CN1324471C - Method for protecting assigned course private data area and stack area - Google Patents
Method for protecting assigned course private data area and stack area Download PDFInfo
- Publication number
- CN1324471C CN1324471C CNB2004100511747A CN200410051174A CN1324471C CN 1324471 C CN1324471 C CN 1324471C CN B2004100511747 A CNB2004100511747 A CN B2004100511747A CN 200410051174 A CN200410051174 A CN 200410051174A CN 1324471 C CN1324471 C CN 1324471C
- Authority
- CN
- China
- Prior art keywords
- protection
- stack area
- read
- pending
- appointment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention provides a method for protecting assigned course private data areas and stack areas. The method modifies the properties of pages only for assigned courses which needs to protect private data areas and stack areas before the course switching is carried out. Therefore, the operation of modifying the properties of page tables is only limited in the protected courses even in a multitask embedded system which has a plurality of courses in work, and the CPU utilization rate is greatly reduced. The purposes that the assigned courses are protected and illegal overwriting is prevented are achieved, and no obvious effect on the properties of the system is generated.
Description
Technical field
The present invention relates to a kind of method of in the multitask embedded system, protection being implemented in the private data district and the stack area of appointment process.
Background technology
In the multitask embedded system, in order to increase reliability, prevent that private data district, the stack area of code zone and process from being rewritten by other process, need take corresponding memory protect mechanism usually.Memory protect mechanism; generally all based on the method for operating of par-ticular processor (CPU) memory management unit (MMU) and the relevant principle of actual situation map addresses; set up the mapping page table; by the attribute bit of relevant page table list item is set, realize the private data district to code segment, process, the isolation and the protection of stack area.
It is the memory block of unit that memory management unit (MMU) is divided into memory headroom with the page or leaf, and what the size of page or leaf can be among 1K, 4K, 16K, 512K, the 8M is a kind of, determines by related register and secondary mapping item are set.When MMU enabled (enable), the address that is occurred in the program all was the virtual address, had access to certain list item of certain secondary page table by this virtual address, just can obtain the pairing physical page address in this virtual address, thereby realized the actual situation address translation.
The memory management module of multitask embedded system is given the storehouse and the data field of the whole page or leaf of each course allocation, wherein the dependency structure variable that process oneself is used is deposited in the data field, this structure variable only uses for process oneself, does not allow other process unauthorized access and modification.When operation, revise the access attribute of page table relevant entries according to the residing position of current control (in task or in process), thereby reach each process of control the memory range that can visit and the purpose of access mode, the isolation of address space between implementation process.
In the multitask embedded system, the number of the process of operation is generally more.System with field of telecommunications is an example, and in a foreground call treatment veneer, the process number of operation can be up to about 3000.After implementing the MMU protection, will carry out frequent page table switching and page properties and revise.
But, in existing scheme, behind the unlatching MMU, will protect private data district, the stack area of all processes.If the number of processes of multitask embedded system is more, CPU will take much time in the page table switching and revise on the page properties, cause cpu busy percentage sharply to rise.When serious, will cause the real-time of embedded system to seriously influence.
In Chinese patent application number is in 01129334.9, has proposed the guard method of task process in another multiple task operating system.This method has been set up one and has been guarded chained list, leaf node of preserving the nonrecoverable ergodic algorithm of this task process of registration under the host node of this chained list.Its feature is to protect a plurality of task process of shared data, but not to the protection in the private data zone of individual process.
Summary of the invention
Technical matters to be solved by this invention is: prior art can cause cpu busy percentage sharply to rise to private data district and stack area enforcement protection, influences the real-time of embedded system.
For addressing the above problem, the invention provides a kind of method that protection is implemented in the private data district and the stack area of appointment process, mainly comprise:
(1) creates system-level page table, finish the system initialization process, and an exception handler is set;
(2) judge whether and to implement protection to the appointment process: as needs, then create the process level page table, and Process Protection information is specified in configuration; As not needing, then directly finish;
(3) when system's control during, judges whether pending process needs protection earlier before switching from other process switching to pending process: as need protection, data field, the stack area page properties of then revising this pending process is read-write effective; As not needing protection, then directly finish;
(4) when system's control when firm executive process switches to other process, judges whether firm executive process needs protection earlier before switching: as need protection, data field, the stack area page properties of then revising this firm executive process are read-only; As not needing protection, then directly finish;
(5) rewritten when unusual condition takes place by other processes attempts are illegal when the stack area of protected process, data field, system can enter exception handler immediately: at first, the number of times that recording exceptional takes place, obtain the current task or the progress information that cause that this is unusual, preserve related register information, and to the background printing abnormal information; Judge whether to belong to the severely subnormal type subsequently: if severely subnormal, then reply the value of register, and resetting system; If not severely subnormal, then do not deal with, directly finish to return.
In the said method step (2), configuration specifies Process Protection information can adopt one of following dual mode: first kind is that this appointment process is implemented protection; Second kind is that this appointment process is not protected, and other processes are then implemented protection.
Said method is judged whether the appointment process needs protection and further be may further comprise the steps:
A) judge whether this process has started defencive function: do not need protection if be not activated promptly, then directly return; If started defencive function, execution in step b then);
B) judge whether this process specifies the process of implementing protection:, or be read-only with data field, the stack area page properties of firm executive process if then data field, the stack area page properties with pending process is read-write; If not, execution in step c then);
C) judge whether this process belongs to the process of rejecting protection: if, then do not deal with, directly return; If not, then data field, the stack area page properties with pending process is read-write, or is read-only with data field, the stack area page properties of firm executive process.
Therefore; after adopting method of the present invention that the appointment process is protected; only under the situation that the appointment process need be protected, just can revise its page properties; can not take too many cpu resource; the situation of avoiding the CPU occupation rate sharply to rise; both reached the appointment process had been implemented protection, prevented illegal purpose of rewriting that the performance to system did not produce tangible influence again.
Description of drawings
When Fig. 1 is system initialization the appointment process configuration is protected the process flow diagram of information;
Fig. 2 is the processing flow chart of system's control before from other process switching to pending process;
To be system's control switch to processing flow chart before other process from firm executive process to Fig. 3;
Fig. 4 is that the processing flow chart when unusual takes place for stack area, the data field of illegally rewriting other protected process.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments.In this example, the multitask embedded OS adopts pSos, and CPU adopts MPC860, and page size is 4K.But the present invention is not limited to only be applicable to the said system configuration.
As Fig. 1, need mainly may further comprise the steps specifying process configuration protection information during system initialization:
At first, create system-level page table, finish the system initialization process, comprise memory management, file management, scheduling processing etc., create all tasks and process, enable (enable) MMU.System-level page table is to use for operating system itself, and all pages all are read-write in system-level page table.After creating system-level page table; also exception handler can be set; field data when this exception handler record generation is unusual; comprise Exception Type, related register value, the relevant information that unusual task and process etc. help localization of fault takes place; with when the handover process when the private data district of protected process or stack area are illegally rewritten; can carry out corresponding abnormality processing, this will introduce in detail in conjunction with Fig. 4 subsequently.
Then, judge whether and to implement protection to the appointment process: as needs, then create the process level page table, and Process Protection information is specified in configuration; As not needing, then directly finish.The process level page table uses for process, and in process page table, the page properties of private data district and stack area is that the process of read only attribute is protected, and other attribute is that read-write process is then not protected.The protection information of configuration appointment process can dispose on the foreground, also can dispose on the backstage; and connect by network and to be transferred to the foreground; the foreground receives that the backstage passes the configuration information come, and will carry out validity checking to it, and comes into force when task or process switching next time.The protection information that disposes this appointment process can adopt one of following dual mode to describe: first kind is that this appointment process is implemented the MMU protection; Second kind is that this appointment process is not done the MMU protection, and other processes are then implemented protection.For with a kind of process, can only there be a kind of describing mode, promptly specify protection or reject one of protection.
When system's control during,, judges whether pending process needs protection earlier before switching as Fig. 2 from other process switching to pending process: as need protection, data field, the stack area page properties of then revising this pending process are read-write; As not needing protection, then directly finish to return, do not deal with.Consider compatibility, the stability of CPU; under the situation of pending process that needs protection; can earlier this pending process switching be arrived system-level page table; be read-write with related pages attribute modification that should the appointment process in the process level page table again; be equivalent to that the process level page table is used as common memory headroom this moment revises, and subsequently pending process switching is arrived amended process level page table.
When system's control when firm executive process switches to other pending process, as shown in Figure 3, judges whether firm executive process needs protection earlier before switching: as need protection, data field, the stack area page properties of then revising this firm executive process are read-only; As not needing protection, then do not do any processing and directly finish to return.Be revised as read-onlyly for the firm executive process page properties that needs protection, promptly change a read states into by current read-write state.
As shown in Figure 4; when the stack area of protected process, when the data field by the illegal rewriting of other process attempts unusual condition is taken place; system can enter exception handler immediately; field data when unusual takes place in this exception handler record, comprise Exception Type, related register value, the relevant information that unusual task and process etc. help localization of fault takes place.At first, the number of times that recording exceptional takes place obtains the current task or the progress information that cause that this is unusual, preserves related register information, and to the background printing abnormal information, is convenient to operating personnel and handles accordingly according to different situations; Judge whether to belong to the severely subnormal type subsequently: if severely subnormal, then reply the value of register, and resetting system; If not severely subnormal, then do not deal with, return.
What this was worth special instruction be; above-mentioned before process switching; comprise system's control from other process switching to pending process and system's control switch to two kinds of situations of other pending process from firm executive process, judge that whether need protection may further include following steps to appointment process (pending process or just executive process):
A) judge whether this process has started defencive function: do not need protection if be not activated promptly, then directly return; If started defencive function, execution in step b then);
B) judge whether this process specifies the process of implementing protection:, or be read-only with data field, the stack area page properties of firm executive process if then data field, the stack area page properties with pending process is read-write; If not, execution in step c then);
C) judge whether this process belongs to the process of rejecting protection: if, then do not deal with, directly return; If not, then data field, the stack area page properties with pending process is read-write, or is read-only with data field, the stack area page properties of firm executive process.
This is because for any one process, may have one of following three kinds of situations: specify this process is implemented the MMU protection; Appointment is not done the MMU protection to this process, and other unspecified processes are then implemented protection; Both do not specified and implemented protection, and do not specified yet and do not protect.So, need do the judgement of above three kinds of situations respectively to same process.Certainly; also can take unified configuration mode to all processes; promptly all process unifications are taked to specify and implement to protect (unspecified process is not then implemented protection); perhaps all process unifications are taked to specify to reject and protect (unspecified process is then implemented protection); obviously, this moment, above-mentioned determining step only need be done simply to change to get final product.Above-mentioned situation undoubtedly all should be equivalents of the present invention, still belong to protection scope of the present invention.
Comprehensive the above; because guard method of the present invention is only implemented protection to the appointment process; only under the situation that the appointment process need be protected, just can revise its page properties; so; even in a lot of multitask embedded system of the number of the process of moving; revise the page table property operations and only limit to shielded process; reduced the utilization factor of CPU widely; the situation of avoiding the CPU occupation rate sharply to rise; both reached the appointment process had been implemented protection, prevented illegal purpose of rewriting that the performance to system did not produce tangible influence again.
Claims (6)
1, a kind of to specifying process private data district and stack area to implement the method for protection, it is characterized in that this method mainly comprises:
(1) creates system-level page table, finish the system initialization process, and an exception handler is set;
(2) judge whether and to implement protection to the appointment process: as needs, then create the process level page table, and Process Protection information is specified in configuration; As not needing, then directly finish;
(3) when system's control during, judges whether pending process needs protection earlier before switching from other process switching to pending process: as need protection, data field, the stack area page properties of then revising this pending process is read-write effective; As not needing protection, then directly finish and return;
(4) when system's control when firm executive process switches to other process, judges whether firm executive process needs protection earlier before switching: as need protection, data field, the stack area page properties of then revising this firm executive process are read-only; As not needing protection, then directly finish to return;
(5) rewritten when unusual condition takes place by other processes attempts are illegal when the stack area of protected process, data field, system can enter exception handler immediately: at first, the number of times that recording exceptional takes place, obtain the current task or the progress information that cause that this is unusual, preserve related register information, and to the background printing abnormal information; Judge whether to belong to the severely subnormal type subsequently: if severely subnormal, then reply the value of register, and resetting system; If not severely subnormal, then do not deal with, directly finish to return.
2, the method for claim 1 is characterized in that, in the step (2), configuration specifies Process Protection information can adopt one of following dual mode: first kind is that this appointment process is implemented protection; Second kind is that this appointment process is not protected, and other processes are then implemented protection.
3, method as claimed in claim 1 or 2 is characterized in that, the protection information of configuration appointment process is to finish configuration on the foreground.
4, method as claimed in claim 1 or 2; it is characterized in that; the protection information of configuration appointment process; be to finish configuration on the backstage; and connect by network and to be transferred to the foreground; the foreground receives that the backstage passes the configuration information come, and will carry out validity checking to it, and comes into force when task or process switching next time.
5, the method for claim 1; it is characterized in that; in the step (3); need protection as pending process; also can implement protection in the following manner: should arrive system-level page table by pending process switching earlier; be read-write with related pages attribute modification that should the appointment process in the process level page table again, subsequently with pending process switching to amended process level page table.
6, the method for claim 1 is characterized in that, in step (3) and (4), judges whether the appointment process needs protection further to may further comprise the steps:
A) judge whether this process has started defencive function: do not need protection if be not activated promptly, then directly return; If started defencive function, execution in step b then);
B) judge whether this process specifies the process of implementing protection:, or be read-only with data field, the stack area page properties of firm executive process if then data field, the stack area page properties with pending process is read-write; If not, execution in step c then);
C) judge whether this process belongs to the process of rejecting protection: if, then do not deal with, directly return; If not, then data field, the stack area page properties with pending process is read-write, or is read-only with data field, the stack area page properties of firm executive process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100511747A CN1324471C (en) | 2004-08-18 | 2004-08-18 | Method for protecting assigned course private data area and stack area |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100511747A CN1324471C (en) | 2004-08-18 | 2004-08-18 | Method for protecting assigned course private data area and stack area |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1737761A CN1737761A (en) | 2006-02-22 |
| CN1324471C true CN1324471C (en) | 2007-07-04 |
Family
ID=36080564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100511747A Expired - Fee Related CN1324471C (en) | 2004-08-18 | 2004-08-18 | Method for protecting assigned course private data area and stack area |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1324471C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103294542B (en) * | 2013-06-07 | 2017-06-16 | 深圳Tcl新技术有限公司 | The method and its device of Process Protection |
| CN104714834B (en) * | 2013-12-14 | 2018-01-12 | 中国航空工业集团公司第六三一研究所 | The method for scheduling task that a kind of space determines |
| JP6489050B2 (en) * | 2016-03-24 | 2019-03-27 | 株式会社オートネットワーク技術研究所 | Information processing apparatus and information processing system |
| CN109002706B (en) * | 2018-06-08 | 2021-04-06 | 中国科学院计算技术研究所 | In-process data isolation protection method and system based on user-level page table |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH07210421A (en) * | 1994-01-17 | 1995-08-11 | Fuji Xerox Co Ltd | Debugging method in thread environment |
| CN1203394A (en) * | 1997-06-20 | 1998-12-30 | 国际商业机器公司 | Method and apparatus for protecting application data in secure storage areas |
| CN1464397A (en) * | 2002-06-10 | 2003-12-31 | 联想(北京)有限公司 | System process protection method |
-
2004
- 2004-08-18 CN CNB2004100511747A patent/CN1324471C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH07210421A (en) * | 1994-01-17 | 1995-08-11 | Fuji Xerox Co Ltd | Debugging method in thread environment |
| CN1203394A (en) * | 1997-06-20 | 1998-12-30 | 国际商业机器公司 | Method and apparatus for protecting application data in secure storage areas |
| CN1464397A (en) * | 2002-06-10 | 2003-12-31 | 联想(北京)有限公司 | System process protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1737761A (en) | 2006-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11768931B2 (en) | Technologies for object-oriented memory management with extended segmentation | |
| KR100927750B1 (en) | Tamper protection of software agents operating in a vt environment methods and apparatuses | |
| EP1966706B1 (en) | Identifier associated with memory locations for managing memory accesses | |
| US6275917B1 (en) | High-speed address translation system | |
| US8560806B2 (en) | Using a multiple stage memory address translation structure to manage protected micro-contexts | |
| US20060294519A1 (en) | Virtual machine control method and program thereof | |
| US20070157003A1 (en) | Page coloring to associate memory pages with programs | |
| MX2008013345A (en) | Virtually-tagged instruction cache with physically-tagged behavior. | |
| US11474956B2 (en) | Memory protection unit using memory protection table stored in memory system | |
| CN110928737B (en) | Method and device for monitoring memory access behavior of sample process | |
| WO2019237866A1 (en) | Method for controlling access at runtime and computing device | |
| CN104036185A (en) | Virtualization based power and function isolating method for loading module of monolithic kernel operation system | |
| EP3830719B1 (en) | Binary search procedure for control table stored in memory system | |
| CN1324471C (en) | Method for protecting assigned course private data area and stack area | |
| US20060184713A1 (en) | Method for operating a virtual machine computer system running guest operating systems on a central processing means virtualized by a host system having register stack engine functionality | |
| CN107203716B (en) | Lightweight structured protection method and device for Linux kernel | |
| CN114490054A (en) | Context switching method and device, accelerating unit, electronic equipment and system on chip | |
| CN110825496A (en) | VMI-based kernel data monitoring method and monitoring system | |
| KR20190059955A (en) | Method and apparatus for working memory protection | |
| CN116107919A (en) | Cross-architecture multi-address space virtualized memory domain isolation method | |
| CN1614575A (en) | Hardware fireproof wall system for intelligent card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HAIMEN TECHNOLOGY DEVELOPMENT CORP. Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20130424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 226144 NANTONG, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130424 Address after: 226144, No. 600, Beijing Road, Haimen, Jiangsu, Nantong province (room 0212 of administrative center) Patentee after: Haimen science and Technology Development General Corporation Address before: 518057 Nanshan District, Guangdong high tech Industrial Park, science and Technology Industrial Park, ZTE building, block A, layer 6, layer Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070704 Termination date: 20160818 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |