CN113220225A - Memory data read-write method and device for RISC-V processor, processor and storage medium - Google Patents

Memory data read-write method and device for RISC-V processor, processor and storage medium Download PDF

Info

Publication number
CN113220225A
CN113220225A CN202110367521.0A CN202110367521A CN113220225A CN 113220225 A CN113220225 A CN 113220225A CN 202110367521 A CN202110367521 A CN 202110367521A CN 113220225 A CN113220225 A CN 113220225A
Authority
CN
China
Prior art keywords
processor
risc
security
state
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110367521.0A
Other languages
Chinese (zh)
Other versions
CN113220225B (en
Inventor
李约翰
张培勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202110367521.0A priority Critical patent/CN113220225B/en
Publication of CN113220225A publication Critical patent/CN113220225A/en
Application granted granted Critical
Publication of CN113220225B publication Critical patent/CN113220225B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0604Improving or facilitating administration, e.g. storage management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0656Data buffering arrangements

Abstract

The application discloses a memory data read-write method and device of a RISC-V processor, a processor and a storage medium. The kernel state of the RISC-V processor is divided into a safe world and a common world, the memory resource of the RISC-V processor is divided into a safe region and an unsafe region, the method comprises the following steps: reading the next instruction through a pipeline structure and decoding the next instruction according to the safety state in the secstatus control register to obtain an operation type and a virtual address; when the operation type is a read or write memory, the virtual address and the security state are sequentially and safely matched with a primary translation look-aside buffer, a secondary translation look-aside buffer and a page table traversal module in a memory management unit; and when the security matching is hit, obtaining a physical address, and transmitting the obtained physical address to a first-level cache for memory data read or write operation. The method of the invention isolates the hardware of the RISC-V processor, and ensures the security of the RISC-V processor when reading and writing the memory data.

Description

Memory data read-write method and device for RISC-V processor, processor and storage medium
Technical Field
The present application relates to the field of microprocessors, and in particular, to a method and an apparatus for reading and writing memory data of a RISC-V processor, a processor, and a storage medium.
Background
With the rapid development of the IoT (Internet of Things), more and more mobile devices have come to be used, which typically store various private information of users, and some devices even have the function of processing mobile payment. Therefore, new challenges are posed to the security of microprocessors in devices.
As a new instruction set architecture, compared with an ARM architecture, the RISC-V has the characteristics of complete open source, low cost, light weight, modularization and the like, and meanwhile, the RISC-V is easy to transplant into a Linux system and has a complete tool chain. Due to the advantages, RISC-V rapidly occupies a place in the microprocessor architecture in the field of Internet of things, and in recent years, more and more chip manufacturers select the RISC-V instruction set architecture to replace Arm.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
the current RISC-V processor still lacks a scheme for performing security protection on the memory data of the processor on a hardware level, and cannot protect the memory data of the processor from attack and tampering of malicious software through hardware.
Disclosure of Invention
Embodiments of the present application provide a method and an apparatus for reading and writing memory data of a RISC-V processor, a processor, and a storage medium, so as to solve the technical problem of insufficient security of the RISC-V processor in the related art.
According to a first aspect of the embodiments of the present application, there is provided a method for reading and writing memory data of a RISC-V processor, which is applied to the RISC-V processor, wherein a kernel state of the RISC-V processor is divided into a secure world and a normal world, and a memory resource of the RISC-V processor is divided into a secure area and a non-secure area, the method comprising:
according to the safety state in the secstatus control register, when the safety state is a safety world, reading the address of the next instruction from a safety program counter, and when the safety state is a common world, reading the address of the next instruction from the program counter and reading the next instruction through a pipeline structure;
decoding and executing the next instruction through a pipeline structure to obtain an operation type, a source register, a target register and an operand;
when the safety state is a safety world, reading a source register of the safety general register according to a decoding result of the pipeline structure; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
when the operation type of the next instruction is reading or writing a memory, transmitting the virtual address and the security state to a memory management unit, wherein the memory management unit comprises a primary translation look-aside buffer, a secondary translation look-aside buffer and a page table traversal module;
the virtual address and the security state are sequentially matched with the first-level translation look-aside buffer, the second-level translation look-aside buffer and the page table traversal module in a security mode, when security hit occurs in the security matching, a physical address is obtained, and the obtained physical address is transmitted to the first-level cache to perform memory data read or write operation;
and performing write-back operation on the target register through a pipeline structure, writing the execution result or the read memory data back to the target register in the safe general register when the safe state is a safe world, and writing the execution result or the read memory data back to the target register in the general register when the safe state is a common world.
According to a second aspect of the embodiments of the present application, there is provided a memory data read/write apparatus for a RISC-V processor, which is applied to the RISC-V processor, wherein a core state of the RISC-V processor is divided into a secure world and a normal world, and a memory resource of the RISC-V processor is divided into a secure area and a non-secure area, and the apparatus includes:
the pipeline instruction fetching module is used for reading the address of the next instruction from the safety program counter when the safety state is a safety world, and reading the address of the next instruction from the program counter and reading the next instruction through a pipeline structure when the safety state is a common world;
the assembly line decoding module is used for decoding the next instruction through an assembly line structure to obtain an operation type, a source register, a target register and an operand;
the pipeline execution module is used for reading a source register of the safety general register according to a decoding result of the pipeline structure and carrying out logic operation on the obtained data and the operand when the safety state is a safety world; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
a pipeline memory access module, configured to transmit a result of the pipeline execution module as a virtual address to a memory management unit together with the security status when the operation type of the next instruction is read or write to a memory, where the memory management unit includes a first-level translation look-aside buffer, a second-level translation look-aside buffer, and a page table traversal module;
the memory management unit is used for carrying out security matching on the virtual address and the security state together with the primary translation look-aside buffer, the secondary translation look-aside buffer and the page table traversal module in sequence, obtaining a physical address when security hit occurs in the security matching, and transmitting the obtained physical address to the primary cache for memory data read or write operation;
and the pipeline write-back module is used for writing back the execution result or the memory access result to a safe general register when the safe state is a safe world, and writing back the execution result or the memory access result to a general register when the safe state is a common world.
According to a third aspect of the embodiments of the present application, there is provided a RISC-V processor comprising a security-extended RISC-V processor core, a security-extended memory management unit, and memory resources of the RISC-V processor, wherein,
the safe state of the kernel of the RISC-V processor is divided into a safe world and a common world, the memory resources of the RISC-V processor are divided into a safe region and an unsafe region, the kernel of the RISC-V processor in the safe world can access the safe region and the unsafe region, and the kernel of the RISC-V processor in the common world can only access the unsafe region;
the RISC-V processor core comprises a program counter, a safe program counter, a general register, a safe general register and a control register;
the program counter and the safe program counter are respectively used for storing the address of the next instruction to be read by the RISC-V processor kernels in the common world and the safe world;
the general purpose register and the safe general purpose register are used for providing or temporarily storing data for RISC-V processor cores in the common world and the safe world;
the control register comprises a secstatus control register, and the safety state of the RISC-V processor core is changed by writing data into the secstatus register;
the RISC-V processor kernel reads the instruction according to the safety state, decodes the read instruction and reads and writes the general register according to the safety state;
the RISC-V processor kernel is connected with the memory management unit, and sends a virtual address and the safety state of the kernel to the memory management unit and receives read data or instructions from the memory management unit.
According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium having stored thereon computer instructions, characterized in that the instructions, when executed by a processor, implement the steps of the method according to the first aspect.
It can be seen from the foregoing embodiments that the present application provides a method for reading and writing memory data of a RISC-V processor, which divides the core state of the RISC-V processor into a secure world and a normal world, divides the memory resources of the RISC-V processor into a secure region and a non-secure region, and improves the security of reading and writing the memory data by differentiating the operation rights of different secure states to the memory region, and meanwhile, because the memory structure of the processor usually includes a cache, a translation backup buffer, and a page table structure to improve the reading and writing efficiency of the processor to the memory, the memory data reading and writing with high efficiency, safety and reliability are realized by safely expanding these structures.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a flow chart illustrating a method for reading and writing memory data of a RISC-V processor according to an exemplary embodiment.
FIG. 2 is a block diagram of a memory data read/write apparatus for a RISC-V processor according to an exemplary embodiment.
FIG. 3 is a block diagram of a RISC-V processor shown in accordance with an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Fig. 1 is a flowchart illustrating a memory data read/write method of a RISC-V processor according to an exemplary embodiment, and referring to fig. 1, an embodiment of the present invention provides a memory data read/write method of a RISC-V processor, which is applied to the RISC-V processor, a kernel state of the RISC-V processor is divided into a secure world and a normal world, and a memory resource of the RISC-V processor is divided into a secure region and a non-secure region, including the following steps:
step S11, according to the safety state in the secstatus control register, when the safety state is the safety world, reading the address of the next instruction from the safety program counter, when the safety state is the common world, reading the address of the next instruction from the program counter, and reading the next instruction through the pipeline structure;
the design is to isolate the resources of the RISC-V processor core in two safety states and to ensure that the next instruction address to be read in the safety state of the RISC-V processor core is saved before the safety state is switched, so as to be used after the safety state is recovered.
Step S12, decode and execute the next instruction through the pipeline structure, and obtain the operation type, the source register, the destination register, and the operand.
Step S13, when the safety state is the safety world, the reading operation of the source register is carried out on the safety general register according to the decoding result of the pipeline structure; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
the design is to isolate the resources of the RISC-V processor core in two safety states and ensure that the data in the general register of the safety state of the RISC-V processor core is saved before the safety state is switched, so as to be used after the safety state is recovered.
Step S14, when the operation type of the next instruction is read or write memory, transmitting the virtual address and the security state to a memory management unit, where the memory management unit includes a Level 1Translation Lookaside Buffer (L1 TLB), a Level 2TLB), and a Page Table Walk (PTW) module;
specifically, security bits are added to entries of the L1 TLB, the L2TLB and the PTW, and are used for marking whether a memory region pointed by a physical page number stored in the entry belongs to the security region;
step S15, the virtual address and the security state are sequentially matched with the first-level translation look-aside buffer, the second-level translation look-aside buffer and the page table traversal module in a security mode, when security hit occurs in the security matching, a physical address is obtained, and the obtained physical address is transmitted to the first-level cache to perform memory data read or write operation; may include the following substeps:
step S151, the virtual address and the safe state are safely matched with an entry in an L1 TLB together, when the safe matching is hit safely, a physical address is obtained and is transmitted to a first-level cache for tag matching, when the safe matching is hit but the safe state does not have access right, a safe exception is thrown out, and when the safe matching is not hit, the virtual address and the safe state are transmitted to an L2TLB for safe matching;
the security matching comprises tag matching and whether a security state has access authority to a physical page number in an entry, when the tag matching occurs, a hit occurs, and when the hit occurs and the security state has the authority, a security hit occurs; when the safety state is a safety world, the access right is provided for both the physical page number of the safety region and the physical page number of the non-safety region, and when the safety state is a common world, the access right is provided for only the non-safety region.
Step S152, the virtual address and the security state are safely matched with an entry in an L2TLB, when the security matching is hit safely, a physical address is obtained and is transmitted to a first-level cache for tag matching, when the security matching is hit but the security state does not have access right, security exception is thrown, and when the security matching is not hit, the virtual address and the security state are transmitted to a PTW for security matching;
step S153, carrying out safety matching on the virtual address and the safety state together with the entry in the PTW, obtaining a physical address when safety matching is hit, transmitting the physical address to a first-level cache for tag matching, throwing out safety exception when the safety matching is hit but the safety state does not have access right, and throwing out missing page exception when the safety matching is not hit;
and matching the physical address obtained in the step S151, S152 or S153 with a first-level cache, performing a read or write operation on corresponding data when the tag matching occurs, and initiating a request to a low-level storage structure when the tag matching does not occur.
And step S16, performing write-back operation on the target register through a pipeline structure, writing the execution result or the read memory data back to the target register in the safe general register when the safe state is the safe world, and writing the execution result or the read memory data back to the target register in the general register when the safe state is the common world.
It can be seen from the foregoing embodiments that the present application provides a method for reading and writing memory data of a RISC-V processor, which divides the core state of the RISC-V processor into a secure world and a normal world, divides the memory resources of the RISC-V processor into a secure region and a non-secure region, and improves the security of reading and writing the memory data by differentiating the operation rights of different secure states to the memory region, and meanwhile, because the memory structure of the processor usually includes a cache, a translation backup buffer, and a page table structure to improve the reading and writing efficiency of the processor to the memory, the memory data reading and writing with high efficiency, safety and reliability are realized by safely expanding these structures.
Corresponding to the above-mentioned embodiment of the method for reading and writing the memory data of the RISC-V processor, the present application also provides an embodiment of the device for reading and writing the memory data of the RISC-V processor.
FIG. 2 is a block diagram illustrating a memory data read/write apparatus of a RISC-V processor according to an exemplary embodiment. Referring to fig. 2, the apparatus, applied to a RISC-V processor, the core state of the RISC-V processor being divided into a secure world and a normal world, and the memory resources of the RISC-V processor being divided into a secure area and a non-secure area, includes:
the pipeline instruction fetching module 21 is configured to, according to the security state in the secstatus control register, read an address of a next instruction from the secure program counter when the security state is the secure world, read an address of a next instruction from the program counter when the security state is the common world, and read the next instruction through a pipeline structure;
a pipeline decoding module 22, configured to decode the next instruction through a pipeline structure to obtain an operation type, a source register, a destination register, and an operand;
the pipeline execution module 23 is configured to, when the secure state is the secure world, perform a read operation of a source register on the secure general register according to a decoding result of the pipeline structure, and perform a logical operation on the obtained data and the operand; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
a pipeline memory access module 24, configured to transmit a result of the pipeline execution module as a virtual address to a memory management unit together with the security status when the operation type of the next instruction is read or write memory, where the memory management unit includes a first-level translation look-aside buffer, a second-level translation look-aside buffer, and a page table traversal module;
the memory management unit 25 is configured to perform secure matching on the virtual address and the security state together with the primary translation look-aside buffer, the secondary translation look-aside buffer, and the page table traversal module in sequence, obtain a physical address when security hit occurs in the secure matching, and transmit the obtained physical address to the primary cache for memory data read or write operation;
and the pipeline write-back module 26 is configured to write back the execution result or the memory access result to a secure general register when the security state is a secure world, and write back the execution result or the memory access result to a general register when the security state is a normal world.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
Accordingly, the present application also provides a computer readable storage medium, on which computer instructions are stored, wherein the instructions, when executed by a processor, implement the method for reading and writing memory data of the RISC-V processor as described above.
FIG. 3 is a schematic diagram of a RISC-V processor according to an exemplary embodiment, and referring to FIG. 3, this embodiment further provides a RISC-V processor including a security extended RISC-V processor core, a security extended memory management unit and the memory resources of the RISC-V processor,
the safe state of the kernel of the RISC-V processor is divided into a safe world and a common world, the memory resources of the RISC-V processor are divided into a safe region and an unsafe region, the kernel of the RISC-V processor in the safe world can access the safe region and the unsafe region, and the kernel of the RISC-V processor in the common world can only access the unsafe region;
the RISC-V processor core comprises a program counter, a safe program counter, a general register, a safe general register and a control register;
the program counter and the safe program counter are respectively used for storing the address of the next instruction to be read by the RISC-V processor kernels in the common world and the safe world;
the general purpose register and the safe general purpose register are used for providing or temporarily storing data for RISC-V processor cores in the common world and the safe world;
the control register comprises a secstatus control register, and the safety state of the RISC-V processor core is changed by writing data into the secstatus register;
the RISC-V processor kernel reads the instruction according to the safety state, decodes the read instruction and reads and writes the general register according to the safety state;
the RISC-V processor kernel is connected with the memory management unit, and sends a virtual address and the safety state of the kernel to the memory management unit and receives read data from the memory management unit.
In the embodiment of the present invention, the RISC-V processor core reads an instruction according to the security state, decodes the read instruction, and reads and writes a general register according to the security state, including:
when the kernel runs in the secure world, reading the address of the next instruction from the secure program counter, and reading the instruction according to the address;
when the kernel runs in the common world, reading a next instruction address from the program counter, and reading an instruction according to the address;
after the read instruction is decoded, when the kernel runs in the secure world, the kernel performs read-write operation on the secure general register, and when the kernel runs in the common world, the kernel performs read-write operation on the general register.
In one embodiment of the present invention, the memory management unit comprises a first level cache, a second level translation look-aside buffer, and a page table walk module,
said first level cache comprising a first level translation look-aside buffer;
adding a security bit in an entry of the primary translation look-aside buffer, wherein the security bit is used for marking whether a memory region pointed to by a physical page number stored in the entry belongs to the security region;
adding a security bit in an entry of the secondary translation look-aside buffer, wherein the security bit is used for marking whether a memory region pointed to by a physical page number stored in the entry belongs to the security region;
and adding a safety bit in an entry of the page table traversal module, wherein the safety bit is used for marking whether a memory pointed by a physical page number stored in the entry also belongs to the safety region.
In the embodiment of the invention, the memory management unit carries out security matching on the virtual address and the security state of the kernel together with a primary translation look-aside buffer, a secondary translation look-aside buffer and a page table traversal module in sequence, and when security hit occurs, the physical address mapped by the virtual address is obtained and a data read-write request is initiated to the primary cache.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A memory data read-write method of RISC-V processor is characterized in that it is applied to RISC-V processor, the kernel state of RISC-V processor is divided into safe world and common world, the memory resource of RISC-V processor is divided into safe region and nonsecure region, the method includes:
according to the safety state in the secstatus control register, when the safety state is a safety world, reading the address of the next instruction from a safety program counter, and when the safety state is a common world, reading the address of the next instruction from the program counter and reading the next instruction through a pipeline structure;
decoding and executing the next instruction through a pipeline structure to obtain an operation type, a source register, a target register and an operand;
when the safety state is a safety world, reading a source register of the safety general register according to a decoding result of the pipeline structure; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
when the operation type of the next instruction is reading or writing a memory, transmitting the virtual address and the security state to a memory management unit, wherein the memory management unit comprises a primary translation look-aside buffer, a secondary translation look-aside buffer and a page table traversal module;
the virtual address and the security state are sequentially matched with the first-level translation look-aside buffer, the second-level translation look-aside buffer and the page table traversal module in a security mode, when security hit occurs in the security matching, a physical address is obtained, and the obtained physical address is transmitted to the first-level cache to perform memory data read or write operation;
and performing write-back operation on the target register through a pipeline structure, writing the execution result or the read memory data back to the target register in the safe general register when the safe state is a safe world, and writing the execution result or the read memory data back to the target register in the general register when the safe state is a common world.
2. A RISC-V processor memory data read and write method as claimed in claim 1 wherein securely matching said virtual address together with said secure state in sequence with said primary translation look-aside buffer, secondary translation look-aside buffer and page table walk module comprises:
when the virtual address hits in the first-level translation look-aside buffer and the security state has an access right, the virtual address hits safely and obtains a physical address, and the obtained physical address is transmitted to a first-level cache for tag matching;
throwing a security exception when the virtual address hits in the primary translation look-aside buffer but the security state does not have access rights;
when the virtual address does not hit in the primary translation look-aside buffer, transmitting the virtual address and the secure state to a secondary translation look-aside buffer for a secure match.
3. The method of claim 2, wherein transferring the virtual address and the secure state to a secondary translation look-aside buffer for secure matching comprises:
when the virtual address hits in the second-level translation look-aside buffer and the security state has an access right, the virtual address hits safely and obtains a physical address, and the obtained physical address is transmitted to a first-level cache for tag matching;
when the virtual address hits in the secondary translation look-aside buffer, but the secure state does not have access, a security exception is thrown;
and when the virtual address does not hit in the secondary transfer look-aside buffer, transmitting the virtual address and the security state to a page table traversal module for security matching.
4. The method of claim 3, wherein transferring the virtual address and the security state into a page table walk module for a security match comprises:
when the virtual address hits in the page table traversal module and the security state has access authority, the virtual address hits safely and obtains a physical address, and the obtained physical address is transmitted to a first-level cache for tag matching;
when the virtual address is hit in the page table traversal module, but the security state does not have access authority, throwing out security exception;
and when the virtual address is not hit in the page table traversal module, throwing out a missing page exception.
5. The method of claim 4, wherein transferring the obtained physical address to a level one cache for tag matching comprises:
when the tags in the first-level cache are matched, performing reading or writing operation on corresponding memory data;
when no tag match occurs in the level one cache, the physical address is transferred to a lower level storage structure.
6. A memory data read-write device of RISC-V processor is characterized in that, it is applied to RISC-V processor, the kernel state of RISC-V processor is divided into safe world and common world, the memory resource of RISC-V processor is divided into safe region and nonsecure region, it includes:
the pipeline instruction fetching module is used for reading the address of the next instruction from the safety program counter when the safety state is a safety world, and reading the address of the next instruction from the program counter and reading the next instruction through a pipeline structure when the safety state is a common world;
the assembly line decoding module is used for decoding the next instruction through an assembly line structure to obtain an operation type, a source register, a target register and an operand;
the pipeline execution module is used for reading a source register of the safety general register according to a decoding result of the pipeline structure and carrying out logic operation on the obtained data and the operand when the safety state is a safety world; when the safety state is in the common world, reading the source register of the general register according to the decoding result of the pipeline structure, and carrying out logic operation on the obtained data and the operand;
a pipeline memory access module, configured to transmit a result of the pipeline execution module as a virtual address to a memory management unit together with the security status when the operation type of the next instruction is read or write to a memory, where the memory management unit includes a first-level translation look-aside buffer, a second-level translation look-aside buffer, and a page table traversal module;
the memory management unit is used for carrying out security matching on the virtual address and the security state together with the primary translation look-aside buffer, the secondary translation look-aside buffer and the page table traversal module in sequence, obtaining a physical address when security hit occurs in the security matching, and transmitting the obtained physical address to the primary cache for memory data read or write operation;
and the pipeline write-back module is used for writing back the execution result or the memory access result to a safe general register when the safety state is a safe world, and writing back the execution result or the memory access result to a general register when the safety state is a common world.
7. A RISC-V processor is characterized in that it includes a safely extended RISC-V processor kernel, a safely extended memory management unit and the memory resources of the RISC-V processor, wherein,
the safe state of the kernel of the RISC-V processor is divided into a safe world and a common world, the memory resources of the RISC-V processor are divided into a safe region and an unsafe region, the kernel of the RISC-V processor in the safe world can access the safe region and the unsafe region, and the kernel of the RISC-V processor in the common world can only access the unsafe region;
the RISC-V processor core comprises a program counter, a safe program counter, a general register, a safe general register and a control register;
the program counter and the safe program counter are respectively used for storing the address of the next instruction to be read by the RISC-V processor kernels in the common world and the safe world;
the general purpose register and the safe general purpose register are used for providing or temporarily storing data for RISC-V processor cores in the common world and the safe world;
the control register comprises a secstatus control register, and the safety state of the RISC-V processor core is changed by writing data into the secstatus register;
the RISC-V processor kernel reads the instruction according to the safety state, decodes the read instruction and reads and writes the general register according to the safety state;
the RISC-V processor kernel is connected with the memory management unit, and sends a virtual address and the safety state of the kernel to the memory management unit and receives read data from the memory management unit.
8. The RISC-V processor of claim 7, wherein the memory management unit comprises a primary cache, a secondary translation look-aside buffer, and a page table walk module,
said first level cache comprising a first level translation look-aside buffer;
adding a security bit in an entry of the primary translation look-aside buffer, wherein the security bit is used for marking whether a memory region pointed to by a physical page number stored in the entry belongs to the security region;
adding a security bit in an entry of the secondary translation look-aside buffer, wherein the security bit is used for marking whether a memory region pointed to by a physical page number stored in the entry belongs to the security region;
and adding a safety bit in an entry of the page table traversal module, wherein the safety bit is used for marking whether a memory area pointed by a physical page number stored in the entry belongs to the safety area.
9. The RISC-V processor of claim 8, wherein the memory management unit securely matches the virtual address with the security state of the kernel in sequence with the primary translation lookaside buffer, the secondary translation lookaside buffer, and the page table walk module, and upon a security hit, obtains a physical address mapped by the virtual address and issues a data read/write request to the primary cache.
10. A computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the method according to any one of claims 1-5.
CN202110367521.0A 2021-04-06 2021-04-06 Memory data read-write method and device for RISC-V processor, processor and storage medium Expired - Fee Related CN113220225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110367521.0A CN113220225B (en) 2021-04-06 2021-04-06 Memory data read-write method and device for RISC-V processor, processor and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110367521.0A CN113220225B (en) 2021-04-06 2021-04-06 Memory data read-write method and device for RISC-V processor, processor and storage medium

Publications (2)

Publication Number Publication Date
CN113220225A true CN113220225A (en) 2021-08-06
CN113220225B CN113220225B (en) 2022-04-12

Family

ID=77086452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110367521.0A Expired - Fee Related CN113220225B (en) 2021-04-06 2021-04-06 Memory data read-write method and device for RISC-V processor, processor and storage medium

Country Status (1)

Country Link
CN (1) CN113220225B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114281720A (en) * 2021-12-14 2022-04-05 海光信息技术股份有限公司 Processor, address translation method for processor and electronic equipment
CN115269008A (en) * 2022-09-29 2022-11-01 苏州浪潮智能科技有限公司 Data processing method, device, medium and electronic equipment
CN115794681A (en) * 2022-10-12 2023-03-14 中国人民解放军军事科学院国防科技创新研究院 Multi-level extensible TLB structure applicable to RISC-V
CN116383102A (en) * 2023-05-30 2023-07-04 北京微核芯科技有限公司 Translation look-aside buffer access method, device, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8099546B2 (en) * 2009-06-09 2012-01-17 Red Hat, Inc. Mechanism for a lockless ring buffer in overwrite mode
US9507941B2 (en) * 2013-11-22 2016-11-29 Samsung Electronics Co., Ltd. Method of verifying integrity of electronic device, storage medium, and electronic device
CN106371807A (en) * 2016-08-30 2017-02-01 华为技术有限公司 Method and device for extending processor instruction set
CN107194284A (en) * 2017-06-22 2017-09-22 济南浪潮高新科技投资发展有限公司 A kind of method and system based on the user-isolated data of TrustZone
US20180060077A1 (en) * 2016-08-26 2018-03-01 Qualcomm Incorporated Trusted platform module support on reduced instruction set computing architectures
CN109857460A (en) * 2019-02-20 2019-06-07 南京华捷艾米软件科技有限公司 Matrix convolution calculation method, interface, coprocessor and system based on RISC-V framework
CN110929304A (en) * 2019-12-04 2020-03-27 四川虹微技术有限公司 RISC-V based memory protection method
CN111651778A (en) * 2020-05-26 2020-09-11 上海交通大学 Physical memory isolation method based on RISC-V instruction architecture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8099546B2 (en) * 2009-06-09 2012-01-17 Red Hat, Inc. Mechanism for a lockless ring buffer in overwrite mode
US9507941B2 (en) * 2013-11-22 2016-11-29 Samsung Electronics Co., Ltd. Method of verifying integrity of electronic device, storage medium, and electronic device
US20180060077A1 (en) * 2016-08-26 2018-03-01 Qualcomm Incorporated Trusted platform module support on reduced instruction set computing architectures
CN106371807A (en) * 2016-08-30 2017-02-01 华为技术有限公司 Method and device for extending processor instruction set
CN107194284A (en) * 2017-06-22 2017-09-22 济南浪潮高新科技投资发展有限公司 A kind of method and system based on the user-isolated data of TrustZone
CN109857460A (en) * 2019-02-20 2019-06-07 南京华捷艾米软件科技有限公司 Matrix convolution calculation method, interface, coprocessor and system based on RISC-V framework
CN110929304A (en) * 2019-12-04 2020-03-27 四川虹微技术有限公司 RISC-V based memory protection method
CN111651778A (en) * 2020-05-26 2020-09-11 上海交通大学 Physical memory isolation method based on RISC-V instruction architecture

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Z ZANG: "Reconfigurable RISC-V Secure Processor And Soc Integration", 《2019ICIT》 *
洪宗会: "基于RISC-V的进程内硬件安全保护机制", 《万方学位论文》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114281720A (en) * 2021-12-14 2022-04-05 海光信息技术股份有限公司 Processor, address translation method for processor and electronic equipment
CN114281720B (en) * 2021-12-14 2022-09-02 海光信息技术股份有限公司 Processor, address translation method for processor and electronic equipment
CN115269008A (en) * 2022-09-29 2022-11-01 苏州浪潮智能科技有限公司 Data processing method, device, medium and electronic equipment
CN115794681A (en) * 2022-10-12 2023-03-14 中国人民解放军军事科学院国防科技创新研究院 Multi-level extensible TLB structure applicable to RISC-V
CN115794681B (en) * 2022-10-12 2023-05-23 中国人民解放军军事科学院国防科技创新研究院 Multi-stage expandable TLB system suitable for RISC-V and address translation method thereof
CN116383102A (en) * 2023-05-30 2023-07-04 北京微核芯科技有限公司 Translation look-aside buffer access method, device, equipment and storage medium
CN116383102B (en) * 2023-05-30 2023-08-29 北京微核芯科技有限公司 Translation look-aside buffer access method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113220225B (en) 2022-04-12

Similar Documents

Publication Publication Date Title
CN113220225B (en) Memory data read-write method and device for RISC-V processor, processor and storage medium
US11921646B2 (en) Secure address translation services using a permission table
US10503664B2 (en) Virtual machine manager for address mapping and translation protection
TWI715580B (en) Processors, methods, systems, and instructions to support live migration of protected containers
EP3516577B1 (en) Processors, methods, systems, and instructions to determine whether to load encrypted copies of protected container pages into protected container memory
EP3798856B1 (en) Secure address translation services using message authentication codes and invalidation tracking
US7673345B2 (en) Providing extended memory protection
TW202111587A (en) Integrated circuit, method and article of manufacture for allowing secure communications
US20210406199A1 (en) Secure address translation services using cryptographically protected host physical addresses
US20230289295A1 (en) Virtual Memory Management Method and Apparatus Supporting Physical Addresses Larger Than Virtual Addresses
WO2012163017A1 (en) Method for processing access exception of distributed virtual machine and virtual machine monitor
EP3881189B1 (en) An apparatus and method for controlling memory accesses
US11748107B2 (en) Complex I/O value prediction for multiple values with physical or virtual addresses
CN115618336A (en) Cache, operation method thereof and computer device
CN115879107A (en) Computer device and access method thereof, processing device and storage medium
US11657004B2 (en) Method and system for memory attack mitigation
CN111291383A (en) Physical address space access isolation method between any entities on SoC, SoC and computer equipment
WO2021148134A1 (en) Apparatus and method for software security
US20240037035A1 (en) Processor with protection of an isolated memory and protection method for the isolated memory accessible only by a trusted core
US20230315625A1 (en) Method, system, and apparatus for supporting multiple address spaces to facilitate data movement
US20220414022A1 (en) Apparatus, system, and method for secure memory access control
US20230103000A1 (en) Hardware managed address translation service for integrated devices
GB2616643A (en) Read-as-X property for page of memory address space

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220412

CF01 Termination of patent right due to non-payment of annual fee