WO2012032829A1 - 異常検査装置、中央処理演算装置、及び異常検査方法 - Google Patents
異常検査装置、中央処理演算装置、及び異常検査方法 Download PDFInfo
- Publication number
- WO2012032829A1 WO2012032829A1 PCT/JP2011/064116 JP2011064116W WO2012032829A1 WO 2012032829 A1 WO2012032829 A1 WO 2012032829A1 JP 2011064116 W JP2011064116 W JP 2011064116W WO 2012032829 A1 WO2012032829 A1 WO 2012032829A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signal
- memory
- address
- input
- management device
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/26—Functional testing
- G06F11/261—Functional testing by simulating additional hardware, e.g. fault simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/26—Functional testing
- G06F11/273—Tester hardware, i.e. output processing circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2205—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested
- G06F11/2215—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested to test error correction or detection circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
Definitions
- the present invention relates to an abnormality inspection apparatus, a central processing unit, and an abnormality inspection method.
- a virtual address is used for a CPU (Central Processing Unit) to access physical memory divided into page units (for example, every few kilobytes) such as RAM (Random Access Memory). is there.
- a virtual address is an address of a virtual memory in which a discontinuous physical memory area is virtually continuous, and is different from a physical address. Therefore, when the CPU uses a virtual address, a memory management unit (hereinafter referred to as “MMU”) enables the CPU to access the physical memory by converting the virtual address into a physical address. .
- MMU memory management unit
- the MMU reads (loads) a page table, which is a translation table for translating physical addresses into virtual addresses, from a RAM into a page index buffer (hereinafter referred to as “TLB”).
- a virtual address requested to be accessed from the CPU is converted into a physical address using a table.
- the page table is provided with a memory page entry for accessing each memory page of the physical memory 50.
- Each memory page entry includes a virtual address and a physical address of the corresponding memory page. Is described. Necessary memory page entries are read from the page table information stored in the physical memory 50 and stored in the TLB 54 provided in the MMU 52.
- the MMU 52 when a virtual address corresponding to a nonexistent physical address is input from the CPU 56 shown in the schematic diagram of FIG. 4 to the MMU 52, the MMU 52 notifies the CPU exception (page fault) which is a signal indicating unauthorized access. Is output to the CPU 56. However, if the MMU 52 does not output a CPU exception notification due to a failure of the MMU 52 despite unauthorized access, the CPU 56 is stopped (hanged up), runaway, or output to another connected device. There is a possibility that the operation of the CPU 56 becomes abnormal, such as a sudden change in value.
- the present invention has been made in view of such circumstances, and an abnormality inspection device capable of inspecting whether or not an abnormality in which unauthorized access cannot be detected has occurred in the memory management device while executing another program
- An object is to provide a central processing unit and an abnormality inspection method.
- the abnormality inspection apparatus converts a physical address, which is an address of a physical memory, and a virtual address, which is an address of a virtual memory, into the physical memory using the physical address converted from the virtual address. Is connected to a memory management device that outputs a first signal indicating unauthorized access, and the virtual address is output to the memory management device, and the first signal can be input.
- An abnormality inspection device provided in a central processing unit that stops a program being executed when the first signal is input, wherein an operation mode of the central processing unit is changed from the memory management unit to the first Change means for changing to a test mode in which a running program is not stopped even when a signal is output; And the output means for outputting the second signal for causing the memory management device to output the first signal to the memory management device, and after the second signal is output to the memory management device by the output means, Detecting means for detecting presence or absence of input of the first signal.
- the abnormality inspection device is provided in the central processing unit connected to the memory management device.
- the memory management device converts the physical address that is the address of the physical memory and the virtual address that is the address of the virtual memory, and if the physical memory cannot be accessed with the physical address converted from the virtual address, it is an unauthorized access. A first signal indicating this is output.
- the physical memory is, for example, a RAM or the like, and the virtual memory is a memory in which discontinuous physical memory areas are virtually continuous.
- the central processing unit outputs the virtual address to the memory management device, and the first signal can be input. When the first signal is input, the central processing unit stops the program being executed.
- the operation mode of the central processing unit is changed by the changing means to a test mode in which the program being executed is not stopped even when the first signal is output from the memory management device.
- the output means outputs a second signal for causing the memory management device to output the first signal to the memory management device. That is, the second signal is a signal for performing unauthorized access to the physical memory.
- the detection unit detects whether the first signal is input.
- the second signal for performing unauthorized access to the physical memory is output, and the first signal indicating that unauthorized access has been performed is input. Since the presence / absence is detected, it is possible to check whether an abnormality in which unauthorized access cannot be detected has occurred in the memory management device while another program is being executed.
- the changing unit cancels the test mode when the first signal is input in the test mode, and the detecting unit releases the test mode when the test mode is canceled. It is preferable to detect that one signal has been input.
- the test mode when the first signal is input in the test mode, the test mode is canceled by the changing unit, and when the test mode is canceled, the first signal is input by the detecting unit. Is detected.
- the test mode when the first signal is input in the test mode, the test mode is first canceled, so that it is possible to prevent the period during which the operation mode is the test mode from being unnecessarily long.
- the physical memory is accessed for the second signal, a signal indicating a virtual address not existing in the virtual memory, a signal indicating a physical address not existing in the physical memory, or the virtual address. It is preferable to use a signal for performing an access that violates the memory protection attribute set in the memory page entry.
- the second signal is a signal indicating a virtual address that does not exist in the virtual memory, a signal indicating a physical address that does not exist in the physical memory, or a signal for performing an access that violates the memory protection attribute.
- a signal for illegally accessing the physical memory can be generated.
- a central processing arithmetic device is a central processing arithmetic device including the abnormality inspection device described above, wherein the detection means included in the abnormality inspection device causes the first from the memory management device. When it is detected that one signal is not input, the program being executed is stopped.
- the central processing unit includes the abnormality inspection device described above. Then, the central processing unit stops the program being executed when the detection means provided in the abnormality inspection device detects that the first signal from the memory management device is not input.
- the case where there is no input of the first signal is a case where a failure that cannot detect unauthorized access by the central processing unit occurs in the memory management device.
- the central processing unit stops, runs away, or is output to another connected device.
- the operation of the central processing unit becomes abnormal, such as a sudden change in value. Therefore, according to the present invention, when the operation mode is the test mode and it is detected that the first signal is not input, the program being executed is stopped, so that the operation is prevented from becoming abnormal. Can do.
- a physical address that is an address of a physical memory and a virtual address that is an address of a virtual memory are converted, and the physical address converted from the virtual address is transferred to the physical memory.
- An abnormality inspection method provided in a central processing unit for stopping a program being executed when the first signal is input, wherein an operation mode of the central processing unit is changed from the memory management unit to the first
- a third step of detecting the presence or absence of signal input
- the second signal for performing unauthorized access to the physical memory is output, and the first signal indicating that unauthorized access has been performed Since the presence / absence of input is detected, it is possible to check whether or not an abnormality in which unauthorized access cannot be detected has occurred in the memory management device while another program is being executed.
- FIG. 1 is a block diagram showing an electrical configuration of the information processing apparatus 10 according to the present embodiment.
- the information processing apparatus 10 stores in advance a CPU 12 that controls the overall operation of the information processing apparatus 10, a RAM 14 that is a physical memory used as a work area when the CPU 12 executes various programs, various programs, various information (data), and the like.
- a ROM (Read Only Memory) 16 and an HDD (Hard Disk Drive) 18 as storage means for storing various programs and various information are provided.
- the storage means is not limited to the HDD 18, and other storage means may be used as long as it can store data, such as a flash ROM.
- the CPU 12 includes a program execution unit 22 for executing a program, and an exception processing unit 24 for performing a stop process of the program being executed when a CPU exception notification is input.
- the CPU 12 also connects the internal bus 40 to the MMU 20 that converts a virtual address output from the CPU 12 into a physical address based on a conversion table (hereinafter referred to as “page table”) for converting a virtual address and a physical address.
- page table includes memory page entries (memory page # 1 entry to memory page) provided for each page of the RAM 14, which is physical memory (memory pages # 1 to #N (N is an integer)). #N entries) are included.
- the memory page entry includes the virtual address and physical address of the corresponding memory page, “read”, “write”, “execute”, and “super user mode” that accepts only access by users having all rights. The memory protection attribute to be indicated is described.
- the MMU 20 includes a TLB 26, an address conversion unit 28, and a memory protection unit 30.
- the TLB 26 stores page table information indicating a page table. More specifically, the TLB 26 reads a memory page entry required according to a program executed by the CPU 12 from the page table information stored in the RAM 14 and stores it.
- the address conversion unit 28 performs a conversion process between a virtual address and a physical address using the page table information read into the TLB 26.
- the memory protection unit 30 detects the presence or absence of unauthorized access that cannot access the physical memory at the physical address converted from the virtual address by the address conversion unit 28. Is output to the CPU 12.
- the page table information is stored in the HDD 18 in advance, and is transmitted from the HDD 18 to the RAM 14 and stored when the operation of the information processing apparatus 10 is started.
- the page table information stored in the RAM 14 is read into the TLB 26 in accordance with a program executed by the CPU 12.
- the information processing apparatus 10 includes a keyboard and a mouse, and includes an operation input unit 32 that receives input of various operations, for example, an image display unit 34 such as a liquid crystal display device.
- the operation input unit 32 is not limited to a keyboard and a mouse, and may be another input device such as a push button that accepts an operation input to the information processing apparatus 10.
- the image display unit 34 is not limited to a liquid crystal display or the like, and may be another display device as long as it can notify a user who uses the information processing device 10 such as an LED (Light Emitting Diode). Good.
- the information processing apparatus 10 is connected to an external apparatus such as another information processing apparatus or another apparatus controlled by the information processing apparatus 10 via the communication line 36, and inputs / outputs various information to / from the external apparatus.
- An input / output processing unit 38 is provided.
- the communication line 36 is a wide area communication line provided by an electric power company, a local communication network such as a LAN (Local Area Network), or an external path, and may be a wired line or a wireless line.
- LAN Local Area Network
- the MMU 20, RAM 14, ROM 16, HDD 18, operation input unit 32, image display unit 34, and input / output processing unit 38 are electrically connected to each other via an internal bus 40. Therefore, the CPU 12 accesses the RAM 14, ROM 16, and HDD 18 through the MMU 20, grasps the operation state of the operation input unit 32, displays an image on the image display unit 34, and an external device through the input / output processing unit 38. Various kinds of information can be transmitted and received.
- the MMU 20 when a virtual address corresponding to a nonexistent physical address is input from the CPU 12 to the MMU 20, the MMU 20 outputs a CPU exception notification to the CPU 12.
- the MMU 20 does not output a CPU exception notification due to a failure of the MMU 20 despite the occurrence of unauthorized access, the CPU 12 stops, runs away, or the output value suddenly changes to another connected device. The operation of the CPU 12 may become abnormal. Therefore, the information processing apparatus 10 according to the present embodiment executes an abnormality inspection process for inspecting whether or not an abnormality that cannot detect unauthorized access has occurred in the memory management apparatus while another program is being executed.
- FIG. 3 is a flowchart showing a flow of processing of an abnormality inspection program executed by the CPU 12 when an instruction for executing abnormality inspection processing is input via the operation input unit 32.
- the program is stored in a predetermined area of the HDD 18. Stored in advance.
- an execution instruction for abnormality inspection processing is input to the RAM 14, an abnormality inspection program is transmitted and stored from the HDD 14.
- the page table information corresponding to the abnormality inspection program is read into the TLB 26 when the operation of the abnormality inspection program starts.
- step 100 the operation mode is changed to the test mode.
- the test mode is an operation mode in which the CPU 12 does not stop the program being executed even when the CPU exception notification is output from the MMU 20 and input to the CPU 12.
- the CPU 12 sets a flag indicating that the operation mode is the test mode.
- unauthorized access to the RAM 14, which is a physical memory is executed.
- the CPU 12 performs physical processing on an address signal indicating a virtual address that does not exist in the virtual memory in order to execute unauthorized access, an address signal indicating a virtual address corresponding to a physical address that does not exist in the RAM 14, or a virtual address.
- An access signal for performing an access that violates the memory protection attribute set in the memory page entry for accessing the memory is output to the MMU 20.
- the access signal for performing an access that violates the memory protection attribute is, for example, a signal for writing to a virtual address of a memory page that does not have a write attribute, or a virtual address of a memory page that does not have an execution attribute.
- the MMU 20 converts the virtual address into a physical address based on the page table information read into the TLB 26. However, since the input address signal causes unauthorized access, the MMU 20 in which no abnormality has occurred outputs a CPU exception notification to the CPU 12.
- step 104 it is determined whether or not a CPU exception notification is input within a predetermined time. If the determination is affirmative, the process proceeds to step 106. If the determination is negative, the process proceeds to step 108. .
- step 106 the test mode is canceled.
- the operation mode of the CPU 12 is changed to a normal operation mode in which the program being executed by the CPU 12 is stopped when a CPU exception notification is input.
- the CPU 12 according to the present embodiment cancels the test mode and cancels the flag indicating that the operation mode is the test mode.
- step 108 it is determined whether or not the test mode has been canceled. If the determination is affirmative, the program is terminated. If the determination is negative, the process proceeds to step 110.
- the CPU 12 makes a positive determination when the flag indicating that the operation mode is the test mode is set, and sets a negative determination when the flag is not set. That is, when the test mode is canceled, the MMU 20 outputs a CPU exception notification to the CPU 12. On the other hand, when the test mode is not canceled, the MMU 20 does not output a CPU exception notification to the CPU 12, which indicates that an abnormality in which unauthorized access cannot be detected has occurred in the MMU 20.
- step 110 it is determined whether or not there is a program being executed. If the determination is affirmative, the process proceeds to step 112. If the determination is negative, the process proceeds to step 114.
- step 112 the program being executed by the program execution unit 22 is stopped.
- step 114 an abnormality that cannot detect unauthorized access occurs in the MMU 20, and when the program being executed is stopped, the name of the stopped program is displayed on the screen of the image display unit 34. After performing the notifying process for notifying, this program is terminated.
- the CPU 12 changes the operation mode to the test mode in which the running program is not stopped even when the CPU exception notification is output from the MMU 20, and then the CPU 12 A signal for outputting a notification signal is output to the MMU 20 to detect whether a CPU exception notification is input from the MMU 20.
- the CPU 12 according to the present embodiment can check whether an abnormality that cannot detect unauthorized access has occurred in the MMU 20 while another program is being executed.
- the CPU 12 when the CPU exception notification is input in the test mode, the CPU 12 according to the present embodiment detects that the CPU exception notification is input by canceling the test mode and canceling the test mode. It can be suppressed that the period during which the operation mode is the test mode is longer than necessary.
- the CPU 12 uses a signal for causing the MMU 20 to output a CPU exception notification signal as a signal indicating a virtual address not existing in the virtual memory, a signal indicating a physical address not existing in the physical memory, or a virtual address.
- a signal for performing an access that violates the memory protection attribute set in the memory page entry for accessing the physical memory can be easily generated.
- the CPU 12 stops the program being executed when it is detected that the operation mode is the test mode and no CPU exception notification is input, so that the operation becomes abnormal. Can be prevented.
- the present invention is not limited to this, and the CPU exception notification itself is displayed. It may be configured to detect that a CPU exception notification has been output from the MMU 20 by detecting it.
- the physical memory is the RAM 14
- the present invention is not limited to this, and the physical memory may be the RAM 14 and the HDD 18.
- the present invention is not limited to this, and for example, a printing device is connected to the input / output processing unit 28.
- the printing device may be notified by forming a sentence describing the notification contents on a paper medium or the like as an image, or may be notified as sound by a speaker (not shown).
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
- Techniques For Improving Reliability Of Storages (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- For Increasing The Reliability Of Semiconductor Memories (AREA)
Abstract
Description
ページテーブルは、図4の模式図に示すように、物理メモリ50のメモリページ毎にアクセスするためのメモリページエントリが設けられ、各メモリページエントリには、対応するメモリページの仮想アドレス及び物理アドレスが記述されている。MMU52に設けられたTLB54には、物理メモリ50に記憶されているページテーブル情報から必要なモリページエントリが読み込まれ、記憶される。
メモリ管理装置は、物理メモリのアドレスである物理アドレスと仮想メモリのアドレスである仮想アドレスとを変換し、仮想アドレスから変換された物理アドレスで物理メモリへのアクセスができない場合に、不正アクセスであることを示す第1信号を出力する。なお、物理メモリとは、例えばRAM等であり、仮想メモリとは、不連続な物理メモリの領域を仮想的に連続としたメモリである。そして、中央処理演算装置は、仮想アドレスをメモリ管理装置へ出力すると共に、第1信号が入力可能とされ、第1信号が入力された場合に、実行中のプログラムを停止させる。
動作モードがテストモードに変更された後、出力手段によって、メモリ管理装置に第1信号を出力させるための第2信号が、メモリ管理装置へ出力される。すなわち、第2信号とは、物理メモリに不正アクセスを行うための信号である。
そして、第2信号がメモリ管理装置へ出力された後に、検出手段によって、第1信号の入力の有無が検出される。
このように、テストモードにおいて第1信号が入力されると、まずテストモードを解除するので、動作モードがテストモードとなっている期間を必要以上に長くすることを抑制することができる。
第1信号の入力が無い場合とは、すなわち、中央処理演算装置による不正アクセスを検知できない故障がメモリ管理装置に発生している場合である。このような場合に、中央処理演算装置が、プログラムを実行し続け、不正アクセスを実行してしまった場合には、中央処理演算装置の停止、暴走、又は接続されている他の装置への出力値の突変等、中央処理演算装置の動作が異常となる可能性がある。
そのため、本発明は、動作モードがテストモードの場合であって、第1信号の入力が無いことが検出された場合に、実行中のプログラムを停止させるので、動作が異常となること防止することができる。
図1は、本実施形態に係る情報処理装置10の電気的構成を示すブロック図である。
情報処理装置10は、情報処理装置10全体の動作を司るCPU12、CPU12による各種プログラムの実行時のワークエリア等として用いられる物理メモリであるRAM14、各種プログラムや各種情報(データ)等が予め記憶されたROM(Read Only Memory)16、各種プログラム及び各種情報を記憶する記憶手段としてのHDD(Hard Disk Drive)18を備えている。なお、記憶手段としては、HDD18に限らず、フラッシュROM等、データを記憶できるものであれば他の記憶手段を用いてもよい。
ページテーブルは、図2に示すように、物理メモリであるRAM14のページ単位毎(メモリページ♯1~♯N(Nは整数))に設けられたメモリページエントリ(メモリページ♯1エントリ~メモリページ♯Nエントリ)を複数含んでいる。なお、メモリページエントリは、対応するメモリページの仮想アドレス、物理アドレス、並びに「読み」、「書き」、「実行」、及び全ての権限を持つユーザのアクセスのみを受け付ける「スーパーユーザモード」等を示すメモリ保護属性が記述されている。
TLB26は、ページテーブルを示すページテーブル情報を記憶する。より具体的には、TLB26は、RAM14に記憶されているページテーブル情報からCPU12で実行されるプログラムに応じて必要とされるメモリページエントリを読み込み、記憶する。
アドレス変換部28は、TLB26に読み込まれたページテーブル情報を用いて仮想アドレスと物理アドレスとの変換処理を行う。
メモリ保護部30は、アドレス変換部28によって仮想アドレスから変換された物理アドレスでは、物理メモリにアクセスできない不正アクセスの有無を検出し、不正アクセスを検出した場合に、不正アクセスであることを示す信号であるCPU例外通知をCPU12へ出力する。
さらに、情報処理装置10は、通信回線36を介して他の情報処理装置や、情報処理装置10によって制御される他の装置等の外部装置と接続され、該外部装置との各種情報の入出力を行う入出力処理部38を備えている。
なお、通信回線36は、電気事業者によって提供される広域通信回線又はLAN(Local Area Network)等の構内通信網、又は外部パス等であり、有線回線又は無線回線の何れであってもよい。
そこで、本実施形態に係る情報処理装置10は、不正アクセスを検知できない異常がメモリ管理装置に発生しているか否かを、他のプログラムを実行したままで検査する異常検査処理を実行する。
本ステップにおいて、CPU12は、不正アクセスを実行するために仮想メモリに存在しない仮想アドレスを示すアドレス信号、RAM14に存在しない物理アドレスに対応する仮想アドレスを示すアドレス信号、又は仮想アドレスに対して、物理メモリにアクセスするためのメモリページエントリに設定したメモリ保護属性に違反するアクセスを行うためのアクセス信号をMMU20に出力する。
なお、メモリ保護属性に違反するアクセスを行うためのアクセス信号とは、例えば、書き込み属性を有しないメモリページの仮想アドレスに書き込みを行うための信号、実行属性を有しないメモリページの仮想アドレスを実行する(仮想アドレスから命令コードをフェッチする)ための信号、又はスーパーユーザモード属性を有しないメモリページの仮想アドレスに一般ユーザモードでアクセスする信号等である。
MMU20は、上記アドレス信号が入力されると、TLB26に読み込まれているページテーブル情報に基づいて、仮想アドレスを物理アドレスに変換する。しかし、入力されたアドレス信号では、不正アクセスとなってしまうため、異常が生じていないMMU20は、CPU例外通知をCPU12へ出力する。
すなわち、テストモードが解除されている場合は、MMU20がCPU12に対してCPU例外通知を出力した場合である。一方、テストモードが解除されていない場合は、MMU20がCPU12に対してCPU例外通知を出力していない場合であり、MMU20に不正アクセスを検知できない異常が生じていることを示している。
これにより、本実施形態に係るCPU12は、不正アクセスを検知できない異常がMMU20に発生しているか否かを、他のプログラムを実行したままで検査できる。
12 CPU
14 RAM
20 MMU
24 例外処理部
Claims (5)
- 物理メモリのアドレスである物理アドレスと仮想メモリのアドレスである仮想アドレスとを変換し、前記仮想アドレスから変換された前記物理アドレスで前記物理メモリへのアクセスができない場合に、不正アクセスであることを示す第1信号を出力するメモリ管理装置に接続され、前記仮想アドレスを前記メモリ管理装置へ出力すると共に、前記第1信号が入力可能とされ、前記第1信号が入力された場合に、実行中のプログラムを停止させる中央処理演算装置に設けられる異常検査装置であって、
前記中央処理演算装置の動作モードを、前記メモリ管理装置から前記第1信号が出力された場合であっても実行中のプログラムを停止させないテストモードに変更する変更手段と、
前記テストモードにおいて、前記メモリ管理装置に前記第1信号を出力させるための第2信号を前記メモリ管理装置へ出力する出力手段と、
前記出力手段によって前記第2信号が前記メモリ管理装置へ出力された後に、前記第1信号の入力の有無を検出する検出手段と、
を備えた異常検査装置。 - 前記変更手段は、前記テストモードにおいて前記第1信号が入力された場合に、前記テストモードを解除し、
前記検出手段は、前記テストモードが解除された場合に、前記第1信号が入力されたことを検出する請求項1記載の異常検査装置。 - 前記第2信号は、前記仮想メモリに存在しない仮想アドレスを示す信号、前記物理メモリに存在しない物理アドレスを示す信号、又は前記仮想アドレスに対して、前記物理メモリにアクセスするためのメモリページエントリに設定したメモリ保護属性に違反するアクセスを行うための信号である請求項1又は請求項2記載の異常検査装置。
- 請求項1から請求項3の何れか1項に記載の異常検査装置を備えた中央処理演算装置であって、
前記異常検査装置が備える前記検出手段によって、前記メモリ管理装置からの前記第1信号の入力が無いことが検出された場合に、実行中のプログラムを停止させる中央処理演算装置。 - 物理メモリのアドレスである物理アドレスと仮想メモリのアドレスである仮想アドレスとを変換し、前記仮想アドレスから変換された前記物理アドレスで前記物理メモリへのアクセスができない場合に、不正アクセスであることを示す第1信号を出力するメモリ管理装置に接続され、前記仮想アドレスを前記メモリ管理装置へ出力すると共に、前記第1信号が入力可能とされ、前記第1信号が入力された場合に、実行中のプログラムを停止させる中央処理演算装置に設けられる異常検査方法であって、
前記中央処理演算装置の動作モードを、前記メモリ管理装置から前記第1信号が出力された場合であっても実行中のプログラムを停止させないテストモードに変更する第1工程と、
前記テストモードにおいて、前記メモリ管理装置に前記第1信号を出力させるための第2信号を前記メモリ管理装置へ出力する第2工程と、
前記第2信号が前記メモリ管理装置へ出力された後に、前記第1信号の入力の有無を検出する第3工程と、
を含む異常検査方法。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11823308.9A EP2615551B1 (en) | 2010-09-08 | 2011-06-21 | Abnormality inspection device, central processing unit, and abnormality inspection method |
CN201180031495.9A CN103069393B (zh) | 2010-09-08 | 2011-06-21 | 中央处理运算装置以及异常检查方法 |
ES11823308T ES2745120T3 (es) | 2010-09-08 | 2011-06-21 | Dispositivo de inspección de anomalías, unidad central de procesamiento y método de inspección de anomalías |
KR1020127033489A KR101453184B1 (ko) | 2010-09-08 | 2011-06-21 | 중앙 처리 연산 장치 및 이상 검사 방법 |
US13/806,883 US8966320B2 (en) | 2010-09-08 | 2011-06-21 | Fault inspection unit, central processing unit, and fault inspection method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010201045A JP5473841B2 (ja) | 2010-09-08 | 2010-09-08 | 中央処理演算装置、及び異常検査方法 |
JP2010-201045 | 2010-09-08 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012032829A1 true WO2012032829A1 (ja) | 2012-03-15 |
Family
ID=45810434
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/064116 WO2012032829A1 (ja) | 2010-09-08 | 2011-06-21 | 異常検査装置、中央処理演算装置、及び異常検査方法 |
Country Status (7)
Country | Link |
---|---|
US (1) | US8966320B2 (ja) |
EP (1) | EP2615551B1 (ja) |
JP (1) | JP5473841B2 (ja) |
KR (1) | KR101453184B1 (ja) |
CN (1) | CN103069393B (ja) |
ES (1) | ES2745120T3 (ja) |
WO (1) | WO2012032829A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013022166B4 (de) | 2013-03-14 | 2024-04-25 | Nvidia Corporation | Seitenzustandsverzeichnis zur verwaltung eines vereinheitlichten virtuellen speichers |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6194764B2 (ja) * | 2013-11-08 | 2017-09-13 | 富士通株式会社 | 情報処理装置、制御方法、および制御プログラム |
CN106294089A (zh) * | 2015-06-23 | 2017-01-04 | 阿里巴巴集团控股有限公司 | 辅助对被监控内存空间的访问监控的方法和装置 |
US9921897B2 (en) * | 2016-01-06 | 2018-03-20 | International Business Machines Corporation | Testing a non-core MMU |
EP3249541B1 (en) * | 2016-05-27 | 2020-07-08 | NXP USA, Inc. | A data processor |
US10114768B2 (en) * | 2016-08-29 | 2018-10-30 | Intel Corporation | Enhance memory access permission based on per-page current privilege level |
US10713177B2 (en) | 2016-09-09 | 2020-07-14 | Intel Corporation | Defining virtualized page attributes based on guest page attributes |
JP6771443B2 (ja) * | 2017-09-21 | 2020-10-21 | 株式会社東芝 | 演算処理装置およびその方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08137824A (ja) * | 1994-11-15 | 1996-05-31 | Mitsubishi Semiconductor Software Kk | セルフテスト機能内蔵シングルチップマイコン |
JPH10289158A (ja) | 1997-04-11 | 1998-10-27 | Hitachi Ltd | タスク管理装置 |
JP2004185536A (ja) * | 2002-12-06 | 2004-07-02 | Oki Electric Ind Co Ltd | マイクロコンピュータとその試験方法 |
JP2006216012A (ja) * | 2005-02-04 | 2006-08-17 | Arm Ltd | メモリへのアクセスを制御するためのデータ処理装置および方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6233667B1 (en) * | 1999-03-05 | 2001-05-15 | Sun Microsystems, Inc. | Method and apparatus for a high-performance embedded memory management unit |
JP2005216012A (ja) | 2004-01-29 | 2005-08-11 | Fujitsu Ltd | 設計支援装置、設計支援方法、設計支援プログラムおよび記録媒体 |
CN100549986C (zh) * | 2005-03-24 | 2009-10-14 | 富士通株式会社 | 信息处理装置 |
US7739474B2 (en) * | 2006-02-07 | 2010-06-15 | International Business Machines Corporation | Method and system for unifying memory access for CPU and IO operations |
US8522080B2 (en) * | 2008-03-24 | 2013-08-27 | Emulex Design & Manufacturing Corporation | Generation of simulated errors for high-level system validation |
US8060730B2 (en) * | 2008-05-30 | 2011-11-15 | Freescale Semiconductor, Inc. | Selective MISR data accumulation during exception processing |
-
2010
- 2010-09-08 JP JP2010201045A patent/JP5473841B2/ja active Active
-
2011
- 2011-06-21 ES ES11823308T patent/ES2745120T3/es active Active
- 2011-06-21 KR KR1020127033489A patent/KR101453184B1/ko active IP Right Grant
- 2011-06-21 WO PCT/JP2011/064116 patent/WO2012032829A1/ja active Application Filing
- 2011-06-21 EP EP11823308.9A patent/EP2615551B1/en active Active
- 2011-06-21 CN CN201180031495.9A patent/CN103069393B/zh active Active
- 2011-06-21 US US13/806,883 patent/US8966320B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08137824A (ja) * | 1994-11-15 | 1996-05-31 | Mitsubishi Semiconductor Software Kk | セルフテスト機能内蔵シングルチップマイコン |
JPH10289158A (ja) | 1997-04-11 | 1998-10-27 | Hitachi Ltd | タスク管理装置 |
JP2004185536A (ja) * | 2002-12-06 | 2004-07-02 | Oki Electric Ind Co Ltd | マイクロコンピュータとその試験方法 |
JP2006216012A (ja) * | 2005-02-04 | 2006-08-17 | Arm Ltd | メモリへのアクセスを制御するためのデータ処理装置および方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013022166B4 (de) | 2013-03-14 | 2024-04-25 | Nvidia Corporation | Seitenzustandsverzeichnis zur verwaltung eines vereinheitlichten virtuellen speichers |
Also Published As
Publication number | Publication date |
---|---|
EP2615551A1 (en) | 2013-07-17 |
ES2745120T3 (es) | 2020-02-27 |
CN103069393B (zh) | 2016-03-02 |
JP2012058975A (ja) | 2012-03-22 |
EP2615551B1 (en) | 2019-08-07 |
JP5473841B2 (ja) | 2014-04-16 |
CN103069393A (zh) | 2013-04-24 |
KR101453184B1 (ko) | 2014-10-22 |
US20130103984A1 (en) | 2013-04-25 |
KR20130031852A (ko) | 2013-03-29 |
EP2615551A4 (en) | 2017-08-30 |
US8966320B2 (en) | 2015-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5473841B2 (ja) | 中央処理演算装置、及び異常検査方法 | |
US20180285561A1 (en) | Method and system for detecting kernel corruption exploits | |
JP5579003B2 (ja) | アドレス変換検査装置、中央処理演算装置、及びアドレス変換検査方法 | |
JP6768710B2 (ja) | ファームウェア関連イベント通知 | |
US9354916B2 (en) | Detection of guest disk cache | |
KR101701014B1 (ko) | 운영 체제에의 악성 활동 보고 | |
KR20150108361A (ko) | 변환 색인 버퍼(tlb)에 대한 중첩 체크 | |
US9158690B2 (en) | Performing zero-copy sends in a networked file system with cryptographic signing | |
US20110252256A1 (en) | Methods, systems, and computer program products for managing an idle computing component | |
JP2006040140A (ja) | 情報処理装置及びマルチヒット制御方法 | |
JP2006018684A (ja) | タスク管理システム | |
JP5862408B2 (ja) | エミュレーション装置、及びエミュレーションプログラム | |
JPWO2012108020A1 (ja) | ログ記録装置 | |
US20120047504A1 (en) | Methods, systems, and computer program products for maintaining a resource based on a cost of energy | |
JP2011070528A (ja) | マルチプロセッサシステム及びメモリアクセス制御方法 | |
KR20080041436A (ko) | Tlb를 이용한 메모리 접근 제어 방법 | |
EP2889757B1 (en) | A load instruction for code conversion | |
US11853598B2 (en) | Software memory tagging for heap overflow protection | |
JP2010049437A (ja) | リモートメンテナンスシステム、リモートメンテナンス装置、リモートメンテナンス方法およびそのプログラム | |
JP2009064107A (ja) | ハードウェア監視ユニット | |
JP2008140161A (ja) | マイクロコンピュータ | |
JP2011028700A (ja) | 内部構成基軸型製造番号発行プログラム | |
JP2013137832A (ja) | ログ記録装置 | |
JP2008186348A (ja) | キャッシュ一貫性異常検出装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180031495.9 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11823308 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011823308 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20127033489 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13806883 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |