CN115510423A - Memory protection method, control device and storage medium based on RISC-V processor - Google Patents

Memory protection method, control device and storage medium based on RISC-V processor Download PDF

Info

Publication number
CN115510423A
CN115510423A CN202211065185.5A CN202211065185A CN115510423A CN 115510423 A CN115510423 A CN 115510423A CN 202211065185 A CN202211065185 A CN 202211065185A CN 115510423 A CN115510423 A CN 115510423A
Authority
CN
China
Prior art keywords
protection
application
information
pmp
risc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211065185.5A
Other languages
Chinese (zh)
Inventor
王鑫
庞振江
刘国营
李延
白鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical Beijing Smartchip Microelectronics Technology Co Ltd
Priority to CN202211065185.5A priority Critical patent/CN115510423A/en
Publication of CN115510423A publication Critical patent/CN115510423A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a memory protection method, a control device and a storage medium based on a RISC-V processor, belonging to the technical field of computers. The memory protection method comprises the following steps: in the application installation stage, dynamically allocating the storage position of a corresponding application file in a system storage area and the size of a storage space, wherein the storage space comprises an application program storage operation space and an application data storage space; in the application running stage, creating a corresponding lightweight process, wherein a data structure of the lightweight process comprises PMP protection parameters; reading PMP protection information in an application file, and setting PMP protection parameters through the PMP protection information; and running the lightweight process to protect the memory through the PMP protection parameter. In the application installation stage, the storage position of the corresponding application file in the system storage area is dynamically allocated, and in the application operation stage, the PMP protection strategy of the storage space access authority is allocated to each application (task) to realize the protection of the memory.

