WO2019040417A1 - METHODS AND SYSTEMS FOR MANAGING CORE MEMORY AND USER SPACES - Google Patents

METHODS AND SYSTEMS FOR MANAGING CORE MEMORY AND USER SPACES Download PDF

Info

Publication number
WO2019040417A1
WO2019040417A1 PCT/US2018/047201 US2018047201W WO2019040417A1 WO 2019040417 A1 WO2019040417 A1 WO 2019040417A1 US 2018047201 W US2018047201 W US 2018047201W WO 2019040417 A1 WO2019040417 A1 WO 2019040417A1
Authority
WO
WIPO (PCT)
Prior art keywords
page
address
index
physical
space
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2018/047201
Other languages
English (en)
French (fr)
Inventor
Xiaowei Jiang
Shu Li
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201880054625.2A priority Critical patent/CN110998552B/zh
Priority to JP2020506745A priority patent/JP2020531951A/ja
Publication of WO2019040417A1 publication Critical patent/WO2019040417A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/65Details of virtual memory and virtual address translation
    • G06F2212/651Multi-level translation tables

Definitions

  • the present application relates to memory management, and more particularly, to methods and systems for memory management of kernel and user spaces in computers.
  • OS operating system
  • a Linux kernel may use three-level page tables for translating a 32- bit virtual address to a 32-bit physical address with a page size of 4 kilobytes (KB).
  • an OS kernel may divide virtual addresses into a kernel space and a user space for the OS kernel (or another OS kernel) and user processes, respectively.
  • the kernel space is generally processed at a high central processing unit (CPU) privilege level while the user space may be dealt with a low CPU privilege level.
  • the OS kernel and the user processes each may have their own root page table indies, but they generally share the same page tables for virtual-to-physical address mapping.
  • such a design may not utilize the memory space in an efficient way.
  • it may raise security concerns. For example, an attacker may trick the OS kernel to execute a malicious program in the user space through those common page tables among the OS kernel and the user processes.
  • a typical page table entry may not have room available for emerging features, such as a No-eXcute (NX) bit to enhance virus protection in a 32-bit computer system. It would be desirable to have new methods and systems for memory management of kernel and user spaces to enhance protection against malware, spy ware, and/or viruses.
  • NX No-eXcute
  • Embodiments of the present disclosure provide improved methods and systems for memory management of kernel and user spaces in computers, apparatuses, or systems.
  • These embodiments include a system for memory management of a kernel space and a user space.
  • the system may include a first storing unit configured to store a first root page table index corresponding to the kernel space.
  • the system may also include a second storing unit configured to store a second root page table index corresponding to the user space.
  • the system may further include a control unit communicatively coupled to the first and second registers and configured to: translate a first virtual address to a first physical address in accordance with the first root page table index for an operating system kernel, and translate a second virtual address to a second physical address in accordance with the second root page table index for a user process.
  • These embodiments also include a method for memory management of a kernel space and a user space.
  • the method may include obtaining a first root page table index corresponding to the kernel space.
  • the method may also include obtaining a second root page table index corresponding to the user space.
  • the method may further include translating a first virtual address to a first physical address in accordance with the first root page table index for an operating system kernel.
  • the method may include translating a second virtual address to a second physical address in accordance with the second root page table index for a user process.
  • these embodiments include a non-transitory computer-readable medium storing instructions that are executable by one or more processors of an apparatus to perform a method for memory management of a kernel space and a user space.
  • the method may include obtaining a first root page table index corresponding to the kernel space.
  • the method may also include obtaining a second root page table index corresponding to the user space.
  • the method may further include translating a first virtual address to a first physical address in accordance with the first root page table index for an operating system kernel.
  • the method may include translating a second virtual address to a second physical address in accordance with the second root page table index for a user process.
  • Fig. 1 illustrates a block diagram of an exemplary computer system for memory management of kernel and user spaces, according to some embodiments of the present disclosure.
  • Fig. 2 A is a schematic diagram of an exemplary method for memory management of a kernel space, according to some embodiments of the present disclosure.
  • Fig. 2B is a schematic diagram of an exemplary page mapping for the kernel space, according to some embodiments of the present disclosure.
  • Fig. 3A is a schematic diagram of an exemplary method for memory management of a kernel space, according to some embodiments of the present disclosure.
  • Fig. 3B is a schematic diagram of an exemplary page mapping for the kernel space, according to some embodiments of the present disclosure.
  • FIG. 4 A is a schematic diagram of an exemplary method for memory management of a user space, according to some embodiments of the present disclosure.
  • Fig. 4B is a schematic diagram of an exemplary page mapping for the user space, according to some embodiments of the present disclosure.
  • FIG. 5 A is a schematic diagram of an exemplary method for memory management of a user space, according to some embodiments of the present disclosure.
  • Fig. 5B is a schematic diagram of an exemplary page mapping for the user space, according to some embodiments of the present disclosure.
  • Fig. 6 is a flow chart of an exemplary memory management method, according to some embodiments of the present disclosure.
  • Embodiments of the present disclosure provide improved methods and systems for memory management of kernel and user spaces in computers, apparatuses, or systems.
  • the embodiments described herein can respectively assign an OS kernel and a user process dedicated registers to store their root page table indices for memory management of kernel and user spaces.
  • the OS kernel and the user process are also respectively provided with their page directories, page tables, and page table entries for virtual-to-physical address mapping.
  • the virtual-to-physical address mapping of the OS kernel and the user process can be respectively mapped to an entire physical memory space.
  • the OS kernel and the user process can respectively have a kernel space and a user space of 4 gigabytes (GB) corresponding to an entire physical memory space of 4 GB in a 32-bit computer system.
  • GB gigabytes
  • the virtual-to-physical address mapping of the OS kernel and the user process can also be respectively mapped to a part of an entire physical memory space.
  • the OS kernel and the user process can respectively have a kernel space and a user space of 32 GB corresponding to a part of an entire physical memory space of 16 exabytes (EB) (i.e. 16 x 10 9 GB) in a 64-bit computer system. It can thereby improve the memory space usages and remove relative security vulnerabilities.
  • EB exabytes
  • the OS kernel may be protected from malware, spy ware, and/or viruses by respectively translating virtual to physical addresses for the OS kernel and the user process.
  • a typical page table entry may have room yielded for emerging features, such as a No-eXecute (NX) bit to enhance virus protection in a 32-bit computer system. Accordingly, the security of the computer system may be enhanced and improved.
  • NX No-eXecute
  • the operations, techniques, and/or components described herein can be implemented by an electronic device, which can include one or more special-purpose computing devices.
  • the special-purpose computing devices can be hard-wired to perform the operations, techniques, and/or components described herein, or can include digital electronic devices such as one or more application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs) that are persistently
  • ASICs application-specific integrated circuits
  • FPGAs field programmable gate arrays
  • Such special-purpose computing devices can also combine custom hard-wired logic, ASICs, or FPGAs with custom programming to accomplish the technique and other features of the present disclosure.
  • the special-purpose computing devices can be desktop computer systems, portable computer systems, handheld devices, networking devices, or any other device that incorporates hard -wired and/or program logic to implement the techniques and other features of the present disclosure.
  • the one or more special-purpose computing devices can be generally controlled and coordinated by operating system software, such as iOS, Android, Blackberry, Chrome OS, Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server, Windows CE, Unix, Linux, SunOS, Solaris, VxWorks, or other compatible operating systems.
  • operating system software such as iOS, Android, Blackberry, Chrome OS, Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server, Windows CE, Unix, Linux, SunOS, Solaris, VxWorks, or other compatible operating systems.
  • the computing device can be controlled by a proprietary operating system.
  • Operating systems control and schedule computer processes for execution, perform memory management, provide file system, networking, I/O services, and provide a user interface functionality, such as a graphical user interface ("GUI”), among other things.
  • GUI graphical user interface
  • Fig. 1 illustrates a block diagram of an exemplary computer system 100 for memory management of kernel and user spaces, according to some embodiments of the present disclosure.
  • computer system 100 may include a memory 1 10, a processor 120, a storage 130, and an input/output (I/O) interface 140.
  • I/O input/output
  • Memory 1 10 may include any appropriate type of mass storage provided to store any type of information that processor 120 may need to operate.
  • memory 1 10 may include dynamic random access memory (DRAM) and may be configured to be the main memory of computer system 100.
  • DRAM dynamic random access memory
  • memory 110 may be a volatile or non-volatile, magnetic, semiconductor, tape, optical, removable, non-removable, or other type of storage device or tangible and/or non-transitory computer-readable medium.
  • non-transitory media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD- ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM or any other flash memory, NVRAM, a cache, any other memory chip or cartridge, and networked versions of the same.
  • memory 1 10 may be configured to store one or more computer programs that may be executed by processor 120 to perform exemplary memory management method disclosed in this application.
  • memory 1 10 may be configured to store program(s) that may be executed by processor 120 to manage kernel and user spaces of memory, as described in the present disclosure.
  • memory 1 10 may be configured to store an OS kernel that may be executed by processor 120 to operate the whole system of computer system 100, such as memory management, process management, resource allocation, I/O device management, inter-process communication, multi-task scheduling, system calls and interrupt handling, and security or protection management.
  • memory 1 10 may also be configured to store information and data for processor 120 to access.
  • memory 1 10 may be configured to store voice, video, or document data that processor 120 may access when executing a user process.
  • the OS kernel executed by processor 120, may move some pages out of memory 110 and move the required data or programs into memory 1 10 from storage 130. This procedure may also be called swapping, and may be used to ensure required data or programs available in memory 110 for processor 120.
  • a physical address may be a memory address that points to, or addresses, a position of memory 1 10, and may enable processor 120 to access data or programs at the position in memory 1 10 accordingly.
  • a 32-bit OS may include a memory address of 32 bits.
  • a 32-bit memory address may point up to 4 gigabytes (GB) of memory 1 10.
  • a virtual address may be a memory address that points to, or addresses, a virtual memory for a process.
  • An OS kernel may create and manage a virtual memory for each process, such as the OS kernel itself, another OS kernel, or each of user processes. Through the virtual memory, the process may be free from having to manage a shared physical memory space, may have increased security due to memory isolation, and may be able to conceptually use more memory than that may be physically available using a paging technique.
  • a 32-bit Microsoft Windows may include a virtual memory of 4 GB. Each process in the 32-bit Windows may use the virtual address space of 4 GB as its memory. Each process may not need to manage a shared physical memory space, and may not need to manage translations from virtual addresses to physical addresses.
  • a virtual address may be mapped to a physical address of memory 1 10.
  • a virtual address may be mapped to a physical address of memory 1 10 and/or storage 130.
  • the OS kernel may manage translations between virtual and physical addresses for each process through its memory management function.
  • the OS kernel can create one or more page tables to translate a virtual address to a corresponding physical address for each process.
  • a 32-bit Linux kernel running on an x86 central processing unit (CPU) and using a page size of 4 KB, may create and manage a three-level page table structure in its main memory for each process.
  • the three levels may include a page directory, a page table, and a page table entry levels.
  • the OS kernel may maintain a root page table index for each process, and may use such a root page table index and the three-level page tables to translate virtual addresses to physical addresses of memory 1 10.
  • Processor 120 can include a microprocessor, digital signal processor, controller, or microcontroller. Processor 120 may be configured to manage a kernel space and a user space for an OS kernel and a user process, respectively. Processor 120 may include a control register 122 and a control register 124, as shown in Fig. 1. Processor 120 can be configured to store a root page table index corresponding to a kernel space in control register 122. The root page table index corresponding to the kernel space may be used for an OS kernel to translate a virtual address to a physical address as illustrated in Fig. 2A and further described below.
  • Processor 120 may also be configured to store another root page table index corresponding to a user space in control register 124.
  • the root page table index corresponding to a user space in control register 124.
  • corresponding to the user space may be used for a user process to translate a virtual address to a physical address as illustrated in Fig. 3A and described below.
  • Each user process may have its root page table index corresponding to the user space.
  • Processor 120 may be configured to update control register 124 with another root page table index whenever processor 120 may be configured to execute another user process.
  • control register 122 and control register 124 can be configured to be storing units to store root page table indexes of an OS kernel and a user process.
  • control register 122 When there is a translation of a virtual address to a physical address for an OS kernel, control register 122 may be configured as the storing unit to store the root page table index of the OS kernel.
  • control register 124 may be configured as the storing unit to store the root page table index of the user process.
  • control register 122 may not be configured to store a root page table index of a user process.
  • control register 124 may not be configured to store a root page table index of an OS kernel.
  • an emerging processor may include a control register 3 for an OS kernel (CR3K) and another control register 3 for a user process (CR3U) to store root page table indices of the OS kernel and the user process, respectively.
  • CR3K and CR3U are two separate registers.
  • the CPU may initially operate in a paging-disabled mode before enabling virtual-to-physical mapping for the kernel OS. Because the kernel space can be mapped to the entire space of the physical memory, the OS kernel may set up a one-to-one mapping from the kernel space to the physical memory of the system.
  • the OS kernel may map the first 32 GB of its virtual address space to the 32-GB physical memory.
  • the OS kernel writes the root page table index of the OS kernel into CR3K, and switches the CPU into a paging-enabled mode, The OS kernel starts to operate with virtual-to-physical address mapping.
  • the OS kernel is also responsible for managing and setting up page tables for each user process.
  • the OS kernel sets up page directories, page tables, and page table entries for the user process. Because the user space can also be mapped to the entire space of the physical memory, the user process can have flexible and efficient virtual-to-physical address mapping.
  • the OS kernel After the initialization for the user process, the OS kernel writes the root page table index of the user process into the CR3U, and also stores it in the process's task space.
  • a context switch occurs in the OS kernel's scheduler, another user process needs to replace the current user process.
  • the CPU may read the root page table index of the another user process and writes it to the CR3U. The CPU then switches to execute the another user process
  • an x86 CPU may be configured to store a root page table index of the OS kernel in its control register 3 (CR3).
  • the x86 CPU may also be configured to store a root page table index of a user process in its control register 4 (CR4).
  • two storing units in computer system 100, but outside of processor 120, can be configured to store root page table indices of an OS kernel and a user process for translating virtual addresses to physical addresses for the OS kernel and the user process, respectively.
  • two 32-bit spaces of a cache may be configured to be the two storing units to store root page table indices of a Linux kernel and a user process.
  • two 32-bit spaces of memory 1 10 may be configured to be the storing units to store root page table indices of a Linux kernel and a user process.
  • one of two storing units in computer system 100, but outside of processor 120, may be configured to store a root page table index of an OS kernel or a user process for translating virtual addresses to physical addresses for the OS kernel or the user process.
  • the other storing unit may be a control register in processor 120.
  • control register 122 may be configured to store a root page table index of a Linux kernel while a 32-bit space of memory 1 10 may be configured to store a root page table index of a user process.
  • Processor 120 may include a memory management unit to perform memory management throughout the present disclosure for the OS kernel and/or the user process.
  • Storage 130 may include any appropriate type of mass storage provided to store any type of information that processor 120 may need to operate.
  • Storage 130 may be a volatile or non-volatile, magnetic, semiconductor, tape, optical, removable, non-removable, or other type of storage device or tangible and/or non-transitory computer-readable medium.
  • Storage 130 may be configured to store one or more computer programs that may be executed by processor 120 to perform exemplary memory management methods disclosed in this application.
  • storage 130 may be configured to store program(s) that may be executed by processor 120 to translate virtual addresses to physical addresses for the OS kernel and the user process, as described above.
  • Storage 130 may further be configured to store information and data used by processor 120.
  • storage 130 may be configured to store data that memory 110 may not be able to store. When memory 1 10 may be full, some data in memory 1 10 may be swapped out to storage 130.
  • I/O interface 140 may be configured to facilitate the communication between computer system 100 and other apparatuses.
  • I/O interface 140 may be configured to receive data or instructions from another apparatus, e.g., another computer.
  • I/O interface 140 may also be configured to output data or instructions to other apparatuses, e.g., a laptop computer or a speaker.
  • Processor 120 may be configured to respectively assign an OS kernel and a user process dedicated registers CR3K and CR3U to store their root page table indices for memory management of kernel and user spaces. Processor 120 may also be configured to respectively build up and retrieve page directories, page tables, and page table entries for the OS kernel and the user process. With the dedicated CR3K and CR3U, and respective page tables, processor 120 may be configured to map the kernel space and the user space to an entire physical memory space. For example, processor 120 may be configured to map both the kernel space and the user space to the entire physical memory space of 4 GB in a 32-bit system. In other words, both the kernel space and the user space are 4-GB spaces.
  • processor 120 may be configured to map the kernel space and the user space to a part of the entire physical memory space.
  • processor 120 may be configured to map the kernel space and the user space of 32 GB corresponding to a part of an entire physical memory space of 16 exabytes (EB) (i.e. 16 x 10 9 GB) in a 64-bit computer system.
  • EB 16 exabytes
  • Processor 120 may be configured to obtain a virtual address from an OS kernel or a user process for virtual-to-physical address mapping. After obtaining a virtual address from an OS kernel, processor 120 may be configured to determine to access the kernel space as a default result. After obtaining a virtual address from a user process, processor 120 may be configured to determine to access the user space as a default result. In some embodiments, processor 120 may be configured to obtain an access-user-space indication for the OS kernel. After obtaining the access-user-space indication from the OS kernel, processor 120 may be configured to determine to access the user space.
  • FIGs. 2A and 2B are a schematic diagram of an exemplary method for memory management of a kernel space and an exemplary corresponding page mapping, according to some embodiments of the present disclosure.
  • a virtual address for an OS kernel may include a page directory index , a page table index, and a page offset.
  • a virtual address 270 for a 32-bit OS kernel may include a page directory index 271, a page table index 272 and a page offset 273.
