JP2012008672A - Backup method of main memory and data protection system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data protection system of a main memory capable of protecting data stored in a main memory from hang up.SOLUTION: A CPU 11 operates in a protect mode or SMM. A main memory 15 secures a RAM disk area to be accessed from an exclusive driver 113. An application 101 periodically performs setting operation of a monitor flag in the protect mode. When a BIOS 107 determines that a monitor program does not set the monitor flag after transition to SMM, data stored in the RAM disk area is saved in an HDD 23. When it is determined that a prescribed action is performed, the application 101 continues the setting operation of the monitor flag after transition to the protect mode.

Description

  The present invention relates to a technique for protecting data stored in a main memory of a computer, and more particularly, a technique for protecting data stored in a main memory when a hang-up that causes a shutdown occurs in the computer. About.

  In a computer, a volatile RAM is generally used as a main memory (also referred to as a primary storage device or a main storage device) that is directly accessed by a central processing unit (CPU). In addition, the computer usually has an operating system (OS), a device driver, an application program (hereinafter referred to as an application), and a nonvolatile auxiliary storage device (also referred to as a secondary storage device) that stores files created by the application. .) Is installed. As the auxiliary storage device, a hard disk drive (HDD), a solid state drive (SDD), a hybrid HDD, an optical disk drive (ODD), or the like is adopted.

  Data created by the application is temporarily stored in the main memory. Since the data stored in the main memory disappears when the computer is turned off, the user saves the data being created in the HDD before stopping the computer. During operation, the processor hangs up (also called freeze or crash) due to hardware or software malfunctions.

  When the processor hangs up, the computer stops operating, and the keyboard and mouse cannot be operated from the outside, and a so-called blue screen is displayed on the display. When the blue screen is displayed, the OS automatically shuts down or restarts the computer. In this specification, shutdown and restart are treated as synonymous in that data in the main memory is lost. Even if the computer does not shut down automatically, the user cannot recover the computer operation except forcibly shutting down by pressing the power button.

  When a shutdown occurs due to such a hang-up, unsaved data stored in the main memory is lost and cannot be recovered. The user can set the application to periodically save it to the HDD to protect the working data stored in the main memory from unintentional shutdown, or he can save the application at any time. is doing.

  Coupled with the recent decline in the price of main memory, the capacity of main memory installed in computers tends to increase. When the capacity of the main memory reaches a certain value determined by the computer architecture related to the bit size and the type of application to be used, it is impossible to expect a significant increase in performance, and an area exceeding the certain value is an excess storage area. It tends to be. There is a method in which an excess storage area of the main memory is virtualized by software and used as a secondary storage device.

  A specific storage area of the virtualized main memory is called a RAM disk area or simply a RAM disk. Since the RAM disk can be accessed at high speed, it is one of the measures for effectively utilizing the capacity of the main memory. The combination of cache memory and SSD can speed up file access, but it requires SSDs with a high bit unit price, or the load on SSDs is concentrated, leading to a decrease in overall performance. The problem remains.

  Patent Document 1 discloses a program that uses, as a RAM disk, an unmanaged area that is an area other than the limited predetermined area in a computer system in which the management area of the main memory managed by the OS is limited to a predetermined area. To do. The program in this document enables the PAE (Physical Address Extension) mode, the RAM disk driver maps the memory area corresponding to the location to be read / written on the disk image into the virtual address space, and the OS passes through the RAM disk driver. Allows access to an OS unmanaged area exceeding 4 GB. Further, this document describes that a data system stored in an unmanaged area is backed up to an external storage device at the timing when the system is shut down, restarted, or hibernated.

  Patent Document 2 discloses an information processing apparatus in which the contents of the RAM disk on the main storage means are not erased even if a failure or unexpected power interruption occurs. When a failure that requires restarting occurs in the information processing apparatus, the failure detection means of the OS detects the failure. If the failure detection means grasps the content of the failure and determines that the information processing apparatus must be restarted, the failure detection means starts the storage means configured by the OS, and the storage means stores the contents of the RAM disk area on the main storage means. Is stored in the RAM disk storage file in the secondary storage device. After the storage unit stores the contents of the RAM disk area on the main storage unit in the RAM disk storage file in the secondary storage device, the information processing apparatus is powered off.

JP 2010-44503 A JP 2003-122647 A

  In order to protect the data stored in the main memory from hang-up, when the application automatically backs up the data in the main memory, the access to the HDD occurs frequently and the work in using the application Sex is reduced. Further, there may be a case where the access to the HDD competes and the performance of the entire computer is lowered. Furthermore, it cannot be applied to an application that does not have an automatic backup function. In addition, when the user performs a save operation as necessary, the user is not saved because the complexity is increased for the user and the data from the previous save timing until the hang-up is not protected. Loss increases as data increments increase. The same is true for automatic backups.

  If the data in the main memory can be surely protected when the computer hangs up, the safety of the work data can be improved and the convenience of the main memory as a RAM disk is improved. However, the computer has various states ranging from a minor abnormality that allows other applications to continue operation only by stopping a process of a specific application to a serious hangup that cannot be dealt with other than by shutting down. In addition, some applications have a function that allows data to be recovered by restarting the application when only that application is stopped, but recovery is possible when the computer is shut down. I can't.

  If even a minor abnormality is backed up in order to operate the computer in a safe direction, the backup operation occurs frequently and the performance of the computer decreases. Therefore, it is desirable to perform the backup process only in the case of an abnormality that identifies an abnormal state and results in a shutdown, but it is not easy for a program constituting the system to detect the abnormality when the computer performs an abnormal operation.

  FIG. 10 is a diagram for explaining the state transition of the computer from when an abnormality occurs in hardware or software to when the computer is shut down. In step 1, the application, OS, device driver, and hardware are all operating normally. In step 2, some abnormality occurs in the computer hardware or software, and in step 3 it proceeds. In some cases, the process returns from step 3 to step 1. In step 4, the CPU finally hangs up, and the computer loses control, and the operation performed through the mouse and keyboard cannot be performed.

  It is usually step 4 that the user recognizes a computer abnormality. However, in the current computer system, when step 4 is reached, the computer automatically shuts down and shuts down, or the user can operate the power button and forcibly shut down to restore control. There is no way to protect the data. Therefore, in order to back up the data stored in the main memory before shutting down, except for a minor abnormality including the case of returning from step 3 to step 1 between step 2 and step 4, It is necessary to accurately detect abnormalities that involve shutdown.

  Furthermore, after detecting an abnormality, it is necessary to finish the backup work before reaching Step 5. In the invention of Patent Document 2, the OS detects a failure of the information processing apparatus and the OS performs backup processing. However, the abnormality requiring the shutdown includes the abnormality of the OS itself. Therefore, the abnormality of the information processing apparatus that is the subject of the invention of Patent Document 2 is limited to the abnormality of elements other than the OS such as hardware and applications, and is caused by the device driver of the OS or HDD. It's not enough as a hang-up measure. In addition, there is a possibility of shutting down between detection of an abnormality and backup processing. The present invention solves such background and problems.

  Accordingly, an object of the present invention is to provide a data protection system for a main memory that can protect data stored in the main memory from hang-up. A further object of the present invention is to provide a data protection system for realizing a highly reliable RAM disk. A further object of the present invention is to provide a computer equipped with such a data protection system, a data backup method, and a computer program.

  The present invention provides a main memory data protection system that allows data stored in main memory to be stored in a non-volatile storage device before shutting down when the computer hangs up. The processor operates in at least the OS execution mode or SMM. The OS execution mode is an operation mode of the processor when the OS operates, and can also be referred to as a protect mode. The nonvolatile storage device may be mounted in the same casing as the computer in which the main memory is mounted or in a different casing.

  A protection area for protecting data is secured in the main memory. In order to easily specify the range of data to be backed up, the protection area can be defined as a dedicated storage area that the OS cannot freely access. The monitoring program performs a predetermined operation unless the computer operating in the OS execution mode is hung up. The predetermined program determines whether or not the monitoring program is performing a predetermined operation after shifting to the SMM. When it is determined that the monitoring program is not performing a predetermined operation, the data stored in the main memory is stored in the nonvolatile storage device while the predetermined program is operating in the SMM.

  With such a configuration, even when the computer hangs up with shutdown in the OS execution mode, a predetermined program executed by the SMM can detect it. In addition, since the processor stops the operation in the OS execution mode when the operation is shifted to the SMM, the shutdown process by the OS is stopped, so that the probability of shutting down before saving in the nonvolatile storage device can be reduced. Therefore, the data stored in the main memory can be surely backed up before the shutdown by performing the saving process after shifting to the SMM.

  Since the BIOS operates independently of the OS and can access the device driver of the non-volatile storage device even if it is hung up, the determination of the operation of the monitoring program and the storage of data are not performed. It is desirable for the BIOS to do this. Further, since the BIOS operates with a single task, the possibility of hang-up is low, so that the reliability of hang-up detection and storage processing is high.

  By periodically transitioning the processor between SMM and OS execution mode, the processor monitors whether or not the SMM periodically hangs up while maintaining the operation in the OS execution mode, and detects a hang-up. Sometimes backup processing can be done. At this time, if the chip set that is hardware performs the system management interrupt (SMI), the SMI can be issued by a method with a low dependency on software, so even if it hangs up, it is high. Probable transition to SMM.

  In order for the predetermined program to determine whether or not the monitoring program is operating normally, it is possible to cause the monitoring program to set a monitoring flag in the OS execution mode. After the predetermined program moves to SMM, it is determined whether or not the monitoring flag is set. When it is determined that the monitoring flag is set, it is determined that the program is not hung up and the monitoring flag is released. The OS execution mode can be changed later. Thereafter, if no hang-up occurs, the monitoring program can set the monitoring flag again.

  When using the protected area as a RAM disk area, restore the image file from the backup area to the protected area when the computer starts up, and save the image file stored in the protected area in response to an operation to shut down the computer. It can be configured to save in a backup area. When the main memory power supply suddenly stops, the RAM disk area is lost except for data backed up in the nonvolatile storage device. When the data protection system of the present invention is mounted on a portable computer having a battery pack as a standard, the power supply of the main memory is hardly suddenly stopped, and this problem does not occur.

  The protected area can also be used as a work area for applications operating in the OS execution mode. The file in this case is stored in a nonvolatile storage device. In such a usage mode, even if a sudden hang-up occurs during important work, data before being stored in the nonvolatile storage device can be recovered. If the protected area is secured in an area that exceeds the logical address space that can be directly addressed by the OS based on the number of bits, the main memory storage area in the address range that cannot be used normally can be used effectively. Can do.

  The monitoring program can be an application that operates in response to an OS service. In this case, since the monitoring program stops the operation with the hang-up of the OS or device driver that operates in the lower layer, many hang-ups or abnormal states corresponding thereto can be detected by monitoring the operation. it can. In addition, since the application can easily monitor the operation state as compared with the system program, it is convenient as a monitoring program.

  It is expected that the processor will not transition to SMM when it hangs up. In this case, the present invention can be configured to forcibly shift to the SMM with an external signal using a controller that is less dependent on software. In addition, if the program is set to stop the function of the OS that automatically shuts down when it hangs up, backup before shutdown can be performed more reliably.

  According to the present invention, it is possible to provide a data protection system for a main memory that can protect data stored in the main memory from hang-up. Further, according to the present invention, a data protection system that realizes a highly reliable RAM disk can be provided. Furthermore, according to the present invention, a computer equipped with such a data protection system, a data backup method, and a computer program can be provided.

It is a functional block diagram which shows the main structures of the computer concerning this Embodiment. It is a figure explaining the protection area formed on the main memory. It is a functional block diagram which shows the structure of a data protection system. It is a figure which shows the data structure of the file loaded into the main memory when booting is completed. It is a flowchart explaining the procedure which protects the data memorize | stored in the main memory from a hang-up. It is a flowchart explaining the procedure which protects the data memorize | stored in the main memory from a hang-up. It is a functional block diagram which shows the structure of another data protection system. It is a flowchart explaining the procedure which protects the data memorize | stored in the main memory from a hang-up. It is a flowchart explaining the procedure which protects the data memorize | stored in the main memory from a hang-up. It is a figure explaining the transition of the state of the computer after an abnormality occurs until it shuts down.

[Computer configuration]
FIG. 1 is a functional block diagram showing a main configuration of a computer 10 according to the present embodiment. Throughout this specification, identical elements are provided with identical reference numbers. The computer 10 can be a portable computer equipped with a battery pack (not shown) and a charger (not shown). The CPU 11 employs an Intel (registered trademark) X86 series architecture and can operate in a protected virtual address mode and SMM. The protected virtual address mode is sometimes simply referred to as protected mode.

  The memory controller hub (MCH) 13 is a memory controller function for controlling an access operation to the main memory 15 and data for absorbing a difference in data transfer speed between the CPU 11 and other devices. A chip set that includes a buffer function. A CPU 11, a main memory 15, a graphic processing unit (GPU) 17, and an I / O controller hub (ICH) 21 are connected to the MCH 13.

  The main memory 15 is a volatile RAM used as an area for reading a program executed by the CPU 11 and a work area for writing processing data. In addition to the general area, the main memory 15 defines an SMRAM area that is an area for loading a code to be executed when the CPU 11 operates in SMM. According to the present invention, a protection area is also defined in the main memory 15 as an area for storing data to be protected from hang-up. An LCD 19 is connected to the GPU 17. The GPU 17 is a dedicated processor for writing an image to the VRAM based on a drawing command received from the CPU 11 and sending image image data to the LCD 19 at a predetermined timing, and is also called a graphics accelerator.

  The ICH 21 is a chip set that processes data transfer related to peripheral input / output devices. The ICH 21 includes ports such as USB (Universal Serial Bus), serial ATA (AT Attachment), SPI (Serial Peripheral Interface) bus, PCI (Peripheral Component Interconnect) bus, PCI-Express bus, and LPC (Low Pin Count). The HDD 23, the USB connector 25, the LPC bus 27, and the like are connected. The ICH 21 includes an SMI register for setting a cause of occurrence of SMI.

  When the CPU 11 executes a program or the hardware mounted on the motherboard generates an event related to temperature or power supply and sets the SMI register, the ICH 21 sends an SMI signal to the SMI pin of the CPU 11 and operates the CPU 11 in SMM. Let The CPU 11 notifies the ICH 21 through the SMIACT pin that the operation in the SMM has started.

  The MCH 13 receives a notification from the ICH 21 that the CPU 11 has shifted to SMM, and controls access to the main memory 15 by hardware to construct an SMM environment. The ICH 21 protects the code loaded in the SMRAM area from being rewritten by the OS or application program while the CPU 11 operates in SMM.

  The HDD 23 is a boot disk and stores a boot image when the computer 10 is started. Devices that do not require high-speed data transfer, such as the embedded controller (EC) 29 and the BIOS_ROM 33, are connected to the LPC bus 27. The EC 29 is a microcomputer that operates independently from the CPU 11 and controls the power supply and temperature of the computer 10. The EC 29 can operate even when the power is supplied by a system different from the CPU 11 and the CPU 11 stops operating in the suspended state or when the CPU 11 hangs up. The EC 29 includes a keyboard controller, and a keyboard 31 is connected thereto.

  The BIOS_ROM 33 is a non-volatile memory in which stored contents can be electrically rewritten, and is a device driver for controlling input / output devices. It conforms to the ACPI (Advanced Configuration and Power Interface) standard and is in the power supply and system chassis. System BIOS that manages the temperature of the computer and access to the hardware, vector table, POST (Power-On Self Test) code that tests and initializes the hardware when the computer 10 starts up, and password authentication This stores the authentication code and so on.

[Protected Area]
FIG. 2 is a diagram for explaining a protection area defined on the main memory. The data stored in the protection area is backed up to the HDD 23 by the method of the present invention when the computer 10 hangs up. The protection area can be configured as the RAM disk area 57 and / or the specific area 59.

  The RAM disk area 57 is configured to be used in a file system similar to that used by the OS using the HDD 23 by a dedicated device driver. The program according to the present invention backs up data stored in the RAM disk area 57 to the HDD 23 when the power of the main memory 15 is stopped, and starts the computer to supply power to the main memory 15. Restore to the RAM disk area 57.

  The specific area 59 is a work area that can be temporarily used by an application to process a necessary file to be protected from the hang-up. The RAM disk area 57 is used to stop and supply power to the main memory 15. Along with that, backup and restore are not performed. Since the data stored in the specific area 59 is lost when the main memory is turned off, the file is stored in the HDD 23 as a permanent storage location.

  2A to 2C show an example of forming a protection area based on a 32-bit architecture. In the 32-bit architecture, the logical address space 51 of the main memory 15 that can be directly addressed by the OS is limited to 4 GB. However, when the physical address space of the main memory 15 exceeds 4 GB, a logical address space 53 that cannot be directly recognized by the OS is generated in the physical address space. FIG. 2A shows an example in which a RAM disk area 57 is provided in the logical address space 53.

  As shown in FIG. 2A, when a protection area is formed in the logical address area 53, PAE which is an OS physical address expansion function is set to enable. PAE is a well-known extension function that extends an address line of a 32-bit architecture to an address line of 36 bits or more. FIG. 2B shows an example in which a RAM disk area 57 is provided in the logical address space 51 that can be directly recognized by the OS. FIG. 2C shows an example in which a specific area is provided in the logical address space 51.

  2D and 2E show an example in which a protection area is formed based on a 64-bit architecture. In the 64-bit architecture, the logical address space of the main memory 15 that can be directly addressed by the OS becomes enormous, so that the OS can actually recognize the physical address space of the main memory 15 of about 8 GB to 128 GB. It has become. 2D and 2E, it is assumed that the logical address space 55 that can be recognized by the OS with respect to the physical address space is not limited.

  2D and 2E show examples in which a RAM disk area 57 or a specific area 59 is provided in the logical address space 55, respectively. In the present invention, the RAM disk area 57 and the specific area 59 can be provided simultaneously. The specific area 59 is formed in the logical address space 51 of the 32-bit architecture or the logical address space 55 of the 64-bit architecture because the application needs to be accessible through the OS.

[Memory data protection system]
FIG. 3 is a functional block diagram showing a configuration of the main memory data protection system 100 according to the present embodiment. The data protection system 100 includes software and hardware installed in the computer 10. The new software is a part of the memory management application 101, the system BIOS 107, and the dedicated driver 113. The memory management application 101 is a program that operates on the OS 105 for performing central processing of the data protection system 100.

  The memory management application 101 performs processing for providing the RAM disk area 57 and / or the specific area 59 in the main memory 15 or providing a backup area in the HDD 23. The memory management application 101 performs a predetermined operation for the system BIOS 107 to monitor that the computer 10 is hung up. In the present embodiment, an operation for setting a monitoring flag can be adopted as the predetermined operation, but other operations or processes that can indicate to the system BIOS 107 whether or not the computer 10 is hung up. May be adopted.

  The document creation application 103 is a program that creates a document using the RAM disk area 57 or the specific area 59. The OS 105 can employ Windows (registered trademark), MAC_OS (registered trademark), or the like. Assume that the OS 105 includes a PAE when a protection area is formed in the logical address area 53 as shown in FIG. The system BIOS 107 includes a new code that secures the protection area of the present invention in the main memory 15 and backs up data in the protection area to the HDD 23 when the computer 10 hangs up. The system BIOS 107 determines that the computer 10 is not hung up when the monitoring flag is set by the memory management application 101, and determines that it is hung up when the monitoring flag is not set.

  The system BIOS 107 uses the INT 13h interrupt or other service routine for accessing the HDD 23 to back up the data stored in the RAM disk area 57 to the HDD 23, reads the data from the HDD 23, and reads the RAM disk area 57. Or restore to

  The device driver 111 is a program that controls the operation of the HDD 23 and controls data transfer between the OS 105 and the HDD 23. The dedicated driver 113 is a program for operating the RAM disk area 57 virtually as a disk drive equivalent to the HDD 23. When the RAM disk area 57 is formed in the logical address space 53, the dedicated driver 113 maps the address of the RAM disk area 57 to the logical address space recognized by the OS. The dedicated driver 113 has a file system equivalent to the file system that the OS 105 manages the HDD 23, and has a new interface that provides services to the OS 105 and the system BIOS 107.

  The ICH 21 includes an SMI register 22 and is connected to the CPU 11 via an SMI pin and an SMIACT pin. The ICH 21 issues an SMI by asserting the SMI pin at a constant cycle such as several milliseconds, independently of the operation of the program executed by the CPU 11. When the ICH 21 issues an SMI, the ICH 21 sets a factor for issuing the SMI in the SMI register 22. When the SMI pin is asserted, the CPU 11 operates in SMM, asserts the SMIACT pin, and notifies the ICH 21.

  The CPU 11 always executes the SMI handler first when shifting to the SMM. The SMI handler refers to the SMI register 22 of the ICH 21 when the SMI is issued, checks the cause of the SMI, and if the SMI handler recognizes that the monitoring work of the monitoring flag by the system BIOS 107 and the backup processing are requested, the system performs control. Move to BIOS107. While the CPU 11 is operating in the SMM, the MCH 13 allows access to the address in the SMRAM area. However, when the CPU 11 is not operating in the SMM, the access to the address in the SMRAM area is to access other addresses in the main memory 15. Process as.

  The EC 29 is connected to the SMI request pin (SMIREQ) of the ICH 21 via a line independent from the LPC bus 27, and the ICH 21 can be requested to issue an SMI by asserting the SMI request pin. If a hardware failure occurs in the CPU 11, even if an SMI is issued, the transition to the SMM cannot be made. However, since the EC 29 processes the input of the keyboard 31 by an operation independent of the CPU 11, an error in the software or ICH 21 occurs. If the SMI cannot be issued in operation, the SMI request pin can be asserted based on input from a dedicated key assigned to the keyboard 31.

[Data structure of main memory]
FIG. 4 is a diagram showing a data structure of a file loaded in the main memory 15 when the computer is turned on and the boot is completed. In the main memory 15, a general area 131, an SMRAM area 135, and an ACPI_NVS area 137 are formed by the POST code 109. The general area 131 is a logical address space that can be accessed by the OS 105, and a RAM disk area 57 is formed therein as shown in FIGS.

  The RAM disk area 57 is a logical address space set by a POST code so that only the system BIOS 107 can access but not the OS 105. The ACPI_NVS area 137 is a logical address space that can be accessed by both the OS 105 and the system BIOS 107. In the ACPI_NVS area 137, a monitoring flag 129 is set by the memory management application 101 in order for the system BIOS 107 to monitor whether or not the computer 10 has hung up.

  The general area 131 is loaded with a program stored in the BIOS_ROM 33, a dedicated driver 113, a POST code 109, a system BIOS 107, a memory management application 101, a document creation application 103, an OS 105, and the like stored in the HDD 23. In the SMRAM area 135, the SMI handler 113 is loaded, and an area called SSM (State Save Map) 127 is secured. The SMM 127 is a storage area for storing contexts such as registers and pointers immediately before the CPU 11 shifts to SMM.

[Procedure for protecting memory data]
FIG. 5 and FIG. 6 are flowcharts for explaining a procedure in which the data protection system 100 protects data stored in the main memory from hang-up. Here, a case where the RAM disk area 57 is formed in the logical address space 51 shown in FIGS. 2B and 2D will be described as an example. However, the RAM disk area 57 is formed in the logical address space 53 shown in FIG. In this case, it can be similarly realized by enabling the PAE of the OS 105. When the computer 10 is powered on in block 201, in block 203, the CPU 11 first accesses a predetermined address in the BIOS_ROM 33, executes the POST code 109, and starts booting.

  The POST code 109 inspects and initializes the registers of the CPU 11, the MCH 13, the main memory 15, and the like. When the main memory 15 becomes available, the program and vector table 121 stored in the BIOS_ROM 33 are shown in FIG. Load into the main memory 15 as shown. At this time, the POST code 109 is a general area 131 that can be accessed by the OS 105 on the main memory 15, a RAM disk area 57 and SMRAM area 137 that can be accessed by the system BIOS 107, and an ACPI_NVS area 137 that can be accessed by the OS 105 and system BIOS 107. Form.

  In block 205, the OS 105 sets E820h in the AX register and issues an INT15h instruction, and recognizes the general area 131 and the ACPI_NVS area 137 accessible by itself and the RAM disk area 57 and SMRAM area 135 that cannot be accessed. At this time, the OS 105 recognizes the start address and size of the RAM disk area 57 and notifies the memory management application 101 of it. In block 207, the memory management application 101 sets parameters in the dedicated driver 113 and initializes them.

  In block 205, a range that can be used as the RAM disk area 57 is set by the system BIOS 107, but in block 207, the memory management application 101 starts and addresses the range that is actually used as the RAM disk area 57 within that range. Set. Then, the memory management application 101 gives a unique drive number to the RAM disk area 57. The document creation application 103 can recognize the RAM disk area 57 to which the drive number is assigned in the same way as a part of the storage area of the HDD 23 and write or read data.

  In block 209, the memory management application 101 secures a backup area in the dedicated storage area of the HDD 23 defined and defined in the master boot record of the HDD 23, and notifies the OS 105 of the backup area. The OS 105 that has received the notification does not access the backup area, so the backup area becomes a dedicated storage area for the RAM disk area 57. The memory management application 101 can also form the backup area in another partition that the OS 105 cannot recognize. Note that once the backup area is set in the master boot record of the HDD 23, the memory management application 101 does not need to be created every time the computer 10 is started.

  In block 211, the memory management application 101 notifies the system BIOS 107 of access information such as the size, start address, and drive number of the RAM disk area 57 of the main memory 15 and the backup area of the HDD 23. In block 213, the system BIOS 213 restores the image file stored in the backup area to the RAM disk area 57. In this way, the complete stored disk image is transferred between the backup area and the RAM disk area 57.

  In block 215, the memory management application 101 sets to stop the automatic restart function by the OS 105 after the blue screen is displayed. With this setting, when the abnormality of the computer 10 is accompanied by a blue screen, it is possible to more reliably prevent a shutdown before the backup process is completed. In block 217, if the monitoring flag 129 is set in the ACPI_NVS area 137, the memory management application 101 cancels it. In the procedure up to this point after booting, the monitoring flag 129 is not set, so this is a precautionary procedure and can be omitted.

  At block 219, all boot files are loaded and the boot is complete. At this time, the CPU 11 is operating in the protect mode. In the protected mode, the OS 105 operates to provide various services to the memory management application 101 and the document creation application 103. Note that the processing from block 207 to block 217 may be performed by starting the memory management application 101 when the document creation application 103 uses the RAM disk area 57 after the boot is completed.

  In block 221, the user executes the document creation application 103 to perform document creation work. The area on the main memory 15 used for work by the document creation application 103 is a part of the general area 113 different from the RAM disk area 113. The area is allocated by the OS 105, but is not protected when the computer 10 hangs up. The document creation application 103 recognizes the RAM disk area 57 as one independent disk drive similar to the HDD 23, reads a file from the RAM disk area 57 to the general area 131 through the OS 105 and the dedicated driver 113, and reads the file to the RAM disk. It can be stored in the area 57.

  While the user is working with the document creation application 103 while automatically or manually saving the file in the general area 113 in the RAM disk area 57, the process proceeds to block 251 in FIG. Block 251 is not a part of the processing procedure executed by the computer 10, but indicates the operating state of the computer 10 inserted to explain the characteristics of data protection according to the present embodiment. A block 251 shows two states of whether or not the memory management application 101 is operating normally.

  The work of the memory management application 101 at this time is to set the monitoring flag 129 in block 253, and that the memory management application 101 operates normally means that the monitoring flag 129 has been set. In order for the memory management application 101 to set the monitoring flag 129, not only does it operate normally, but also the OS 105, device drivers, and hardware that affect the normal operation of the memory management application 101 operate normally. It is assumed that

  When the OS 105 or the device driver operating in the kernel mode hangs up to cause an unhandled exception or a hardware error occurs and the blue screen is displayed on the LCD 19, the computer 10 Stops operating in that state and cannot return to a normal operating state unless it is shut down. When shut down, the data in the RAM disk area 57 that has not been backed up in the HDD 23 is lost.

  When the blue screen is displayed, the memory management application 101 cannot set the monitoring flag 129. The OS 105 displays the blue screen. Therefore, when the device driver hangs up and the OS 105 cannot acquire the control right, the computer 10 or the CPU 11 may stop operating without displaying the blue screen. Also in this case, the memory management application 101 cannot set the monitoring flag 129.

  If the memory management application 101 operates normally, the monitor flag 129 is set in block 253 and the process moves to block 255. If an abnormality has occurred in the hardware or software of the computer 10 that prevents the memory management application 101 from setting the monitoring flag 129, the memory management application 101 proceeds directly to block 255 without setting the monitoring flag 129.

  In block 255, the ICH 21 issues SMI to the CPU 11 periodically with a period of several milliseconds. At this time, the ICH 21 sets a generation factor indicating that the system BIOS 107 performs processing from blocks 261 to 269 in the SMI register 22. If the ICH 21 is already operating in SMM, the issue of the SMI is ignored. In block 255, only the SMI issued when the CPU 11 is operating in the protected mode is executed.

  The SMI is issued by the ICH 21 using a dedicated SMI pin. Therefore, even if the CPU 11 hangs up, the CPU 11 can transition to the SMM with high probability. However, in a special situation where the malfunction of the ICH 21 causes the hang-up, the computer 10 may hang up in a state where the SMI cannot be issued.

  Block 257 is not a part of the processing procedure of the computer 10 but indicates the operating state of the computer 10. Block 257 indicates one of two states: the computer 10 has hung up in a state where it cannot issue an SMI, or otherwise. Other states include a state in which no hang-up has occurred and a state in which the ICH 21 can issue an SMI although it has hung up.

  When the computer 10 hangs up, it may or may not display a blue screen. If the user determines that the computer 10 has hung up based on the blue screen display or the operating state of the computer 10, the process proceeds to block 259 to force a SMI to be issued by pressing a specific key on the keyboard 31. Transition to block 261. However, even if a hang-up occurs, if the backup process is performed in the procedure of blocks 261, 263, and 265 and restarted, the SMI is issued, so the user observes the state after the hang-up for a while. Then, a specific key is pressed.

  The pressing of a specific key is detected by the EC 29 operating independently of the CPU 11, and the EC 29 asserts the SMI request pin of the ICH 21 and requests the SMI to be issued. When the SMI request pin connected to the EC 29 is asserted, the ICH 21 sets a generation factor predetermined by the pin in the SMI register 22 and asserts the SMI pin of the CPU 11. The generation factor of SMI is the same as in block 255.

  If the computer 10 is not hung up at block 257 or is hung up but the ICH 21 can issue an SMI, the process proceeds to block 261. When the SMI pin is asserted in block 255 or block 259, the CPU 11 stores the context, which is the contents of the register or pointer at that time, in the SSM 127 of the main memory 15, and operates in SMM for the ICH 21 through the SMIACT pin. Notify you. When the CPU 11 shifts to SMM, the system BIOS 107 determines whether or not the monitoring flag 129 is set in the ACPI_NVS area 137 in block 261.

  If it is determined that the monitoring flag 129 has not been set, the process proceeds to block 263 where the system BIOS 107 sets a parameter in the register of the CPU 11 and issues INT13h, and the image file stored in the RAM disk area 57 is The data is stored in the backup area of the HDD 23. In block 265, the system BIOS 107 requests the EC 29 to restart the computer 10 and returns to block 203. The user has stopped the automatic restart after the blue screen in block 215, but the computer 10 has automatically restarted after the blue screen has occurred or the computer 10 has stopped operating, so that the RAM disk area 57 Is recognized in the backup area of the HDD 23.

  The system BIOS 107 confirming that the monitoring flag 129 is set in block 261 determines that the computer 10 is operating normally, and proceeds to block 267 to release the monitoring flag 129. In block 269, the system BIOS 107 executes an RSM (Return from System Management instruction) instruction to set the SMI register 22 so that the ICH 21 negates the SMI pin. Subsequently, the system BIOS 107 returns the context stored in the SSM 127 to the CPU 11 and shifts the CPU 11 from the SMM to the protected mode. The CPU 11 that has shifted to the protect mode resumes its operation from the state immediately before operating in the SMM.

  In block 271, when the user gives an instruction to shut down and shut down the computer through the screen of the LCD 19 provided by the OS 105, the process proceeds to block 273. It should be noted that the file image of the main memory 15 is stored in the HDD 23 during hibernation when the power of the main memory 15 is stopped, and the power of the main memory 15 is maintained during suspension. There is no need to move to H.273.

  Receiving the shutdown instruction, the OS 105 requests the EC 29 to issue an SMI through the system BIOS 107. When the EC 29 sets the SMI generation factor in the SMI register 22 of the ICH 21 in the block 273, the ICH 21 issues an SMI at a timing independent of the SMI issued in the block 255, and the CPU 11 shifts to SMM. The system BIOS 107 executed by the CPU 11 while operating in the SMM saves the data stored in the RAM disk area 57 as an image file in the backup area of the HDD 23.

  Thereafter, when the system BIOS 107 notifies the EC 29 of the end of the backup, the EC 29 stops the power supply of the computer 10 at block 275 and shuts down. If the user does not stop the computer 10 in block 271, the process returns to block 221 to continue the work by the document creation application 103. According to the above procedure, when the memory management application 101 cannot set the monitoring flag 129, the backup process is performed regardless of the cause. Therefore, backup is performed even when the memory management application 101 itself is malfunctioning. However, unnecessary backup processing only slightly reduces the performance of the computer, and the data protection system 100 operates in a safe direction.

  When the computer 10 is operating normally, the monitoring flag 129 set by the memory management application 101 during the protect mode at block 253 is cleared by the system BIOS 107 during SMM at block 267 and again at block 253. Set by. When the computer 10 is activated, the monitoring flag 129 can be set at the timing when the memory management application 101 is executed. When the document creation application 101 sets the monitoring flag 129 again through the transition from the block 271 to the block 221, the monitoring flag 129 can be set at the timing when the system BIOS 107 shifts the CPU 11 to the protected mode. Alternatively, the memory management application 101 may periodically write the monitoring flag in the NVS area 137 by the overwrite method, independently of the SMM period of the block 255.

[Reliability of data protection]
The reliability of data protection stored in the RAM disk area 57 by the data protection system 100 implemented in the procedure of FIGS. 5 and 6 will be described. In this embodiment, it is considered that the data protection system 100 fails the backup process before shutdown when the conditions described below are satisfied, and it can be assumed that the probability is low.

  First, if the memory management application 101 malfunctions such that the monitoring flag 129 is erroneously set, and a condition that causes a hang-up that causes a shutdown of the computer 10 overlaps with this, the backup processing of the block 263 is performed. Can not. However, the error that the memory management application 101 sets the monitoring flag 129 when it is hung up is considered to be less than the error that does not set the monitoring flag 129 when it is not hung up. It can be assumed that it is very rare. If the memory management application 101 does not mistakenly set the monitoring flag 129 when it is not hung up, backup processing as an extra operation is performed, so the data protection system 100 according to the present embodiment operates in a safe direction. .

  Next, it can be assumed that the CPU 11 cannot move to the SMM when the monitoring flag 129 is not set because the memory management application 101 does not operate normally. However, if the user hangs up before moving to SMM, the user can forcibly execute SMM in block 259 to perform backup processing. At this time, since the keyboard 31 and the EC 29 operate independently of the CPU 11, in many cases, the CPU 11 is shifted to the SMM if the EC 29 and the ICH 21 operate normally and the SMIREQ line and the SMI line are secured. be able to.

  Further, in block 255, the hardware issues the SMI issuance almost independently of the software, so that the trouble of the SMI issuance caused by the software can be reduced. Therefore, practical causes that cannot be shifted to SMM are limited, such as failure of hardware such as ICH21 or EC29.

  Further, if the computer 10 is shut down before the backup process is completed, the data in the RAM disk area 57 is not protected. First, in the case of an anomaly accompanied by a blue screen display, since the restart is set not to be performed in block 215, the probability of shutting down is low. Further, while the CPU 11 is operating in the SMM, it can be considered that the operation in the protected mode is stopped, so the progress of the state from the occurrence of the hang-up to the shutdown is stopped.

  Therefore, even if the computer 10 hangs up, it is unlikely to shut down before the backup process is completed. As described above, the data protection system 100 can effectively protect the data stored in the RAM disk area 57 from the hang-up of the computer 10 without frequently backing up the data to the HDD 23. As a result, the capacity of the main memory 15 can be used effectively, and a safe and high-speed virtual disk drive can be realized.

Data protection as a temporary work area
In the data protection system 100 of FIG. 3, the data saved in the RAM disk area 57 by the document creation application 103 is protected, but the working data stored in the general area 131 of the main memory 15 is not protected. FIG. 7 is a functional block diagram showing a configuration of a data protection system 300 that protects data in operation. As shown in FIGS. 2C and 2E, the data protection system 300 provides a specific area 59 used as a work area in the logical address spaces 51 and 55 of the main memory 15.

  The method of providing the specific area 59 in the main memory 15 and the method of providing the backup area in the HDD 23 are in accordance with the method of providing the RAM disk area 57 and the method of providing the backup area employed in the data protection system 100. The specific area 59 is a protection area in which data being worked can be saved in the backup area of the HDD 23 before being shut down when the computer 10 hangs up during work.

  7 differs from FIG. 3 in that the functions of the memory management application 301 and the system BIOS 305 are partially different, and an intermediate driver 303 is inserted between the device driver 111 and the OS 105. The backup area of the HDD 23 is preferably an area that the OS 105 can recognize so that the document creation application 103 can easily acquire the backed up file.

  Next, the operation of the protection system 300 will be described with reference to FIGS. From the block 401 to the block 419, the RAM disk area 57 of the block 201 to the block 219 in FIG. Hereinafter, the description will focus on the points different from the procedures in FIGS. During startup, the memory management application 101 passes its own identifier to the device driver 111 so that the device driver 111 can send a message to the memory management application 101.

  In block 403, the POST code 109 forms the specific area 59 in the general area 131 that the OS 105 can recognize. In block 405, the OS 105 sets E820h in the AX register and issues an INT15h instruction to recognize the start address and size of the specific area 59. As a result, the OS 105 can allocate the work area of the document creation application 103 to the specific area 59. In block 409, it is desirable to provide a backup area of the HDD 23 in an area accessible by the OS 105 so that the document creation application 103 can easily retrieve the backed up data.

  In FIG. 9, there is no procedure corresponding to block 213. The specific area 59 does not permanently store data as a virtual disk drive like the RAM disk area 57, and is equivalent to the general area of the main memory 15 in that the permanent storage destination is the HDD 23. . Therefore, the file stored in the HDD 23 is not the backup but the main file. In block 421, the user executes the document creation application 103 to create a new file in the HDD 23, or an API function for reading out a file already stored in the HDD 23 for editing to the main memory 15. call.

  In block 423, the intermediate driver 303 hooks an API function that the document creation application 103 accesses to create or edit a file in the HDD 23, temporarily stores it in a queue, and notifies the memory management application 301. The memory management application 301 displays a pop-up window on the LCD 19 and receives an instruction from the user as to whether or not to use the specific area 59. If the user instructs not to use the specific area 59, the process proceeds to block 425, and the intermediate driver 111 passes the API function stored in the queue to the device driver 111. Then, the document creation application 103 creates or edits a file using the general area 131 other than the specific area as a work area.

  When the user gives an instruction to use the specific area 59 in block 423, the process proceeds to block 427. When receiving an instruction to use the specific area 59, the memory management application 301 notifies the OS 105. The OS 105 that has received the notification sets the work area of the memory management application 301 in the specific area 59 thereafter. Note that the user can set in advance whether or not to use the specific area 59 in the memory management application, and the user's instruction in block 423 can be omitted. In block 427, the user creates or edits a file using the specific area 59 as a work area.

  The procedure from block 451 to block 469 is the same as the procedure from block 251 to block 269. In block 471, when the user performs a save operation on the document creation application 103 to save a file created or edited by the user, the document creation application 103 calls an API function. In block 473, the intermediate driver 303 passes the API function to the device driver 111, and the file is stored in a general area different from the backup area of the HDD 23.

  If the user does not perform a save operation, the process returns to block 421 to continue editing the file. When the user hangs up during the work, the data stored in the specific area 59 is stored in the backup area of the HDD 23 in block 463. The data saved in the backup area can be acquired by the document creation application 103 accessing the HDD 23 after restarting.

  Although the present invention has been described with the specific embodiments shown in the drawings, the present invention is not limited to the embodiments shown in the drawings, and is known so far as long as the effects of the present invention are achieved. It goes without saying that any configuration can be adopted.

10. Computer 100, 300 ... Data protection system

Claims (20)

A computer with a processor capable of operating in operating system execution mode or system management mode,
Securing a protection area in the main memory; and
The monitoring program performing a predetermined operation in the operating system execution mode;
Transitioning to the system management mode and determining whether the monitoring program is performing a predetermined operation; and
Storing the data stored in the protected area in a nonvolatile storage device while operating in the system management mode when it is determined that the monitoring program is not performing a predetermined operation. A computer program that executes processing.   The computer program according to claim 1, wherein the BIOS executes the determining step and the storing step.   The computer program according to claim 1 or 2, wherein a processor has a step of periodically transitioning between the system management mode and the operating system execution mode. The step of performing the predetermined operation includes the step of the monitoring program setting a monitoring flag,
The step of determining comprises:
Determining whether the monitoring flag is set;
Releasing the monitoring flag when it is determined that the monitoring flag is set;
The computer program according to any one of claims 1 to 3, further comprising a step of transitioning to the operating system execution mode after releasing the monitoring flag.   The computer program according to claim 1, wherein the protection area is a RAM disk area. Restoring the image file from the non-volatile storage device to the protected area upon startup of the computer;
The computer program according to claim 5, further comprising: saving an image file stored in the protected area in the nonvolatile storage device in response to an operation of shutting down the computer.   7. The computer program according to claim 1, wherein the protection area is a work area of an application program that operates in the operating system execution mode.   8. The computer program according to claim 1, wherein the step of securing includes the step of securing the protection area in an area exceeding a logical address space that can be directly addressed by an operating system.   The computer program according to any one of claims 1 to 8, wherein the monitoring program is an application program that operates in response to an operating system service. A main memory data protection system that can be installed in a computer.
A processor capable of operating in operating system execution mode or system management mode; and
A main memory with a protected area, and
A non-volatile storage device;
A monitoring means for monitoring a monitoring program that performs a predetermined operation in the operating system execution mode by shifting to the system management mode;
Data protection comprising backup means for saving data stored in the protection area in the system management mode to the nonvolatile storage device when it is determined that the monitoring program is not performing a predetermined operation system.   The data protection system according to claim 10, wherein the monitoring unit and the backup unit are configured by the processor that executes BIOS.   11. A chip set that periodically executes system management interrupts to the processor to cause the processor to transition between the operating system execution mode and the system management mode. 11. The data protection system according to 11.   The predetermined operation of the monitoring program is an operation of setting a monitoring flag, and the monitoring unit determines whether or not the monitoring program sets a monitoring flag, and determines that the monitoring flag is set 13. The data protection system according to claim 10, wherein the processor is shifted to the operating system execution mode after releasing the monitoring flag.   The data protection system according to any one of claims 10 to 13, further comprising a controller that receives a signal from the outside when the processor hangs up and causes the processor to transition to the system management mode.   The data protection system according to any one of claims 11 to 14, wherein the protection area is a RAM disk area in which an image file is restored from the nonvolatile storage device when the computer is started.   The data protection system according to claim 11, wherein the backup unit stores the data in a storage area of the nonvolatile storage device that cannot be recognized by an operating system.   A computer comprising the data protection system according to any one of claims 11 to 16. A method in which a computer equipped with a processor capable of operating in an operating system execution mode or a system management mode backs up data stored in a main memory to a nonvolatile storage device,
A monitoring program performing a predetermined operation in the operating system execution mode;
Transitioning to the system management mode and determining whether the monitoring program is performing a predetermined operation; and
Storing data stored in the main memory in the nonvolatile storage device while operating in the system management mode when it is determined that the monitoring program is not performing a predetermined operation; Having a method. The step of performing the predetermined operation includes the step of setting a monitoring flag;
19. The method according to claim 18, further comprising the step of releasing the monitoring flag and transitioning to the operating system execution mode when it is determined that the monitoring flag is set in the system management mode. 20. The method of claim 19, comprising setting the monitoring flag in response to transitioning to the operating system execution mode.

Images