of a user mode process, wherein the memory access instruction carries a target key value corresponding to a target virtual memory space which is requested to be accessed;

Determining that the user mode process has the access right of the target virtual memory space according to the target key value and the corresponding relation between the pre-stored virtual memory space and the key value;

And performing virtual-real address conversion on the target virtual memory space according to virtual-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance, and performing access operation on the physical memory space according to the physical address obtained by conversion.

An embodiment of the present application further provides a storage controller, including: the system comprises a memory management module and a host interface module; the host interface module is connected with the memory management module;

The host interface module is used for receiving a memory access instruction submitted by a processor in a host to which the storage controller belongs in the process of executing a user mode process and submitting the memory access instruction to the memory management module; the memory access instruction carries a target key value corresponding to a target virtual memory space which is requested to be accessed;

the memory management module is used for determining that the user state process has the access right of the target virtual memory space according to the target key value and the corresponding relation between the pre-stored virtual memory space and the key value, performing virtual-real address conversion on the target virtual memory space according to virtual-real address mapping information from the pre-stored virtual memory space to the physical memory space, and submitting a physical address obtained by conversion to the host interface module;

And the host interface module is also used for carrying out access operation of the physical memory space according to the physical address obtained by conversion.

An embodiment of the present application further provides a computer memory management system, including: the system comprises a memory, a storage controller and a processor; the storage controller is connected between the memory and the processor;

the memory is used for storing program data and processor instructions related to the user mode process;

The processor executing processor instructions associated with the user-mode process to: when the user mode process needs to access a virtual memory space in the execution process, generating a memory access instruction according to a target key value corresponding to the target virtual memory space; sending the memory access instruction to the storage controller so that the storage controller can judge the access authority and convert virtual and real addresses;

the storage controller is configured to: receiving the memory access instruction, a target key value carried by the memory access instruction and a corresponding relation between a pre-stored virtual memory space and the key value, and determining that the user mode process has the access right of the target virtual memory space; and performing virtual-real address conversion on the target virtual memory space according to virtual-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance, and performing access operation on the physical memory space according to the physical address obtained by conversion.

In the embodiment of the application, a checking function of the memory access authority is added in the storage controller, the storage controller checks the access authority of the user-mode process based on the key value in the memory access instruction generated in the execution process of the user-mode process and the corresponding relation between the pre-stored virtual memory space and the key value, and accesses the virtual memory space which is requested to be accessed when the user-mode process has the memory access authority, so that the memory protection under the user-mode protocol stack is realized, and the problem that one process illegally accesses the memory used by other processes to cause abnormality or crash of other processes is solved.

Drawings

the accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

Fig. 1 is a schematic structural diagram of a computer memory management system under a user mode protocol stack according to an exemplary embodiment of the present application;

Fig. 2a is a schematic structural diagram of a memory protection table according to an exemplary embodiment of the present disclosure;

Fig. 2b is a schematic structural diagram of a virtual-real address mapping table according to an exemplary embodiment of the present application;

Fig. 2c is a schematic structural diagram of a memory access instruction according to an exemplary embodiment of the present application;

3 a-3 c are schematic structural diagrams of a memory controller provided in some exemplary embodiments of the present application;

Fig. 4 is a schematic flowchart of a memory allocation method according to another exemplary embodiment of the present application;

fig. 5 is a schematic flowchart of a memory access method according to another exemplary embodiment of the present application;

Fig. 6 is a flowchart illustrating another memory access method according to another exemplary embodiment of the present application.

Detailed Description

in order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Aiming at the isolation problem of a memory management mechanism in the existing user mode, in some embodiments of the application, a checking function of a memory access authority is added in a storage controller, the storage controller can check the access authority of a memory access instruction according to a key value in the memory access instruction generated in the execution process of a user mode process and a corresponding relation between a pre-stored virtual memory space and the key value, and access the virtual memory space which is requested to be accessed by the instruction when the user mode process is determined to have the memory access authority, so that the memory protection under a user mode protocol stack is realized, and the problem that one process illegally accesses the memory used by the other process to cause the other process to be abnormal or crash is solved.

The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.

fig. 1 is a schematic structural diagram of a computer memory management system under a user mode protocol stack according to an exemplary embodiment of the present application. As shown in fig. 1, the system 10 includes: a memory 10a, a storage controller 10b, and a processor (CPU)10 c. The storage controller 10b is connected between the memory 10a and the processor 10 c.

Of course, the system 10 may include other types of storage in addition to the memory 10a, which may be configured to store other various data to support operations in the system 10. Examples of such data include instructions for any other application or method operating in the system 10, an operating system, contact data, phonebook data, messages, pictures, videos, and the like.

an application is a description of instructions, data, and their organization. A process is a running activity of a program with independent functions on a certain data set, and it can apply for and own system resources, such as processor resources and virtual memory resources, and is a dynamic concept and an active entity. In this embodiment, memory management is mainly performed for each user mode process. In this embodiment, the process of performing memory management on each process is the same or similar, so one of the user mode processes is taken as an example for explanation. The user mode process may be a process running in a user mode.

the processor 10c may load program data and processor instructions associated with the user mode process into the memory 10a prior to executing the user mode process. That is, the memory 10a stores program data and processor instructions related to user-mode processes. The processor instructions associated with the user mode process may be executed by the processor 10c, and may involve a memory read operation during execution, i.e., a process of reading data from the memory 10a or a process of writing data to the memory 10 a. In this embodiment, in order to avoid the huge processor overhead caused by the direct processing of the memory data access by the processor 10c, a structure similar to remote direct memory access (NVME) is adopted, that is, the memory data is read by the memory controller 10 b.

Further, as shown in fig. 1, the system 10 of this embodiment may further include a trusted entity 10d, where the trusted entity 10d is responsible for allocating a memory space for the user mode process. The trusted entity 10d registers the virtual memory space for the user mode process according to a request of the user mode process for applying the virtual memory space, and allocates a KEY (KEY) corresponding to the virtual memory space. The key value can uniquely identify the virtual memory space, but is different from the virtual address of the virtual memory space. Similarly, for convenience of distinction and description, the virtual memory space allocated by the trusted entity 10d for the user mode process is referred to as a target virtual memory space, and correspondingly, the key value corresponding to the target virtual memory space may be referred to as a target key value.

Optionally, when the trusted entity 10d allocates the target key value to the target virtual memory space, a random number may be generated according to a set random number algorithm, and the random number is used as the target key value of the target virtual memory space. The random number generation algorithm includes, but is not limited to, a monte carlo method, an encryption algorithm, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, and the like, and these algorithms belong to the known technologies in the art and are not described herein again. In this embodiment, the virtual memory space is identified by key values instead of virtual addresses, and compared with virtual addresses, the key values do not reveal the semantics of any memory address, and the generation process has randomness, so that the probability of falsification is relatively low, and the memory access security is improved.

In addition, the trusted entity 10d may further store the corresponding relationship between the target virtual memory space and the target key value, so that the storage controller 10b performs permission check on the memory access instruction according to the corresponding relationship. Further, the trusted entity 10d may also store mapping information of virtual and real addresses from the target virtual memory space to the physical memory space, so that the storage controller 10b performs virtual and real address conversion accordingly, thereby successfully accessing the physical memory space.

further, after the trusted entity 10d allocates the target key value to the target virtual memory space, the target key value may be allocated to the user mode process, so that the user mode process accesses the target virtual memory space according to the target key value.

Alternatively, trusted entity 10d may be software, hardware, or a combination of software and hardware. For example, trusted entity 10d may be an operating system or, alternatively, an ARM chip. In fig. 1, trusted entity 10d is shown in dashed line block to indicate that trusted entity 10d is not necessarily a hardware module, which may be software.

For the user mode process, if the virtual memory space needs to be accessed in the execution process, the processor 10b may generate a memory access instruction according to a key value corresponding to the virtual memory space that needs to be accessed; then, the memory access instruction is sent to the storage controller 10b, so that the storage controller 10b performs access control on the virtual memory space to be accessed according to the key value in the memory access instruction. The access control mainly refers to performing authority check on the memory access instruction, and accessing the corresponding physical memory space according to the physical address obtained by virtual-real address conversion when the memory access instruction has the access authority. For convenience of description and distinction, in this embodiment, a virtual memory space to be accessed in the user mode process execution process is taken as a target virtual memory space for example.

In the present system 10, during the execution of the user-mode process, the processor 10b may generate a memory access instruction according to an access requirement for a target virtual memory space, and submit the memory access instruction to the storage controller 10 b. The memory controller 10b receives the memory access instruction, which carries the target key value corresponding to the target virtual memory space requested to be accessed. After receiving the memory access instruction, the storage controller 10b may determine whether the user mode process has the access right of the target virtual memory space according to a target key value carried in the memory access instruction and a correspondence between the virtual memory space and the key value stored in advance. After determining that the user mode process has the access right of the target virtual memory space, the storage controller 10b may perform virtual-to-real address conversion on the target virtual memory space according to the virtual-to-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance, and access the corresponding physical memory space according to the physical address obtained through the conversion. The physical address obtained by the conversion is the starting address of the physical memory space corresponding to the target virtual memory space.

alternatively, when the storage controller 10b determines that the user mode process does not have the access right of the target virtual memory space, it may return an illegal access prompt message to the user mode process running on the processor 10b, and prohibit the access to the target virtual memory space.

In the computer memory management system provided in this embodiment, a function of checking a memory access right is added to the storage controller, so that the storage controller can check the access right of the user-mode process based on a key value in a memory access instruction generated in an execution process of the user-mode process and a correspondence between a virtual memory space and the key value stored in advance, and access the virtual memory space when the user-mode process has the memory access right, thereby implementing memory protection under a user-mode protocol stack, and solving a problem that another process is abnormal or crashed due to illegal access of a process to a memory used by another process. In addition, the hardware structure based on the storage controller has the advantages that the introduced software overhead can be obviously reduced, the reliability of the hardware is relatively high, and the security of memory access is further improved.

In some exemplary embodiments, two data structures are provided, namely a Memory Protection Table (MPT) and a virtual-to-real Address Mapping Table (AMT). The MPT is used to store a mapping of key values to their corresponding virtual memory spaces. The AMT is used to store a mapping of virtual memory space to physical memory space. Alternatively, the MPT and AMT may be stored in the memory 10 a. Based on this, after registering the target virtual memory space for the user mode process and allocating the corresponding target key value, the trusted entity 10d may write the information of the target virtual memory space and the corresponding target key value into the MPT, and write the virtual-real address mapping information from the target virtual memory space to the physical memory space into the AMT.

The information of the target virtual memory space includes, but is not limited to: the starting virtual address, the space size, the access authority of the target virtual memory space and the starting physical address of the virtual-real mapping. The initial physical address of the virtual-to-real mapping is a physical address of a first AMT entry in the AMT, which records virtual-to-real mapping information from the target virtual memory space to the physical memory space. Based on this, the writing of the information of the target virtual memory space and the corresponding target key value into the MPT by the trusted entity 10d mainly means: and taking the physical address of the first AMT table entry recording the mapping information of the virtual and real addresses from the target virtual memory space to the physical memory space in the AMT as the initial physical address of the virtual and real mapping, and adding the initial virtual address, the space size and the access authority of the target virtual memory space to the table entry where the target key value is located in the MPT. The access right of the target virtual memory space refers to an operation type that the user mode process allowed by the target virtual memory space executes on the target virtual memory space, and includes but is not limited to: local read/write, remote read/write, atomic operations, and the like.

The embodiment of the present application does not limit the structure of the MPT, and all table structures that can store information of the virtual memory space and the corresponding key values are applicable to the embodiment of the present application. Similarly, the embodiment of the present application also does not limit the structure of the AMT, and all table structures capable of storing virtual and real address mapping information from the virtual memory space to the physical memory space are applicable to the embodiment of the present application. Alternatively, exemplary table structures for MPT and AMT are shown in fig. 2a and fig. 2b, respectively. In the MPT shown in fig. 2a, one key value corresponds to one entry, and the entry corresponding to one key value stores information such as a status flag (not shown in fig. 2 a) of a virtual memory space corresponding to the key value, a starting virtual address, a space size, an access right, and a starting physical address of virtual-real mapping. In the AMT shown in fig. 2b, the physical addresses of the physical pages corresponding to the logical pages included in the virtual memory space are stored.

Optionally, when the user mode process is closed, the memory release interface may be called to trigger the trusted entity 10d to release the memory for the user mode process. The memory release here mainly refers to releasing the virtual memory space allocated to the user mode process, and deleting the entries related to the user mode process in the MTP and the AMT, so as to save the memory space occupied by the MPT and the AMT.

In some exemplary embodiments, a new format of memory access instructions is provided. The format of the memory access instruction is shown in fig. 2c, and mainly includes: header control block, L-KEY, SrcVAddr-offset, Src-length, R-KEY, DrcVAddr-offset, Drc-length, etc.

The header information control block is mainly used to define the type of the memory access instruction, and may be, for example, a Read instruction (Storage Read) or a Write instruction (Storage Write). Here, the Read command (Storage Read) refers to a command for reading data from the memory chip 10e of the system 10 and writing the Read data into the virtual memory space. Accordingly, the Write instruction (Storage Write) herein refers to an instruction to read data from the virtual memory space and Write the read data into the memory chip 10 e.

the L-KEY represents the address information of the source storage space of the data to be accessed; SrcVAddr-offset represents the address offset of the source memory space of the data to be accessed; src-length represents the size of the source storage space of the data to be accessed. The L-KEY, the SrcVAddr-offset and the Src-length are combined together to form a source address table entry, and information related to a source storage space is mainly stored.

R-KEY represents the address information of the target storage space of the data to be accessed; DrcVAddr-offset represents the address offset of the destination memory space of the data to be accessed; drc-length represents the size of the destination storage space for the data to be accessed. The three fields of R-KEY, DrcVAddr-offset and Drc-length are combined together to form a destination address table entry, and information related to a destination storage space is mainly stored.

It should be noted that, according to the type of the memory access instruction, the information of the data to be accessed, the source storage space and the destination storage space thereof, etc. may be different. If the memory access instruction is Storage Read, the data to be accessed refers to data which needs to be Read from the Storage chip, the L-KEY defines a target Storage Logical Block Address (LBA) corresponding to the data to be Read in the Storage chip, and the R-KEY represents a KEY value (KEY) corresponding to a target virtual memory space into which the data Read from the Storage chip needs to be written. If the memory access instruction is Storage Write, the data to be accessed refers to data which needs to be read from a target virtual memory space, L-KEY represents a KEY value (KEY) corresponding to the target virtual memory space corresponding to the data to be read, and R-KEY represents a target LBA corresponding to a Storage chip to which the data read from the target virtual memory space needs to be written.

The following describes an exemplary process of generating a memory access instruction by a user-mode process, with reference to the format of the memory access instruction shown in fig. 2 c. Based on the instruction format shown in fig. 2c, when the user mode process needs to access the target virtual memory space, the instruction type may be written in the header information control block of the memory access instruction according to the access requirement. For example, when the user mode process needs to write data in the memory chip 10e into the target virtual memory space, a Read instruction type, such as Storage Read, may be written in the header information control block of the memory access instruction. When a user mode process needs to write data in a target virtual memory space into a memory chip, a write instruction type, such as a StorageWrite, may be written in a header information control block of a memory access instruction.

In addition to writing the type of instruction in the header information control block, it is necessary to fill in address information L-KEY of the source storage space, address offset srcvadd-offset of the source storage space, and size Src-length of the source storage space of the data to be accessed in the source address entry of the memory access instruction, and to fill in address information R-KEY of the destination storage space, address offset drcvadd-offset of the destination storage space, and size dr-length of the destination storage space of the data to be accessed in the destination address entry of the memory access instruction. It should be noted that the address information may be different according to the implementation of the source storage space and the destination storage space. If the source storage space is a virtual memory space, the address information is an address index corresponding to the virtual memory space; if the destination storage space is a virtual memory space, the address information is an address index corresponding to the virtual memory space.

With reference to the MPT shown in fig. 2a and the instruction format shown in fig. 2c, the process of determining, by the storage controller 10b, whether the user-mode process has the access right of the target virtual memory space according to the target key value carried by the memory access instruction and the correspondence between the pre-stored virtual memory space and the key value includes:

querying the MPT in the memory 10a according to a target KEY value corresponding to the target virtual memory space carried in the memory access instruction, for example, a field value of an L-KEY or an R-KEY in fig. 2 c; if a target MPT table entry matched with the target key value is inquired in the MPT, whether the user mode process has the access right of the target virtual memory space is determined according to the information of the virtual memory space recorded in the target MPT table entry. Optionally, if an entry matching the target key value is not queried in the MPT, it is determined that the user mode process does not have the access right of the target virtual memory space, and the user mode process may return an illegal access prompt message and prohibit the user mode process from accessing the target virtual memory space.

Further, the storage controller 10b may create a local MPT Cache (MPT Cache) to Cache entries in the recently accessed MPT. Where "most recent" may be understood as a recent period of time, such as the last day, the last week, the last days, the last hours, etc. Based on this, before querying the MTP in the memory 10a, the storage controller 10b may query the MPT entry that has been recently accessed in the local MPT cache according to the target key value carried in the received memory access instruction. If the table entry matched with the target key value is inquired in the local MPT cache, whether the user mode process has the access right of the target virtual memory space or not is determined according to the information of the virtual memory space recorded in the table entry matched with the target key value. In this embodiment, the storage controller 10b preferentially queries the local MPT cache, so that the permission check on the user mode process can be preferentially completed in the storage controller 10b, and once the entry matching with the target key value is queried in the local MPT cache, the operation of accessing the memory 10a can no longer be generated, which is beneficial to improving the permission judgment efficiency.

Optionally, if an entry matching the target key value is not queried in the local MPT cache, the MPT in the memory 10a may be queried according to the target key value, so as to further determine whether the user-mode process has the access right of the target virtual storage space based on the MPT in the memory 10 a.

It should be noted that, if the entry matching the target key value is not found in the local MPT cache but the entry matching the target key value is found in the MPT in the memory 10a, the entry matching the target key value found in the MPT in the memory 10a may be written into the local MPT cache.

In combination with the information of the virtual memory space recorded in the MPT shown in fig. 2a, the storage controller 10b may determine whether the user-mode process has the access right of the target virtual memory according to the range and the access type of the virtual memory space recorded in the MPT or the entry matched with the target key value in the local MPT cache. For convenience of description, the entry matching the target key value in the MPT or the local MPT cache is simply referred to as the target MPT entry. Then, the storage controller 10b may determine whether the target virtual memory space is within the virtual memory space range recorded in the target MPT entry, and determine whether the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target MPT entry according to the instruction type in the header information control block of the memory access instruction; if the target virtual memory space in the memory access instruction is within the virtual memory space range recorded in the target MPT table entry, and the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target MPT table entry, determining that the user-mode process has the access authority of the target virtual memory space; otherwise, determining that the user mode process does not have the access right of the target virtual memory space.

Where the range of the target virtual memory space may be determined by L-KEY, SrcVAddr-offset and Src-length in the memory access instruction, or may be determined by R-KEY, DrcVAddr-offset and Drc-length, in conjunction with the instruction type of the memory access instruction.

when it is determined that the user mode process has the access right of the target virtual memory space, the storage controller 10b may perform virtual-to-real address conversion on the target virtual memory space according to the virtual-to-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance.

ⁿin some exemplary embodiments, the memory 10a is managed by using a page-type memory management method, which can break continuity of memory allocation, so that a virtual memory space of a user-mode process can correspond to a plurality of discrete physical pages, thereby achieving the effects of fully utilizing the memory and improving the memory utilization rate.

Based on the page type memory management method, when performing virtual-real address translation on the target virtual memory space, the memory controller 10b can obtain the page offset, and the number of occupied pages of the virtual address to be accessed by the memory access instruction according to the address offset (srcvddr _ offset or drcvddr _ offset) and the size (Src _ length or Drc _ length) of the target virtual memory space recorded in the memory access instruction, the system page size, and the system start virtual address. The system starting virtual address refers to a starting address of the entire virtual memory space in the system, and the system page size refers to the size of one logical page or physical page in the system.

further, the memory controller 10b obtains an index of the physical page to be accessed by the memory access instruction in the AMT (the index corresponds to the several physical pages in the AMT table in fig. 2 b) according to the "starting physical address of the virtual-real map" recorded in the target MPT entry matching the target key value in the MPT or local MPT cache and the address offset (SrcVaddr _ offset or DrcVaddr _ offset) of the target virtual memory space recorded in the current memory access instruction; and then, according to the calculated index of the physical page to be accessed by the memory access instruction in the AMT, inquiring the AMT to obtain the physical address in the table entry corresponding to the index in the AMT, namely the physical address obtained by the virtual-real address conversion. The physical address obtained by conversion here refers to the starting address of the physical page corresponding to the target virtual memory space. Furthermore, the physical address obtained by the target conversion is combined with the in-page offset, the page offset and the number of occupied pages of the virtual address to be accessed by the memory access instruction, so that the physical storage space corresponding to the target virtual memory space can be uniquely determined, and the physical storage space may comprise a plurality of physical pages, depending on the number of occupied pages. The AMT is used for storing virtual and real address mapping information from a virtual memory space to a physical memory space.

further, memory controller 10b may create a local AMT Cache (AMT Cache) for caching the recently accessed entries in the AMT. Similarly, "most recent" may be understood as a recent period of time, such as the last day, the last week, the last days, the last hours, and so forth. Based on this, before querying the AMT in the memory 10a, the storage controller 10b may preferentially query whether the local AMT cache has an entry corresponding to the index according to the index. If the table entry corresponding to the index is searched in the local AMT cache, the physical address indicated in the table entry corresponding to the index searched in the local AMT cache, that is, the physical address obtained by virtual-real address translation, is obtained. Thus, the virtual-real address conversion process in the memory access can be completed inside the memory controller 10b, and the memory controller 10b can no longer generate the operation of accessing the memory 10a, thereby saving the software overhead of virtual-real address conversion.

Optionally, if the entry corresponding to the index is not queried in the local AMT cache, the AMT in the memory 10a is queried, so as to perform virtual-real address translation on the target virtual memory space further based on the AMT in the memory 10 a.

It should be noted that, if the entry corresponding to the index is not found in the local AMT cache, but the entry corresponding to the index is found in the AMT in the memory 10a, the entry corresponding to the index found in the AMT in the memory 10a may be written into the local AMT cache.

the embodiment of the application provides a memory management system and a memory controller. As shown in fig. 3a, the memory controller 10b includes: a memory management module 31 and a host interface module 32; the host interface module 32 is connected to the memory management module 31. Wherein the content of the first and second substances,

a host interface module 32, configured to receive a memory access instruction submitted by a processor 10c in a host to which the storage controller 10b belongs in a user mode process, and submit the memory access instruction to the memory management module 31; the memory access instruction carries a target key value corresponding to a target virtual memory space requested to be accessed. The host interface module 32 is also connected to the processor 10c, as shown in fig. 3 a.

The memory management module 31 is configured to determine that the user mode process has an access right of the target virtual memory space according to the target key value and a corresponding relationship between the pre-stored virtual memory space and the key value, perform virtual-real address translation on the target virtual memory space according to virtual-real address mapping information from the pre-stored virtual memory space to the physical memory space, and submit a physical address obtained by the translation to the host interface module 32.

Correspondingly, the host interface module 32 is further configured to perform an access operation of the physical memory space according to the physical address obtained by the virtual-real address translation.

Optionally, the host interface module 32 needs to implement a programming interface with the I/O device, for example, a PCIE programming interface connected to the processor 10c, a programming interface connected to the status control register of the host, and the like, and also needs to implement a user-level communication programming interface for communicating with the processes. Wherein the user-level communication programming interface comprises: a user programming interface and a system programming interface.

the system programming interface is used for controlling unified attributes and behaviors of user-level communication corresponding to each process in the operating system, and the unified attributes and behaviors include but are not limited to the system page size and the initial physical address of virtual-real mapping in the MPT. When the operating system initializes the memory controller 10b, the processor 10c informs the memory controller 10b of the system page size used by the operating system of the host and the starting virtual address of the virtual-to-real mapping in the MPT through the system programming interface.

The user programming interface is used for controlling independent information and behaviors of user-level communication corresponding to each process in the system, and includes, but is not limited to, a Doorbell interface for each process to send a memory access instruction to the storage controller 10 b.

In an alternative embodiment, as shown in FIG. 3b, the storage controller 10b also includes a storage interface module 33. The storage interface module 33 is connected to the storage chip 10e and the memory management module 31. The memory interface module 33 is used for reading data from the memory chip 10e of the host or writing data into the memory chip 10 e.

In another alternative embodiment, as shown in FIG. 3c, the storage controller 10b further includes a storage download module 34. The storage download module 34 is connected to the host interface module 32, the storage interface module 33, and the memory management module 31. Wherein the content of the first and second substances,

A storage downloading module 34, configured to receive the memory access instruction submitted by the host interface module 32, and transmit information of the source address table entry in the memory access instruction to the memory management module 31 for access permission determination and virtual-real address conversion; and receiving the physical address obtained by virtual-real address conversion returned by the memory management module 31 after the access permission passes, reading the first data from the corresponding physical memory space according to the physical address obtained by conversion, and transmitting the information of the destination address table entry in the memory access instruction and the first data to the storage interface module 33. The information of the source address table entry in the memory access instruction includes a key value, an address offset and a size corresponding to the target virtual memory space.

Accordingly, the storage interface module 33 is specifically configured to: according to the information of the destination address table entry, the first data is written into the memory chip 10 e.

in yet another alternative embodiment, as shown in FIG. 3c, the storage controller 10b further comprises: the storage upload module 35. The storage uploading module 35 is connected to the host interface module 32, the storage interface module 33, and the memory management module 31. Wherein the content of the first and second substances,

the storage uploading module 35 is configured to receive a memory access instruction submitted by the host interface module 32, transmit information of a destination address table entry in the memory access instruction to the memory management module 31 for access permission determination and virtual-real address conversion, and receive a physical address obtained by virtual-real address conversion and returned by the memory management module 31 after the access permission passes; and transmitting the information of the source address table entry in the memory access instruction to the storage interface module 33, receiving the second data read by the storage interface module 33 from the storage chip 10e according to the information of the source address table entry, and writing the second data into the target virtual memory space according to the physical address obtained by the conversion. The information of the destination address table entry in the memory access instruction includes a key value, an address offset and a size corresponding to the target virtual memory space.

Accordingly, the storage interface module 33 is specifically configured to: and second data read from the memory chip 10e according to the information of the source address table entry.

optionally, when determining whether the user mode process has the access right of the target virtual memory space, the memory management module 31 is specifically configured to: inquiring an MPT in the memory according to a target KEY value which is carried in the memory access instruction and corresponds to a target virtual memory space which is requested to be accessed, namely an L-KEY or an R-KEY in the memory access instruction as shown in figure 2c, wherein the MPT stores a corresponding relation between the virtual memory space and the KEY value; if a target MPT table entry matched with a target KEY value L-KEY or R-KRY is inquired in the MPT, whether the user mode process has the access right of the target virtual memory space is determined according to the information of the virtual memory space recorded in the target MPT table entry.

Optionally, if an entry matching the target KEY value L-KEY or R-KEY is not queried in the MPT, it is determined that the user mode process does not have the access right of the target virtual memory space, and the memory management module 31 may return an illegal access prompt message to the storage downloading module 34. Accordingly, the store download module 34 sends the illegal access prompt to the user mode process running on the processor 10 c.

further, the memory management module 31 is specifically configured to: a local MPT Cache (MPT Cache) is created to Cache entries in recently accessed MPTs. "recent" is to be understood as a recent period of time, which may be, for example, the last day, the last week, the last days, the last hours, etc. Based on this, the memory management module 31 may query the latest accessed MPT entry in the local MPT cache according to the target key value carried in the received memory access instruction before querying the MTP in the memory. If the table entry matched with the target key value is inquired in the local MPT cache, whether the user mode process has the access right of the target virtual memory space or not is determined according to the information of the virtual memory space recorded in the table entry matched with the target key value. In this embodiment, the memory management module 31 preferentially queries the local MPT cache, so that the permission check on the user mode process can be preferentially completed in the storage controller, and once the entry matching with the target key value is queried in the local MPT cache, the operation of accessing the memory can not be generated any more, which is beneficial to improving the authentication efficiency.

Optionally, if an entry matching the target key value is not queried in the local MPT cache, the MPT in the memory may be queried according to the target key value, so as to further determine whether the user-mode process has the access right of the target virtual storage space based on the MPT in the memory.

It should be noted that, if the memory management module 31 does not query the entry matching the target key value in the local MPT cache, but queries the entry matching the target key value in the MPT in the memory, the entry matching the target key value and queried in the MPT in the memory may be written in the local MPT cache.

in combination with the information of the virtual memory space recorded in the MPT shown in fig. 2a, the memory management module 31 may determine whether the user-mode process has the access right of the target virtual memory according to the range and the access type of the virtual memory space recorded in the MPT or the entry matched with the target key value in the local MPT cache. For convenience of description, the entry matching the target key value in the MPT or the local MPT cache is simply referred to as the target MPT entry. Then, the memory management module 31 is specifically configured to: judging whether the target virtual memory space is within the range of the virtual memory space recorded in the target table item, and judging whether the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target table item according to the instruction type in the header information control block of the memory access instruction; if the target virtual memory space in the memory access instruction is within the virtual memory space range recorded in the target table entry, and the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target table entry, determining that the user mode process has the access right of the target virtual memory space; otherwise, determining that the user mode process does not have the access right of the target virtual memory space.

Correspondingly, the memory management module 31 is further configured to perform virtual-real address conversion on the target virtual memory space after determining that the user mode process has the access right to access the target virtual memory space. When performing virtual-real address translation on the target virtual memory space, the memory management module 31 is specifically configured to: and obtaining the page offset, the page offset and the occupied page number of the virtual address to be accessed by the memory access instruction according to the address offset and the size of the target virtual memory space, the system page size and the system initial virtual address recorded in the memory access instruction. The system starting virtual address refers to a starting address of the whole virtual memory space in the system, and the system page size refers to the size of one logical page or physical page in the system.

Further, the memory management module 31 is specifically configured to: obtaining an index of a physical page to be accessed by the memory access instruction in the AMT according to a "starting physical address of a virtual-real mapping" recorded in a target MPT entry matched with a target key value in the MPT or the local MPT cache and an address offset (srcvddr _ offset or drcvddr _ offset) of a target virtual memory space recorded in the current memory access instruction; and then, according to the calculated index, inquiring the AMT to obtain the physical address in the table entry corresponding to the index in the AMT, namely the physical address obtained by virtual-real address conversion. The physical address obtained by virtual-real address translation refers to a starting address of a physical page corresponding to the target virtual memory space. Furthermore, the physical address obtained by the virtual-real address conversion is combined with the in-page offset, the page offset and the number of occupied pages of the virtual address to be accessed by the memory access instruction, so that the physical storage space corresponding to the target virtual memory space can be uniquely determined, and the physical storage space may comprise a plurality of physical pages, depending on the number of occupied pages. The AMT is used for storing virtual and real address mapping information from a virtual memory space to a physical memory space.

optionally, the memory management module 31 is further configured to create a local AMT Cache (AMT Cache) for caching the recently accessed entry in the AMT. Similarly, "most recent" may be understood as a recent period of time, such as the last day, the last week, the last days, the last hours, and so forth. Based on this, the memory management module 31 is specifically configured to, before querying the AMT in the memory: and according to the index, preferentially inquiring whether the local AMT cache has an item corresponding to the index. If the table entry corresponding to the index is searched in the local AMT cache, the physical address indicated in the table entry corresponding to the index searched in the local AMT cache, that is, the physical address obtained by virtual-real address translation, is obtained. This makes the conversion process of the virtual and real addresses in the memory access by the user mode process be completed in the memory management module 31 in the memory controller, and the memory controller can not generate the operation of accessing the memory any more, thereby saving the software overhead of virtual and real address conversion.

Optionally, if the table entry corresponding to the index is not queried in the local AMT cache, the memory management module 31 queries an AMT in the memory, so as to further perform virtual-real address translation on the target virtual memory space based on the AMT in the memory.

It should be noted that, if the entry corresponding to the index is not found in the local AMT cache, but the entry corresponding to the index is found in the AMT in the memory, the entry corresponding to the index found in the AMT in the memory may be written into the local AMT cache.

it should be noted that the storage controller 10b and each module thereof may be implemented by hardware, and the hardware implementation method may be implemented by programming logic such as CPLD, FPGA, or ASIC dedicated chip.

the storage controller provided by the embodiment adds a function of checking the memory access authority. Therefore, the storage controller can check the authority of the user-mode process based on the key value in the memory access instruction generated in the execution process of the user-mode process and the corresponding relation between the pre-stored virtual memory space and the key value, and access the virtual memory space which is requested to be accessed when the user-mode process has the memory access authority, so that the memory protection under a user-mode protocol stack is realized, and the problem that other processes are abnormal or collapsed due to the fact that a process illegally accesses the memory used by other processes is solved. In addition, the hardware structure based on the storage controller has the advantages that the introduced software overhead can be obviously reduced, the reliability of the hardware is relatively high, and the security of memory access is further improved.

in addition to the above system embodiments, the present application also provides some method embodiments, which describe the memory allocation and access processes from different angles, respectively. The method embodiments will be described in detail below with reference to the accompanying drawings.

Fig. 4 is a flowchart illustrating a memory allocation method according to an exemplary embodiment of the present disclosure. As shown in fig. 4, the method includes:

401. And registering a target virtual memory space for the user mode process according to a request of applying the virtual memory space by the user mode process, and distributing a target key value corresponding to the target virtual memory space.

402. And storing the corresponding relation between the target virtual memory space and the target key value and the virtual-real address mapping information from the target virtual memory space to the physical memory space.

Optionally, the method further comprises: and allocating the target key value to the user mode process so that the user mode process can access the target virtual memory space according to the target key value.

The key value can identify the virtual memory space, but is different from the virtual address of the virtual memory space, so that the probability of being forged by malicious codes can be reduced, and the memory access security can be improved.

In an optional embodiment, a random number may be generated according to a set random number algorithm, and the random number may be used as a key value of the virtual memory storage space. The random generation of the randomly generated key value can effectively reduce the possibility that the key value is maliciously tampered or impersonated, and is beneficial to improving the access security of the memory. The random number generation algorithm includes, but is not limited to, a monte carlo method, an encryption algorithm, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, and the like, and these algorithms belong to the known technologies in the art and are not described herein again.

In another alternative embodiment, two data structures are provided, namely, a Memory Protection Table (MPT) and an actual and virtual Address Mapping Table (AMT) are added in the memory. The MPT is used to store a mapping of key values to their corresponding virtual memory spaces. The AMT is used to store a mapping of virtual memory space to physical memory space. Optionally, the MPT and AMT may be stored in memory. Based on this, an alternative implementation of step 402 is: the information of the target virtual memory space and the corresponding target key value can be written into the MPT, and the virtual-real address mapping information from the target virtual memory space to the physical memory space is written into the AMT.

The information of the target virtual memory space includes, but is not limited to: the starting virtual address, the space size, the access authority of the target virtual memory space and the starting physical address of the virtual-real mapping are the physical address of the first table entry of the virtual-real mapping information from the target virtual memory space to the physical memory space recorded in the AMT.

Further, writing the information of the target virtual memory space and the corresponding target key value into the MPT mainly means: and taking the physical address of the first table entry recording the target virtual-real address mapping information in the AMT as the initial physical address of the virtual-real mapping, and adding the initial virtual address, the space size and the access authority of the target virtual memory space into the table entry where the target key value is located in the MPT. Optionally, the access right of the target virtual memory space may be a type of operation that the target virtual memory space allows the user-mode process to perform on, including but not limited to: local read/write, remote read/write, atomic operation, and the like, but is not limited thereto.

For the description of the structure of the MPT and the AMT, reference may be made to the description of fig. 2a and fig. 2b in the above system embodiment, and details are not repeated here.

Accordingly, an embodiment of the present application further provides a memory access method, a flowchart of which is shown in fig. 5, including:

501. And when the target virtual memory space needs to be accessed in the execution process of the user mode process, generating a memory access instruction according to a target key value corresponding to the target virtual memory space.

502. And sending the memory access instruction to the storage controller so that the storage controller can access and control the target virtual memory space according to the target key value in the memory access instruction.

In some exemplary embodiments, a new format of memory access instructions is provided. The format of the memory access instruction is shown in fig. 2c, and mainly includes: header control block, L-KEY, SrcVAddr-offset, Src-length, R-KEY, DrcVAddr-offset, Drc-length, etc. For a detailed description of the instruction, reference may be made to the related description of fig. 2c in the foregoing system embodiment, and details are not repeated here.

The process of generating the memory access instruction in step 501 is described below with reference to the format of the memory access instruction shown in fig. 2 c. Based on the instruction format shown in fig. 2c, when the user mode process needs to access the target virtual memory space, the instruction type may be written in the header information control block of the memory access instruction according to the access requirement. For example, when the user mode process needs to write data in the memory chip into the target virtual memory space, a Read command write Read command type, such as Storage Read, may be written in the header information control block of the memory access command. When the user mode process needs to Write the data in the target virtual memory space into the memory chip, a Write instruction type, such as a Storage Write, may be written in the header information control block of the memory access instruction.

In addition to writing the type of instruction in the header information control block, it is necessary to fill in address information L-KEY of the source storage space, address offset srcvadd-offset of the source storage space, and size Src-length of the source storage space of the data to be accessed in the source address entry of the memory access instruction, and to fill in address information R-KEY of the destination storage space, address offset drcvadd-offset of the destination storage space, and size dr-length of the destination storage space of the data to be accessed in the destination address entry of the memory access instruction. It should be noted that the address information may be different according to the implementation of the source storage space and the destination storage space. If the source storage space or the destination storage space is a virtual memory space, the address information is an address index corresponding to the virtual memory space.

In this embodiment, the user mode process generates an access instruction according to a target key value of the target virtual memory space, and sends the access instruction to the storage controller, so that the storage controller can perform access control on the target virtual memory space according to the target key value in the memory access instruction. Fig. 6 shows a process of performing access control on the virtual memory space by the storage controller according to the key value in the memory access instruction.

fig. 6 is a flowchart illustrating another memory access method according to another exemplary embodiment of the present application. As shown in fig. 6, the method includes:

601. And receiving a memory access instruction which is generated and submitted in the execution process of the user mode process, wherein the memory access instruction carries a target key value corresponding to a target virtual memory space which is requested to be accessed.

602. and determining that the user mode process has the access right of the target virtual memory space according to the target key value and the corresponding relation between the pre-stored virtual memory space and the key value.

603. And performing virtual-real address conversion on the target virtual memory space according to the virtual-real address mapping information from the virtual memory space to the physical memory space which is stored in advance, and performing access operation on the physical memory space according to the physical address obtained by conversion.

in this embodiment, a function of checking the memory access authority is added to the storage controller. Therefore, the storage controller checks the access authority of the user-mode process based on the key value in the memory access instruction generated in the execution process of the user-mode process and the corresponding relation between the pre-stored virtual memory address and the key value, and accesses the virtual memory space which is requested to be accessed when the user-mode process has the memory access authority, so that the memory protection under the user-mode protocol stack is realized, and the problem that one process illegally accesses the memory used by other processes to cause abnormality or crash of other processes is solved.

in some exemplary embodiments, the MPT and the memory access instruction are implemented as shown in FIG. 2a and FIG. 2c, respectively. For specific description of fig. 2a and fig. 2c, reference may be made to relevant contents in the above system embodiment, and details are not repeated here.

With reference to the MPT shown in fig. 2a and the instruction format shown in fig. 2c, in step 602, according to the target key value carried by the memory access instruction and the correspondence between the pre-stored virtual memory space and the key value, an optional implementation manner for determining whether the user mode process has the access right of the target virtual memory space is as follows: inquiring the MPT in the memory 10a according to a target KEY value corresponding to the target virtual memory space requested to be accessed, which is carried in the memory access instruction, such as the field value of the L-KEY or the R-KEY in FIG. 2 c; if a target MPT table entry matched with the target key value is inquired in the MPT, whether the user mode process has the access right of the target virtual memory space is determined according to the information of the virtual memory space recorded in the target MPT table entry.

Optionally, if an entry matching with a target KEY value L-KEY or R-KEY is not queried in the MPT, it is determined that the user mode process does not have the access right of the target virtual memory space, an illegal access prompt message may be returned to the user mode process, and the user mode process is prohibited from accessing the target virtual memory space.

further, the storage controller 10b may create a local MPT Cache (MPT Cache) to Cache entries in the recently accessed MPT. Where "most recent" may be understood as a recent period of time, such as the last day, the last week, the last days, the last hours, etc. Based on this, before the MPT in the memory is queried, the MPT entry that has been recently accessed in the local MPT cache may be queried according to the target key value carried in the received memory access instruction. If the table entry matched with the target key value is inquired in the local MPT cache, whether the user mode process has the access right of the target virtual memory space or not is determined according to the information of the virtual memory space recorded in the table entry matched with the target key value. In this embodiment, the storage controller 10b preferentially queries the local MPT cache, so that the permission check on the user mode process can be preferentially completed in the storage controller 10b, and once the entry matching with the target key value is queried in the local MPT cache, the operation of accessing the memory 10a can no longer be generated, which is beneficial to improving the permission judgment efficiency.

It should be noted that, if the entry matching the target key value is not found in the local MPT cache, but the entry matching the target key value is found in the MPT in the memory, the entry matching the target key value found in the MPT in the memory may be written into the local MPT cache.

In combination with the information of the virtual memory space recorded in the MPT shown in fig. 2a, it can be determined whether the user mode process has the access right of the target virtual memory according to the range and the access type of the virtual memory space recorded in the MPT or the entry matched with the target key value in the local MPT cache. For convenience of description, the entry matching the target key value in the MPT or the local MPT cache is simply referred to as the target MPT entry. Then, it can be determined whether the target virtual memory space is within the virtual memory space range recorded in the target table entry, and according to the instruction type in the header information control block of the memory access instruction, it is determined whether the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target table entry; if the target virtual memory space in the memory access instruction is within the virtual memory space range recorded in the target table entry, and the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target table entry, determining that the user mode process has the access right of the target virtual memory space; otherwise, determining that the user mode process does not have the access right of the target virtual memory space.

When it is determined that the user mode process has the access right of the target virtual memory space, virtual-real address conversion can be performed on the target virtual memory space according to virtual-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance.

ⁿin some exemplary embodiments, a page-type storage management method is adopted to manage a memory, and the method can break continuity of storage allocation, so that a virtual memory space of a user-mode process can correspond to a plurality of discrete physical pages, thereby achieving the effects of fully utilizing the memory and improving the utilization rate of the memory.

based on the page type memory management manner, an optional implementation manner of step 603 is: and obtaining the page offset, the page offset and the occupied page number of the virtual address to be accessed by the memory access instruction according to the address offset and the size of the target virtual memory space, the system page size and the system initial virtual address recorded in the memory access instruction. The system starting virtual address refers to the starting address of the whole virtual memory space, and the system page size refers to the size of one logical page or physical page.

Further, according to the 'initial physical address of virtual-real mapping' recorded in the target table entry matched with the target key value in the MPT or local MPT cache and the address offset of the target virtual memory space recorded in the current memory access instruction, the index of the physical page to be accessed by the memory access instruction in the AMT is obtained; and then, according to the calculated index of the physical page to be accessed by the memory access instruction in the AMT, inquiring the AMT to obtain the physical address in the table entry corresponding to the index in the AMT, namely the physical address obtained by virtual-real address conversion. The physical address obtained by virtual-real address translation refers to a starting address of a physical page corresponding to the target virtual memory space. Furthermore, the physical address obtained by the virtual-real address conversion is combined with the in-page offset, the page offset and the number of occupied pages of the virtual address to be accessed by the memory access instruction, so that the physical storage space corresponding to the target virtual memory space can be uniquely determined, and the physical storage space may comprise a plurality of physical pages, depending on the number of occupied pages. The AMT is used for storing virtual and real address mapping information from a virtual memory space to a physical memory space.

Further, a local AMT Cache (AMT Cache) may be created for caching the recently accessed entries in the AMT. Similarly, "most recent" may be understood as a recent period of time, such as the last day, the last week, the last days, the last hours, and so forth. Based on this, before querying the AMT in the memory, it may be preferentially queried whether the local AMT cache has an entry corresponding to the index according to the index. If the table entry corresponding to the index is searched in the local AMT cache, the physical address indicated in the table entry corresponding to the index searched in the local AMT cache, that is, the physical address obtained by virtual-real address translation, is obtained. Therefore, the conversion process of the virtual address and the real address in the memory access in the user mode process can be completed in the memory controller, the memory controller can not generate the operation of accessing the memory any more, and the software overhead of virtual address and real address conversion is saved.

Optionally, if the entry corresponding to the index is not queried in the local AMT cache, the AMT in the memory is queried, so as to perform virtual-real address translation on the target virtual memory space based on the AMT in the memory.

it should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subjects of steps 601 to 603 may be device a; for another example, the execution subject of steps 601 and 602 may be device a, and the execution subject of step 603 may be device B; and so on.

In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 601, 602, etc., are merely used for distinguishing different operations, and the sequence numbers themselves do not represent any execution order. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.

Accordingly, the present application further provides a computer-readable storage medium storing a configuration file of a storage controller, where the configuration file can be loaded or burned into the storage controller, so that the storage controller executes the steps in the embodiment shown in fig. 6.

Accordingly, the present application further provides a computer readable storage medium storing a computer program, where the computer program can implement the steps that can be performed by the trusted entity (here, the trusted entity in the form of software) in the foregoing method embodiments when executed.

accordingly, an embodiment of the present application further provides a computer-readable storage medium storing an application program corresponding to the user mode process in the foregoing embodiment, and when the user mode process corresponding to the application program is executed, the steps in the method embodiment shown in fig. 5 can be implemented.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

in a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

it should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims

1. A method for allocating memory, comprising:

2. The method of claim 1, wherein the assigning a target key value corresponding to the target virtual memory space comprises:

And generating a random number according to a set random number algorithm, and taking the random number as a target key value corresponding to the target virtual memory space.

3. the method according to claim 1 or 2, wherein the storing the corresponding relationship between the target virtual memory space and the target key value and the virtual-to-real mapping information from the target virtual memory space to the physical memory space comprises:

And writing the information of the target virtual memory space and the target key value into a Memory Protection Table (MPT), and writing the virtual-real address mapping information from the target virtual memory space to a physical memory space into a virtual-real Address Mapping Table (AMT).

4. the method of claim 3, wherein writing the information of the target virtual memory space and the target key value into the MPT comprises:

and taking the physical address of the first entry of the virtual-real mapping information from the target virtual memory space to the physical memory space recorded in the AMT as the initial physical address of the virtual-real mapping, and adding the initial virtual address, the space size and the access authority of the target virtual memory space to the entry of the target key value in the MPT.

5. the method according to any one of claims 1-4, further comprising:

And distributing the target key value to the user mode process so that the user mode process can access the target virtual memory space according to the target key value.

6. A memory access method, comprising:

7. The method of claim 6, wherein generating the memory access instruction according to the target key value corresponding to the target virtual memory space comprises:

Writing an instruction type in a header information control block of the memory access instruction according to an access requirement;

Filling address information of a source storage space of data to be accessed, address offset of the source storage space and the size of the source storage space in a source address table entry of the memory access instruction;

filling address information of a target storage space of the data to be accessed, address offset of the target storage space and the size of the target storage space in a target address table entry of the memory access instruction;

Wherein the target key value is address information of the source storage space or the destination storage space.

8. A memory access method, comprising:

9. The method of claim 8, further comprising:

and when the user mode process is determined not to have the access right of the target virtual memory space, returning illegal access prompt information to the user mode process.

10. the method according to claim 8, wherein the determining that the user-mode process has the access right of the target virtual memory space according to the target key value and a correspondence between the pre-stored virtual memory space and the key value comprises:

inquiring an MPT (memory protection table) according to the target key value, wherein the MPT stores the corresponding relation between the virtual memory space and the key value;

And if a target MPT table entry matched with the target key value is inquired in the MPT, determining that the user mode process has the access right of the target virtual memory space according to the information of the virtual memory space recorded in the target MPT table entry.

11. The method of claim 10, prior to querying a memory protection table according to the target key value, further comprising:

Querying a local MPT cache according to the target key value, wherein the local MPT cache stores the recently accessed table entry in the MPT;

If a target MPT table entry matched with the target key value is inquired in the local MPT cache, determining that the user mode process has the access right of the target virtual memory space according to the information of the virtual memory space recorded in the target MPT table entry;

And if the target MPT table entry is not inquired in the local memory protection table cache, inquiring the MPT according to the target key value.

12. the method according to claim 10 or 11, wherein the determining that the user-mode process has the access right of the target virtual memory space according to the information of the virtual memory space recorded in the target MPT table entry comprises:

and if the target virtual memory space is within the range of the virtual memory space recorded in the target MPT table entry and the access type of the memory access instruction to the target virtual memory space is consistent with the access type recorded in the target MPT table entry, determining that the user-mode process has the access right of the target virtual memory space.

13. the method according to claim 10 or 11, wherein said performing virtual-real address translation on the target virtual memory space according to the pre-stored virtual-real address mapping information from the virtual memory space to the physical memory space comprises:

Obtaining the page offset, the page offset and the occupied page number of the virtual address to be accessed by the memory access instruction according to the address offset and the size of the target virtual memory space, the system page size and the system initial virtual address recorded in the memory access instruction;

According to the initial physical address of the virtual-real mapping recorded in the target MPT table item and the address offset of the target virtual memory space recorded in the memory access instruction, obtaining the index of the physical page to be accessed by the memory access instruction in the virtual-real address mapping table AMT;

And inquiring the AMT to acquire the physical address in the AMT table item corresponding to the index.

14. The method of claim 13, prior to querying the AMT, further comprising:

Inquiring a local AMT cache, wherein the local AMT cache stores the latest visited list items in the AMT;

And if the table entry corresponding to the index is inquired in the local AMT cache, acquiring the physical address in the table entry corresponding to the index inquired from the local AMT cache.

15. A storage controller, comprising: the system comprises a memory management module and a host interface module; the host interface module is connected with the memory management module;

16. The storage controller of claim 15, further comprising: a storage interface module; the storage interface module is connected with the memory management module;

The storage interface module is used for reading data from a storage chip of the host or writing data into the storage chip.

17. The storage controller of claim 16, further comprising: a storage download module; the storage downloading module is connected with the host interface module, the storage interface module and the memory management module;

The storage downloading module is configured to receive the memory access instruction submitted by the host interface module, and transmit information of a source address table entry in the memory access instruction to the memory management module for access permission determination and virtual-real address conversion; receiving a physical address obtained by virtual-real address conversion returned by the memory management module after the access authority passes, reading first data from a corresponding physical memory space according to the physical address obtained by conversion, and transmitting the information of a destination address table item in the memory access instruction and the first data to the storage interface module;

The storage interface module is specifically configured to: writing the first data into the memory chip according to the information of the destination address table item;

the information of the source address table entry in the memory access instruction includes a key value, an address offset and a size corresponding to the target virtual memory space.

18. the storage controller of claim 16 or 17, further comprising: a storage uploading module; the storage uploading module is connected with the host interface module, the storage interface module and the memory management module;

The storage uploading module is used for receiving the memory access instruction submitted by the host interface module, transmitting the information of the destination address table item in the memory access instruction to the memory management module for access authority judgment and virtual-real address conversion, and receiving a physical address obtained by virtual-real address conversion returned by the memory management module after the access authority passes; transmitting the information of the source address table entry in the memory access instruction to the storage interface module, receiving second data read by the storage interface module from the storage chip according to the information of the source address table entry, and writing the second data into the target virtual memory space according to the physical address obtained by conversion;

The storage interface module is specifically configured to: reading the second data from the storage chip according to the information of the source address table entry;

the information of the destination address table entry in the memory access instruction includes a key value, an address offset and a size corresponding to the target virtual memory space.

19. A computer memory management system, comprising: the system comprises a memory, a storage controller and a processor; the storage controller is connected between the memory and the processor;

The processor to execute processor instructions associated with the user-mode process to: when a target virtual memory space needs to be accessed in the user mode process execution process, generating a memory access instruction according to a target key value corresponding to the target virtual memory space; sending the memory access instruction to the storage controller so that the storage controller can judge the access authority and convert virtual and real addresses;

The storage controller is used for receiving the memory access instruction, and determining that the user mode process has the access authority of the target virtual memory space according to a target key value carried by the memory access instruction and a corresponding relation between a pre-stored virtual memory space and the key value; and performing virtual-real address conversion on the target virtual memory space according to virtual-real address mapping information from the virtual memory space to the physical memory space, which is stored in advance, and performing access operation on the physical memory space according to the physical address obtained by conversion.