  • Page directory index 271 may be an index of page directories, and may be used with a root address to point to a page directory that may include a base address of page tables.
  • control register 122 may store, for example, a root page table index for an OS kernel as a root address 210.
  • Page directory index 271 may be used with root address 210 to point to a page directory (PD) 223 that includes a base address 230 of page tables 240.
  • PD page directory
  • Page table index 272 may be an index of page tables, and may be used with a base address 230 to point to a page table (PT) that may include an entry address of page table entries.
  • page table index 272 may be used with base address 230 to point to a page table 242 that may include an entry address 250 of page table entries 260, as illustrated in Fig. 2A.
  • Page offset 273 may be an offset of pages, and may be used as a page offset in a translated physical address.
  • page offset 273 of virtual address 270 may be used as a page offset 293 of a physical address 290 directly, as illustrated in Fig. 2A.
  • processor 120 may be configured to store a root page table index of an OS kernel in a storing unit.
  • processor 120 may be configured to store a root page table index for a Linux kernel in control register 122.
  • Processor 120 may be configured to use the stored root page table index as root address 210 pointing to a position, e.g., page directory 221 , in page directories 220, as shown in Fig. 2A.
  • Processor 120 may also be configured to combine the root page table index stored in control register 122 with page directory index 271 to find a page directory that may include a base address of page tables.
  • processor 120 may be configured to combine root address 210 with page directory index 271 of virtual address 270 to find page directory 223, as shown in Fig. 2B.
  • processor 120 is configured to use page directory 221 as a starting position in page directories 220, and use page directory index 271 as an offset to find page directory 223, as shown in Figs. 2A and 2B.
  • Page directory 223 may include a base address pointing to a base address of page tables, the next level in the three-level page table structure. As shown in Fig. 2B, page directory 223 includes a 4-KB base address 223-1 that points to a page table in the next level of the three-level page tables. Processor 120 may further be configured to read the contents of page directory 223 to obtain base address 230 pointing to page table 241 in page tables 240, as shown in Fig. 2 A. [052] Processor 120 may also be configured to combine a base address stored in found page directory 223 with page table index 272 to find a page table that includes an entry address of page table entries. For example, processor 120 may be configured to combine base address 230 (i.e.
  • processor 120 is configured to use page table 241 as a starting position in page tables 240, and use page table index 272 as an offset to find page table 242, as shown in Figs. 2A and 2B.
  • Page table 242 may include an entry address pointing to a position among page table entries, the next level in the three-level page table structure . As shown in Fig. 2B, page table 242 includes a 4-KB entry address 242-1 pointing to a page table entry in the next level of the three-level page tables. Processor 120 may be configured to read the contents of page table 242 to obtain entry address 250 pointing to page table entry 262 in page table entries 260, as shown in Fig. 2A.
  • Processor 120 may further be configured to read contents of page table entry 262 to obtain a physical page index.
  • page table entry 262 includes a 4- KB physical page index 262-1 and a page attributes 262-2.
  • processor 120 may be configured to read 4-KB physical page index 262- 1 of page table entry 262 to be physical page index 291 , as shown in Figs. 2 A and 2B.
  • Processor 120 may further be configured to combine the physical page index and the page offset to be the physical address for the OS kernel.
  • processor 120 may be configured to combine obtained physical page index 291 (i.e., 4-KB physical page index 262- 1 ) and page offset 293 (i.e., page offset 273) to be physical address 290 for the OS kernel.
  • processor 120 may be configured to access memory 1 10 at translated physical address 290 to obtain required data or instructions for the OS kernel.
  • processor 120 may be configured to obtain a page-size indicator indicating a page size of the kernel space, or a kernel-space page size. As shown in Fig. 2B, page table entry 262 includes page attributes 262-2.
  • Page attributes 262-2 may include a bit, e.g., bit-7, indicating a page size of the kernel space. For example, if the bit-7 of page attributes 262-2 is "1 ,” the page size of the kernel space may be 4 KB. If the bit-7 of page attributes 262-2 is "0,” the page size of the kernel space may be 4 megabytes (MB).
  • bit-7 e.g., bit-7
  • processor 120 can be configured to translate the virtual address to the physical address as described above. For example, when the bit-7 of page attributes 262-2 is "1 " indicating a 4-KB page size of the kernel space, processor 120 may be configured to translate virtual address 270 to physical address 290 as described above and shown in Figs. 2A and 2B. When the bit-7 of page attributes 262-2 is "0" indicating a 4-MB page size of the kernel space, processor 120 may be configured to translate a virtual address 370 to a physical address 390 as described below and shown in Figs. 3 A and 3B.
  • the bit indicating the page size of the kernel space can also be included in one of page directories or page tables.
  • a page-size bit may be included in a reserved field 223-2 of page directory 223 or a reserved field 242-2 of page table 242 in Fig. 2B.
  • bit-7 of reserved field 242-2 may be used as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 242-2 and obtain the page size of the kernel space accordingly.
  • page table entry 262 includes physical page index 262-1 and page attributes 262-2.
  • Processor 120 may be configured to use physical page index 262-1 for translating the virtual address into the physical address as described above.
  • Physical page index 262-1 may include, for example, the most significant bit (MSB) 20 bits of page table entry 262 for addressing 4-KB pages in the kernel space of a 32-bit computer system.
  • MSB most significant bit
  • Page attributes 262-2 may include, for example, the least significant bit (LSB) 12 bits of page table entry 262 in the 32-bit computer system. These 12 bits of page attributes 262-2 may be configured to indicate attributes of the page at the translated physical address. For example, a bit-7 of page attributes 262-2 may be configured to indicate a page size of the kernel space. For example, as described above, if the bit-7 of page attributes 262-2 is "1," the page size of the kernel space may be configured to be 4 KB. If the bit-7 of page attributes 262-2 is "0," the page size of the kernel space may be configured to be 4 MB. Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-7 of page attributes 262-2 as described above.
  • LSB least significant bit
  • page attributes 262-2 may include two bits, e.g., bit-9 and bit-7, indicating a page size of the kernel space.
  • the bit- 9 of page attributes 262-2 may further be configured for such usage although it is shown as unused in the figure. For example, if the bit-9 and bit-7 of page attributes 262-2 are "1 1 ,” the page size of the kernel space may be 4 KB. If the bit-9 and bit-7 of page attributes 262-2 are "10,” the page size of the kernel space may be 4 MB. If the bit-9 and bit-7 of page attributes 262-2 are "01,” the page size of the kernel space may be 16 MB.
  • the page size of the kernel space may be 64 MB.
  • Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-9 and bit-7 of page attributes 262-2 similar to those described above.
  • page attributes 262-2 may include an NX indicator, e.g., bit-2, indicating a page at the translated physical address is not executable. For example, if the bit-2 of page attributes 262-2 is "1 ,” the page at translated physical address 290 may not be executable.
  • Processor 120 may be configured not to execute or access the page at translated physical address 290 in accordance with the bit-2 of page attributes 262-2 as described above.
  • the bit indicating the page size of the kernel space can also be included in one of page directories or page tables.
  • a page-size bit may be included in a reserved field 223-2 of page directory 223 or a reserved field 242-2 of page table 242 in Fig. 2B.
  • bit-7 of reserved field 242-2 may be used as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 242-2 and obtain the page size of the kernel space accordingly.
  • the NX indicator can also be included in one of page directories or page tables.
  • an NX bit may be included in a reserved field 223-2 of page directory 223 or a reserved field 242-2 of page table 242 in Fig. 2B.
  • Processor 120 may be configured to read the NX bit for the page at the translated physical address accordingly.
  • processor 120 may be configured to translate a virtual address to a physical address directly.
  • the virtual address is identical to the physical address.
  • virtual address 270 in Fig. 2A may be translated to be physical address 290 directly without being translated through page directories 220, page tables 240, and page table entries 260 as shown in the figure.
  • the direct translation from the virtual address to the physical address may be helpful for the OS kernel to access memory 1 10 quickly and efficiently.
  • processor 120 may be configured to translate the virtual address to the physical address as illustrated in Figs. 3 A and 3B. For example, when the bit-7 of page attributes 362- 2 in Fig. 3B is "0" indicating a 4-MB page size of the kernel space, processor 120 may be configured to translate a virtual address 370 to a physical address 390 through a two-level page tables, including page directories 320 and page table entries 360, as shown in Fig. 3A.
  • FIGs. 3A and 3B are a schematic diagram of an exemplary method for memory management of a kernel space and an exemplary corresponding page mapping, according to some embodiments of the present disclosure.
  • a virtual address for an OS kernel may include a page directory index and a page offset.
  • virtual address 370 for a 32-bit OS kernel may include a page directory index 371 and a page offset 373.
  • Page directory index 371 may be an index of page directories, and may be used with a root address to point to a page directory that may include an entry address of page table entry.
  • control register 122 may be configured to store, for example, a root page table index for an OS kernel as a root address 310.
  • Page directory index 371 may be used with root address 310 to point to a page directory (PD) 323 that includes an entry address 350 of page table entries 360.
  • PD page directory
  • Page offset 373 may be an offset of pages, and may be used as a page offset in a translated physical address.
  • page offset 373 of virtual address 370 may be used as a page offset 393 of a physical address 390 directly, as illustrated in Fig. 3 A.
  • processor 120 may be configured to store a root page table index of an OS kernel in a storing unit.
  • processor 120 may be configured to store a root page table index for a Linux kernel in control register 122 in Fig. 3A.
  • Processor 120 may be configured to use the stored root page table index as root address 310 pointing to a position, e.g., page directory 321, in page directories 320, as shown in Fig. 3A.
  • Processor 120 may also be configured to combine the root page table index stored in control register 122 with page directory index 371 to find a page directory that includes an entry address of page tables.
  • processor 120 may be configured to combine root address 310 with page directory index 371 of virtual address 370 to find page directory 323, as shown in Fig. 3B.
  • processor 120 is configured to use page directory 321 as a starting position in page directories 320, and use page directory index 371 as an offset to find page directory 323, as shown in Fig. 3A and 3B.
  • Page directory 323 may include an entry address pointing to a position among page table entries, the next level in the two-level page table structure. As shown in Fig. 3B, page directory 323 includes a 4-MB entry address 323-1 that points to a page table entry in the next level of the two-level page tables. Processor 120 may be configured to read the contents of page directory 323 to obtain entry address 350 pointing to page table entry 362 in page table entries 360, as shown in Fig. 3 A.
  • Processor 120 may also be configured to read contents of page table entry 362 to obtain a physical page index.
  • page table entry 362 includes a 4-MB physical page index 362- 1 , a page attributes 362-2, and a reserved field 362-3.
  • processor 120 may be configured to read 4-MB physical page index 362-1 of page table entry 362 to be physical page index 391 , as shown in Figs. 3A and 3B.
  • Processor 120 may further be configured to combine the physical page index and the page offset to be the physical address for the OS kernel.
  • processor 120 may be configured to combine obtained physical page index 391 (i.e., 4-MB physical page index 362-1) and page offset 393 (i.e., page offset 373) to be physical address 390 for the OS kernel.
  • processor 120 may be configured to access memory 1 10 at translated physical address 390 to obtain required data or instructions for the OS kernel.
  • page table entry 362 includes physical page index 362-1 and page attributes 362-2.
  • Processor 120 may be configured to use physical page index 362-1 for translating the virtual address into the physical address as described above.
  • Physical page index 362-1 may include, for example, the most significant bit (MSB) 10 bits of page table entry 362 for addressing 4-MB pages in the kernel space of a 32-bit computer system.
  • MSB most significant bit
  • Page attributes 362-2 may include, for example, the least significant bit (LSB) 12 bits of page table entry 362 in the 32-bit computer system. These 12 bits of page attributes 362-2 may be configured to indicate attributes of the page at the translated physical address. For example, a bit-7 of page attributes 362-2 may be configured to indicate a page size of the kernel space. For example, as described above, if the bit-7 of page attributes 362-2 is "0," the page size of the kernel space may be configured to be 4 MB. If the bit-7 of page attributes 362-2 is "0,” the page size of the kernel space may be configured to be 4 KB. Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-7 of page attributes 362-2 as described above.
  • LSB least significant bit
  • page attributes 362-2 may include two bits, e.g., bit-9 and bit-7, indicating a page size of the kernel space.
  • the bit- 9 of page attributes 362-2 may further be configured for such usage although it is shown as unused in the figure. For example, if the bit-9 and bit-7 of page attributes 362-2 are "1 1 ,” the page size of the kernel space may be 4 KB. If the bit-9 and bit-7 of page attributes 362-2 are "10,” the page size of the kernel space may be 4 MB. If the bit-9 and bit-7 of page attributes 362-2 are "01 ,” the page size of the kernel space may be 16 MB.
  • the page size of the kernel space may be 64 MB.
  • Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-9 and bit-7 of page attributes 362-2 similar to those described above.
  • page attributes 362-2 may include an NX indicator, e.g., bit-2, indicating a page at the translated physical address is not executable. For example, if the bit-2 of page attributes 362-2 is "1 ,” the page at translated physical address 390 may not be executable.
  • Processor 120 may be configured not to execute or access the page at translated physical address 390 in accordance with the bit-2 of page attributes 362-2 as described above.
  • the bit indicating the page size of the kernel space can also be included in one of page directories or page table entries.
  • a page-size bit may be included in a reserved field 323-2 of page directory 323 or a reserved field 362-2 of page table entry 362 in Fig. 3B.
  • bit-7 of reserved field 323-2 may be used as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 323-2 and obtain the page size of the kernel space accordingly.
  • the NX indicator can also be included in one of page directories or page table entries.
  • an NX bit may be included in reserved field 323-2 of page directory 323 or reserved field 362-2 of page table entry 362 in Fig. 3B.
  • Processor 120 may be configured to read the NX bit for the page at the translated physical address accordingly.
  • the non-executable indicator may be helpful to prevent the OS kernel from executing any malicious code or virus in the page at the translated physical address.
  • processor 120 may be configured to translate a virtual address to a physical address directly.
  • the virtual address is identical to the physical address.
  • virtual address 370 in Fig. 3 A may be translated to be physical address 390 directly without being translated through page directories 320 and page table entries 360 as shown in the figure.
  • the direct translation from the virtual address to the physical address may be helpful for the OS kernel to access memory 1 10 quickly and efficiently.
  • processor 120 may be configured to translate a virtual address to a physical address in accordance with the root page table index stored in control register 124.
  • processor 120 may be configured to translate a 32-bit virtual address into a 32-bit physical address of memory 1 10 for an application program in accordance with the stored root page table index in control register 124.
  • FIGs. 4A and 4B are a schematic diagram of an exemplary method for memory management of a user space and an exemplary corresponding page mapping, according to some embodiments of the present disclosure.
  • a virtual address for a user process may include a page directory index, a page table index, and a page offset.
  • a virtual address 470 for a 32-bit user process may include a page directory index 471 , a page table index 472 and a page offset 473.
  • Page directory index 471 may be an index of page directories, and may be used with a root address to point to a page directory that may include a base address of page tables.
  • control register 124 may store, for example, a root page table index for a user process as a root address 410.
  • Page directory index 471 may be used with root address 410 to point to a page directory (PD) 423 that includes a base address 430 of page tables 440.
  • PD page directory
  • Page table index 472 may be an index of page tables, and may be used with a base address 430 to point to a page table (PT) that may include an entry address of page table entries.
  • page table index 472 may be used with base address 430 to point to a page table 442 that may include an entry address 450 of page table entries 460, as illustrated in Fig. 4A.
  • Page offset 473 may be an offset of pages, and may be used as a page offset in a translated physical address.
  • page offset 473 of virtual address 470 may be used as a page offset 493 of a physical address 490 directly, as illustrated in Fig. 4A.
  • processor 120 may be configured to store a root page table index of the user process in a storing unit.
  • processor 120 may be configured to store a root page table index for a Linux kernel in control register 124.
  • Processor 120 may be configured to use the stored root page table index as root address 410 pointing to a position, e.g., page directory 421 , in page directories 420, as shown in Fig. 4A.
  • Processor 120 may also be configured to combine the root page table index stored in control register 124 with page directory index 471 to find a page directory that may include a base address of page tables.
  • processor 120 may be configured to combine root address 410 with page directory index 471 of virtual address 470 to find page directory 423, as shown in Fig. 4B.
  • processor 120 is configured to use page directory 421 as a starting position in page directories 420, and use page directory index 471 as an offset to find page directory 423, as shown in Figs. 4 A and 4B.
  • Page directory 423 may include a base address pointing to a base address of page tables, the next level in the three-level page table structure. As shown in Fig. 4B, page directory 423 includes a 4-KB base address 423-1 that points to a page table in the next level of the three-level page tables. Processor 120 may further be configured to read the contents of page directory 423 to obtain base address 430 pointing to page table 441 in page tables 440, as shown in Fig. 4A.
  • Processor 120 may also be configured to combine a base address stored in found page directory 423 with page table index 472 to find a page table that includes an entry address of page table entries.
  • processor 120 may be configured to combine base address 430 (i.e. 4-KB base address 423-1) with page table index 472 of virtual address 470 to find page table 442, as shown in Fig. 4B.
  • base address 430 i.e. 4-KB base address 423-1
  • page table index 472 of virtual address 470 to find page table 442, as shown in Fig. 4B.
  • processor 120 is configured to use page table 441 as a starting position in page tables 440, and use page table index 472 as an offset to find page table 442, as shown in Figs. 4A and 4B.
  • Page table 442 may include an entry address pointing to a position among page table entries, the next level in the three-level page table structure . As shown in Fig. 4B, page table 442 includes a 4-KB entry address 442-1 pointing to a page table entry in the next level of the three-level page tables. Processor 120 may be configured to read the contents of page table 442 to obtain entry address 450 pointing to page table entry 462 in page table entries 460, as shown in Fig. 4A.
  • Processor 120 may further be configured to read contents of page table entry 462 to obtain a physical page index.
  • page table entry 462 includes a 4- KB physical page index 462-1 and a page attributes 462-2.
  • processor 120 may be configured to read 4-KB physical page index 462-1 of page table entry 462 to be physical page index 491 , as shown in Figs. 4A and 4B.
  • Processor 120 may further be configured to combine the physical page index and the page offset to be the physical address for the user process.
  • processor 120 may be configured to combine obtained physical page index 491 (i.e., 4-KB physical page index 462-1 ) and page offset 493 (i.e., page offset 473) to be physical address 490 for the user process.
  • processor 120 may be configured to access memory 1 10 at translated physical address 490 to obtain required data or instructions for the user process.
  • processor 120 may be configured to obtain a page-size indicator indicating a page size of the user space, or a user-space page size.
  • page table entry 462 includes page attributes 462-2.
  • Processor 120 may be configured to read page attributes 462-2 in page table entry 462.
  • Page attributes 462-2 may include a bit, e.g., bit-7, indicating a page size of the user space. For example, if the bit-7 of page attributes 462-2 is "1 ,” the page size of the user space may be 4 KB. If the bit-7 of page attributes 462-2 is "0," the page size of the user space may be 4 MB.
  • processor 120 can be configured to translate the virtual address to the physical address as described above. For example, when the bit-7 of page attributes 462-2 is "1 " indicating a 4-KB page size of the user space, processor 120 may be configured to translate virtual address 470 to physical address 490 as described above and shown in Figs. 4A and 4B. When the bit-7 of page attributes 462-2 is "0" indicating a 4-MB page size of the user space, processor 120 may be configured to translate a virtual address 570 to a physical address 590 as described below and shown in Figs. 5A and 5B.
  • the bit indicating the page size of the kernel space can also be included in one of page directories or page tables.
  • a page-size bit may be included in a reserved field 423-2 of page directory 423 or a reserved field 442-2 of page table 442 in Fig. 4B.
  • bit-7 of reserved field 442-2 may be used as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 442-2 and obtain the page size of the user space accordingly.
  • page table entry 462 includes physical page index 462-1 and page attributes 462-2.
  • Processor 120 may be configured to use physical page index 462-1 for translating the virtual address into the physical address as described above.
  • Physical page index 462-1 may include, for example, the most significant bit (MSB) 20 bits of page table entry 462 for addressing 4-KB pages in the user space of a 32-bit computer system.
  • MSB most significant bit
  • Page attributes 462-2 may include, for example, the least significant bit (LSB) 12 bits of page table entry 462 in the 32-bit computer system. These 12 bits of page attributes 462-2 may be configured to indicate attributes of the page at the translated physical address. For example, a bit-7 of page attributes 462-2 may be configured to indicate a page size of the user space. For example, as described above, if the bit-7 of page attributes 462-2 is "1," the page size of the user space may be configured to be 4 KB. If the bit-7 of page attributes 462-2 is "0," the page size of the user space may be configured to be 4 MB. Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-7 of page attributes 462-2 as described above.
  • LSB least significant bit
  • page attributes 462-2 may include two bits, e.g., bit-9 and bit-7, indicating a page size of the user space.
  • the bit-9 of page attributes 462-2 may further be configured for such usage although it is shown as unused in the figure. For example, if the bit-9 and bit-7 of page attributes 462-2 are "1 1 ,” the page size of the user space may be 4 KB. If the bit-9 and bit-7 of page attributes 462-2 are "10,” the page size of the user space may be 4 MB. If the bit-9 and bit-7 of page attributes 462-2 are "01 ,” the page size of the user space may be 16 MB.
  • the page size of the user space may be 64 MB.
  • Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-9 and bit-7 of page attributes 462-2 similar to those described above.
  • page attributes 462-2 may include an NX indicator, e.g., bit-2, indicating a page at the translated physical address is not executable. For example, if the bit-2 of page attributes 462-2 is "1 ,” the page at translated physical address 490 may not be executable.
  • Processor 120 may be configured not to execute or access the page at translated physical address 490 in accordance with the bit-2 of page attributes 462-2 as described above.
  • the bit indicating the page size of the user space can also be included in one of page directories or page tables.
  • a page-size bit may be included in a reserved field 423-2 of page directory 423 or a reserved field 442-2 of page table 442 in Fig. 4B.
  • bit-7 of reserved field 442-2 may be used as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 442-2 and obtain the page size of the user space accordingly.
  • the NX indicator can also be included in one of page directories or page tables.
  • an NX bit may be included in a reserved field 423-2 of page directory 423 or a reserved field 442-2 of page table 442 in Fig. 4B.
  • Processor 120 may be configured to read the NX bit for the page from the NX bit for the translated physical address accordingly.
  • processor 120 may be configured to translate a virtual address to a physical address directly.
  • the virtual address is identical to the physical address.
  • virtual address 470 in Fig. 4 A may be translated to be physical address 490 directly without being translated through page directories 420, page tables 440, and page table entries 460 as shown in the figure. The direct translation from the virtual address to the physical address may be helpful for the user process to access memory 1 10 quickly and efficiently.
  • processor 120 may be configured to translate the virtual address to the physical address as illustrated in Figs. 5A and 5B. For example, when the bit-7 of page attributes 562- 2 in Fig. 5B is "0" indicating a 4-MB page size of the kernel space, processor 120 may be configured to translate a virtual address 570 to a physical address 590 through a two-level page tables, including page directories 520 and page table entries 560, as shown in Fig. 5A.
  • FIGs. 5A and 5B are a schematic diagram of an exemplary method for memory management of a user space and an exemplary corresponding page mapping, according to some embodiments of the present disclosure.
  • a virtual address for a user process may include a page directory index and a page offset.
  • virtual address 570 for a 32-bit user process may include a page directory index 571 and a page offset 573.
  • Page directory index 571 may be an index of page directories, and may be used with a root address to point to a page directory that may include an entry address of page table entry.
  • control register 124 may be configured to store, for example, a root page table index for a user process as a root address 510.
  • Page directory index 571 may be used with root address 510 to point to a page directory (PD) 523 that includes an entry address 550 of page table entries 560.
  • Page offset 573 may be an offset of pages, and may be used as a page offset in a translated physical address.
  • page offset 573 of virtual address 570 may be used as a page offset 593 of a physical address 590 directly, as illustrated in Fig. 5 A.
  • processor 120 may be configured to store a root page table index of the user process in a storing unit.
  • processor 120 may be configured to store a root page table index for a Linux kernel in control register 124 in Fig. 5A.
  • Processor 120 may be configured to use the stored root page table index as root address 510 pointing to a position, e.g., page directory 521 , in page directories 520, as shown in Fig. 5A.
  • Processor 120 may also be configured to combine the root page table index stored in control register 124 with page directory index 571 to find a page directory that includes an entry address of page tables.
  • processor 120 may be configured to combine root address 510 with page directory index 571 of virtual address 570 to find page directory 523, as shown in Fig. 5B.
  • processor 120 is configured to use page directory 521 as a starting position in page directories 520, and use page directory index 571 as an offset to find page directory 523, as shown in Fig. 5A and 5B.
  • Page directory 523 may include an entry address pointing to a position among page table entries, the next level in the two-level page table structure. As shown in Fig. 5B, page directory 523 includes a 4-MB entry address 523-1 that points to a page table entry in the next level of the two-level page tables. Processor 120 may be configured to read the contents of page directory 523 to obtain entry address 550 pointing to page table entry 562 in page table entries 560, as shown in Fig. 5 A.
  • Processor 120 may also be configured to read contents of page table entry 562 to obtain a physical page index.
  • page table entry 562 includes a 4-MB physical page index 562-1 , a page attributes 562-2, and a reserved field 562-3.
  • processor 120 may be configured to read 4-MB physical page index 562-1 of page table entry 562 to be physical page index 591 , as shown in Figs. 5A and 5B.
  • Processor 120 may further be configured to combine the physical page index and the page offset to be the physical address for the user process.
  • processor 120 may be configured to combine obtained physical page index 591 (i.e., 4-MB physical page index 562-1) and page offset 593 (i.e., page offset 573) to be physical address 590 for the user process.
  • processor 120 may be configured to access memory 1 10 at translated physical address 590 to obtain required data or instructions for the user process.
  • page table entry 562 includes physical page index 562- 1 and page attributes 562-2.
  • Processor 120 may be configured to use physical page index 562-1 for translating the virtual address into the physical address as described above.
  • Physical page index 562-1 may include, for example, the most significant bit (MSB) 10 bits of page table entry 562 for addressing 4-MB pages in the user space of a 32-bit computer system.
  • MSB most significant bit
  • Page attributes 562-2 may include, for example, the least significant bit (LSB) 12 bits of page table entry 562 in the 32-bit computer system. These 12 bits of page attributes 562-2 may be configured to indicate attributes of the page at the translated physical address. For example, a bit-7 of page attributes 562-2 may be configured to indicate a page size of the user space. For example, as described above, if the bit-7 of page attributes 562-2 is "0," the page size of the user space may be configured to be 4 MB. If the bit-7 of page attributes 562- 2 is "0,” the page size of the user space may be configured to be 4 KB. Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-7 of page attributes 562-2 as described above.
  • LSB least significant bit
  • page attributes 562-2 may include two bits, e.g., bit-9 and bit-7, indicating a page size of the user space.
  • the bit-9 of page attributes 562-2 may further be configured for such usage although it is shown as unused in the figure. For example, if the bit-9 and bit-7 of page attributes 562-2 are "1 1," the page size of the user space may be 4 KB. If the bit-9 and bit-7 of page attributes 562-2 are "10,” the page size of the user space may be 4 MB. If the bit-9 and bit-7 of page attributes 562-2 are "01 ,” the page size of the user space may be 16 MB.
  • the page size of the user space may be 64 MB.
  • Processor 120 may be configured to translate the virtual address to the physical address in accordance with the bit-9 and bit-7 of page attributes 562-2 similar to those described above,
  • page attributes 562-2 may include an NX indicator, e.g., bit-2, indicating a page at the translated physical address is not executable. For example, if the bit-2 of page attributes 562-2 is "1 ,” the page at translated physical address 590 may not be executable.
  • Processor 120 may be configured not to execute or access the page at translated physical address 590 in accordance with the bit-2 of page attributes 562-2 as described above.
  • bit indicating the page size of the user space can also be included in one of page directories or page table entries.
  • a page-size bit may be included in a reserved field 523-2 of page directory 523 or a reserved field 562-2 of page table entry 562 in Fig. 5B.
  • bit-7 of reserved field 523-2 may be configured as the page-size bit.
  • Processor 120 may be configured to read the bit-7 of reserved field 523-2 and obtain the page size of the user space accordingly.
  • the NX indicator can also be included in one of page directories or page table entries. For example, an NX bit may be included in reserved field 523-2 of page directory 523 or reserved field 562-2 of page table entry 562 in Fig. 5B.
  • Processor 120 may be configured to read the NX indicator of the page at the translated physical address accordingly. The non-executable indicator may be helpful to prevent the OS kernel from executing any malicious code or virus in the page at the translated physical address.
  • processor 120 may be configured to translate a virtual address to a physical address directly. In other words, the virtual address is identical to the physical address.
  • virtual address 570 in Fig. 5 A may be translated to be physical address 590 directly without being translated through page directories 520 and page table entries 560 as shown in the figure. The direct translation from the virtual address to the physical address may be helpful for the user process to access memory 1 10 quickly and efficiently.
  • processor 120 may be configured to obtain an access- user-space indicator indicating an allowance for the OS kernel to access the user space.
  • processor 120 may include one or more instructions including a prefix "US" used to access the user space in its instruction set.
  • the instruction including the prefix "US” may be used as the access-user- space indicator.
  • processor 120 may be configured as obtaining an access-user-space indication. Referring to Figs. 2 A, processor 120 may be configured to access the user space using virtual address 270.
  • Process 120 may be configured to obtain a base address for the user space in accordance with a root page table index for the user space and a page directory index of the virtual address. For example, referring to Figs. 2A and 4A, processor 120 may be configured to combine the root page table index stored in control register 124 with page directory index 271 to find a page directory that may include a base address of page tables. Processor 120 may be configured to combine root address 410 with page directory index 271 of virtual address 270 to find page directory 423. In other words, processor 120 is configured to use page directory 421 as a starting position in page directories 420, and use page directory index 271 as an offset to find page directory 423. Processor 120 may further be configured to read the contents of page directory 423 to obtain base address 430 pointing to page table 441 in page tables 440.
  • Processor 120 may also be configured to combine a base address stored in found page directory 423 with page table index 272 to find a page table that includes an entry address of page table entries.
  • processor 120 may be configured to combine base address 430 (i.e. 4-KB base address 423-1) with page table index 272 of virtual address 270 to find page table 442.
  • base address 430 i.e. 4-KB base address 423-1
  • page table index 272 of virtual address 270 to find page table 442.
  • Processor 120 is configured to use page table 441 as a starting position in page tables 440, and use page table index 272 as an offset to find page table 442.
  • Processor 120 may further be configured to read the contents of page table 442 to obtain entry address 450 pointing to page table entry 462 in page table entries 460.
  • Processor 120 may also be configured to read contents of page table entry 462 to obtain a physical page index. According to entry address 450, processor 120 may be configured to read 4-KB physical page index 462- 1 of page table entry 462 to be physical page index 491.
  • Processor 120 may further be configured to combine the physical page index and the page offset to be the physical address for the user process.
  • processor 120 may be configured to combine obtained physical page index 491 (i.e., 4-KB physical page index 462- 1) and page offset 273 to be a physical address for the OS kernel to access the user space.
  • processor 120 may be configured to access memory 1 10 at the translated physical address to obtain required data or instructions for the OS kernel from the user space.
  • processor 120 may be configured to obtain an access- user-space indicator indicating an allowance for the user process to access the user space.
  • processor 120 may include one or more instructions including a prefix "US" used to access the user space in its instruction set.
  • the instruction including the prefix "US” may be used as the access-user-space indicator.
  • processor 120 may be configured to set a general protection fault because the instruction with the "US" prefix is reserved for the OS kernel only. For example, processor 120 can set a warning message or flag, and not execute the instruction with the "US" prefix for the user process.
  • FIG. 6 is a flow chart of an exemplary memory management method 600, according to some embodiments of the present disclosure.
  • Method 600 includes acquiring a virtual address (step 610), determining to access the kernel space or the user space (step 620), obtaining a first root page table index corresponding to the kernel space (step 631), obtaining a second root page table index corresponding to the user space (step 641), translating a first virtual address to a first physical address in accordance with the first root page table index for an operating system kernel (step 632), and translating a second virtual address to a second physical address in accordance with the second root page table index for a user process (step 642).
  • Method 600 can also include obtaining a page-size indicator indicating a page size of the kernel space or the user space.
  • Method 600 may also include obtaining a non-executable indicator for a page at the translated physical address.
  • Method 600 may further include obtaining an access-user-space indication for the OS kernel or the user process.
  • Step 610 includes acquiring a virtual address.
  • acquiring the virtual address in step 610 may include obtaining a virtual address after decoding an instruction.
  • acquiring the virtual address in step 610 may include obtaining the virtual address from an OS kernel or a user process for virtual-to-physical address mapping.
  • Step 620 includes determining to access the kernel space or the user space. For example, after obtaining a virtual address from an OS kernel in step 610, determining to access the kernel space or the user space in step 620 may include determining to access the kernel space as a default result. As another example, after obtaining a virtual address from a user process in step 610, determining to access the kernel space or the user space in step 620 may include determining to access the user space as a default result.
  • method 600 may include obtaining an access-user- space indication for the OS kernel. After obtaining the access-user-space indication from the OS kernel, determining to access the kernel space or the user space in step 620 may include determining to access the user space.
  • Step 631 includes obtaining a root page table index corresponding to the kernel space.
  • obtaining the root page table index corresponding to the kernel space in step 631 may include obtaining a root page table index from a storing unit, such as a control register 3 (CR3), a control register 3 for an OS kernel (CR3K), or a storing space in a cache, main memory, or storage device, as illustrated in above.
  • a storing unit such as a control register 3 (CR3), a control register 3 for an OS kernel (CR3K), or a storing space in a cache, main memory, or storage device, as illustrated in above.
  • obtaining the root page table index corresponding to the kernel space in step 631 may also include reading a root page table index corresponding to the OS kernel from a storing unit, and storing it in a dedicated control register in a processor.
  • obtaining the root page table index corresponding to the kernel space in step 631 may include popping out the root page table index corresponding to the OS kernel from a stack for the OS kernel, and storing it in the CR3K.
  • obtaining the root page table index corresponding to the kernel space in step 631 may include swapping in data that may include the root page table index of the OS kernel from storage 130, and storing it in control register 122 of processor 120.
  • Step 632 includes translating a virtual address to a physical address in accordance with the root page table index for an OS kernel.
  • translating the virtual address to the physical address for the OS kernel in step 632 may include translating virtual address 270 to physical address 290 for the OS kernel in accordance with the root page table index in control register 122 as illustrated in Figs. 2A and 2B, and described above.
  • translating the virtual address to the physical address for the OS kernel in step 632 may include translating virtual address 370 to physical address 390 in accordance with the root page table index stored in control register 122 for the OS kernel, as illustrated in Figs. 3A and 3B, and described above.
  • translating the virtual address to the physical address for the OS kernel in step 632 may include obtaining a base address in accordance with the root page table index of the OS kernel and the page directory index of the virtual address.
  • obtaining the base address in step 632 may include combining root address 210 with page directory index 271 of virtual address 270 to find page directory 223, as shown in Figs. 2A and 2B.
  • Page directory 223 may include a base address of page tables 240.
  • Translating the virtual address to the physical address for the OS kernel in step 632 can also include obtaining an entry address in accordance with the base address and the page table index.
  • obtaining the entry address in step 632 may include combining base address 230 with page table index 272 of virtual address 270 to find page table 242, as shown in Figs. 2A and 2B.
  • Page table 242 may include the entry address pointing to a position among page table entries.
  • Obtaining the entry address in step 632 may also include reading contents of page table 242 to obtain entry address 250 pointing to page table entry 262 in page table entries 260.
  • Translating the virtual address to the physical address for the OS kernel in step 632 can further include obtaining a physical page index in accordance with the entry address.
  • obtaining the physical page index in step 632 may include reading the contents of page table entry 262 to obtain physical page index 291.
  • Translating the virtual address to the physical address for the OS kernel in step 632 may further include combining the physical page index and the page offset to be the physical address.
  • combining the physical page index and the page offset in step 632 may include combining physical page index 291 and page offset 293 to be physical address 290, as shown in Fig. 2A.
  • Page offset 293 may be identical to page offset 273 of virtual address 270.
  • Translating the virtual address to the physical address for the OS kernel in step 632 can also include translating the virtual address to the physical address directly.
  • the virtual address is identical to the physical address.
  • virtual address 270 in Fig. 2A may be translated to be physical address 290 directly without being translated through page directories 220, page tables 240, and page table entries 260 as shown in the figure.
  • translating the virtual address to the physical address for the OS kernel in step 632 can include translating virtual address 370 to physical address 390 as illustrated in Figs. 3A and 3B, and described above.
  • Step 641 includes obtaining a root page table index corresponding to the user space.
  • obtaining the root page table index corresponding to the user space in step 641 may include obtaining a root page table index from a storing unit, such as a control register 4 (CR4), a control register 3 for a user process (CR3U), or a storing space in a cache, main memory, or storage device, as illustrated in above.
  • a storing unit such as a control register 4 (CR4), a control register 3 for a user process (CR3U), or a storing space in a cache, main memory, or storage device, as illustrated in above.
  • obtaining the root page table index corresponding to the user space in step 641 may also include reading a root page table index corresponding to the user process from a storing unit, and storing it in a dedicated control register in a processor.
  • obtaining the root page table index corresponding to the user space in step 641 may include popping out the root page table index corresponding to the user process from a stack for the user process, and storing it in the CR3U.
  • obtaining the root page table index corresponding to the user space in step 641 may include swapping in data that may include the root page table index of the user process from storage 130, and storing it in control register 124 of processor 120.
  • Step 642 includes translating a virtual address to a physical address in accordance with the root page table index for a user process.
  • translating the virtual address to the physical address for the user process in step 641 may include translating virtual address 470 to physical address 490 in accordance with the root page table index of the user process stored in control register 124, as illustrated in Figs. 4A and 4B and described above.
  • translating the virtual address to the physical address for the user process in step 642 may include translating virtual address 570 to physical address 590 in accordance with the root page table index stored in control register 124 for the user process as illustrated in Figs. 5A and 5B, and described above.
  • Translating the virtual address to the physical address for the user process in step 642 may include obtaining a base address in accordance with the root page table index of the user process and the page directory index of the virtual address.
  • obtaining the base address in step 642 may include combining root address 410 with page directory index 471 of virtual address 470 to find page directory 423, as shown in Figs. 4A and 4B.
  • Page directory 423 may include a base address of page tables 440.
  • Translating the virtual address to the physical address for the user process in step 642 can also include obtaining an entry address in accordance with the base address and the page table index.
  • obtaining the entry address in step 642 may include combining base address 430 with page table index 472 of virtual address 470 to find page table 442, as shown in Figs. 4 A and 4B.
  • Page table 442 may include the entry address pointing to a position among page table entries.
  • Obtaining the entry address in step 642 may also include reading contents of page table 442 to obtain entry address 450 pointing to page table entry 462 in page table entries 460.
  • translating the virtual address to the physical address for the user process in step 642 may further include obtaining a physical page index in accordance with the entry address.
  • obtaining the physical page index in step 642 may include reading the contents of page table entry 462 to obtain physical page index 491.
  • translating the virtual address to the physical address for the user process in step 642 may further include combining the physical page index and the page offset to be the physical address.
  • combining the physical page index and the page offset in step 642 may include combining physical page index 491 and page offset 492 to be physical address 490, as shown in Fig. 4A.
  • Page offset 492 may be identical to page offset 471 of virtual address 470.
  • translating the virtual address to the physical address for the user process in step 642 may include translating the virtual address to the physical address directly.
  • the virtual address is identical to the physical address.
  • virtual address 470 in Fig. 4A may be translated to be physical address 490 directly without being translated through page directories 420, page tables 440, and page table entries 460 as shown in the figure.
  • translating the virtual address to the physical address for the user process in step 642 can include translating virtual address 570 to physical address 590 as illustrated in Figs. 5A and 5B, and described above.
  • Method 600 can also include obtaining a page-size indicator indicating a page size of the kernel space or the user space.
  • obtaining the page-size indicator in method 600 may include reading a bit-7 of page attributes 262-2 in page table entry 262 as shown in Fig. 2B and described above.
  • Bit-7 of page attribute 262-2 indicating a page size of the kernel space. For example, if the bit-7 of page attributes 262-2 is "1 ,” the page size of the kernel space may be 4 KB. If the bit-7 of page attributes 262-2 is "0,” the page size of the kernel space may be 4 MB.
  • translating the virtual address to the physical address in step 632 may include translating the virtual address to the physical address as illustrated in Figs. 2A and 2B, and described above.
  • translating the virtual address to the physical address in step 632 may include translating virtual address 270 to physical address 290 as described above and shown in Fig. 2A.
  • translating the virtual address to the physical address in step 632 may include translating the virtual address to the physical address as illustrated in Fig. 3A and described above.
  • translating the virtual address to the physical address in step 632 may include translating virtual address 370 to physical address 390 through two- level page tables, page directories 320 and page table entries 360, as shown in Fig. 3A and 3B, and described above.
  • obtaining the page-size indicator in method 600 may include reading a bit-7 of page attributes 462-2 in page table entry 462 as shown in Fig. 4B and described above.
  • Bit-7 of page attribute 462-2 indicating a page size of the user space. For example, if the bit-7 of page attributes 462-2 is "1 ,” the page size of the user space may be 4 KB. If the bit-7 of page attributes 462-2 is "0,” the page size of the user space may be 4 MB.
  • translating the virtual address to the physical address in step 642 may include translating the virtual address to the physical address as illustrated in Figs. 4A and 4B, and described above.
  • translating the virtual address to the physical address in step 642 may include translating virtual address 470 to physical address 490 as described above and shown in Fig. 4A.
  • translating the virtual address to the physical address in step 642 may include translating the virtual address to the physical address as illustrated in Figs. 5A and 5B, and described above.
  • translating the virtual address to the physical address in step 642 may include translating virtual address 570 to physical address 590 through two-level page tables, page directories 520 and page table entries 560, as shown in Fig. 5A and described above.
  • Method 600 may also include obtaining a non-executable indicator for a page at the translated physical address.
  • obtaining the non- executable indicator in method 600 may include reading bit-2 of page attributes 262-2 in page table entry 262 as shown in Fig. 2B and described above. If the bit-2 of page attributes 262-2 is "1 ,” the page at the translated physical address may not be executable.
  • Method 600 may include not accessing contents of the page, or accessing the contents of the page, but not executing it. If the bit-2 of page attributes 262-2 is "0,” the page at the translated physical address may be executable.
  • Method 600 may include accessing the contents of the page in the kernel space and/or execute it accordingly.
  • obtaining the non-executable indicator in method 600 may include obtaining a non-executable indicator for the user space.
  • obtaining the non-executable indicator in method 600 may include reading bit-2 of page attributes 462- 2 in page table entry 462, as described above and shown in Fig. 4B. If the bit-2 of page attributes 462-2 is "1 ,” the page at the translated physical address may not be executable. Method 600 may include not accessing contents of the page, or accessing the contents of the page, but not executing it. If the bit-2 of page attributes 462-2 is "0," the page at the translated physical address may be executable. Method 600 may include accessing the contents of the page in the user space and/or execute it accordingly.
  • Method 600 may further include obtaining an access-user-space indication for the OS kernel or the user process.
  • processor 120 may include one or more instructions including a prefix "US" used to access the user space in its instruction set.
  • the instruction including the prefix "US” may be used as the access-user-space indicator in the OS kernel.
  • obtaining the root page table index in step 631 may include reading a root page table index corresponding to the user space in control register 124 for translating the virtual address to the physical address.
  • obtaining the root page table index in step 631 may include reading root address 410 corresponding to the user space from control register 124.
  • translating the virtual address to the physical address in step 632 may include translating virtual address 270 to a physical address by using root address 410 and the three-level page table structure in Fig. 4 A, as described above.
  • processor 120 may include one or more instructions including a prefix "US" used to access the user space in its instruction set.
  • the instruction including the prefix "US” may be used as the access-user-space indicator in the user process.
  • method 600 may further include setting a general protection fault because the instruction with the "US" prefix may be reserved for an OS kernel only.
  • method 600 may include setting a warning message or flag, and not executing the instruction with the "US" prefix for the user process.
  • Another aspect of the disclosure is directed to a non-transitory computer- readable medium storing a set of instructions that are executable by one or more processors of an apparatus to cause the apparatus to perform a method for memory management of a kernel space and a user space, as discussed above.
  • the computer-readable medium may include volatile or non-volatile, magnetic, semiconductor, tape, optical, removable, nonremovable, or other types of computer-readable medium or computer-readable storage devices.
  • the computer-readable medium may be the storage device or the memory module having the computer instructions stored thereon, as disclosed.
  • the computer-readable medium may be a disc or a flash drive having the computer instructions stored thereon.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Storage Device Security (AREA)
PCT/US2018/047201 2017-08-21 2018-08-21 METHODS AND SYSTEMS FOR MANAGING CORE MEMORY AND USER SPACES Ceased WO2019040417A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201880054625.2A CN110998552B (zh) 2017-08-21 2018-08-21 用于内核空间和用户空间的存储器管理系统和方法
JP2020506745A JP2020531951A (ja) 2017-08-21 2018-08-21 カーネル空間及びユーザ空間のメモリ管理のための方法及びシステム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/682,437 US11119939B2 (en) 2017-08-21 2017-08-21 Methods and systems for memory management of kernel and user spaces
US15/682,437 2017-08-21

Publications (1)

Publication Number Publication Date
WO2019040417A1 true WO2019040417A1 (en) 2019-02-28

Family

ID=65361447

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2018/047201 Ceased WO2019040417A1 (en) 2017-08-21 2018-08-21 METHODS AND SYSTEMS FOR MANAGING CORE MEMORY AND USER SPACES

Country Status (4)

Country Link
US (1) US11119939B2 (enExample)
JP (1) JP2020531951A (enExample)
CN (1) CN110998552B (enExample)
WO (1) WO2019040417A1 (enExample)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2568059B (en) * 2017-11-02 2020-04-08 Advanced Risc Mach Ltd Method for locating metadata
US10599835B2 (en) 2018-02-06 2020-03-24 Vmware, Inc. 32-bit address space containment to secure processes from speculative rogue cache loads
US11144472B2 (en) 2019-03-27 2021-10-12 Intel Corporation Memory management apparatus and method for managing different page tables for different privilege levels
WO2021080601A1 (en) * 2019-10-25 2021-04-29 Hewlett-Packard Development Company, L.P. Integrity monitor
CN113032086B (zh) * 2019-12-25 2025-01-24 中兴通讯股份有限公司 虚拟机部署及热迁移方法、vmm升级方法、服务器
US11237891B2 (en) * 2020-02-12 2022-02-01 International Business Machines Corporation Handling asynchronous memory errors on kernel text
US12366989B2 (en) * 2020-12-23 2025-07-22 Intel Corporation Technologies to provide access to kernel and user space memory regions
CN112948318B (zh) * 2021-03-09 2022-12-06 西安奥卡云数据科技有限公司 一种Linux操作系统下基于RDMA的数据传输方法及装置
CN112947863B (zh) * 2021-03-25 2024-01-30 北京计算机技术及应用研究所 一种飞腾服务器平台下存储空间合并成的方法
CN118642978A (zh) * 2024-06-21 2024-09-13 新华三信息技术有限公司 一种内存访问方法、装置、电子设备及存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120246381A1 (en) * 2010-12-14 2012-09-27 Andy Kegel Input Output Memory Management Unit (IOMMU) Two-Layer Addressing

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0713869A (ja) * 1993-06-28 1995-01-17 Fujitsu Ltd 動的アドレス変換機能を持つデータ処理システム
JP2001282616A (ja) * 2000-04-03 2001-10-12 Mitsubishi Electric Corp メモリ管理方式
US8135962B2 (en) * 2002-03-27 2012-03-13 Globalfoundries Inc. System and method providing region-granular, hardware-controlled memory encryption
US7058768B2 (en) * 2002-04-17 2006-06-06 Microsoft Corporation Memory isolation through address translation data edit control
US7451298B2 (en) * 2006-08-03 2008-11-11 Apple Inc. Processing exceptions from 64-bit application program executing in 64-bit processor with 32-bit OS kernel by switching to 32-bit processor mode
US8543792B1 (en) * 2006-09-19 2013-09-24 Nvidia Corporation Memory access techniques including coalesing page table entries
CN101477477B (zh) * 2009-01-12 2012-01-11 华为技术有限公司 内核空间隔离方法、空间管理实体及系统
CN101782954B (zh) * 2009-01-20 2013-05-01 联想(北京)有限公司 一种异常进程的检测装置及方法
US8060722B2 (en) * 2009-03-27 2011-11-15 Vmware, Inc. Hardware assistance for shadow page table coherence with guest page mappings
KR20130050156A (ko) * 2011-11-07 2013-05-15 한국전자통신연구원 가상 주소 공간 전환 장치
KR102061079B1 (ko) * 2014-03-07 2019-12-31 후아웨이 테크놀러지 컴퍼니 리미티드 파일 액세스 방법 및 관련 기기
KR102327782B1 (ko) * 2015-05-29 2021-11-18 한국과학기술원 전자 장치 및 커널 데이터 접근 방법
US10002084B1 (en) * 2016-12-19 2018-06-19 Vmware, Inc. Memory management in virtualized computing systems having processors with more than two hierarchical privilege levels

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120246381A1 (en) * 2010-12-14 2012-09-27 Andy Kegel Input Output Memory Management Unit (IOMMU) Two-Layer Addressing

Also Published As

Publication number Publication date
US20190057040A1 (en) 2019-02-21
CN110998552B (zh) 2023-05-09
US11119939B2 (en) 2021-09-14
JP2020531951A (ja) 2020-11-05
CN110998552A (zh) 2020-04-10

Similar Documents

Publication Publication Date Title
US11119939B2 (en) Methods and systems for memory management of kernel and user spaces
ES2893618T3 (es) Gestión del uso del almacenamiento por múltiples invitados localizables de un entorno de ordenador
KR101174583B1 (ko) 변환 예외 한정자를 갖는 동적 어드레스 변환
US7149890B2 (en) Initializing system memory
KR101288700B1 (ko) 멀티 오퍼레이팅 시스템(os) 기동 장치, 컴퓨터 판독 가능한 기록 매체 및 멀티 os 기동 방법
US9747052B2 (en) Virtualisation supporting guest operating systems using memory protection units to determine permission of a memory access operation for a physical address
US7073042B2 (en) Reclaiming existing fields in address translation data structures to extend control over memory accesses
US9218302B2 (en) Page table management
CN112241310B (zh) 页表管理、信息获取方法、处理器、芯片、设备及介质
US20170357592A1 (en) Enhanced-security page sharing in a virtualized computer system
US20150356029A1 (en) Handling memory access operations in a data processing apparatus
US9740625B2 (en) Selectable address translation mechanisms within a partition
GB2607529A (en) Process-based virtualization system for executing secure application process
US10025726B2 (en) Method in a memory management unit for managing address translations in two stages
US11656982B2 (en) Just-in-time virtual per-VM swap space
US20220382577A1 (en) Hardware Virtual Machine for Controlling Access to Physical Memory Space
KR100677621B1 (ko) 미리 구성된 tlb를 이용한 부팅 속도 개선 방법 및 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18848293

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020506745

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18848293

Country of ref document: EP

Kind code of ref document: A1