CN116662984A - Memory isolation device and multi-core computing system based on same - Google Patents
Memory isolation device and multi-core computing system based on same Download PDFInfo
- Publication number
- CN116662984A CN116662984A CN202310443923.3A CN202310443923A CN116662984A CN 116662984 A CN116662984 A CN 116662984A CN 202310443923 A CN202310443923 A CN 202310443923A CN 116662984 A CN116662984 A CN 116662984A
- Authority
- CN
- China
- Prior art keywords
- memory
- address
- signal
- controller
- isolated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000015654 memory Effects 0.000 title claims abstract description 238
- 238000002955 isolation Methods 0.000 title claims abstract description 131
- 239000011159 matrix material Substances 0.000 claims abstract description 34
- 230000003068 static effect Effects 0.000 claims abstract description 28
- 238000001514 detection method Methods 0.000 claims description 27
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 230000002093 peripheral effect Effects 0.000 claims description 5
- 101100464782 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) CMP2 gene Proteins 0.000 claims description 3
- 101100464779 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) CNA1 gene Proteins 0.000 claims description 3
- 238000005498 polishing Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 3
- 238000012797 qualification Methods 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 9
- 230000010354 integration Effects 0.000 abstract description 5
- 230000001419 dependent effect Effects 0.000 abstract description 4
- 238000013461 design Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000005192 partition Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101100002079 Schizosaccharomyces pombe (strain 972 / ATCC 24843) arb2 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a memory isolation device and a multi-core computing system based on the memory isolation device, which belong to the technical field of network security, and the multi-core computing system based on the memory isolation device is arranged between a processor core CPU and a system memory and is used for detecting memory access transactions sent by the processor core CPU; the memory isolation device is externally connected with the processor core CPU, the memory controller DDR and the power-on configuration module POC. The memory isolation device comprises a controller, a matching matrix module and a static address list. The memory isolation device is simple in integration mode, and the original system architecture is not changed too much; the memory is partitioned and isolated by a simple and smart method, and the isolated area and the isolated enabling are controlled by hardware signals, so that the memory isolation is not affected by the loopholes of the processor system architecture and the operating system, and is not dependent on any trusted chain established by software.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a memory isolation device and a multi-core computing system based on the memory isolation device.
Background
In a multi-core computing system, when some processor cores need to protect their private data due to handling secure transactions, the memory data of those processor cores needs to be isolated in some way. The current general memory isolation method is mainly based on TrustZone technology of ARM company.
Trust zone technology divides hardware and software resources into two worlds, secure World and non-Secure World. Each physical processor core in a multi-core system is virtualized into one Secure core (Secure) that runs code of the Secure world and one Non-Secure core (Non-Secure) that runs code other than the Secure world. The two virtual cores run in a time slice-based manner, occupy physical cores in real time as required, and are dynamically configured by software under the control of an operating system to perform conversion between a secure world and an unsecure world through a Mode named Monitor Mode. The trust zone address space controller TZASC (TrustZone Address Space Controller) divides the memory into a plurality of regions, each of which may be configured as a secure or non-secure region separately and controls access to the memory region by the mode in which the processor core is located.
For multi-core systems, particularly heterogeneous multi-core systems, the general memory isolation method based on the TrustZone technology has the following problems:
1) Cannot be directly applied to heterogeneous multi-core systems: the secure world and the non-secure world of the trust zone technology are controlled by an operating system, and the trust zone technology cannot be applied because the architecture of each processor core in the heterogeneous multi-core system is different and a unified operating system cannot be operated.
2) Cannot be directly applied to non-ARM systems: the TrustZone address space controller TZASC is a bus component based on AMBA3 AXI, and a non-ARM system needs to modify the whole software and hardware system according to the principles of TrustZone and TZASC.
3) May be subject to attack due to vulnerabilities of the processor architecture and operating system: the secure world and the non-secure world of the trust zone technology share the same set of physical TLB and Cache, which may be due to the attack of the vulnerability of the processor architecture and the operating system, for example, the design defect of fusing the CPU out-of-order execution technology of the vulnerability utilization, and the memory isolation mechanism is destroyed, so that the malicious program can override to access the memory data of the operating system, and sensitive information is revealed.
4) Depending on the trusted chain established during start-up: because the conversion of the secure world and the non-secure world is dynamically controlled by software, the TrustZone technology depends on that the TrustZone technology is executed from the secure world at the beginning of system startup, and a trust chain is established by performing step-by-step verification from a bootloader to an OS, and any link in the trust chain is destroyed, so that the whole system is unsafe.
Therefore, the isolation device for the multi-core (including heterogeneous multi-core) system is developed, the memory isolation is realized under the condition that the overall software and hardware design of the system is not changed, the isolation device is not influenced by the loopholes of a processor system architecture and an operating system, and the isolation device is not dependent on any trusted chain established by software, so that the problem to be solved is urgent at present.
Disclosure of Invention
In view of this, the present invention provides a memory isolation device and a multi-core computing system based on the memory isolation device, which is oriented to a multi-core system, and can partition and isolate a memory by a simple method without changing the overall software and hardware design of the system, and control the isolated area and the isolated enable by hardware signals, so that the memory isolation is not affected by the vulnerability of the processor architecture and the operating system, and is not dependent on any trusted chain established by software.
In order to achieve the above purpose, the technical scheme of the invention is as follows: the memory isolation device is arranged between the processor core CPU and the system memory and is used for detecting memory access transactions sent by the processor core CPU; the memory isolation device is externally connected with the processor core CPU, the memory controller DDR and the power-on configuration module POC.
The memory isolation device comprises a controller, a matching matrix module and a static address list.
The controller receives the access transaction sent by the CPU, carries out internal routing on the accessed address signal A, sets the working mode by the power-on configuration module, acquires the matching detection result signal from the matching matrix module in the set working mode, judges that the address signal A is an isolated address, then Tranif1 does not send the address signal A to the memory controller DDR, and outputs an interrupt feedback to the CPU, so that the access transaction cannot be accessed because of the isolated address, and if the address signal A is not the isolated address, tranif1 sends the address signal A to the memory controller DDR.
The static address list is used for storing an address list of the isolated memory space, the static address list comprises a plurality of address segments, each address segment corresponds to the address space of different peripheral equipment, and each address segment is correspondingly accessed to an arbitration unit in the matching matrix.
And a plurality of groups of arbitration units for address matching detection are integrated in the matching matrix module, the arbitration units in the matching matrix receive an address signal A sent by the CPU and a memory isolation region configuration signal sent by the power-on configuration module POC, so that the matching detection of the address and the selection and detection of an address mark initiated by the power-on configuration module POC are completed, and a matching detection result signal is fed back to the controller for feeding back whether the address signal A is isolated or not.
Further, the controller internally integrates a transmission gate control unit Tranif1, a first matching feedback MUX1, an inverter INV, and an OR gate OR.
The processor core CPU sends out an address signal A of the memory access transaction, and the address signal A is received by the D input end of the transmission gate control unit Tranif 1; the CTL control end of Tranif1 is connected with the output of the OR gate; the output end of Tranif1 is connected with the DDR of the memory controller; the input of the OR gate comprises an isolating switch signal from a power-on configuration module POC and an inverted signal of a matching detection result signal from a matching matrix module; and if the isolating switch signal is 1, setting the working mode of the controller to be bypass mode, and if the isolating switch signal is 0, setting the working mode of the controller to be isolation working mode.
In bypass operation mode, tranif1 receives address signal a and directly transmits it to memory controller DDR.
In the isolated working mode, tranif1 receives the address signal A, combines the address signal A with the CTL control end signal, after logic judgment, judges that the address signal A is an isolated address, tranif1 does not send the address signal A to the memory controller DDR, and outputs an interrupt feedback to the CPU, so that the current memory transaction cannot be accessed due to the isolated address, and if the address signal A is not the isolated address, tranif1 sends the address signal A to the memory controller DDR.
The input of the first matching feedback device MUX1 is from the matching detection result signal of the matching matrix module, and the output of the first matching feedback device MUX1 is fed back to the processor core CPU for feeding back whether the address signal A is isolated.
Further, each arbitration unit is internally integrated with a first comparator CMP1, a second comparator CMP2 and a second matching feedback device MUX2;
the second matching feedback device MUX2 takes a memory isolation region configuration signal from the POC (power control) module and an address segment from the static address list as inputs respectively, and the output of the second matching feedback device MUX2 is connected to one input end of the second CMP (chemical mechanical polishing) and is used for feeding back an isolated address;
the two inputs of the first CMP are respectively an address signal A of a memory access transaction sent by the CPU and an address section in a static address list, the output of the first CMP judges whether the address signal A is in the address section, if so, the address signal A is output, otherwise, 0 is output; the output of the first CMP is connected to the other input end of the second CMP;
the second CMP judges whether the address signal A is isolated, if yes, a high-level signal is output, otherwise, the address signal A is directly output, the output of the second CMP is a matching detection result signal, the matching detection result signal is sent to the first matching feedback device MUX1 on one hand, and is sent to the INV inverter on the other hand, and the output of the INV inverter is connected with one input of the OR gate.
Further, the POC generates an isolation switch signal or a memory isolation region configuration signal after serial-to-parallel conversion of the level information acquired through the IO_PAD pin, and the isolation switch signal or the memory isolation region configuration signal is respectively sent to the controller and the matching matrix module and is used for setting the working mode of the controller and setting the isolation region.
Another embodiment of the invention also provides a baseMulti-core computing system in memory isolation device, the multi-core computing system includes a plurality of processor core CPUs 0 ~CPU n The system memory, the memory controller DDR, the power-on configuration module POC and the memory isolation device.
Multiple processor core CPU 0 ~CPU n The same or different architecture of (a); n is more than 2; the processor cores are divided into general cores that qualify for access to the entire space of the memory, and isolated cores.
The system memory provides an exclusive memory space and a shared memory space; the processor core accesses the system memory through the memory controller DDR.
The general core is directly connected with the DDR memory controller and is used for directly accessing all the system memories.
Each isolated core is connected to the memory controller DDR through a memory isolation device, and the exclusive memory space is used as an isolated memory space to construct a static address list in the corresponding memory isolation device, namely the static address list in the memory isolation device divides the exclusive memory space into different intervals according to addresses, namely address segments.
The power-on configuration module collects information sent by the external programmable device through pins to match and compare, and isolation of the exclusive space is completed.
The POC acquires information sent by an external programmable logic device through a pin to generate an isolating switch signal or a memory isolating region configuration signal, and the isolating switch signal or the memory isolating region configuration signal is respectively sent to the controller and the matching matrix module and is used for setting the working mode of the controller and setting an isolating region.
The beneficial effects are that:
1: the invention provides a memory isolation device, which has simple integration mode and does not need to change the original system architecture too much; the integrated position can be set between the system processor core and the memory, and no special requirement is imposed on the system processor core; the device partitions and isolates the memory by a simple and smart method, and controls the isolated area and the isolated enabling through hardware signals, so that the memory isolation is not affected by the loopholes of a processor system architecture and an operating system, and is not dependent on any trusted chain established by software. .
2: according to the multi-core computing system based on the memory isolation device, the memory isolation device is arranged between the processor core and the memory, and all memory access transactions sent by the processor core pass through the memory isolation device. When the system is powered on, the memory isolation device configures a memory isolation area according to the state of pull-up or pull-down of the resistor connected with the power-on configuration module. In the system operation, the memory isolation device detects whether the access address sent by the processor core is positioned in the isolation area in real time: directly and thoroughly transmitting the memory access transaction to the memory controller if the memory access transaction is not in the isolation area; otherwise, intercepting and discarding the current access transaction, initiating address decoding error feedback to the processor core, and simultaneously sending an address out-of-range access alarm interrupt to the interrupt controller.
Drawings
Fig. 1 is a block diagram of an advertisement of a memory isolation device according to the present invention.
Fig. 2 is a block diagram of the multi-core system poc+addelect+heterogeneous dual core (CPU 0/CPU 1) based on the addelect of the memory isolation device according to the present invention, where the addelect portion is a schematic diagram.
Fig. 3 is a schematic diagram of a memory space structure of a dual-core heterogeneous system according to an embodiment of the present invention.
Detailed Description
The invention will now be described in detail by way of example with reference to the accompanying drawings.
Example 1:
the invention provides a memory isolation device, which is arranged between a processor core CPU and a system memory and is used for detecting all memory access transactions sent by the processor core CPU; the memory isolation device is externally connected with the processor core CPU, the memory controller DDR and the power-on configuration module POC.
The memory isolation device comprises a controller, a matching matrix module and a static address list.
The controller receives the access transaction sent by the CPU, carries out internal routing on the accessed address signal A, sets the working mode by the power-on configuration module, acquires the matching detection result signal from the matching matrix module in the set working mode, judges that the address signal A is an isolated address, then Tranif1 does not send the address signal A to the memory controller DDR, and outputs an interrupt feedback to the CPU, so that the access transaction cannot be accessed because of the isolated address, and if the address signal A is not the isolated address, tranif1 sends the address signal A to the memory controller DDR.
In the embodiment of the invention, a transmission gate control unit Tranif1, a first matching feedback device MUX1, an inverter INV and an OR gate are integrated in the controller;
the processor core CPU sends out an address signal A of the memory access transaction, and the address signal A is received by the D input end of the transmission gate control unit Tranif 1; the CTL control end of Tranif1 is connected with the output of an OR gate (OR); the output end of Tranif1 is connected with the DDR of the memory controller; the input of the OR gate comprises an isolating switch signal from a power-on configuration module POC and an inverted signal of a matching detection result signal from a matching matrix module; and if the isolating switch signal is 1, setting the working mode of the controller to be bypass mode, and if the isolating switch signal is 0, setting the working mode of the controller to be isolation working mode.
In bypass operation mode, tranif1 receives address signal a and directly transmits it to memory controller DDR.
In the isolated working mode, tranif1 receives the address signal A, combines the address signal A with the CTL control end signal, after logic judgment, judges that the address signal A is an isolated address, tranif1 does not send the address signal A to the memory controller DDR, and outputs an interrupt feedback to the CPU, so that the current memory transaction cannot be accessed due to the isolated address, and if the address signal A is not the isolated address, tranif1 sends the address signal A to the memory controller DDR.
The input of the first matching feedback device MUX1 is from the matching detection result signal of the matching matrix module, and the output of the first matching feedback device MUX1 is fed back to the processor core CPU for feeding back whether the address signal A is isolated.
The static address list is used for storing an address list of the isolated memory space, the static address list comprises a plurality of address segments, each address segment corresponds to the address space of different peripheral equipment, and each address segment is correspondingly accessed to an arbitration unit in the matching matrix.
And a plurality of groups of arbitration units for address matching detection are integrated in the matching matrix module, the arbitration units in the matching matrix receive an address signal A sent by the CPU and a memory isolation region configuration signal sent by the power-on configuration module POC, so that the matching detection of the address and the selection and detection of an address mark initiated by the power-on configuration module POC are completed, and a matching detection result signal is fed back to the controller for feeding back whether the address signal A is isolated or not.
Each arbitration unit is internally integrated with a first comparator CMP1, a second comparator CMP2 and a second matching feedback device MUX2;
the second matching feedback device MUX2 takes a memory isolation region configuration signal from the POC (power control) module and an address segment from the static address list as inputs respectively, and the output of the second matching feedback device MUX2 is connected to one input end of the second CMP (chemical mechanical polishing) and is used for feeding back an isolated address;
the two inputs of the first CMP are respectively an address signal A of a memory access transaction sent by the CPU and an address section in a static address list, the output of the first CMP judges whether the address signal A is in the address section, if so, the address signal A is output, otherwise, 0 is output; the output of the first CMP is connected to the other input end of the second CMP;
the second CMP judges whether the address signal A is isolated, if yes, a high-level signal is output, otherwise, the address signal A is directly output, the output of the second CMP is a matching detection result signal, the matching detection result signal is sent to the first matching feedback device MUX1 on one hand, and is sent to the INV inverter on the other hand, and the output of the INV inverter is connected with one input of the OR gate.
And the power-on configuration module POC generates an isolating switch signal or a memory isolating region configuration signal after serial-to-parallel conversion of the level information acquired through the IO_PAD pin, and the isolating switch signal or the memory isolating region configuration signal is respectively sent to the controller and the matching matrix module and is used for setting the working mode of the controller and setting the isolating region.
The block diagram of the memory isolation device is shown in fig. 1, and the specific workflow is described as follows:
1) Configuration phase
After the system is powered on, a Controller (Controller) sends a memory isolation region configuration signal obtained from a power-on configuration module (POC) to arbitration units (such as Arb1, arb2 and the like) in a matching matrix (Match matrix), address matching and isolation address marking are carried out by the matching matrix (Match matrix), and the Controller (Controller) completes mode selection and feeds back transaction conditions (such as address decoding errors or transaction normal) to a CPU.
2) Isolation arbitration phase
The memory space addresses are marked in advance in different modes, local matching is performed quickly when the memory access transaction occurs, then the memory access transaction is determined to be sent out or the memory access (address decoding error) can not be fed back, wherein in order to match the AXI bus read-write channel, the read address and the write address are arbitrated separately, and the mark is not distinguished between the read address and the write address.
3) Address matching stage
After a processor Core (CPU) sends out a read-write access memory transaction (ADDR_CPU), the transaction passes through a Controller (Controller), if the current bypass mode is adopted, the transaction directly accesses the DDR memory, otherwise, the transaction is sent to a matching matrix (Match matrix) unit to be matched with the isolation address of the mark number, if the addresses are the same, the memory isolation area access is generated, a memory isolation module feeds back response decode error to the CPU, and if the addresses are not matched, the memory isolation module sends out an access DDR transaction to the DDR.
4) Out-of-range alarm stage
When isolation feedback occurs in the memory isolation unit in the memory transaction sent by the CPU, the memory isolation unit sends an interrupt request, and the memory isolation unit can be matched with the system interrupt design to feed back the address of the transaction to the software layer, which cannot be accessed due to isolation.
Example 2:
the invention also provides a multi-core computing system architecture based on the memory isolation device, wherein the multi-core computing system comprises a plurality of processor cores CPU 0 ~CPU n The system memory, the memory controller DDR, the power-on configuration module POC and the memory isolation device.
Multiple processor core CPU 0 ~CPU n The same or different architecture of (a); n is more than 2; the processor cores are divided into general cores that qualify for access to the entire space of the memory, and isolated cores.
The system memory provides an exclusive memory space and a shared memory space; the processor core accesses the system memory through the memory controller DDR.
The general core is directly connected with the DDR memory controller and is used for directly accessing all the system memories.
Each isolated core is connected to the memory controller DDR through a memory isolation device, and the exclusive memory space is used as an isolated memory space to construct a static address list in the corresponding memory isolation device, namely the static address list in the memory isolation device divides the exclusive memory space into different intervals according to addresses, namely address segments.
The power-on configuration module collects information sent by the external programmable device through pins to match and compare, and isolation of the exclusive space is completed.
The POC acquires information sent by an external programmable device through a pin to generate an isolating switch signal or a memory isolating region configuration signal, and the isolating switch signal or the memory isolating region configuration signal is respectively sent to the controller and the matching matrix module and is used for setting the working mode of the controller and setting an isolating region.
In multi-core (including heterogeneous multi-core) systems, partitioning and isolating operations are performed on memory in a specific area, involving functional module integration and processor architecture compatibility issues.
The invention (memory isolation device) is positioned between the system processor core and the memory, and for all transactions sent by the isolated processor core, the transaction sent by the processor core is processed in different ways (access is allowed or forbidden and out-of-range interrupt alarm is sent) according to different working modes or different isolation schemes of the device by the device through the invention before the memory is accessed.
Compared with the conventional general memory isolation technology TurstZone, the invention has the following advantages:
1) The memory isolation device is simple in integration mode, and the original system architecture is not changed too much; the integrated position is between the system processor core and the memory, and has no special requirement on the system processor core; the TrustZone technology is applied to a non-ARM system, the original software and hardware system is required to be modified, and the integration cost is high.
2) The invention realizes the initialization process of the running mode of the memory isolation module device by sampling the pin state during the power-on period of the system through the POC (power-on configuration module) functional module, the whole process is realized by using hardware IOPAD, the use of the IOPAD is saved in the SPOC mode, and the design difficulty of the IO_MUX is reduced; in this mode, the memory isolation module area is determined by serial data generated by an external programmable device (MCU/CPLD/FPGA, etc.). Compared with the TrustZone technology, the method increases the utilization rate of peripheral resources, reduces the design occupied area and reduces the system power consumption;
3) The introduction of peripheral hardware resources not only ensures that the configuration mode of the memory isolation function is concise and flexible, but also is not limited to software programs and system architecture, and does not depend on the process of establishing a trusted chain in TrustZone technology, thereby avoiding the possibility that malicious programs destroy a memory isolation mechanism and ensuring that the method has strong security.
Example 3:
the invention is suitable for a multi-core system, as shown in figure 2, the invention is applied to a heterogeneous dual-core system, a CPU0 and a CPU1 are processor cores with two different architectures, a DDR Controller is a memory Controller, and the memory isolation device is formed by the DDR Controller, ADETECT and POC.
CPU0 is a main processor core in the system, accesses the memory through ACCESS0, and after isolation arbitration and address matching of ADETECT through ACCESS1, CPU1 finally reaches DDR Controller or triggers an address isolation function, and ADETECT feeds back RESP_DEC_ERR to CPU1 in an interrupt mode;
the memory isolation device comprises an ADETECT module and a POC module, wherein the POC module acquires serial data and high and low levels output by an external programmable device through an IOPAD in the process of powering on the system, and transmits the working mode of the ADETECT and the memory isolation partition division rule to the ADETECT module after internal logic. The ADETECT module determines the Static ADDR List according to the level information acquired by the POC, then arbitrates and matches the address data in ACCESS1, and decides whether to isolate the address.
The POC module occupies 3 IOPAD, respectively: puUC2ADDR, CPU1 memory isolation; puSPOCEN, serial POC enabled; SPOCDAT, serial data input in serial POC mode.
The puUC2ADDR signal is an enabling bit of the memory isolation device for the memory isolation of the CPU1, when the level of the puUC2ADDR signal is low, the device is in bypass state, and the memory request of the CPU1 is transmitted to the DDR Controller by the device to directly access the memory; when the puUC2ADDR signal level is high, the memory isolation device is in a working mode, the access of the CPU1 to the DDR Controller is subjected to arbitration and address matching of the memory isolation device, and the access result of the CPU1 is related to an access address interval.
The puSPOCEN is a POC module working mode selection signal, when the puSPOCEN signal is at a high level, the POC works in a serial POC mode (namely an SPOC mode), and in the SPOC mode, when the memory isolation device is in a non-bypass state, the memory isolation rule is determined by serial data acquired by the SPOCDATA signal; when the puSPOCEN signal is at a low level, POC is operated in a parallel POC mode (i.e., a PPOC mode), in which the memory isolation rule is fixed to a specific area when the memory isolation device of the present invention is in a non-bypass state.
SPOCDAT is the serial data input signal in SPOC mode.
The ADETECT module is a core module of the memory isolation device, and determines a working mode according to the IOPAD level signal acquired by the POC module:
1) The bypass mode, in which ADETECT works, the access data sent by the CPU1 is transmitted to the DDR Controller without any processing;
2) In the working mode, ADETECT works in the mode, and can work in the SPOC mode or the PPOC mode according to the signal collected by the POC module puSPOCEN.
In the SPOC mode, the adeect converts serial data collected by the POC into 19bit parallel data and stores the 19bit parallel data in the spoc_cpu1_addr_reg, and the adeect divides 19 memory isolation spaces corresponding to each bit data in the spoc_cpu1_addr_reg, as shown in table 1:
table 1 isolated address
In the PPOC mode, the adeect isolation region is fixed to the address isolation regions of bit1 and bit2 in the above table, fixing the value of spoc_cpu1_addr_reg to 19' h6 is independent of the puspogen signal.
The following is illustrative in connection with fig. 2 and 3:
two processor cores CPU0 and CPU1 exist in the system at the same time, the architectures of the two processor cores are different, the CPU0 is a main processor core in the system, and the CPU1 is a secondary processor core. The system memory is divided into two parts: CPU0 shared space and CPU0/CPU1 shared space.
CPU0 and CPU1 access the memory address space of ADDR0/ADDR1/AADR2 at the same time, for CPU0, the system memory space is the address space that can be accessed, so connect with DDR Controller directly in the system, the above-mentioned three memory transactions can be sent to DDR Controller directly, finish the transaction finally; for the CPU1, a part of the memory space (CPU 0 exclusive space) is not accessible at any time, and all memory transactions of the CPU1 to the memory in the system structure first go through the memory isolation device of the present invention, and after the memory isolation device of the present invention performs arbitration and address comparison, the memory transaction is forwarded to the DDR Controller or an out-of-range interrupt is triggered, and the out-of-range address is returned to the CPU1, which will be described in detail later.
Let ADDR0 belong to CPU0 exclusive space, ADDR1/ADDR2 belong to two CPU shared spaces. When the three memory addresses sent by the CPU1 to the memory space pass through the memory isolation device of the present invention, the following three results occur according to the difference of the level signals collected by the puUC2ADDR, puSPOCEN, SPOCDAT during the power-up period of the POC module:
1) The puUC2ADDR signal is low level, the memory isolation device works in bypass mode, all memory access transactions initiated by the CPU1 on the memory are transmitted to the DDR Controller without any processing, and the level puSPOCEN, SPOCDAT signal does not influence the result at the moment;
2) The puUC2ADDR signal level is high, and the device works in the working mode. The puspogen signal is low and the POC module operates in the PPOC mode, where the spodat signal is not of interest.
The POC module transmits the operation mode signal to the adeect module, and the memory isolation interval of the adeect module is a fixed 64MB space [32'h7400_0000-32' h7800_0000 ] in the PPOC mode, see table 1.ADDR0/ADDR1/ADDR2 enters an ADETECT module, and when the ADDR0/ADDR1/ADDR2 enters the Arb module, the ADETECT module performs separate arbitration and matching according to a read-write channel, then performs address marking after comparing with a Static ADDR List (the value of the spoc_cpu1_addr_reg is (19' h 6) determined by the spoc_cpu1_addr_reg in the PPOC mode, and finally determines whether to transfer transaction information or perform isolation triggering feedback;
3) The puUC2ADDR signal level is high, and the memory isolation device works in a working mode. The puSPOCEN signal is high level, the POC module works in the SPOC mode, at the moment, after the level signal acquired by the SPOCDAT is subjected to serial-parallel operation by the POC module, the level signal is stored in the spoc_cpu1_addr_reg, the information is sent to the ADETECT module, and the ADETECT module completes initialization of the Static ADDR List according to the value of the spoc_cpu1_addr_reg, as shown in table 1.ADDR0/ADDR1/ADDR2 enters the ADETECT module, and when passing through the arb module, the read address and the write address are separately arbitrated according to the read-write channel, matched, compared with the Static ADDR List, the address mark is completed, and finally whether the transaction information is transferred or the isolation triggering feedback is carried out is determined. In fig. 2, ADDR0 is a space other than Static ADDR List, and the compare-after-ADETECT module returns the address information to CPU1 in the manner of resp_dec_err; ADDR1/ADDR2 is the space that Static ADDR List contains, ADETECT forwards the transaction to DDR Controller;
the memory isolation device of the invention isolates the memory space address by the memory access transaction of the CPU1 to the memory space according to different allocations of a developer to the memory space, and the specific isolation area change can be completed only by correspondingly changing external serial data according to the table 1 during the power-on period of the system, and can not be changed after the system is started.
In summary, the above embodiments are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. The memory isolation device is characterized by being arranged between the processor core CPU and the system memory and used for detecting memory access transactions sent by the processor core CPU; the external part of the memory isolation device is connected with the CPU, the DDR and the POC;
the memory isolation device comprises a controller, a matching matrix module and a static address list;
the controller receives an access transaction sent by a processor core CPU, carries out internal routing on an address signal A accessed by the processor core CPU, sets a working mode by a power-on configuration module, acquires a matching detection result signal from a matching matrix module in the set working mode, judges that the address signal A is an isolated address, then Tranif1 does not send the address signal A to a memory controller DDR, and outputs an interrupt feedback to the CPU, so that the access transaction cannot be accessed because of the isolated address, and if the address signal A is not the isolated address, then Tranif1 sends the address signal A to the memory controller DDR;
the static address list is used for storing an address list of the isolated memory space, the static address list comprises a plurality of address segments, each address segment corresponds to the address space of different peripheral equipment, and each address segment is correspondingly accessed to an arbitration unit in the matching matrix;
and a plurality of groups of arbitration units for address matching detection are integrated in the matching matrix module, the arbitration units in the matching matrix receive an address signal A sent by the CPU and a memory isolation area configuration signal sent by the power-on configuration module POC, so that the matching detection of the address and the selection and detection of an address mark initiated by the power-on configuration module POC are completed, and a matching detection result signal is fed back to the controller for feeding back whether the address signal A is isolated or not.
2. The memory isolation device of claim 1, wherein the controller internally integrates a transmission gate control unit Tranif1, a first matching feedback MUX1, an inverter INV, and an OR gate OR;
the processor core CPU sends out an address signal A of the memory access transaction, and the address signal A is received by the D input end of the transmission gate control unit Tranif 1; the CTL control end of Tranif1 is connected with the output of the OR gate; the output end of Tranif1 is connected with the DDR of the memory controller; the input of the OR gate comprises an isolating switch signal from a power-on configuration module POC and an inverted signal of a matching detection result signal from a matching matrix module; if the isolating switch signal is 1, setting the working mode of the controller as bypass mode, and if the isolating switch signal is 0, setting the working mode of the controller as isolating working mode;
in the bypass working mode, tranif1 receives an address signal A and directly transmits the address signal A to a DDR (double data rate) of a memory controller;
in the isolated working mode, tranif1 receives an address signal A, combines the address signal A with a CTL control end signal, after logic judgment, judges that the address signal A is an isolated address, tranif1 does not send the address signal A to a memory controller DDR, and outputs an interrupt feedback to a CPU, so that the current memory transaction cannot be accessed due to the isolated address, and if the address signal A is not the isolated address, tranif1 sends the address signal A to the memory controller DDR;
the input of the first matching feedback device MUX1 is from a matching detection result signal of the matching matrix module, and the output of the first matching feedback device MUX1 is fed back to the processor core CPU and is used for feeding back whether the address signal A is isolated or not.
3. The memory isolation device of claim 2, wherein each arbitration unit has integrated therein a first comparator CMP1, a second comparator CMP2 and a second matching feedback unit MUX2;
the second matching feedback device MUX2 takes a memory isolation region configuration signal from the POC (power control) module and an address segment from the static address list as inputs respectively, and the output of the second matching feedback device MUX2 is connected to one input end of the second CMP (chemical mechanical polishing) and is used for feeding back an isolated address;
the two inputs of the first CMP are respectively an address signal A of a memory access transaction sent by the CPU and an address section in a static address list, the output of the first CMP judges whether the address signal A is in the address section, if so, the address signal A is output, otherwise, 0 is output; the output of the first CMP is connected to the other input end of the second CMP;
the second CMP judges whether the address signal A is isolated, if yes, a high-level signal is output, otherwise, the address signal A is directly output, and the output of the second CMP is a matching detection result signal, wherein the matching detection result signal is sent to the first matching feedback device MUX1 on one hand, and is sent to the INV inverter on the other hand, and the output of the INV inverter is connected with one input of the OR gate.
4. The memory isolation device of claim 1, wherein the power-on configuration module POC generates an isolation switch signal or a memory isolation region configuration signal after serial-to-parallel conversion of level information acquired through the io_pad pin, and sends the isolation switch signal or the memory isolation region configuration signal to the controller and the matching matrix module, respectively, for setting an operation mode of the controller and setting an isolation region.
5. A multi-core computing system based on memory isolation devices, wherein the multi-core computing system comprises, based on the memory isolation devices of any of claims 1-4Multiple processor core CPU 0 ~CPU n The system memory, the memory controller DDR, the power-on configuration module POC and the memory isolation device;
the plurality of processor core CPUs 0 ~CPU n The same or different architecture of (a); n is more than 2; the processor core is divided into a general core with access qualification to all the space of the memory and an isolated core;
the system memory provides an exclusive memory space and a shared memory space; the processor core accesses the system memory through the DDR memory controller;
the general core is directly connected with the DDR of the memory controller and is used for directly accessing all the system memories;
each isolated core is connected to a memory controller DDR through one memory isolation device, and an exclusive memory space is used as an isolated memory space to construct a static address list in the corresponding memory isolation device, namely the static address list in the memory isolation device divides the exclusive memory space into different intervals according to addresses, namely address segments;
the power-on configuration module collects information sent by an external programmable logic device through pins to match and compare, and isolation of the exclusive space is completed;
and the POC acquires information sent by an external programmable logic device through a pin to generate an isolating switch signal or a memory isolating region configuration signal, and the isolating switch signal or the memory isolating region configuration signal is respectively sent to the controller and the matching matrix module and is used for setting the working mode of the controller and setting an isolating region.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310443923.3A CN116662984A (en) | 2023-04-24 | 2023-04-24 | Memory isolation device and multi-core computing system based on same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310443923.3A CN116662984A (en) | 2023-04-24 | 2023-04-24 | Memory isolation device and multi-core computing system based on same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116662984A true CN116662984A (en) | 2023-08-29 |
Family
ID=87721455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310443923.3A Pending CN116662984A (en) | 2023-04-24 | 2023-04-24 | Memory isolation device and multi-core computing system based on same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116662984A (en) |
-
2023
- 2023-04-24 CN CN202310443923.3A patent/CN116662984A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5682512A (en) | Use of deferred bus access for address translation in a shared memory clustered computer system | |
| KR100303947B1 (en) | Multiprocessor system and its initialization function distributed and self-diagnostic system and method | |
| USRE41293E1 (en) | Multiprocessor computer having configurable hardware system domains | |
| US5491788A (en) | Method of booting a multiprocessor computer where execution is transferring from a first processor to a second processor based on the first processor having had a critical error | |
| KR101403233B1 (en) | Information processing apparatus and unauthorized access prevention method | |
| US6910108B2 (en) | Hardware support for partitioning a multiprocessor system to allow distinct operating systems | |
| US8171230B2 (en) | PCI express address translation services invalidation synchronization with TCE invalidation | |
| US6775750B2 (en) | System protection map | |
| EP0306702B1 (en) | Virtual input/output commands | |
| US4412281A (en) | Distributed signal processing system | |
| US8539245B2 (en) | Apparatus and method for accessing a secure partition in non-volatile storage by a host system enabled after the system exits a first instance of a secure mode | |
| US6401174B1 (en) | Multiprocessing computer system employing a cluster communication error reporting mechanism | |
| JP4160925B2 (en) | Method and system for communication between processing units in a multiprocessor computer system including a cross-chip communication mechanism in a distributed node topology | |
| JP3987577B2 (en) | Method and apparatus for caching system management mode information along with other information | |
| US20080052532A1 (en) | Methods and systems involving secure ram | |
| US6134579A (en) | Semaphore in system I/O space | |
| JP2000513471A (en) | System for controlling access to a register mapped in an I / O address space of a computer system | |
| EP4031963B1 (en) | Tracing status of a programmable device | |
| US7089339B2 (en) | Sharing of functions between an embedded controller and a host processor | |
| US20110161644A1 (en) | Information processor | |
| US10176131B1 (en) | Controlling exclusive access using supplemental transaction identifiers | |
| CN114860329A (en) | Dynamic consistency biasing configuration engine and method | |
| US5933613A (en) | Computer system and inter-bus control circuit | |
| US8139595B2 (en) | Packet transfer in a virtual partitioned environment | |
| US7725761B2 (en) | Computer system, fault tolerant system using the same and operation control method and program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |