CN1567254A - High-efficiency reliable memory protection method for flushbonding real-time operating system - Google Patents
High-efficiency reliable memory protection method for flushbonding real-time operating system Download PDFInfo
- Publication number
- CN1567254A CN1567254A CN 03131956 CN03131956A CN1567254A CN 1567254 A CN1567254 A CN 1567254A CN 03131956 CN03131956 CN 03131956 CN 03131956 A CN03131956 A CN 03131956A CN 1567254 A CN1567254 A CN 1567254A
- Authority
- CN
- China
- Prior art keywords
- memory
- protection
- leaf
- ems memory
- link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000001681 protective effect Effects 0.000 claims abstract description 7
- 238000013404 process transfer Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Images
Abstract
It is a kind of effective and reliable memory protection method of embedded real time operation system. It sets several memory blocks for different application and process to call or share. It sets at least one protection sign on the edge of service memory connection component. By adopting the technique of 'protective word and/or protective page', it can realize independent, effective protection of stack, core data and various user data structure under the situation with or without MMU. So it can increase the security, stability and reliability of RTOS.
Description
Technical field:
The present invention relates to a kind of method of computer operating system memory protect, relate in particular to the memory protect in embedded system and real-time system field.
Background technology:
Memory protect is the embedded real-time operating system important content of (being called RTOS), and the quality of method for protecting EMS memory is directly connected to security, stability and the reliability of RTOS.
Existing RTOS lacks effective way aspect memory protect, for memory overwriting, promptly a process can't effectively be caught to the incident that the memory headroom that does not belong to self writes data.
Some large-scale general operating systems all adopt the strategy of " isolation " as UNIx, Linux and Mocrosoft Windows series, promptly the space of each process (virtual address space) are separated fully by different page tables.But the shortcoming of this mode is that handover overhead is excessive between process, and can't pass through the shared drive swap data, is not suitable for RTOS.
Some commercial RTOS as VxWorks, pSOS etc., utilize the guard-page protection mechanism based on processor MMU (Memory Management Unit) fully, code segment and interrupt vector table have been realized write-protect, but the protection between process is short of very much.In addition, in the more applications occasion, processor hardware does not have MMU, and existing in the case RTOS does not all realize memory protect.
In sum, the shortcoming of prior art has two: the one, and the granularity of memory protect is too big, can't implement protection to the data structure less than one page; The 2nd, too rely on hardware, can have to realize memory protect under the situation of MMU.
Summary of the invention:
Technical matters to be solved by this invention is to overcome above-mentioned the deficiencies in the prior art part and the method for protecting EMS memory that proposes a kind of embedded real-time operating system; described method has characteristics applied widely, that reliability is high, real-time; all realized under the situation of MMU storehouse, core data and various user data structure are implemented independent, fine-grained effective protection having or not, thereby improved security, stability and the reliability of RTOS greatly.
Purpose of the present invention can reach by adopting following technical measures:
Design efficient, the reliable method for protecting EMS memory of a kind of embedded real-time operating system, some memory blocks are set, for different application and different process transfers or shared; Especially set up at least one protective emblem at the edge that is activated the internal memory link.
Adopt the method for the invention; compared with prior art; owing to taked the technical measures of " protection word and/or protection page or leaf ", make and all realized highly reliable, fine-grained valid memory protection under the situation of MMU having or not, improved security, stability and the reliability of system greatly.
Description of drawings:
Fig. 1 is the link and the list structure synoptic diagram of band protection word; Wherein:
Fig. 1 a is the link of band protection word;
Fig. 1 b is the chained list that band protection word link forms;
Fig. 2 is based on the user chain table synoptic diagram of band protection word link;
Fig. 3 is a side-play amount OFFSET synoptic diagram;
Fig. 4 is the memory block synoptic diagram of band protection word;
Fig. 5 is the memory block synoptic diagram of band protection page or leaf.
Embodiment
Below in conjunction with accompanying drawing in detail embodiments of the invention are described in detail.
Efficient, the reliable method for protecting EMS memory of a kind of embedded real-time operating system is provided with some memory blocks, for different application and different process transfers or shared; It is characterized in that: set up at least one protective emblem at the edge that is activated the internal memory link.
Realization is the chained list base library of node with described outer connection component;
Other program of described application program and real time operating system (RTOS) replaces pointer with link in the statement of node structure, and described chained list base library is all used in all operations that relate to chained list.
This method for protecting EMS memory is further comprising the steps of:
1), described application program and other program application memory block of RTOS and when creating storehouse, enclose described protection word respectively at described memory block initial and end;
2) before an internal storage data piece being operated, verify whether each protection word is original value, at every turn; Checking waits pending not by the abnormal information of then dishing out; By then continuing operation.
Described checking can be called the user and be carried out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system.
Described protection word is endowed a special value.
Under the situation of using MMU (memory management unit), described protective emblem is the exercisable protection page or leaf of MMU.
The size of described protection page or leaf is 4K, is added in the head and the tail part of the memory block or the storehouse of application program respectively.And described protection page or leaf is mapped to invalid physical address.
The method for protecting EMS memory of embedded real-time operating system of the present invention can be summarized as follows:
The first step: the link of definition band protection word, and realize with this link being the chained list base library of node, comprising the whole operations on this type of chained list, referring to Fig. 1.
Second step: defined described chained list base library is all used in all operations that relate to chained list in other program of application program and RTOS, direct control pointer no longer, and its prerequisite is to replace corresponding pointer with link in the statement of node structure.Referring to Fig. 2
The 3rd step: when (comprise and create storehouse), the head and the tail of this memory block are enclosed the protection word respectively, referring to Fig. 3 at other program application memory block of application program and RTOS.
The 4th step: before a data block being operated, verify whether each protection word is original value, checking is not by then dishing out one unusually, by then continuing at every turn.
Obviously, the operation in four steps of the first step to all is suitable for for the situation that has or not MMU.
The 5th step: for the situation that MMU is arranged, when application program memory block or distribution storehouse, can add a protection page or leaf respectively at its head and the tail, and protecting page or leaf to be mapped to invalid physical address.
The 5th step was only applicable to the situation of MMU.In the case, only use the protection page or leaf, and do not use the protection word.
Below in conjunction with accompanying drawing, substantially be described in further detail according to the enforcement of the order of accompanying drawing to technical scheme:
Fig. 1 (a) has introduced the link of band protection word.These parts are divided into two parts: logical gate and protection part.Logical gate is a common doubly linked list connected node, is made up of " next " pointer and " prev " pointer, is respectively applied for to point to its descendant node and forerunner's node.The protection part is to add protection pointer (" guard1 " and " guard2 ") before and after logical gate respectively, and makes it all point to this node.Fig. 1 (b) has introduced the chained list of the link formation of using this band protection word.The C language definition of band protection word link is as follows:
typedef?struct?T_ConnectNode
{
struct?T_ConnectNode*guard1;
struct?T_ConnectNode*next;
struct?T_ConnectNode*prev;
struct?T_ConnectNode*guard2;
}CNODE;
Except that definition band protection word link, also should realize a chained list storehouse, encapsulated whole chain table handlings in this storehouse, comprise insertions, delete, declare sky, search (by the call back function realization) etc.The all operations in chained list storehouse is is only read and write the logical gate of band protection word link, before the read-write protection part is verified.The correlative code example is as follows:
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */void InitNode (CNODE*pNode) { pNode->guard1=pNode->guard2=pNode; }/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */STATUS Verify (CNODE*pNode)/* node verification */{ the if ((﹠amp of pNode->guard1==pNode); Amp; ﹠amp; Amp; (pNode->guard2==pNode)) return OK; Else return ERROR; }/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */typedef struct/* definition chained list */{ CNODE*head; CNODE*tail; List; / * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */STATUS RemoveNode (List*pList, CNODE*pNode)/* from chained list deletion of node */<!--SIPO<DP n=" 5 "〉--〉<dp n=" d5 "/if (Verify (pNode)!=OK) return ERROR; Else { if (pList->head=pNode->the next of pNode->prev==NULL); Else pNode->preV->next=pNode->next; If (pList->tail=pNode->the prev of pNode->next==NULL); Else pNode->next->preV=pNode->prev; / * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
Like this, by the disengaging latch table handling, can guarantee the security and the independence of chain table handling fully.
Fig. 2 has introduced the user chain table based on band protection word link.The user no longer needs the pointer of definition " next " and so on when the node structure of a chained list of definition, the substitute is the link of a band protection word; During the operation chained list, also no longer need oneself to realize concrete operation, but the handling function that directly uses the chained list storehouse to provide.Example is as follows:
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */typedef struct/* definition user chain table */{ int Mydata; CNODE Connect;<!--SIPO<DP n=" 6 "〉--〉<dp n=" d6 "/char Name[10]; MyStruct; / * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * // * is from user chain table deletion of node */STATUS MyRemoveNode (List * myList, MyStruct * myNode) { return (RemoveNode (myList , ﹠amp; Amp; (myNode->Connect))); }/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
In the top example, link has been defined into the middle part of user structure but not first member of user structure, in this case, what some function in chained list storehouse (such as first node that obtains chained list) returned may be a pointer that points to link, and the user need obtain the pointer of directed towards user structure.
As shown in Figure 3, for addressing this problem, we have defined such one grand (advantage of defmacro is the problem that need not to comprehend byte-aligned and so on):
#define?OFFSET(structure,member)\
((int)&(((structure*)0)->member))
By the grand side-play amount that can obtain a member in the structure of OFFSET, can obtain following formula thus:
Structure address=member address-OFFSET (structure, member)
Particularly, for top MyStruct structure, if obtain Connect member's address by a certain function:
CNODE?pNode=GetNode(myList);
Following relation is then arranged:
#define?ULONG(unsigned?int)
myNode=(MyStruct*)((ULONG)pNode-OFFSET(MyStruct,Connect));
Fig. 4 has introduced the memory block of band protection word.This structure is suitable for the user and obtains an internal memory by malloc, for avoiding user's write-overflow, has all added the protection word before and after it, and similar with the band protection word link that Fig. 1 a introduces, special value composed in the protection word, is convenient to verify its validity.Can call the user and carry out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system, checking by then dishing out one unusually, does not produce alarm.
Fig. 5 has introduced the memory block of band protection page or leaf under the situation that has MMU to support.Similar with Fig. 4, the head and the tail of memory block all have protection, and difference is to protect word to change the protection page or leaf into.The attribute of protection page or leaf is set to and can not writes, and when user's write-overflow, will dish out one " Page Fault " unusually by CPU.The real-time of guard-page protection mode is very high, may become method for protecting EMS memory commonly used when MMU is arranged.
Foregoing is exactly the core of this method, and detail repeats no more.By other concrete application that above-mentioned core methed derived from, all at the row of the protection of patent of the present invention.
Claims (7)
1, a kind of embedded real-time operating system high-efficiency reliable method for protecting EMS memory is provided with some memory blocks, for different application and different process transfers or shared; It is characterized in that:
Set up at least one protective emblem at the edge that is activated the internal memory link.
2, method for protecting EMS memory according to claim 1 is characterized in that:
Realization is the chained list base library of node with described link;
Other program of described application program and real time operating system (RTOS) replaces pointer with link in the statement of node structure, and described chained list base library is all used in all operations that relate to chained list.
3, method for protecting EMS memory according to claim 2 is characterized in that:
This method for protecting EMS memory is further comprising the steps of:
1) other program application memory block of described application program and RTOS and when creating storehouse is enclosed described protection word respectively at described memory block initial and end;
2) an internal storage data piece is operated at every turn before, verify each the protection word whether be original value; Checking waits pending not by the abnormal information of then dishing out; By then continuing operation.
4, method for protecting EMS memory according to claim 3 is characterized in that:
Described protection word is endowed a special value;
Described checking can be called the user and be carried out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system.
5, method for protecting EMS memory according to claim 1 is characterized in that:
Described protective emblem is the exercisable protection page or leaf of MMU (memory management unit).
6, method for protecting EMS memory according to claim 5 is characterized in that:
Described protection page or leaf is added in the head and the tail part of the memory block or the storehouse of application program respectively;
The size of described protection page or leaf is 4K.
7, method for protecting EMS memory according to claim 6 is characterized in that:
Described protection page or leaf is mapped to invalid physical address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03131956 CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03131956 CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567254A true CN1567254A (en) | 2005-01-19 |
| CN1282091C CN1282091C (en) | 2006-10-25 |
Family
ID=34469824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03131956 Expired - Fee Related CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1282091C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100363905C (en) * | 2005-10-25 | 2008-01-23 | 北京启明星辰信息技术有限公司 | Object reuse test of operation system based on absolute coordinate system |
| CN101071388B (en) * | 2006-05-12 | 2010-05-12 | 联想(北京)有限公司 | Process-isolation control system and method |
| CN101133395B (en) * | 2005-03-02 | 2010-05-19 | 西姆毕恩软件有限公司 | Real time paged computing device and method of operation |
| CN101414339B (en) * | 2007-10-15 | 2012-05-23 | 北京瑞星信息技术有限公司 | Method for protecting proceeding internal memory and ensuring drive program loading safety |
| CN103164348A (en) * | 2013-02-28 | 2013-06-19 | 浙江大学 | Protection method of used internal memory of real-time operating system (RTOS) in multiple systems |
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
-
2003
- 2003-06-17 CN CN 03131956 patent/CN1282091C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101133395B (en) * | 2005-03-02 | 2010-05-19 | 西姆毕恩软件有限公司 | Real time paged computing device and method of operation |
| CN100363905C (en) * | 2005-10-25 | 2008-01-23 | 北京启明星辰信息技术有限公司 | Object reuse test of operation system based on absolute coordinate system |
| CN101071388B (en) * | 2006-05-12 | 2010-05-12 | 联想(北京)有限公司 | Process-isolation control system and method |
| CN101414339B (en) * | 2007-10-15 | 2012-05-23 | 北京瑞星信息技术有限公司 | Method for protecting proceeding internal memory and ensuring drive program loading safety |
| CN103164348A (en) * | 2013-02-28 | 2013-06-19 | 浙江大学 | Protection method of used internal memory of real-time operating system (RTOS) in multiple systems |
| CN103164348B (en) * | 2013-02-28 | 2016-06-08 | 浙江大学 | To the protection method of internal memory shared by real time operating system (RTOS) under a kind of multisystem |
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN104007993B (en) * | 2014-06-11 | 2017-05-10 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1282091C (en) | 2006-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11379324B2 (en) | Persistent memory transactions with undo logging | |
| EP0113240B1 (en) | Virtual memory address translation mechanism with controlled data persistence | |
| US8209510B1 (en) | Secure pool memory management | |
| US9520193B2 (en) | Hierarchical immutable content-addressable memory processor | |
| KR100734823B1 (en) | Method and apparatus for morphing memory compressed machines | |
| US20130227201A1 (en) | Apparatus, System, and Method for Accessing Auto-Commit Memory | |
| US20150019792A1 (en) | System and method for implementing transactions using storage device support for atomic updates and flexible interface for managing data logging | |
| US8073673B2 (en) | Emulated memory management | |
| WO2007066720A1 (en) | Nonvolatile memory device, method of writing data, and method of reading out data | |
| MX2008000328A (en) | Shared translation look-aside buffer and method. | |
| Demeri et al. | Poseidon: Safe, fast and scalable persistent memory allocator | |
| CN1567254A (en) | High-efficiency reliable memory protection method for flushbonding real-time operating system | |
| CN115080343A (en) | Memory access abnormity monitoring method based on compact memory pool | |
| CN111597124B (en) | Method, system and storage medium for organizing data of persistent memory file system | |
| CN102521079A (en) | Fault-tolerant method of software stack buffer overflow | |
| Mustafa et al. | Seeds of SEED: New security challenges for persistent memory | |
| CN1160731C (en) | Hard disk data protection method for computer | |
| US20230142948A1 (en) | Techniques for managing context information for a storage device | |
| WO2023093385A1 (en) | Cet mechanism-based method for protecting integrity of general-purpose memory | |
| Lindström et al. | Persistence in the grasshopper kernel | |
| US9454556B2 (en) | Indexing using a lockless burst trie | |
| US20070016628A1 (en) | Classification system for versionable objects | |
| US20200249852A1 (en) | Methods for Aligned, MPU Region, and Very Small Heap Block Allocations | |
| CN101075202A (en) | Method for managing field data-protection memory | |
| CA2280284C (en) | Access frontier for demand loading in object-oriented databases |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: ZTE CO., LTD. Free format text: FORMER OWNER: NANJING BRANCH OF SHENZHEN ZTE CORPORATION Effective date: 20050715 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20050715 Address after: 518057 Department of law, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen Applicant after: ZTE Corp. Address before: 210012, Bauhinia Road, Yuhua District, Jiangsu, Nanjing 68, China Applicant before: Shenzhen Zhongxing Communication Co.,Ltd. Nanjing Branch |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180426 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: 518057 Department of law, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen Patentee before: ZTE Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061025 |