Description

RISC-V processor-based memory protection method, control device and storage medium
Technical Field
The invention relates to the technical field of computers, in particular to a memory protection method, a control device and a storage medium based on a RISC-V processor.
Background
RISC-V processors wish to limit the physical addresses accessible to the running software in order to support secure processing and avoid failures. A Physical Memory Protection unit (PMP) provides a machine mode control register to allow Physical Memory access rights (read, write, execute, etc.) to be specified for each Physical Memory region. The PMP can be used for setting the memory access characteristics (such as only supporting privileged access or full access) and the memory attributes (such as cacheability, sharability and the like) of different storage areas, so that the robustness of the embedded system is improved, and the system is safer and more reliable. PMP is a unit for appointing read-write and code execution authority for physical memory space, and can realize memory access control with lower cost in some embedded systems with limited resources. PMP supports 16 entries to divide the memory space, each entry defines a memory address interval that needs to limit access rights, and each entry is described by a configuration register and an address register. The configuration register has lock (L), address matching mode (A), and code execution (X), read (R), and write (W) fields, which in combination with the address register, control access to the memory space.
The existing RISC-V processor, real Time Operating System (RTOS) based on concurrent thread does not carry on PMP protection well.
Disclosure of Invention
An object of an embodiment of the present invention is to provide a memory protection method based on RISC-V processor, which can perform PMP protection on a memory.
In order to achieve the above object, an embodiment of the present invention provides a memory protection method based on a RISC-V processor, where the memory protection method based on the RISC-V processor includes: in the application installation stage, dynamically allocating the storage position of a corresponding application file in a system storage area and the size of a storage space, wherein the storage space comprises an application program storage and operation space and an application data storage space; in the application running stage, creating a corresponding lightweight process, wherein a data structure of the lightweight process comprises PMP protection parameters; reading PMP protection information in the application file, and setting PMP protection parameters through the PMP protection information; and running the lightweight process to protect the memory through the PMP protection parameter.
Optionally, before the dynamically allocating the storage location and the size of the storage space of the corresponding application file, the RISC-V processor-based memory protection method further includes: acquiring an application installation command, wherein the application installation command comprises the position information of the application file; acquiring the application file and size information according to the position information; checking header file information of the application file to determine that the file type and the file data of the application file are correct; and creating a file system information header in the system storage area, wherein the file system information header indicates the storage position and the size of the storage space for dynamically allocating the application file.
Optionally, the PMP protection parameter includes a program protection parameter and a data protection parameter, where the program protection parameter indicates a location to be protected and a corresponding right in the storage operation space of the application program, and the data protection parameter indicates a location to be protected and a corresponding right in the storage operation space of the data.
Optionally, the PMP protection information includes program protection information and data protection information, the reading PMP protection information in the application file, and setting the PMP protection parameter through the PMP protection information includes: reading the program protection information and the data protection information in the application file, wherein the program protection information comprises a program protection entry address and a program protection length, and the data protection information comprises a data protection length; setting the program protection parameter through the program protection entry address and the program protection length; and allocating a data protection starting address of the data protection parameter, and setting the data protection parameter according to the data protection starting address and the data protection length.
Optionally, the data structure of the lightweight process further includes at least one of a process unique identifier, thread information in the process, currently running thread information, and soft interrupt information.
Optionally, the memory protection method based on RISC-V processor further includes: when a first application is switched to a second application, pausing running of a first lightweight process corresponding to the first application, and storing running state information and running environment information of the first lightweight process; acquiring a second lightweight process corresponding to the second application, and stored running state information and running environment information of the second lightweight process; and running the second lightweight process according to the stored running state information and running environment information of the second lightweight process, and enabling the PMP protection parameter of the second lightweight process so as to protect the memory through the PMP protection parameter of the second lightweight process.
Optionally, the running state information and the running environment information of the first lightweight process are saved through a task stack.
Optionally, the memory protection method based on RISC-V processor further includes: and in the application running stage, reading the shared PMP protection information in the application file, establishing a shared memory protection area, and setting shared PMP protection parameters through the shared PMP protection information, wherein the shared PMP protection parameters comprise shared program protection parameters and shared data protection parameters.
Optionally, when switching from a first application to a second application and when the second application needs to apply for the shared memory protection region of the first application, the RISC-V processor-based memory protection method further includes: acquiring the storage position and the authority of the shared program protection parameter of the shared memory protection area; acquiring the storage position and the authority of the shared data protection parameter of the shared memory protection area; and protecting the shared memory protection area through the shared PMP protection parameter of the first application.
Optionally, when all applications applying for the shutdown of the shared memory protection area of the first application, the shared PMP protection parameter of the first application is cleared.
An embodiment of the present invention further provides a control device, where the control device includes: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the computer program to implement the memory protection method based on the RISC-V processor as described above.
Embodiments of the present invention also provide a machine-readable storage medium, where instructions are stored on the machine-readable storage medium, and the instructions enable a machine to execute the above-mentioned RISC-V processor-based memory protection method.
Through the technical scheme, the kernel and the application have respective storage areas (FLASH and RAM areas), each application task has respective storage and operation areas (FLASH and RAM areas), and in the application installation stage, the storage position and the size of the storage space of the corresponding application file in the system storage area are dynamically allocated, and the application file is moved to the dynamically allocated storage position; in the application running stage, PMP protection policies such as storage space access right and memory space configuration are allocated to each application (task) to realize memory protection.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
FIG. 1 is a flow chart illustrating a memory protection method based on RISC-V processor according to an embodiment of the present invention;
FIG. 2 is a flowchart diagram of an example application installation phase;
FIG. 3 is a diagram of an example dynamic allocation of application files;
FIG. 4 is a flowchart diagram of an example application runtime phase;
fig. 5 is a flow diagram illustrating an example application handoff.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic flow chart of a memory protection method based on a RISC-V processor according to an embodiment of the present invention, and referring to fig. 1, the memory protection method based on a RISC-V processor may include the following steps:
step S110: in the application installation stage, the storage position of the corresponding application file in the system storage area and the size of the storage space are dynamically allocated, and the storage space comprises an application program storage operation space and an application data storage space.
In the prior RISC-V processor, the RTOS based on the concurrent thread has no separation of a common kernel and an application, and the read-only protection is set for the whole FLASH region; setting respective stack protection areas for each task (thread), wherein the FLASH storage and execution areas of each task are not subjected to isolation protection; the shared code area and data area of each task cannot be set for PMP protection.
The embodiment of the invention designs the RTOS with the system separated from the application, so that the system service is separated from the kernel, the kernel operates in a kernel mode, the application (task) operates in a user mode, and the task calls the kernel (SVC) through the system service. The kernel and the applications have respective memory areas (FLASH and RAM areas), and each application (task) has a respective memory and execution area (FLASH and RAM areas). Based on the method, in the application installation stage, the storage position and the size of the storage space of the corresponding application file in the system storage area are dynamically allocated, and the application file is moved to the dynamically allocated storage position, wherein the system storage area is separated from the kernel storage and operation area.
Referring to fig. 2 for example, before the dynamically allocating the storage location and the size of the storage space of the corresponding application file, the RISC-V processor-based memory protection method may further include the following steps:
step S111: and acquiring an application installation command, wherein the application installation command comprises the position information of the application file.
Step S112: and acquiring the application file and the size information according to the position information.
By way of example, when the system receives an installation command, such as an app _ install command, the file is opened according to a parameter (i.e., location information of the application file, for example, a storage path after the app is downloaded) passed by the installation command, and size information of the application file is obtained to allocate the size of a storage space of the application file, where the storage space includes an application program storage running space and an application data storage space.
Step S113: and checking the header file information of the application file to determine that the file type and the file data of the application file are correct.
Following the above example, the header information of the application file is checked, e.g., to see if its Magic number (Magic Numer) is correct, ensuring that the opened source file type and data are correct.
Step S114: and creating a file system information header in the system storage area, wherein the file system information header indicates the storage position and the size of the storage space for dynamically allocating the application file.
Taking over the above example, after step S114, the application file is moved to the dynamically allocated storage location. Referring to the example of fig. 3, if three application programs (application file 1, application file 2, and application file 3) are currently allocated and installed in the system storage area (e.g., FLASH area), and the application file 2 is uninstalled. When the system receives an installation command of an application program 4, the storage location and the size of the storage space of the dynamically allocated application file 4 in the system storage area may store the application file 4 in the area 1 in sequence, and if the size of the storage space of the application file 4 is smaller than the size of the storage space of the uninstalled (allocated) application file 2, the application file 4 may also be stored in the area 2, that is, dynamic allocation is implemented.
Step S210: and in the application running stage, creating a corresponding lightweight process, wherein the data structure of the lightweight process comprises PMP protection parameters.
By way of example, when a system starts an application, a corresponding lightweight Process (lwp) is created for the application, and the storage space of the data structure (e.g., pmp _ info) contained in the Process is allocated. Each application (application file) corresponds to one lwp, and each lwp can contain a plurality of threads. Embodiments of the present invention share process management blocks (i.e., share the data structure of lwp) for multiple threads in each lwp.
The PMP protection parameters preferred in the embodiment of the present invention include a program protection parameter and a data protection parameter. The indication of the position and the corresponding authority which need to be protected in the application program storage operation space, and the data protection parameter indicating the position and the corresponding authority which need to be protected in the data storage space.
By way of example, the program protection parameter may be referred to by a text field, the right of which may be set to be readable, writable, and/or executable, for example; the program protection parameter may be referred to by a data field, the authority of which may be set to be readable and/or writable, for example.
The data structure of the lightweight process preferred in the embodiment of the present invention further includes at least one of a unique process identifier, thread information in the process, currently running thread information, and soft interrupt information.
Step S220: and reading PMP protection information in the application file, and setting the PMP protection parameters through the PMP protection information.
Corresponding to the PMP protection parameter, the PMP protection information includes program protection information and data protection information, and the step S220 may preferably include: reading the program protection information and the data protection information in the application file, wherein the program protection information comprises a program protection entry address and a program protection length, and the data protection information comprises a data protection length; setting the program protection parameter through the program protection entry address and the program protection length; and allocating a data protection starting address of the data protection parameter, and setting the data protection parameter according to the data protection starting address and the data protection length.
Referring to the example of fig. 4, when a system starts an application, a corresponding lightweight process lwp is created for the application, and a storage space of a data structure (e.g., pmp _ info) included in the process lwp is allocated; opening the installed application file according to file information (or instruction information) transmitted when the task is started; reading program protection information (text information) and data protection information (data information) in the application file; setting the protection parameters of the text field according to the entry address and the length of the text information, storing the protection parameters into pmp _ info, and returning to the text segment protection address; and dynamically allocating a data protection initial address of the data field, setting protection parameters of the data field according to the data protection initial address and the length, storing the protection parameters into PMP _ info, returning the data field protection address, and setting PMP protection parameters.
Step S230: and running the lightweight process to protect the memory through the PMP protection parameter.
When the above example is carried out, the lightweight process lwp is run, that is, the memory can be protected by the set PMP protection parameter, that is, the memory is protected by dynamically allocating a storage space and an access right to each task (application program).
In the preferred embodiment of the present invention, the memory protection method based on RISC-V processor may further include: when a first application is switched to a second application, pausing running of a first lightweight process corresponding to the first application, and storing running state information and running environment information of the first lightweight process; acquiring a second lightweight process corresponding to the second application, and stored running state information and running environment information of the second lightweight process; and running the second lightweight process according to the stored running state information and running environment information of the second lightweight process, and enabling the PMP protection parameter of the second lightweight process so as to protect the memory through the PMP protection parameter of the second lightweight process.
Preferably, the running state information and the running environment information of the first lightweight process are saved through a task stack.
By way of example, the embodiment of the present invention triggers a soft interrupt (SW _ handler) by two tasks zx _ hw _ context _ switch and zx _ hw _ context _ switch _ interrupt. Wherein zx _ hw _ context _ switch is to switch from the current thread to the target thread in the thread environment (in the embodiment of the present invention, switch from lwp of the first application to lwp of the second application in the thread environment); zx _ hw _ context _ switch _ interrupt is switched from the current thread to the target thread in the interrupt context (in the embodiment of the present invention, switching from lwp of the first application to lwp of the second application in the thread context). After the target thread (lwp of the second application) is in the ready state and SW _ handle is triggered, please refer to fig. 5, the process flow of application switching is as follows: 1) Entering SW _ handle to prepare for application switching processing; 2) Saving lwp (running state information and running environment information of the first lightweight process) of the interrupted application, namely, the current task state is pushed; 3) Restoring lwp (running state information and running environment information of a second lightweight process) of the target application, namely popping the state of the task to be switched; 4) After the task is switched, obtaining lwp (second lightweight process) corresponding to the current task; 5) And enabling PMP protection on a text field and a data field corresponding to the lwp.
Preferably, the memory protection method based on RISC-V processor further comprises: and in the application running stage, reading the shared PMP protection information in the application file, establishing a shared memory protection area, and setting shared PMP protection parameters through the shared PMP protection information, wherein the shared PMP protection parameters comprise shared program protection parameters and shared data protection parameters.
To illustrate, the shared PMP protection parameters include a shared program protection parameter (text field) and a shared data protection parameter (data field). The shared data protection parameter (data field) is a shared memory, and the shared memory can be accessed by a plurality of APPs in a mode for communication among the APPs applied in the running process of the application program; the shared program protection parameter (text field) is a component or a shared library, an executable area that can be dynamically loaded during the running of an application.
Preferably, when the second application needs to apply for the shared memory protection region of the first application when switching from the first application to the second application, the method for memory protection based on RISC-V processor further includes: acquiring the storage position and the authority of the shared program protection parameter of the shared memory protection area; acquiring the storage position and the authority of the shared data protection parameter of the shared memory protection area; and protecting the shared memory protection area through the shared PMP protection parameter of the first application.
By way of example, when switching from a first application to a second application, the system memory is protected by a second lightweight process lwp, and if the first application has a shared memory, the second application applying for permission of the first application may access the shared memory of the first application, and at this time, the shared memory of the first application needs to be protected by a shared PMP protection parameter of the first application.
Optionally, when all applications applying for the shutdown of the shared memory protection area of the first application, the shared PMP protection parameter of the first application is cleared.
Accordingly, the kernel and the application have respective storage areas (FLASH and RAM areas), each application task has respective storage and operation areas (FLASH and RAM areas), and in the application installation stage, the storage position and the size of the storage space of the corresponding application file in the system storage area are dynamically allocated, and the application file is moved to the dynamically allocated storage position; in the application running stage, PMP protection policies such as storage space access right and memory space configuration are allocated to each application (task) to realize memory protection. Further, at application (task) context switch, the PMP protection policy is switched to ensure that each application (task) does not destroy the address space of other applications (tasks) or the operating system kernel.
An embodiment of the present invention further provides a control device, where the control device includes: a memory, a processor and a computer program stored in the memory and operable on the processor, the processor executing the computer program to implement the RISC-V processor based memory protection method according to steps S110-S230.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to one or more, and the memory protection method based on the RISC-V processor according to the steps S110-S230 is realized by adjusting the kernel parameters.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
An embodiment of the present invention further provides a machine-readable storage medium, where the machine-readable storage medium has instructions stored thereon, and the instructions cause a machine to execute the method for memory protection based on RISC-V processor according to steps S110 to S230.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional identical elements in the process, method, article, or apparatus comprising the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (12)

1. A memory protection method based on RISC-V processor is characterized in that the memory protection method based on RISC-V processor comprises the following steps:
in the application installation stage, dynamically allocating the storage position of a corresponding application file in a system storage area and the size of a storage space, wherein the storage space comprises an application program storage operation space and an application data storage space;
in the application running stage, creating a corresponding lightweight process, wherein a data structure of the lightweight process comprises PMP protection parameters;
reading PMP protection information in the application file, and setting PMP protection parameters through the PMP protection information;
and running the lightweight process to protect the memory through the PMP protection parameter.
2. The RISC-V processor based memory protection method of claim 1, wherein before said dynamically allocating the storage location and the size of the storage space of the corresponding application file, said RISC-V processor based memory protection method further comprises:
acquiring an application installation command, wherein the application installation command comprises the position information of the application file;
acquiring the application file and the size information according to the position information;
checking header file information of the application file to determine that the file type and the file data of the application file are correct;
and creating a file system information header in the system storage area, wherein the file system information header indicates the storage position and the size of the storage space for dynamically allocating the application file.
3. The RISC-V processor-based memory protection method of claim 1, wherein the PMP protection parameters include a program protection parameter and a data protection parameter,
the program protection parameter indicates a position which needs to be protected and a corresponding authority in the application program storage operation space, and the data protection parameter indicates a position which needs to be protected and a corresponding authority in the data storage space.
4. The RISC-V processor-based memory protection method of claim 3, wherein the PMP protection information includes program protection information and data protection information, and the reading of the PMP protection information in the application file and the setting of the PMP protection parameter via the PMP protection information comprises:
reading the program protection information and the data protection information in the application file, wherein the program protection information comprises a program protection entry address and a program protection length, and the data protection information comprises a data protection length;
setting the program protection parameter through the program protection entry address and the program protection length;
and allocating a data protection starting address of the data protection parameter, and setting the data protection parameter according to the data protection starting address and the data protection length.
5. A RISC-V processor based memory protection method according to claim 1, wherein said lightweight process data structure further comprises at least one of process unique identification, in-process thread information, currently running thread information, soft interrupt information.
6. A RISC-V processor based memory protection method according to claim 1, wherein said RISC-V processor based memory protection method further comprises:
when a first application is switched to a second application, pausing the operation of a first lightweight process corresponding to the first application, and storing the operation state information and the operation environment information of the first lightweight process;
acquiring a second lightweight process corresponding to the second application, and stored running state information and running environment information of the second lightweight process;
and running the second lightweight process according to the stored running state information and running environment information of the second lightweight process, and enabling the PMP protection parameter of the second lightweight process so as to protect the memory through the PMP protection parameter of the second lightweight process.
7. A RISC-V processor based memory protection method according to claim 6, wherein the running state information and running context information of said first lightweight process are saved by a task stack.
8. A RISC-V processor based memory protection method according to claim 1, wherein said RISC-V processor based memory protection method further comprises:
and in the application running stage, reading the shared PMP protection information in the application file, establishing a shared memory protection area, and setting a shared PMP protection parameter through the shared PMP protection information, wherein the shared PMP protection parameter comprises a shared program protection parameter and a shared data protection parameter.
9. A RISC-V processor based memory protection method according to claim 8, wherein when switching from a first application to a second application, said second application needs to apply for said shared memory protection region of said first application, said RISC-V processor based memory protection method further comprises:
acquiring the storage position and the authority of the shared program protection parameter of the shared memory protection area;
acquiring the storage position and the authority of the shared data protection parameter of the shared memory protection area;
and protecting the shared memory protection area through the shared PMP protection parameter of the first application.
10. A RISC-V processor based memory protection method according to claim 8 or 9, wherein the shared PMP protection parameter of the first application is cleared when all applications applying for the shared memory protection region of the first application are closed.
11. A control device, characterized in that the control device comprises: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the computer program to implement the RISC-V processor based memory protection method according to any of claims 1-10.
12. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the RISC-V processor based memory protection method according to any one of claims 1-10.
CN202211065185.5A 2022-09-01 2022-09-01 Memory protection method, control device and storage medium based on RISC-V processor Pending CN115510423A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211065185.5A CN115510423A (en) 2022-09-01 2022-09-01 Memory protection method, control device and storage medium based on RISC-V processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211065185.5A CN115510423A (en) 2022-09-01 2022-09-01 Memory protection method, control device and storage medium based on RISC-V processor

Publications (1)

Publication Number Publication Date
CN115510423A true CN115510423A (en) 2022-12-23

Family

ID=84502511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211065185.5A Pending CN115510423A (en) 2022-09-01 2022-09-01 Memory protection method, control device and storage medium based on RISC-V processor

Country Status (1)

Country Link
CN (1) CN115510423A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116700833A (en) * 2023-07-27 2023-09-05 北京智芯微电子科技有限公司 Method and device for downloading after application, system on chip, terminal and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116700833A (en) * 2023-07-27 2023-09-05 北京智芯微电子科技有限公司 Method and device for downloading after application, system on chip, terminal and storage medium
CN116700833B (en) * 2023-07-27 2023-11-28 北京智芯微电子科技有限公司 Method and device for downloading after application, system on chip, terminal and storage medium

Similar Documents

Publication Publication Date Title
KR101863174B1 (en) Memory introspection engine for integrity protection of virtual machines
US10157268B2 (en) Return flow guard using control stack identified by processor register
EP3035192B1 (en) Method and device for hardware resource access
US7865683B2 (en) Identifier associated with memory locations for managing memory accesses
US20180004555A1 (en) Provisioning executable managed objects of a virtualized computing environment from non-executable managed objects
US10860393B2 (en) Tracking driver load and unload on windows OS
CN115510423A (en) Memory protection method, control device and storage medium based on RISC-V processor
US20240095174A1 (en) Method for detecting error of operating system kernel memory in real time
CN107851032B (en) Computing device, system and method for executing services in containers
JP2009009232A (en) Computer, kernel protection method, and computer software
CN112219202A (en) Memory allocation for guest operating systems
CN113449292B (en) Running method, device and equipment of trusted application
JP2015001757A (en) Computer system and start method
US11789621B2 (en) Method and system for controlling a switch in the execution mode of a processor
CN113569231B (en) Multiprocess MPU protection method and device and electronic equipment
EP3502887B1 (en) Interrupt handling for multiple virtual machines
WO2020029995A1 (en) Application upgrading through sharing dependencies
US11216372B2 (en) Execution manager for binary objects operating across private address spaces
US11150887B2 (en) Secure code patching
CN115794325A (en) Cross-module function scheduling method and device
KR101989593B1 (en) Device and method for transmission of identification information
CN116880912A (en) Data processing method and device, data loading method and boot firmware
CN115016948A (en) Resource access method and device, electronic equipment and readable storage medium
CN116594774A (en) IP fixing method, device, equipment and medium for container management system
CN117667426A (en) User thread stack protection method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination