CN116541315A - Page table protection method, device, equipment and medium for virtual machine monitor - Google Patents

Page table protection method, device, equipment and medium for virtual machine monitor Download PDF

Info

Publication number
CN116541315A
CN116541315A CN202310521900.XA CN202310521900A CN116541315A CN 116541315 A CN116541315 A CN 116541315A CN 202310521900 A CN202310521900 A CN 202310521900A CN 116541315 A CN116541315 A CN 116541315A
Authority
CN
China
Prior art keywords
virtual machine
page table
machine monitor
read
memory pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310521900.XA
Other languages
Chinese (zh)
Inventor
杨佳
耿东久
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zebred Network Technology Co Ltd
Original Assignee
Zebred Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zebred Network Technology Co Ltd filed Critical Zebred Network Technology Co Ltd
Priority to CN202310521900.XA priority Critical patent/CN116541315A/en
Publication of CN116541315A publication Critical patent/CN116541315A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The application provides a page table protection method, device, equipment and medium for a virtual machine monitor. In the method, after the virtual machine monitor page table and the virtual machine page table are generated, each virtual machine page table and each virtual machine monitor page table are stored into a corresponding target memory pool, and then the read-write state of each target memory pool is set to be read-only. According to the scheme, the page table and the storage are stored in the corresponding target memory pools, and each target memory pool is set to be in a read-only state, so that the page table cannot be modified; in addition, because the page table mapped to the address of the memory where each virtual machine page table and each virtual machine monitor page table are located is also in the target memory pool, the page table cannot be repaired to realize the modification of the read-write state of the memory pool, and the security of the page table is further improved.

Description

Page table protection method, device, equipment and medium for virtual machine monitor
Technical Field
The application relates to the technical field of intelligent automobile operating systems, in particular to a page table protection method, device, equipment and medium of a virtual machine monitor.
Background
With the development of technology, users may use multiple virtual machines to run multiple different operating systems on a hardware platform to avoid possible damage to the host computing environment. The virtual machine monitor may run on top of the physical hardware, providing virtual hardware resources for different virtual machines. When a virtual machine accesses physical memory using a virtual address, a page table is required to be used for conversion between the virtual address and the physical address, and the page table is stored in a memory space corresponding to a monitor of the virtual machine.
In the prior art, a memory space corresponding to a virtual machine monitor not only comprises a page table required by a virtual machine to access a memory, but also comprises a page table required by the virtual machine to access the memory. During the running process of the virtual machine, the page table may be modified due to errors such as out-of-range array. In addition, lawless persons can modify the page table to destroy the page table. When the page table is modified, the virtual machine is caused to run in error, and then the equipment running the virtual machine is caused to fail.
In summary, the existing page table will not be protected after being established, resulting in lower security of the virtual machine, so there is a need for a page table protection method for a virtual machine monitor to protect the page table.
Disclosure of Invention
The embodiment of the application provides a page table protection method, device, equipment and medium for a virtual machine monitor, which are used for solving the problem that the security of a virtual machine is lower because the existing page table cannot be protected after being established.
In a first aspect, an embodiment of the present application provides a method for protecting a page table of a virtual machine monitor, where the method includes:
when a virtual machine monitor is started, generating a virtual machine monitor page table and at least one virtual machine page table, and determining a use object identifier corresponding to each virtual machine page table and the virtual machine monitor page table;
storing each virtual machine page table and the virtual machine monitor page table into a corresponding target memory pool according to the corresponding relation between the use object identifier and the memory pool, wherein each target memory pool belongs to the memory space of the virtual machine monitor;
and setting the read-write state of each target memory pool as read-only.
In a specific embodiment, the setting the read-write state of each target memory pool to be read-only includes:
for each virtual machine page table in turn, before a virtual machine corresponding to the virtual machine page table is started, setting read-write states of a target memory pool corresponding to the virtual machine page table to be read-only;
after the read-write states of the target memory pools corresponding to all the virtual machine page tables are set to be read-only, and before the virtual machine corresponding to the last virtual machine page table is started, the read-write states of the target memory pools corresponding to the virtual machine monitor page tables are set to be read-only.
In one embodiment, the method further comprises:
before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, determining the memory pools except all the target memory pools in the memory space of the virtual machine monitor as memory pools to be selected;
selecting a temporary memory pool from the memory pools to be selected;
and setting a physical address in a temporary page table item preset in the page table of the virtual machine monitor as the physical address of the temporary memory pool.
In one embodiment, the method further comprises:
acquiring a new temporary page table request, wherein the new temporary page table request comprises a target physical address;
and if the target physical address is the physical address of the memory where the virtual machine monitor page table is located, discarding the newly built temporary page table request.
In one embodiment, the method further comprises:
and if the target physical address is not the physical address of the memory where the virtual machine monitor page table is located, generating a temporary page table in the temporary memory pool according to the target physical address.
In one embodiment, the method further comprises:
and deleting the temporary page table after the temporary page table is used.
In a second aspect, an embodiment of the present application provides a page table protection device for a virtual machine monitor, including:
the generating module is used for generating a virtual machine monitor page table and at least one virtual machine page table when the virtual machine monitor is started, and determining the use object identifier corresponding to each virtual machine page table and the virtual machine monitor page table;
the storage module is used for storing each virtual machine page table and the virtual machine monitor page table into a corresponding target memory pool according to the corresponding relation between the use object identifier and the memory pool, and each target memory pool belongs to the memory space of the virtual machine monitor;
and the processing module is used for setting the read-write state of each target memory pool to be read-only.
In a third aspect, an embodiment of the present application provides an electronic device, including:
a processor, a memory, a communication interface;
the memory is used for storing executable instructions of the processor;
wherein the processor is configured to perform the page table protection method of the virtual machine monitor of any of the first aspects via execution of the executable instructions.
In a fourth aspect, embodiments of the present application provide a readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method for protecting a page table of a virtual machine monitor according to any one of the first aspects.
In a fifth aspect, embodiments of the present application provide a computer program product comprising a computer program for implementing the page table protection method of the virtual machine monitor of any one of the first aspects when the computer program is executed by a processor.
According to the page table protection method, device, equipment and medium for the virtual machine monitor, after the virtual machine monitor page table and the virtual machine page table are generated, each virtual machine page table and each virtual machine monitor page table are stored into the corresponding target memory pool, and then the read-write state of each target memory pool is set to be read-only. According to the scheme, the page table and the storage are stored in the corresponding target memory pools, and each target memory pool is set to be in a read-only state, so that the page table cannot be modified; in addition, because the page table mapped to the address of the memory where each virtual machine page table and each virtual machine monitor page table are located is also in the target memory pool, the page table cannot be repaired to realize the modification of the read-write state of the memory pool, and the security of the page table is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, a brief description will be given below of the drawings that are needed in the embodiments or the prior art descriptions, it being obvious that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1a is a flowchart illustrating a first embodiment of a method for protecting a page table of a virtual machine monitor according to the present application;
FIG. 1b is a first diagram of a memory space of a virtual machine monitor according to the present application;
FIG. 1c is a schematic diagram of a virtual machine monitor page table provided herein;
FIG. 2 is a flowchart illustrating a second embodiment of a page table protection method for a virtual machine monitor provided in the present application;
FIG. 3a is a flowchart illustrating a third embodiment of a page table protection method for a virtual machine monitor according to the present application;
FIG. 3b is a second schematic diagram of the memory space of the virtual machine monitor provided in the present application;
FIG. 4 is a schematic structural diagram of an embodiment of a page table protection device for a virtual machine monitor according to the present application;
fig. 5 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which a person of ordinary skill in the art would have, based on the embodiments in this application, come within the scope of protection of this application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Along with the development of science and technology, the virtualization technology is more mature, a plurality of virtual machines can be operated on one device, the plurality of virtual machines are not mutually influenced, and hardware resources are greatly saved. In order to enable a plurality of virtual machines to normally run on one device, a virtual machine monitor is inexorable, runs on physical hardware, and provides virtual hardware resources for different virtual machines.
In order for multiple virtual machines to not affect each other, it is necessary to allocate separate memory space for the virtual machine monitor and each virtual machine in the memory of the device, and the relevant parameters and code they run are stored in their corresponding memory space. When the virtual machine monitor or the virtual machine needs to access the memory, a page table is needed to be used together with a memory management unit (Memory Management Unit, abbreviated as MMU) to translate between the virtual address and the physical address, and the page tables are stored in the memory space of the virtual machine monitor. These page tables are stage2 page tables.
During the running process of the virtual machine, the page table may be modified due to errors such as out-of-range array. In addition, lawless persons can modify or delete the page table, so that the page table is damaged. When the page table is modified, the virtual machine is caused to run in error, and then the equipment running the virtual machine is caused to fail. There is a need for a page table protection method for a virtual machine monitor that protects a page table.
In order to solve the problems in the prior art, the inventor finds that the safety of the page table can be ensured as long as the page table cannot be modified or deleted in the process of researching the page table protection method of the virtual machine monitor, so that the page table can be prevented from being modified or deleted by setting the page table to be read-only. After generating a virtual machine monitor page table and at least one virtual machine page table, each virtual machine page table and virtual machine monitor page table are stored in a corresponding target memory pool, and then the read-write state of each target memory pool is set to be read-only, and the page table is read-only because the page table is in the target memory pool. In addition, the page table mapped to the address of the memory where each virtual machine page table and each virtual machine monitor page table are located is a virtual machine monitor page table, so that the page table is also in the target memory pool, and therefore the read-write state of the target memory pool cannot be changed by modifying the page table item parameters of the page table, and the security of the page table is further improved. Based on the inventive concept, a page table protection scheme of the virtual machine monitor is designed.
Exemplary, the following describes an application scenario of the page table protection method of the virtual machine monitor provided in the present application.
In this application scenario, each hardware resource of the vehicle may be virtualized in the vehicle through the virtual machine monitor, and virtual hardware is provided for a virtual machine running in the vehicle, so that automatic driving of the vehicle may be achieved.
And in the memory of the vehicle, memory space is allocated for each virtual machine and each virtual machine monitor, so that independent operation of the virtual machines is ensured. At the start-up of the virtual machine monitor, a virtual machine monitor page table and at least one virtual machine page table are generated. Each virtual machine corresponds to a virtual machine page table; the physical address mapped by the virtual machine monitor page table is the physical address of the memory space of the virtual machine monitor.
And storing each virtual machine page table and each virtual machine monitor page table into a corresponding target memory pool, wherein each target memory pool belongs to the memory space of the virtual machine monitor.
And finally, setting the read-write state of each target memory pool to be read-only. Since the page table is in the target memory pool, the page table is also read-only. In addition, the page table mapped to the address of the memory where each virtual machine page table and each virtual machine monitor page table are located is a virtual machine monitor page table, so that the page table is also in the target memory pool, and therefore the read-write state of the target memory pool cannot be changed by modifying the page table item parameters of the page table, and the security of the page table is further improved. Therefore, the normal operation and the automatic driving safety of the virtual machine are ensured.
It should be noted that the above scenario is only an example of an application scenario provided by the embodiment of the present application, and the embodiment of the present application does not limit the actual forms of various devices included in the scenario, and does not limit the interaction manner between the devices, and in a specific application of the scheme, the application may be set according to actual requirements.
The following describes the technical scheme of the present application in detail through specific embodiments. It should be noted that the following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 1a is a flowchart of a first embodiment of a page table protection method for a virtual machine monitor provided in the present application, where the embodiment of the present application describes a case where after a virtual machine monitor generates a virtual machine monitor page table and a virtual machine page table, the page table is stored in a corresponding target memory pool, and then a read-write state of the target memory pool is set to be read-only. The method in this embodiment may be implemented by software, hardware, or a combination of software and hardware. As shown in fig. 1a, the page table protection method of the virtual machine monitor specifically includes the following steps:
s101: when the virtual machine monitor is started, a virtual machine monitor page table and at least one virtual machine page table are generated, and the use object identification corresponding to each virtual machine page table and each virtual machine monitor page table is determined.
In this step, after the device running the virtual machine monitor is powered on, the virtual machine monitor may be started, and in order to ensure normal running of the virtual machine, it is necessary to generate a virtual machine monitor page table and at least one virtual machine page table, and determine a usage object identifier corresponding to each virtual machine page table and the virtual machine monitor page table.
The number of the virtual machine page tables is the same as that of the virtual machines, and each virtual machine page table corresponds to one virtual machine. The usage object identification of the virtual machine page table is used for representing the virtual machine corresponding to the virtual machine page table. The usage object identification of the virtual machine monitor page table is used to represent the virtual machine monitor.
The physical address mapped by the virtual machine monitor page table is the physical address of the memory space of the virtual machine monitor. The physical address mapped by the virtual machine page table is the physical address of the memory space of the virtual machine.
S102: and storing each virtual machine page table and each virtual machine monitor page table into a corresponding target memory pool according to the corresponding relation between the use object identification and the memory pool.
In this step, after the virtual machine monitor generates the virtual machine monitor page table and the virtual machine page table, each virtual machine page table and each virtual machine monitor page table need to be stored in the corresponding target memory pool according to the correspondence between the object identifier and the memory pool. Each target memory pool belongs to the memory space of the virtual machine monitor.
It should be noted that, before the virtual machine monitor is started for the first time, a plurality of memory pools may be partitioned in the memory space of the virtual machine monitor, and the memory pools may be stored after setting a correspondence between the memory pools and the usage object identifiers.
Exemplary, fig. 1b is a schematic diagram illustrating a memory space of a virtual machine monitor provided in the present application. As shown in fig. 1b, the memory space of the virtual machine monitor includes 3 target memory pools corresponding to the virtual machines, which are respectively: the method comprises the steps of a target memory pool corresponding to a virtual machine A, a target memory pool corresponding to a virtual machine B and a target memory pool corresponding to a virtual machine C. The system also comprises a target memory pool corresponding to the virtual machine monitor, and other memory pools, code memory spaces and variable memory spaces. The code memory space is used for storing codes required by the operation of the virtual machine monitor, and the variable memory space is used for storing variables required by the operation of the virtual machine monitor.
It should be noted that, the above examples merely illustrate the memory space of the virtual machine monitor, and the embodiments of the present application do not limit the number of virtual machines, the number of memory pools, the size of the memory pools, and the like, and may be set according to practical situations.
S103: and setting the read-write state of each target memory pool to be read-only.
In this step, after each virtual machine page table and each virtual machine monitor page table are stored in the corresponding target memory pool, the read-write state of each target memory pool needs to be set to read-only in order to prevent the page table from being modified.
Specifically, for each virtual machine page table in turn, before the virtual machine corresponding to the virtual machine page table is started, setting the read-write state of the target memory pool corresponding to the virtual machine page table to be read-only;
because the virtual machine page table is stored in the target memory pool, the target memory pool belongs to the memory space of the virtual machine monitor, and the physical address mapped by the virtual machine monitor page table is the physical address of the memory space of the virtual machine, a page table item corresponding to the physical address of the target memory pool needs to be found in the virtual machine monitor page table, and then the read-write flag of the page table item is set to be a read-only corresponding value, so that the read-write state of the target memory pool can be set to be read-only, and the virtual machine page table is read-only.
Exemplary, fig. 1c is a schematic diagram of a page table of a virtual machine monitor provided in the present application, as shown in fig. 1c, a black block in the page table of the virtual machine monitor is a page table entry, a bar block pointed by the black block is a detailed structure of the page table entry, each cell in the page table entry represents a parameter, where the parameter of the shadow cell represents a read-write flag, and the read-write flag is set to a value corresponding to read only, so that the read-write state of the target memory pool is set to read only.
After the read-write state of the target memory pool corresponding to all the virtual machine page tables is read-only, and before the virtual machine corresponding to the last virtual machine page table is started, the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only.
Before the virtual machine is started, the page table of the monitor of the virtual machine may be modified, and then the read-write state of the target memory pool corresponding to the page table of the virtual machine is set to be read-only. If the read-write state of the target memory pool corresponding to the virtual machine page table is read-only before the read-write state of the target memory pool corresponding to the virtual machine page table is read-only, so that the virtual machine page table is read-only, and the read-write state of the target memory pool corresponding to the virtual machine page table is not read-only, and can not be read-only any more, and the virtual machine page table can not be modified, so that the read-write state of the target memory pool corresponding to the virtual machine page table is read-only after the read-write state of the target memory pool corresponding to the virtual machine page table is read-only.
In addition, since the virtual machine monitor loses control authority to the central processing unit (Central Processing Unit, abbreviated as CPU) after the virtual machine corresponding to the last virtual machine page table is started, the step of setting the read-write state of the target memory pool corresponding to the virtual machine monitor page table to read-only cannot be performed, and therefore the read-write state of the target memory pool corresponding to the virtual machine monitor page table needs to be set to read-only before the virtual machine corresponding to the last virtual machine page table is started. In summary, after the read-write state set in the target memory pool corresponding to all the virtual machine page tables is read-only, and before the virtual machine corresponding to the last virtual machine page table is started, the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only.
Because the virtual machine monitor page table is stored in the target memory pool, the target memory pool belongs to the memory space of the virtual machine monitor, and the physical address mapped by the virtual machine monitor page table is the physical address of the memory space of the virtual machine, the page table item corresponding to the physical address of the target memory pool needs to be found in the virtual machine monitor page table, and then the read-write flag of the page table item is set to be a read-only corresponding value, so that the read-write state of the target memory pool can be set to be read-only, and the virtual machine monitor page table is read-only.
When the virtual machine monitor page table is a multi-stage page table, the page table where the page table entry corresponding to the physical address of the target memory pool is located may be any one of the multi-stage page tables.
According to the page table protection method of the virtual machine monitor, after the virtual machine monitor page table and the virtual machine page table are generated, the virtual machine page table and the virtual machine monitor page table are stored into the target memory pools belonging to the memory space of the virtual machine monitor, and finally the read-write state of each target memory pool is set to be read-only, so that the page table is set to be read-only, direct modification of the page table is guaranteed, and the safety of the page table is guaranteed. In addition, because the page table mapped to the address of the memory where each virtual machine page table and the virtual machine monitor page table are located is the virtual machine monitor page table, the page table is also in the target memory pool, so the read-write state of the target memory pool can not be changed by modifying the page table item parameter of the page table, and the security of the page table is further improved. The running safety of the virtual machine is further improved, and the safety of equipment running the virtual machine is improved.
Fig. 2 is a schematic flow chart of a second embodiment of a page table protection method for a virtual machine monitor provided in the present application, where, on the basis of the foregoing embodiment, the embodiment of the present application describes a case where, in order to ensure that a temporary page table can be generated, before a read-write state of a target memory pool corresponding to the virtual machine monitor page table is set to be read-only, the virtual machine monitor page table is set. As shown in fig. 2, the page table protection method of the virtual machine monitor specifically includes the following steps:
s201: before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, determining the memory pools except all the target memory pools in the memory space of the virtual machine monitor as memory pools to be selected.
Since there is a need for the virtual machine to access the memory space of the virtual machine monitor, a need for the virtual machine monitor to access the memory space of the virtual machine, and a need for one virtual machine to access the memory space of another virtual machine during the operation of the virtual machine and the virtual machine monitor, a temporary page table needs to be generated, and the temporary page table also needs to be stored in the memory space of the virtual machine monitor, and since the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only, the virtual machine monitor page table cannot be modified, and therefore the virtual machine monitor page table needs to be set before the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only.
In this step, before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, the memory pools in the memory space of the virtual machine monitor except for all the target memory pools are determined as the memory pools to be selected.
S202: and selecting a temporary memory pool from the memory pools to be selected.
In this step, after the virtual machine monitor determines the memory pool to be selected, a temporary memory pool needs to be selected from the memory pools to be selected.
It should be noted that, the manner of selecting a temporary memory pool from the memory pools to be selected may be: randomly selecting a memory pool from memory pools to be selected as a temporary memory pool; it is also possible that: selecting a memory pool with the largest occupied space from memory pools to be selected as a temporary memory pool; it is also possible that: and selecting the memory pool with the last physical address from the memory pools to be selected as a temporary memory pool. The method for selecting one temporary memory pool from the memory pools to be selected is not limited, and the selection can be performed according to actual conditions.
S203: and setting a physical address in a temporary page table item preset in the page table of the virtual machine monitor as a physical address of a temporary memory pool.
In this step, after the virtual machine monitor determines the temporary memory pool, the physical address in the temporary page table entry preset in the virtual machine monitor page table is set as the physical address of the temporary memory pool. Temporary page tables may be generated in a temporary memory pool.
The preset temporary page table entry is different from the page table entry whose mapped physical address is the physical address of the memory where the virtual machine page table and the virtual machine monitor page table are located in the virtual machine monitor page table in position. The embodiment is not applied for limiting the position of the preset temporary page table item in the page table of the virtual machine monitor, and the preset temporary page table item can be set according to actual conditions.
When the virtual machine monitor page table is a multi-stage page table, the page table where the temporary page table entry is located may be any stage page table in the multi-stage page table.
According to the page table protection method of the virtual machine monitor, before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, a temporary memory pool is determined from the memory space of the virtual machine monitor; and setting the physical address in the temporary page table entry preset in the page table of the virtual machine monitor as the physical address of the temporary memory pool. The method and the device ensure that the temporary memory pool can be generated in the temporary memory pool when the temporary page table is required to be generated later, ensure the smooth generation of the temporary memory pool and ensure the normal operation of the virtual machine and the virtual machine monitor.
Fig. 3a is a schematic flow chart of a third embodiment of a page table protection method for a virtual machine monitor provided in the present application, where on the basis of the foregoing embodiment, the present application describes a case where after a virtual machine monitor obtains a new temporary page table request, it determines whether to discard the new temporary page table request or generate a temporary page table according to a target physical address in the new temporary page table request. As shown in fig. 3a, the page table protection method of the virtual machine monitor specifically includes the following steps:
s301: and acquiring a new temporary page table request.
In this step, because there are a need for the virtual machine to access the memory space of the virtual machine monitor, a need for the virtual machine monitor to access the memory space of the virtual machine, and a need for one virtual machine to access the memory space of another virtual machine during the operation of the virtual machine and the virtual machine monitor, these needs all need to generate temporary page tables, the virtual machine monitor will obtain a new temporary page table request, and the new temporary page table request includes the target physical address.
S302: judging whether the target physical address is the physical address of the memory where the virtual machine monitor page table is located; if the target physical address is the physical address of the memory where the virtual machine monitor page table is located, step S303 is executed; if the target physical address is not the physical address of the memory where the virtual machine monitor page table is located, step S304 is performed.
In this step, after the virtual machine monitor obtains the request of creating the temporary page table, in order to determine whether the request is a request sent by an lawless person who wants to modify the virtual machine monitor page table or a request normally generated during the operation of the virtual machine and the virtual machine monitor, it is necessary to determine whether the target physical address is a physical address of a memory where the virtual machine monitor page table is located; if the target physical address is the physical address of the memory where the virtual machine monitor page table is located, the request is a request sent by an lawless person who wants to modify the virtual machine monitor page table; if the target physical address is not the physical address of the memory where the virtual machine monitor page table is located, the request is a request normally generated in the running process of the virtual machine and the virtual machine monitor.
S303: the new temporary page table request is discarded.
In this step, since the target physical address is the physical address of the memory where the virtual machine monitor page table is located, if the temporary page table is generated according to the request, the virtual machine monitor page table can be made writable by modifying the page table entry of the temporary page table, and further the read-write state of the target memory pool can be modified, so that the virtual machine page table also becomes writable, and the security of the page table is affected, so that the request is a request sent by an lawless person who wants to modify the virtual machine monitor page table, and the newly created temporary page table request needs to be discarded.
S304: and generating a temporary page table in the temporary memory pool according to the target physical address.
In this step, since the target physical address is not the physical address of the memory where the page table of the virtual machine monitor is located, it is indicated that the request is a request normally generated during the operation of the virtual machine and the virtual machine monitor, and a temporary page table may be generated in the temporary memory pool according to the target physical address, where the physical address mapped by the temporary page table is the target physical address.
When the virtual machine monitor page table is a multi-stage page table, the page table where the temporary page table entry is located may be any stage page table in the multi-stage page table. The temporary page table may also be a multi-level page table. Fig. 3b is a schematic diagram of a memory space of a virtual machine monitor, where, as shown in fig. 3b, the memory space of the virtual machine monitor includes a target memory pool corresponding to the virtual machine monitor, target memory pools corresponding to four virtual machines, and a temporary memory pool. The target memory pools corresponding to the four virtual machines are respectively: the method comprises the steps of a target memory pool corresponding to a virtual machine A, a target memory pool corresponding to a virtual machine B, a target memory pool corresponding to a virtual machine C and a target memory pool corresponding to a virtual machine D. The black blocks in the figure represent page table entries. The method comprises the steps that a virtual machine monitor page table in a target memory pool corresponding to a virtual machine monitor is a four-stage page table, wherein the physical address of one page table item in a first-stage page table is the physical address of the target memory pool corresponding to a virtual machine A, the physical address of one page table item in a second-stage page table is the physical address of the target memory pool corresponding to a virtual machine B, the physical address of one page table item in a third-stage page table is the physical address of the target memory pool corresponding to a virtual machine C, and the physical address of one page table item in the four-stage page table is the physical address of the target memory pool corresponding to a virtual machine D; the physical address of another page table entry in the primary page table is the physical address of the temporary memory pool. The temporary page tables in the temporary memory pool are also four-level page tables.
It should be noted that, when the virtual machine monitor monitors that the temporary page table is used, the temporary page table is deleted to prevent the lawless persons from modifying the temporary page table.
According to the page table protection method of the virtual machine monitor, after the virtual machine monitor acquires a new temporary page table request, if the target physical address is the physical address of the memory where the virtual machine monitor page table is located, the request is a request sent by an illegal person who wants to modify the virtual machine monitor page table, the request is discarded, and the security of the page table is improved; if the target physical address is not the physical address of the memory where the page table of the virtual machine monitor is located, the request is a request normally generated in the operation process of the virtual machine and the virtual machine monitor, and the temporary page table is generated in the temporary memory pool, so that the normal operation of the virtual machine and the virtual machine monitor is ensured, the page table is deleted after being used, and the safety of the page table is improved.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
Fig. 4 is a schematic structural diagram of an embodiment of a page table protection device for a virtual machine monitor provided in the present application. As shown in fig. 4, the page table protecting apparatus 40 of the virtual machine monitor includes:
the generating module 41 is configured to generate a virtual machine monitor page table and at least one virtual machine page table when the virtual machine monitor is started, and determine a usage object identifier corresponding to each virtual machine page table and the virtual machine monitor page table;
the storage module 42 is configured to store each virtual machine page table and the virtual machine monitor page table into a corresponding target memory pool according to a correspondence between the usage object identifier and the memory pool, where each target memory pool belongs to a memory space of the virtual machine monitor;
the processing module 43 is configured to set the read-write status of each target memory pool to read-only.
Further, the processing module 43 is specifically configured to:
for each virtual machine page table in turn, before a virtual machine corresponding to the virtual machine page table is started, setting read-write states of a target memory pool corresponding to the virtual machine page table to be read-only;
after the read-write state of the target memory pool corresponding to all the virtual machine page tables is read-only, and before the virtual machine corresponding to the last virtual machine page table is started, the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only.
Further, the processing module 43 is further configured to:
before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, determining the memory pools except all the target memory pools in the memory space of the virtual machine monitor as memory pools to be selected;
selecting a temporary memory pool from the memory pools to be selected;
and setting a physical address in a temporary page table item preset in the page table of the virtual machine monitor as the physical address of the temporary memory pool.
An obtaining module 44, configured to obtain a new temporary page table request, where the new temporary page table request includes a target physical address;
further, the processing module 43 is further configured to discard the new temporary page table request if the target physical address is a physical address of a memory where the virtual machine monitor page table is located.
Further, the generating module 41 is further configured to generate a temporary page table in the temporary memory pool according to the target physical address if the target physical address is not the physical address of the memory where the virtual machine monitor page table is located.
Further, the processing module 43 is further configured to delete the temporary page table after detecting that the temporary page table is used.
The page table protection device of the virtual machine monitor provided in this embodiment is configured to execute the technical scheme in any one of the foregoing method embodiments, and its implementation principle and technical effect are similar, and are not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device provided in the present application. As shown in fig. 5, the electronic device 50 includes:
a processor 51, a memory 52, and a communication interface 53;
the memory 52 is configured to store executable instructions of the processor 51;
wherein the processor 51 is configured to perform the technical solution of any of the method embodiments described above via execution of the executable instructions.
Alternatively, the memory 52 may be separate or integrated with the processor 51.
Optionally, when the memory 52 is a device separate from the processor 51, the electronic device 50 may further include:
bus 54, memory 52 and communication interface 53 are coupled to processor 51 via bus 54 and communicate with each other, and communication interface 53 is used to communicate with other devices.
Alternatively, the communication interface 53 may be implemented specifically by a transceiver. The communication interface is used to enable communication between the database access apparatus and other devices (e.g., clients, read-write libraries, and read-only libraries). The memory may comprise random access memory (random access memory, RAM) and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Bus 54 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The processor may be a general-purpose processor, including a Central Processing Unit (CPU), a network processor (network processor, NP), etc.; but may also be a digital signal processor DSP, an application specific integrated circuit ASIC, a field programmable gate array FPGA or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component.
The electronic device is configured to execute the technical scheme in any of the foregoing method embodiments, and its implementation principle and technical effects are similar, and are not described herein again.
The embodiment of the application also provides a readable storage medium, on which a computer program is stored, which when executed by a processor implements the technical solution provided by any of the foregoing method embodiments.
The embodiments of the present application also provide a computer program product, which includes a computer program, where the computer program is used to implement the technical solution provided by any of the foregoing method embodiments when executed by a processor.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features can be replaced equivalently; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A method for protecting a page table of a virtual machine monitor, the method comprising:
when a virtual machine monitor is started, generating a virtual machine monitor page table and at least one virtual machine page table, and determining a use object identifier corresponding to each virtual machine page table and the virtual machine monitor page table;
storing each virtual machine page table and the virtual machine monitor page table into a corresponding target memory pool according to the corresponding relation between the use object identifier and the memory pool, wherein each target memory pool belongs to the memory space of the virtual machine monitor;
and setting the read-write state of each target memory pool to be read-only.
2. The method of claim 1, wherein setting the read-write status of each target memory pool to read-only comprises:
for each virtual machine page table in turn, before a virtual machine corresponding to the virtual machine page table is started, setting read-write states of a target memory pool corresponding to the virtual machine page table to be read-only;
after the read-write state of the target memory pool corresponding to all the virtual machine page tables is read-only, and before the virtual machine corresponding to the last virtual machine page table is started, the read-write state of the target memory pool corresponding to the virtual machine monitor page table is set to be read-only.
3. The method according to claim 1, wherein the method further comprises:
before the read-write state of the target memory pool corresponding to the page table of the virtual machine monitor is set to be read-only, determining the memory pools except all the target memory pools in the memory space of the virtual machine monitor as memory pools to be selected;
selecting a temporary memory pool from the memory pools to be selected;
and setting a physical address in a temporary page table item preset in the page table of the virtual machine monitor as the physical address of the temporary memory pool.
4. A method according to claim 3, characterized in that the method further comprises:
acquiring a new temporary page table request, wherein the new temporary page table request comprises a target physical address;
and if the target physical address is the physical address of the memory where the virtual machine monitor page table is located, discarding the newly built temporary page table request.
5. The method according to claim 4, wherein the method further comprises:
and if the target physical address is not the physical address of the memory where the virtual machine monitor page table is located, generating a temporary page table in the temporary memory pool according to the target physical address.
6. The method of claim 5, wherein the method further comprises:
and deleting the temporary page table after the temporary page table is used.
7. A page table protection device for a virtual machine monitor, comprising:
the generating module is used for generating a virtual machine monitor page table and at least one virtual machine page table when the virtual machine monitor is started, and determining the use object identifier corresponding to each virtual machine page table and the virtual machine monitor page table;
the storage module is used for storing each virtual machine page table and the virtual machine monitor page table into a corresponding target memory pool according to the corresponding relation between the use object identifier and the memory pool, and each target memory pool belongs to the memory space of the virtual machine monitor;
and the processing module is used for setting the read-write state of each target memory pool to be read-only.
8. An electronic device, comprising:
a processor, a memory, a communication interface;
the memory is used for storing executable instructions of the processor;
wherein the processor is configured to perform the page table protection method of the virtual machine monitor of any one of claims 1 to 6 via execution of the executable instructions.
9. A readable storage medium having stored thereon a computer program, which when executed by a processor implements the page table protection method of a virtual machine monitor according to any of claims 1 to 6.
10. A computer program product comprising a computer program for implementing the page table protection method of a virtual machine monitor as claimed in any one of claims 1 to 6 when executed by a processor.
CN202310521900.XA 2023-05-09 2023-05-09 Page table protection method, device, equipment and medium for virtual machine monitor Pending CN116541315A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310521900.XA CN116541315A (en) 2023-05-09 2023-05-09 Page table protection method, device, equipment and medium for virtual machine monitor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310521900.XA CN116541315A (en) 2023-05-09 2023-05-09 Page table protection method, device, equipment and medium for virtual machine monitor

Publications (1)

Publication Number Publication Date
CN116541315A true CN116541315A (en) 2023-08-04

Family

ID=87448445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310521900.XA Pending CN116541315A (en) 2023-05-09 2023-05-09 Page table protection method, device, equipment and medium for virtual machine monitor

Country Status (1)

Country Link
CN (1) CN116541315A (en)

Similar Documents

Publication Publication Date Title
CN105431858B (en) Secure privilege grade executes and accesses protection
CN107832062B (en) Program updating method and terminal equipment
US20080301389A1 (en) Memory-protection method and apparatus
CN104969232A (en) Managing device driver cross ring accesses
CN114327917A (en) Memory management method, computing device and readable storage medium
CN107871077B (en) Capability management method and device for system service and capability management method and device
CN111177703B (en) Method and device for determining data integrity of operating system
CN110333944B (en) Ticket data service processing method and equipment
JP7411902B1 (en) Information processing device, control method and program for information processing device
CN111382429A (en) Instruction execution method, instruction execution device and storage medium
CN104298922A (en) Method and device of stopping vulnerability exploiting
CN110535724B (en) Application program network read-write limiting method and device, electronic equipment and storage medium
CN111046377B (en) Method and device for loading dynamic link library, electronic equipment and storage medium
JPH0133857B2 (en)
CN116541315A (en) Page table protection method, device, equipment and medium for virtual machine monitor
CN115422554A (en) Request processing method, compiling method and trusted computing system
CN105138378A (en) BIOS flash method and electronic device
CN114741740A (en) Physical memory protection method, system and related equipment based on RISC-V
CN114047954A (en) Data processing method and device based on register
CN109725856B (en) Shared node management method and device, electronic equipment and storage medium
CN114357399A (en) Memory access authority control method and device based on memory
CN113918371A (en) Memory processing method and device
CN113961302A (en) Resource allocation method, device, electronic equipment and storage medium
CN108459899B (en) Information protection method and device
CN111491040A (en) IP distribution method and IP distribution device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination