CN112540931A - Method and processor for ensuring data breakdown consistency in secure nonvolatile memory - Google Patents

Method and processor for ensuring data breakdown consistency in secure nonvolatile memory Download PDF

Info

Publication number
CN112540931A
CN112540931A CN202011486323.8A CN202011486323A CN112540931A CN 112540931 A CN112540931 A CN 112540931A CN 202011486323 A CN202011486323 A CN 202011486323A CN 112540931 A CN112540931 A CN 112540931A
Authority
CN
China
Prior art keywords
cache line
log
memory
data
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011486323.8A
Other languages
Chinese (zh)
Other versions
CN112540931B (en
Inventor
华宇
李璇
徐豪
陈章玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202011486323.8A priority Critical patent/CN112540931B/en
Publication of CN112540931A publication Critical patent/CN112540931A/en
Application granted granted Critical
Publication of CN112540931B publication Critical patent/CN112540931B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • G06F12/0238Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0811Multiuser, multiprocessor or multiprocessing cache systems with multilevel cache hierarchies

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention belongs to the field of computer data storage, and particularly relates to a method and a processor for ensuring data crash consistency in a safe nonvolatile memory, wherein the method comprises the following steps: adding a transaction persistence sequence control engine in a first-level cache controller for controlling a persistence sequence of logs and data in the transactions, wherein the engine adopts a mode of instantly persisting to a memory for refreshing and kicking out a log cache line, and adopts a mode of persisting a corresponding log cache line in a cache and then persisting the data cache line for refreshing the data cache line; the memory controller receives the write request from the cache, makes data, the counter block and the bottom-level nodes of the Merck tree persistent in advance without waiting for the Merck tree to be completely updated, and writes the secondary counter and the log entry into the memory in a juxtaposition mode, and merges the write of the security metadata in the write queue according to the address information. The invention ensures the balance between the safety and the crash consistency of the nonvolatile memory system, reduces the transaction execution delay and prolongs the write life of the system.

Description

Method and processor for ensuring data breakdown consistency in secure nonvolatile memory
Technical Field
The invention belongs to the field of computer data storage, and particularly relates to a method and a processor for ensuring data crash consistency in a safe nonvolatile memory.
Background
The conventional DRAM technology is limited by the manufacturing process, the refresh power consumption, and the like, and it is difficult to provide a larger capacity to meet the memory requirements of the computer system in the big data era. The novel nonvolatile memory technology (NVM), such as Phase Change Memory (PCM), resistive random access memory (ReRAM) and self-transfer torque random access memory (STT-RAM), has the advantages of nonvolatile property, performance similar to that of DRAM, high storage density and low energy consumption, and is expected to become the next generation memory technology. And with the release of Intel Optane DC Persistent Memory, non-volatile Memory technology will be widely deployed.
Due to non-volatility, efficient deployment of non-volatile memory technology presents two challenges: the first challenge is the safety of data, and as the data is still stored in the memory persistently after the system is powered down, the system has data remanence loopholes besides the attacks such as monitoring and replaying and the like which are the same as those of a DRAM; the second challenge is crash consistency of data, NVM has the advantage of recovering immediately after a crash, but because modern processor cores reorder memory writes and the like and atomic memory writes are usually only 8 bytes in size, systems are prone to produce inconsistent data at the moment of power loss or crash. Furthermore, NVM has limited write endurance, e.g., PCM can only write 1 million to 10 hundred million times and can be destroyed.
At present, counter encryption and a merkel tree mechanism are generally used for realizing memory encryption and integrity verification in order to ensure data crash consistency, but a transaction technology is generally adopted to ensure data security and crash consistency in a nonvolatile memory, but a scheme for simultaneously ensuring data security and crash consistency in the nonvolatile memory does not exist, and it is not practical to simply combine the above-mentioned security mechanism and transaction technology to simultaneously ensure data security and consistency, mainly because sequential update of the merkel tree and massive memory write-in (namely persistence) of security metadata can cause transaction execution delay and write amplification which are difficult to tolerate, and the overall performance and the service life of a system are reduced.
Disclosure of Invention
The invention provides a method and a processor for ensuring data crash consistency in a safe nonvolatile memory, which are used for solving the technical problem that effective balance cannot be realized due to high transaction execution delay and write amplification phenomena which often exist when the safety and the data crash consistency of the conventional nonvolatile memory are balanced.
The technical scheme for solving the technical problems is as follows: a method for ensuring data crash consistency in a secure non-volatile memory comprises the following steps: adding a transaction persistence sequence control engine in a primary cache controller of a processor; the method comprises the following steps that three registers are added in a memory controller and used for storing ciphertext data, a counter block and a secondary bottom node of a Mercker tree which need to be written into a memory together, and the step that a processor processes transactions comprises the following steps:
the transaction persistence sequence control engine controls refreshing and kicking-out operations of transaction logs and data in a first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of writing into a memory immediately, and the refreshing operations of a transaction data cache line adopt a mode of writing a corresponding log cache line in a first-level data cache into the memory and then writing the data cache line into the memory;
when the transactional memory is written each time, the memory controller sequentially adds one to a secondary counter in a corresponding counter block, encrypts data and sequentially updates each layer of nodes of the Mercker tree, and the obtained data are respectively stored in corresponding registers; once the corresponding counter block and the secondary bottom node of the Merckel tree are updated and stored in the register, the memory controller immediately writes the contents stored in the three registers into the memory together; before writing into the write queue, judging whether data contained in the current write request is a log, if so, covering a secondary counter in the log by using a corresponding secondary counter in an updated counter block and removing the writing of the counter block; after writing into the write queue, according to the currently written secure metadata address, the secure metadata with consistent addresses in the write queue are merged and written into the memory.
The invention has the beneficial effects that: the invention provides a method for guaranteeing data crash consistency in a safe nonvolatile memory, which is characterized in that a transaction persistence sequence control engine is added in a primary cache controller, controls a log in a software transaction and a persistence sequence of the data, and only guarantees the persistence sequence between the data and the corresponding log on hardware, thereby avoiding unnecessary persistence sequence constraint when a traditional processor core executes the software transaction, and further effectively reducing the execution delay of the transaction; the memory controller is added with three registers for storing ciphertext data, a counter block and a secondary bottom node of the Mercury tree which need to be written into a memory together, the data and the security metadata in the registers can be made permanent to the memory in advance without waiting for the complete update of the root node of the Mercury tree with long delay, and the memory controller can process write requests which come from other threads and are irrelevant to the current request as soon as possible by the early release of register resources, so that the waiting delay of the request to be processed is reduced, and the expandability of the system is improved; in addition, the security metadata are merged before and after being persisted to the write queue, so that the memory write-in times of the security metadata are reduced, and the write life and the write performance of the system are improved. Therefore, the method can guarantee the balance between the safety and the crash consistency of the nonvolatile memory system with high performance, reduce the execution delay of the affairs and prolong the write life of the system.
On the basis of the technical scheme, the invention can be further improved as follows.
Further, when the nodes of each layer of the Mercker tree are updated in sequence, after the next bottom node of the Mercker tree is updated and stored in the register, the nodes of other layers of the Mercker tree in the security metadata cache are updated asynchronously in the background.
The invention has the further beneficial effects that: the data and the security metadata in the register are persisted in the memory in advance, and the complete update of the Mercker tree is moved to the background, so that the atomic persistence of the data and the security metadata is ensured, and the expandability of the system is improved due to the early release of the register resources.
Further, three metadata fields are added to each cache line of the first-level data cache, wherein the three metadata fields are respectively an epoch number, an epoch type and a log identifier; wherein the time number indicates the time period to which the memory write of the cache line belongs; the period type represents the category of the period to which the memory write of the cache line belongs, and comprises a pairing period and a conventional period; the log mark marks whether the memory writing on the cache line is log writing; each processor core hardware thread maintains two variables: a period counter incremented with the memory barrier instruction; and the period type of the roll-over with the release of the primitive and the log write;
the transaction persistence sequence control engine comprises a memory mapping register and a log state table; writing the start and end address of the log area into the memory mapping register, and when a processor core executes a write request, marking whether the memory write is log write or not by comparing the start and end address with the memory write;
when the processor core executes a write request, if the state of the cache line corresponding to the address in the write request is 'clean', updating the metadata on the cache line by using the period counter and the period type; if the cache line state is dirty, the first-level cache controller judges whether the data address on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kicking out the cache line; when a cache kicks out a cache line, the kicking-out of a log cache line triggers the memory writing of the cache line, the engine refreshes the cache line to a memory controller, and creates an entry in the log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller;
when the processor core executes a cache line refreshing instruction, a log cache line is refreshed in a mode of instantly persisting the log cache line; refreshing a data cache line with a matching period type, firstly inquiring whether an entry with an adjacent time period number smaller than the time period number of the data cache line exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line corresponding to the adjacent time period number smaller than the time period number of the data cache line exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the engine scans the first-level data cache, refreshes all log cache lines with time period numbers smaller than the time period number of the data cache line to the memory controller, refreshes all data cache lines with time period numbers smaller than the time period number of the data cache line, and then persists the data cache line.
The invention has the further beneficial effects that: the time types of the cache lines are divided into two types, the pairing time is used for ensuring the persistence sequence between data and corresponding logs in the transaction, the conventional time is used for ensuring that the transaction is submitted after all the logs and the data of the transaction are persisted to a memory, the transaction is completely matched with the execution flow of the transaction, and the flexible conversion of the time types enables the system to be suitable for both the transaction and common non-transaction applications.
Further, the memory controller notifies the first-level cache controller and the processor core after waiting for the complete update of the Mercker tree to the root node for the completion feedback of the write request; then after the contents of the three registers are persisted to the write queue, requests that do not have a dependency relationship with the current request are processed, while requests that have a dependency relationship are processed after waiting for the completion feedback to return.
The invention has the further beneficial effects that: the completion feedback mechanism of the memory controller is modified to be that the completion feedback is sent to the first-level cache controller and the processor core after the merkel tree is completely updated, so that the request with the dependency relationship with the current request can be executed after the current request is completely processed (for example, transaction data needs to be written into the memory after the merkel tree of a corresponding log is completely updated), and the nonvolatile memory is ensured to store at least one version of consistent data at any time.
Further, the log comprises five items of data, namely a secondary counter corresponding to the storage element, a thread identifier, a transaction identifier, a storage element address and a storage element value.
The invention also provides a processor for ensuring the data crash consistency in the safe nonvolatile memory, which comprises the following components: the system comprises a processor core, a first-level data cache, a first-level cache controller and a memory controller, wherein the first-level cache controller comprises a transaction persistence sequence control engine; the memory controller comprises three registers which are respectively used for storing ciphertext data needing to be persisted to the memory together, a counter block and a secondary bottom node of the Mercker tree; wherein the content of the first and second substances,
the transaction persistence sequence control engine is used for controlling refreshing and kicking-out operations of transaction logs and data in the first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of writing into a memory immediately, and the refreshing operations of the transaction data cache line adopt a mode of firstly writing a corresponding log cache line in the first-level data cache into the memory and then writing the data cache line into the memory;
when the memory controller writes the transactional memory each time, sequentially adding one to a secondary counter in a corresponding counter block, encrypting data, and sequentially updating each layer of nodes of the Mercker tree, and respectively storing the obtained data to corresponding registers; once the corresponding counter block and the secondary bottom node of the Merckel tree are updated and stored in the register, the memory controller immediately writes the contents stored in the three registers into the memory together; before writing into the write queue, judging whether data contained in the current write request is a log, if so, covering a secondary counter in the log by using a corresponding secondary counter in an updated counter block and removing the writing of the counter block; after writing into the write queue, according to the currently written secure metadata address, the secure metadata with consistent addresses in the write queue are merged and written into the memory.
The invention has the beneficial effects that: the invention provides a processor for ensuring data crash consistency in a safe nonvolatile memory.A transaction persistence sequence control engine is added in a primary cache controller, controls a log in a software transaction and a persistence sequence of the data, and only ensures the persistence sequence between the data and the corresponding log on hardware, thereby avoiding unnecessary persistence sequence constraint when a traditional processor core executes the software transaction and further effectively reducing the execution delay of the transaction; the memory controller is added with three registers for storing ciphertext data, a counter block and a secondary bottom node of the Mercury tree which need to be written into a memory together, the data and the security metadata in the registers can be made permanent to the memory in advance without waiting for the complete update of the root node of the Mercury tree with long delay, and the memory controller can process write requests which come from other threads and are irrelevant to the current request as soon as possible by the early release of register resources, so that the waiting delay of the request to be processed is reduced, and the expandability of the system is improved; in addition, the memory controller merges the security metadata before and after the security metadata are persisted to the write queue, so that the memory write-in times of the security metadata are reduced, and the write life and the performance of the system are improved. Therefore, the method can guarantee the balance between the safety and the crash consistency of the nonvolatile memory system with high performance, reduce the execution delay of the affairs and prolong the write life of the system.
Further, when the memory controller sequentially updates the nodes of each layer of the Mercker tree, after the next bottom node of the Mercker tree is updated and stored in the register, the nodes of other layers of the Mercker tree in the secure metadata cache are asynchronously updated in the background.
Furthermore, each cache line of the first-level data cache is added with three metadata fields, namely an epoch number, an epoch type and a log identifier; wherein the time number indicates the time period to which the memory write of the cache line belongs; the period type represents the category of the period to which the memory write of the cache line belongs, and comprises a pairing period and a conventional period; the log mark marks whether the memory writing on the cache line is log writing; each hardware thread in the processor core maintains two variables: a period counter incremented with the memory barrier instruction; and the period type of the roll-over with the release of the primitive and the log write;
the transaction persistence sequence control engine comprises a memory mapping register and a log state table; writing the start and end address of the log area into the memory mapping register, and when a processor core executes a write request, marking whether the memory write is log write or not by comparing the start and end address with the memory write;
when the processor core executes a write request, if the state of the cache line corresponding to the address in the write request is 'clean', updating the metadata on the cache line by using the period counter and the period type; if the cache line state is dirty, the first-level cache controller judges whether the data address on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kicking out the cache line; when a cache kicks out a cache line, the kicking-out of a log cache line triggers the memory writing of the cache line, the engine refreshes the cache line to a memory controller, and creates an entry in the log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller;
when the processor core executes a cache line refreshing instruction, refreshing a log cache line and adopting a mode of immediately persisting the log cache line; refreshing a data cache line with a matching period type, firstly inquiring whether an entry with an adjacent time period number smaller than the time period number of the data cache line exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line corresponding to the adjacent time period number smaller than the time period number of the data cache line exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the engine scans the first-level data cache, refreshes all log cache lines with time period numbers smaller than the time period number of the data cache line to the memory controller, refreshes all data cache lines with time period numbers smaller than the time period number of the data cache line, and then persists the data cache line.
Further, the memory controller notifies a primary cache controller and a processor core after waiting for the complete feedback of the write request to completely update the Mercker tree to the root node; then after the contents of the three registers are persisted to the write queue, requests that do not have a dependency relationship with the current request are processed, while requests that have a dependency relationship are processed after waiting for the completion feedback to return.
Further, the log comprises five items of data, namely a secondary counter corresponding to the storage element, a thread identifier, a transaction identifier, a storage element address and a storage element value.
Drawings
Fig. 1 is a flowchart of a method for ensuring consistency of data crash in a secure nonvolatile memory according to an embodiment of the present invention;
fig. 2 is a system structure diagram of a nonvolatile memory according to an embodiment of the present invention;
FIG. 3 is a flowchart of a transaction persistence sequence control sub-method provided by an embodiment of the present invention;
FIG. 4 is a diagram illustrating an extensible secure metadata cache sub-method according to an embodiment of the present invention;
fig. 5 is a flowchart of a security metadata merging sub-method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example one
A method for guaranteeing consistency of data crash in a secure nonvolatile memory, as shown in fig. 1, includes: adding a transaction persistence sequence control engine in a primary cache controller of a processor; three registers are added in a memory controller for storing ciphertext data, a counter block and a secondary bottom node of a Mercker tree which need to be written into a memory together, and the step of processing transactions by the processor comprises the following steps:
(1) the transaction persistence sequence control engine controls refreshing and kicking-out operations of transaction logs and data in the first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of immediately persisting (namely writing in) to a memory, and the refreshing operations of the transaction data cache line adopt a mode of persisting a corresponding log cache line in the first-level data cache first and then persisting the data cache line;
in the method, a transaction persistence sequence control engine is added in a primary cache controller, controls the log in the software transaction and the persistence sequence of the data, and only ensures the persistence sequence between the data and the corresponding log on hardware, thereby avoiding unnecessary persistence sequence constraint when the traditional processor core executes the software transaction, and further effectively reducing the execution delay of the transaction.
(2) The safety metadata cache in the memory controller adopts a write-through mode, when the transactional memory is written each time, the secondary counter in the corresponding counter block is sequentially added with one, the data is encrypted, each layer of nodes of the Mercker tree is sequentially updated, and the obtained data is respectively stored in the corresponding registers;
once the counter block and the secondary bottom node of the Merckel tree which are updated correspondingly are updated and stored in the register, the memory controller immediately persists the contents stored in the three registers to the memory together; in the persistence process, before persisting the contents in the three registers to the write queue, firstly, the memory controller judges whether the data contained in the current write request is a log, if so, the corresponding secondary counter in the updated counter block is used for updating a 'secondary counter' item in the log (namely a log entry), and the counter block write-in which needs to be persisted to the memory together with the log cache line is removed; if not, the memory writing of the counter block is still carried out; after the ciphertext data and the security metadata are persisted to the write queue, the memory controller judges whether the addresses of the security metadata in the write queue are consistent or not according to the address of the security metadata written into the write queue at present, and the consistent security metadata are merged and written into the memory.
The secure metadata cache of this embodiment is an extensible secure metadata cache. The security metadata cache is positioned in the memory controller, and in order to ensure that the security metadata and the data are consistent after the system crashes so as to verify the security of the crashed data, the security metadata cache adopts a write-through mode, so that the corresponding security metadata can be written into the memory together with the data when the memory is written each time. In addition, three registers are added in the memory controller for storing data to be persisted to the memory together, the counter block and the second bottom node of the merkel tree. For each memory write of a transaction, the secondary counter in the corresponding counter block is increased by one, then data is encrypted, and finally the nodes of each layer of the Mercker tree are updated sequentially. Once the corresponding counter block and the next lower level node of the merkel tree are updated and stored in the registers, the memory controller immediately persists the contents stored in these three registers to memory together and asynchronously updates the other level nodes of the merkel tree in the secure metadata cache in the background. According to the scheme, the data and the security metadata in the register are persisted to the memory in advance without waiting for the complete update of the long-delay Mercker tree root node, and the memory controller can process write requests which come from other threads and are irrelevant to the current request as soon as possible by the early release of the register resources, so that the waiting delay of the request to be processed is reduced, and the expandability of the system is improved.
In addition, the embodiment also performs security metadata merging. Before persisting the contents in the three registers to the write queue, firstly, the memory controller judges whether the data contained in the current write request is a log, if so, updates a 'secondary counter' item in a log entry by using a corresponding secondary counter in an updated counter block, and removes the writing of the counter block which needs to be persisted to the memory together with a log cache line; if not, the memory writing of the counter block is still carried out. After the data and the security metadata are persisted to the write queue, the memory controller judges whether the addresses of the security metadata in the write queue are consistent or not according to the address of the security metadata written into the write queue at present, and the consistent security metadata are merged and written into the memory. According to the scheme, the security metadata are merged before and after being persisted to the write queue, so that the memory write-in times of the security metadata are reduced, and the write life and the write performance of the system are improved.
Preferably, when the nodes of each layer of the mercker tree are updated in the above sequence, after the next bottom node of the mercker tree is updated and stored in the register, the nodes of other layers of the mercker tree in the secure metadata cache are updated asynchronously in the background.
The scheme provides an extensible security metadata caching technology, data and security metadata in a register are persisted in a memory in advance, and complete update of a Mercker tree is moved to a background, so that atom persistence of the data and the security metadata is ensured, and the extensibility of a system is improved due to early release of register resources.
Preferably, three metadata fields are added to each cache line of the first-level data cache, wherein the three metadata fields are respectively an epoch number, an epoch type and a log identifier; wherein the time number indicates the time period to which the memory write of the cache line belongs; the epoch type indicates the class of epochs to which the memory writes of the cache line belong, wherein "1" indicates a pairing epoch and "0" indicates a regular epoch; the log mark marks whether the memory writing on the cache line is log writing; each processor core hardware thread maintains two variables, one is a period counter which is increased along with the memory barrier instruction, and the period counter of the hardware thread is increased by one when each memory barrier instruction is executed; the other is that with the period types of the release primitive and the log write-in overturn, when the log is written, the period type of the hardware thread is '1', and when the release primitive is executed, the period type of the hardware thread is '0';
the transaction persistence sequence control engine comprises a memory mapping register and a log state table; a program calls a register memory mapping function and the like to initialize a log area of a system, writes a start address and a stop address of the log area into a memory mapping register, and when a processor core executes a write request, marks whether the memory write is the log write by comparing the start address and the stop address;
when the processor core executes a write request, if the state of the cache line corresponding to the address in the write request is 'clean', updating the metadata on the cache line by using the period counter and the period type of the processor core line; if the cache line state is dirty, the first-level cache controller judges whether the address of the data on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kicking out the cache line; when a cache kicks out a cache line, the kick-out of a log cache line triggers the persistence of the cache line, an affair persistence sequence control engine refreshes the cache line to a memory controller, an entry is created in the log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller; kicking out a data cache line to execute conventional cache replacement operation;
when a processor core executes a cache line refreshing instruction, a log cache line is refreshed in a mode of instantly persisting the log cache line; refreshing a data cache line with a matching period type, firstly inquiring whether an entry with the time period number smaller than the time period number of the data cache line by 1 exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line with the time period number smaller than the time period number of the data cache line by 1 exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the refresh period type is a data cache line of a normal period, the transaction persistence sequence control engine scans the first-level data cache, refreshes all log cache lines with a period number smaller than the period number of the data cache line to the memory controller, refreshes all data cache lines with a period number smaller than the period number of the data cache line, and then persists the data cache line.
Preferably, the memory controller sends a write request completion feedback to the first-level cache controller and the processor core after waiting for the complete update of the Mercker tree to the root node; then after the contents of the three registers are persisted to the write queue, requests that do not have a dependency relationship with the current request are processed, while requests that have a dependency relationship are processed after waiting for a completion feedback notification to return.
Preferably, the log entry stores five items of data, namely, a secondary counter corresponding to a storage element, a thread identifier, a transaction identifier, a storage element address and a storage element value.
Example two
A processor for ensuring consistency of a data crash in a secure non-volatile memory, comprising: the system comprises a processor core, a first-level data cache, a first-level cache controller and a memory controller, wherein the first-level cache controller comprises a transaction persistence sequence control engine; the memory controller comprises three registers which are respectively used for storing ciphertext data needing to be persisted to the memory together, a counter block and a secondary bottom node of the Merckel tree; wherein the content of the first and second substances,
the transaction persistence sequence control engine is used for controlling refreshing and kicking-out operations of transaction logs and data in the first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of writing into a memory immediately, and the refreshing operations of the transaction data cache line adopt a mode of writing a corresponding log cache line in the first-level data cache into the memory firstly and then writing the data cache line into the memory;
when the memory controller writes the transactional memory each time, sequentially adding one to a secondary counter in a corresponding counter block, encrypting data, and sequentially updating each layer of nodes of the Mercker tree, and respectively storing the obtained data to corresponding registers; once the corresponding counter block and the secondary bottom node of the Merckel tree are updated and stored in the register, the memory controller immediately writes the contents stored in the three registers into the memory together; before writing into the write queue, judging whether data contained in the current write request is a log, if so, covering a secondary counter in the log by using a corresponding secondary counter in an updated counter block and removing the writing of the counter block; after writing into the write queue, according to the currently written secure metadata address, the secure metadata with consistent addresses in the write queue are merged and written into the memory.
The related technical description and technical solutions are the same as those of the first embodiment, and are not repeated herein.
To better illustrate the solution of the present embodiment, the following example is given:
as shown in fig. 2, a system architecture diagram of a non-volatile memory is provided. Each processor core hardware thread maintains two variables, one is a period counter which is incremented along with the persistent barrier instruction, and the other is a period type which is overturned along with the release of the primitive and the writing of the log; adding three metadata fields, namely a time period number, a time period type and a journal identifier, to each cache line of a first-level data cache, wherein the time period number represents the time period to which the memory write of the cache line belongs, the time period type represents the category of the time period to which the memory write of the cache line belongs, and the journal identifier marks whether the memory write on the cache line is journal write; adding a transaction persistence sequence control engine in a first-level cache controller, maintaining three data structures in the engine, namely a log state table, a temporary cache table and a local cache, and adding two memory mapping registers; adding a security metadata cache and four registers in a memory controller for storing data, a counter block, a second bottom node of a Mercker tree and a root node of the Mercker tree respectively; the writing queue in the memory controller and the register for storing the root node of the Merckel tree are permanent; the nonvolatile memory is divided into two areas, namely a data area for storing data and a log area for storing a log.
Based on the system structure of the nonvolatile memory shown in fig. 2, the method for ensuring the consistency of data crash in the secure nonvolatile memory may include the following steps:
(1) transaction persistence sequence control: the refreshing and kicking-out operation of the transaction log and the data in the first-level data cache are controlled, the refreshing and kicking-out operation of the transaction log cache line is performed in a mode of immediately persisting the transaction log cache line to the memory, the refreshing operation of the transaction data cache line is performed in a mode of persisting the corresponding log cache line in the first-level data cache and then persisting the data cache line, and the kicking-out operation of the transaction data cache line is performed in a normal replacing mode.
As shown in fig. 3, step (1) further comprises the following sub-steps:
(1-1) initializing a log area of a system through a register memory mapping function and the like, writing a start-stop address of the log area into a newly added memory mapping register on a chip, and when a processor core executes a write request, marking whether the memory write is the log write by comparing the start-stop address with the start-stop address stored in the register;
(1-2) when a processor core executes a write request, if the state of a cache line corresponding to an address in the write request is 'clean', updating metadata on the cache line by using a period counter and a period type of a processor core thread; if the cache line state is dirty, the first-level cache controller judges whether the address of the data on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kick out the cache line. When a cache kicks out a cache line, the kick-out log cache line triggers the persistence of the cache line, an affair persistence sequence control engine refreshes the cache line to a memory controller, an entry is created in a newly added log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller; kicking out a data cache line to execute conventional cache replacement operation;
(1-3) when the processor core executes a cache line refreshing instruction, refreshing the log cache line and keeping the operation to be executed consistent with the operation of kicking the log cache line, namely immediately persisting the log cache line; refreshing a data cache line with a pairing period type, firstly storing the address of the data cache line in a temporary cache table, then inquiring whether an entry with an epoch number smaller than the epoch number of the data cache line by 1 exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line with an epoch number smaller than the epoch number of the data cache line by 1 exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the data cache line with the refresh period type being a conventional period is characterized in that firstly, the address of the data cache line is stored in a temporary cache table and counted (one is added when the refresh is triggered once, and one is subtracted when a completion feedback notification is received), a transaction persistence sequence control engine scans a first-level data cache, all log cache lines with the time period number smaller than the time period number of the data cache line are refreshed to a memory controller firstly, the addresses of all data cache lines with the time period number smaller than the time period number of the data cache line are stored in a local cache of the engine, the data cache line in the local cache is refreshed to the memory controller after the completion feedback that all the log cache lines are refreshed is received, and finally the data cache line is persisted.
(2) Extensible secure metadata caching: as shown in fig. 4, a schematic diagram of an extensible secure metadata cache sub-method is presented. The security metadata cache is positioned in the memory controller, and in order to ensure that the security metadata and the data are consistent after the system crashes so as to verify the security of the crashed data, the security metadata cache adopts a write-through mode, so that the corresponding security metadata can be written into the memory together with the data when the memory is written each time. For each memory write of a transaction, the secondary counter in the corresponding counter block is increased by one, then data is encrypted, and finally the nodes of each layer of the Mercker tree are updated sequentially. Once the corresponding counter block and the next lower level node of the merkel tree are updated and stored in the registers, the memory controller immediately persists the contents stored in these three registers to memory together and asynchronously updates the other level nodes of the merkel tree in the secure metadata cache in the background. After the contents of the register are persisted to the write queue, requests that do not have dependencies with the current request may be processed, while requests that have dependencies may need to wait for a notification to return before they can be processed.
Wherein, the memory controller must wait for the completion feedback of the write request to completely update the Mercker tree to the root node before notifying the cache controller and the processor core.
(3) And (4) safe metadata merging: as shown in fig. 5, a flow diagram of a security metadata merge sub-method is presented. Before persisting the contents in the three registers to the write queue, firstly, the memory controller judges whether the data contained in the current write request is a log, if so, updates a 'secondary counter' item in a log entry by using a corresponding secondary counter in an updated counter block, and removes the writing of the counter block which needs to be persisted to the memory together with a log cache line; if not, the memory writing of the counter block is still carried out. After the data and the security metadata are persisted to the write queue, the memory controller judges whether the addresses of the security metadata in the write queue are consistent or not according to the address of the security metadata written into the write queue at present, and the consistent security metadata are merged and written into the memory.
As shown in the following table, the used software log entry stores five items of data, namely, a secondary counter corresponding to a storage element, a thread identifier, a transaction identifier, a storage element address, and a storage element value.
Figure BDA0002839357820000151
In summary, the present invention provides a method and a processor for ensuring data crash consistency in a secure nonvolatile memory, which are provided by the present invention, for solving the problems of high transaction execution delay, severe write amplification, and the like in the existing method for ensuring data crash consistency in a secure nonvolatile memory. Firstly, a transaction persistence sequence control engine is added in a primary cache controller to control the logs in the software transaction and the persistence sequence of the data, and only the persistence sequence between the data and the corresponding logs is ensured on hardware, so that unnecessary persistence sequence constraint when the traditional processor core executes the software transaction is avoided, and the execution delay of the transaction can be effectively reduced; secondly, an extensible security metadata caching technology is provided, data and security metadata in a register are persisted in a memory in advance, and complete update of the Mercker tree is moved to a background, so that atom persistence of the data and the security metadata is ensured, and the extensibility of the system is improved due to early release of register resources; and finally, the security metadata are merged before and after being persisted to the write queue, so that the memory write-in times of the security metadata are reduced, and the write life and the write performance of the system are improved.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for ensuring data crash consistency in a secure non-volatile memory, comprising: adding a transaction persistence sequence control engine in a primary cache controller of a processor; the method comprises the following steps that three registers are added in a memory controller and used for storing ciphertext data, a counter block and a secondary bottom node of a Mercker tree which need to be written into a memory together, and the step that a processor processes transactions comprises the following steps:
the transaction persistence sequence control engine controls refreshing and kicking-out operations of transaction logs and data in a first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of writing into a memory immediately, and the refreshing operations of a transaction data cache line adopt a mode of writing a corresponding log cache line in a first-level data cache into the memory and then writing the data cache line into the memory;
when the transactional memory is written each time, the memory controller sequentially adds one to a secondary counter in a corresponding counter block, encrypts data and sequentially updates each layer of nodes of the Mercker tree, and the obtained data are respectively stored in corresponding registers; once the corresponding counter block and the secondary bottom node of the Merckel tree are updated and stored in the register, the memory controller immediately writes the contents stored in the three registers into the memory together; before writing into the write queue, judging whether data contained in the current write request is a log, if so, covering a secondary counter in the log by using a corresponding secondary counter in an updated counter block and removing the writing of the counter block; after writing into the write queue, according to the currently written secure metadata address, the secure metadata with consistent addresses in the write queue are merged and written into the memory.
2. The method of claim 1, wherein when the nodes of each level of the Mercker tree are updated sequentially, the nodes of the other levels of the Mercker tree in the secure metadata cache are updated asynchronously in the background after the next lower level node of the Mercker tree is updated and stored in the register.
3. The method according to claim 1, wherein three metadata fields are added to each cache line of the primary data cache, which are respectively an epoch number, an epoch type and a log identifier; wherein the time number indicates the time period to which the memory write of the cache line belongs; the period type represents the category of the period to which the memory write of the cache line belongs, and comprises a pairing period and a conventional period; the log mark marks whether the memory writing on the cache line is log writing; each processor core hardware thread maintains two variables: a period counter incremented with the memory barrier instruction; and the period type of the roll-over with the release of the primitive and the log write;
the transaction persistence sequence control engine comprises a memory mapping register and a log state table; writing the start and end address of the log area into the memory mapping register, and when a processor core executes a write request, marking whether the memory write is log write or not by comparing the start and end address with the memory write;
when the processor core executes a write request, if the state of the cache line corresponding to the address in the write request is 'clean', updating the metadata on the cache line by using the period counter and the period type; if the cache line state is dirty, the first-level cache controller judges whether the data address on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kicking out the cache line; when a cache kicks out a cache line, the kicking-out of a log cache line triggers the memory writing of the cache line, the engine refreshes the cache line to a memory controller, and creates an entry in the log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller;
when the processor core executes a cache line refreshing instruction, a log cache line is refreshed in a mode of instantly persisting the log cache line; refreshing a data cache line with a matching period type, firstly inquiring whether an entry with an adjacent time period number smaller than the time period number of the data cache line exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line corresponding to the adjacent time period number smaller than the time period number of the data cache line exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the engine scans the first-level data cache, refreshes all log cache lines with time period numbers smaller than the time period number of the data cache line to the memory controller, refreshes all data cache lines with time period numbers smaller than the time period number of the data cache line, and then persists the data cache line.
4. A method as claimed in any one of claims 1 to 3, wherein the memory controller notifies the primary cache controller and the processor core after waiting for the complete update of the mercker tree to the root node for the completion feedback of the write request; then after the contents of the three registers are persisted to the write queue, requests that do not have a dependency relationship with the current request are processed, while requests that have a dependency relationship are processed after waiting for the completion feedback to return.
5. A method according to any one of claims 1 to 3, wherein the log includes five items of data, namely a secondary counter corresponding to a storage element, a thread identifier, a transaction identifier, a storage element address, and a storage element value.
6. A processor for ensuring consistency of a crash of data in a secure non-volatile memory, comprising: the system comprises a processor core, a first-level data cache, a first-level cache controller and a memory controller, wherein the first-level cache controller comprises a transaction persistence sequence control engine; the memory controller comprises three registers which are respectively used for storing ciphertext data needing to be persisted to the memory together, a counter block and a secondary bottom node of the Mercker tree; wherein the content of the first and second substances,
the transaction persistence sequence control engine is used for controlling refreshing and kicking-out operations of transaction logs and data in the first-level data cache, wherein the refreshing and kicking-out operations of a transaction log cache line adopt a mode of writing into a memory immediately, and the refreshing operations of the transaction data cache line adopt a mode of firstly writing a corresponding log cache line in the first-level data cache into the memory and then writing the data cache line into the memory;
when the memory controller writes the transactional memory each time, sequentially adding one to a secondary counter in a corresponding counter block, encrypting data, and sequentially updating each layer of nodes of the Mercker tree, and respectively storing the obtained data to corresponding registers; once the corresponding counter block and the secondary bottom node of the Merckel tree are updated and stored in the register, the memory controller immediately writes the contents stored in the three registers into the memory together; before writing into the write queue, judging whether data contained in the current write request is a log, if so, covering a secondary counter in the log by using a corresponding secondary counter in an updated counter block and removing the writing of the counter block; after writing into the write queue, according to the currently written secure metadata address, the secure metadata with consistent addresses in the write queue are merged and written into the memory.
7. The processor of claim 6, wherein when the memory controller sequentially updates the nodes in each level of the Mercker tree, the nodes in the next lower level of the Mercker tree are updated and stored in the register, and the nodes in the other levels of the Mercker tree in the secure metadata cache are updated asynchronously in the background.
8. The processor of claim 6, wherein each cache line of the primary data cache is added with three metadata fields, which are an epoch number, an epoch type, and a log identifier; wherein the time number indicates the time period to which the memory write of the cache line belongs; the period type represents the category of the period to which the memory write of the cache line belongs, and comprises a pairing period and a conventional period; the log mark marks whether the memory writing on the cache line is log writing; each hardware thread in the processor core maintains two variables: a period counter incremented with the memory barrier instruction; and the period type of the roll-over with the release of the primitive and the log write;
the transaction persistence sequence control engine comprises a memory mapping register and a log state table; writing the start and end address of the log area into the memory mapping register, and when a processor core executes a write request, marking whether the memory write is log write or not by comparing the start and end address with the memory write;
when the processor core executes a write request, if the state of the cache line corresponding to the address in the write request is 'clean', updating the metadata on the cache line by using the period counter and the period type; if the cache line state is dirty, the first-level cache controller judges whether the data address on the cache line is consistent with the address in the write request, if so, the log cache line is not updated, and the data field of the cache line is updated for the data cache line; if not, kicking out the cache line; when a cache kicks out a cache line, the kicking-out of a log cache line triggers the memory writing of the cache line, the engine refreshes the cache line to a memory controller, and creates an entry in the log state table to record the time number of the log cache line, and the entry is released after the engine receives completion feedback from the memory controller;
when the processor core executes a cache line refreshing instruction, refreshing a log cache line and adopting a mode of immediately persisting the log cache line; refreshing a data cache line with a matching period type, firstly inquiring whether an entry with an adjacent time period number smaller than the time period number of the data cache line exists in a log state table, if so, persisting the data cache line when the entry is released, otherwise, inquiring whether a log cache line corresponding to the adjacent time period number smaller than the time period number of the data cache line exists in a first-level data cache, if so, persisting the log cache line firstly and then persisting the data cache line, and if not, persisting the data cache line immediately; the engine scans the first-level data cache, refreshes all log cache lines with time period numbers smaller than the time period number of the data cache line to the memory controller, refreshes all data cache lines with time period numbers smaller than the time period number of the data cache line, and then persists the data cache line.
9. The processor as claimed in any one of claims 6 to 8, wherein the memory controller notifies the primary cache controller and the processor core after waiting for the completion feedback of the write request to completely update the merkel tree to the root node; then after the contents of the three registers are persisted to the write queue, requests that do not have a dependency relationship with the current request are processed, while requests that have a dependency relationship are processed after waiting for the completion feedback to return.
10. The processor according to any one of claims 6 to 8, wherein the log comprises five items of data, namely a secondary counter corresponding to a storage element, a thread identifier, a transaction identifier, a storage element address, and a storage element value.
CN202011486323.8A 2020-12-16 2020-12-16 Method and processor for ensuring data crash consistency in secure nonvolatile memory Active CN112540931B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011486323.8A CN112540931B (en) 2020-12-16 2020-12-16 Method and processor for ensuring data crash consistency in secure nonvolatile memory

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011486323.8A CN112540931B (en) 2020-12-16 2020-12-16 Method and processor for ensuring data crash consistency in secure nonvolatile memory

Publications (2)

Publication Number Publication Date
CN112540931A true CN112540931A (en) 2021-03-23
CN112540931B CN112540931B (en) 2022-05-24

Family

ID=75018937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011486323.8A Active CN112540931B (en) 2020-12-16 2020-12-16 Method and processor for ensuring data crash consistency in secure nonvolatile memory

Country Status (1)

Country Link
CN (1) CN112540931B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113342278A (en) * 2021-06-22 2021-09-03 海光信息技术股份有限公司 Processor and method for keeping cache data consistency
CN113486399A (en) * 2021-07-14 2021-10-08 上海瓶钵信息科技有限公司 Data storage method and system based on RISC-V architecture
CN115048046A (en) * 2022-05-26 2022-09-13 北京华昱卓程软件有限公司 Log file system and data management method
CN116595012A (en) * 2023-07-17 2023-08-15 华中科技大学 Time sequence database log storage method and system based on nonvolatile memory

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107329696B (en) * 2017-06-23 2019-05-14 华中科技大学 A kind of method and system guaranteeing data corruption consistency
US10540297B2 (en) * 2017-08-03 2020-01-21 Arm Limited Memory organization for security and reliability
CN111079201B (en) * 2019-12-09 2021-12-03 华中科技大学 Safety NVM system and data recovery method after crash

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113342278A (en) * 2021-06-22 2021-09-03 海光信息技术股份有限公司 Processor and method for keeping cache data consistency
CN113486399A (en) * 2021-07-14 2021-10-08 上海瓶钵信息科技有限公司 Data storage method and system based on RISC-V architecture
CN113486399B (en) * 2021-07-14 2023-03-24 上海瓶钵信息科技有限公司 Data storage method and system based on RISC-V architecture
CN115048046A (en) * 2022-05-26 2022-09-13 北京华昱卓程软件有限公司 Log file system and data management method
CN116595012A (en) * 2023-07-17 2023-08-15 华中科技大学 Time sequence database log storage method and system based on nonvolatile memory
CN116595012B (en) * 2023-07-17 2023-09-22 华中科技大学 Time sequence database log storage method and system based on nonvolatile memory

Also Published As

Publication number Publication date
CN112540931B (en) 2022-05-24

Similar Documents

Publication Publication Date Title
CN112540931B (en) Method and processor for ensuring data crash consistency in secure nonvolatile memory
US11907200B2 (en) Persistent memory management
US10817421B2 (en) Persistent data structures
US20180278714A1 (en) Transaction log acceleration
US7111134B2 (en) Subsystem and subsystem processing method
CN105283857B (en) Multi version nonvolatile memory level for non-volatile storage
US9612757B2 (en) Asynchronous consistent snapshots in persistent memory stores
CN104881371A (en) Persistent internal memory transaction processing cache management method and device
US20150089117A1 (en) Computer system, memory management method and program thereof
US20030056143A1 (en) Checkpointing with a write back controller
WO2015020811A1 (en) Persistent data structures
KR20210002554A (en) Robust transactional memory
CN104881334A (en) Crash-proof cache data protection method and system
CN110018790B (en) Method and system for ensuring data breakdown consistency in persistent memory
US9990150B2 (en) Method to provide transactional semantics for updates to data structures stored in a non-volatile memory
CN109165321B (en) Consistent hash table construction method and system based on nonvolatile memory
US20050144390A1 (en) Protocol for maintaining cache coherency in a CMP
CN107025130B (en) Processing node, computer system and transaction conflict detection method
CN106227674A (en) Buffer consistency
CN100399288C (en) Memory backup device and method
WO2018157278A1 (en) Cache management method, cache manager, shared cache and terminal
US20190324868A1 (en) Backup portion of persistent memory
US20150113244A1 (en) Concurrently accessing memory
KR101502998B1 (en) Memory system and management method therof
US20190384708A1 (en) Method for processing data in in-memory database using non-volatile memory and in-memory database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant