WO2019237862A1 - Layout method for linear address space, and computing device - Google Patents

Layout method for linear address space, and computing device Download PDF

Info

Publication number
WO2019237862A1
WO2019237862A1 PCT/CN2019/086492 CN2019086492W WO2019237862A1 WO 2019237862 A1 WO2019237862 A1 WO 2019237862A1 CN 2019086492 W CN2019086492 W CN 2019086492W WO 2019237862 A1 WO2019237862 A1 WO 2019237862A1
Authority
WO
WIPO (PCT)
Prior art keywords
kernel
page management
management structure
register
address
Prior art date
Application number
PCT/CN2019/086492
Other languages
French (fr)
Chinese (zh)
Inventor
杨力祥
Original Assignee
杨力祥
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杨力祥 filed Critical 杨力祥
Publication of WO2019237862A1 publication Critical patent/WO2019237862A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/545Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Storage Device Security (AREA)

Abstract

A layout method for a linear address space, and a computing device, relating to the field of information security. Both a process and a kernel independently possess a complete linear address space; a kernel page directory list register and a target process page directory list register are added in the computing device for respectively storing the physical address of a page directory list of the kernel and the physical address of a page directory list of the process. According to the method and the computing device, an attacker is unable to directly use an attack program prepared in advance in a user state, and is also unable to transfer data obtained by the attack to an address field occupied by a user state program without conversion of a linear address space.

Description

一种线性地址空间的布局方法及计算装置Layout method and calculation device of linear address space 技术领域Technical field
本申请涉及信息技术领域,特别涉及一种为内核、进程建立独享的全线性地址空间的方法及计算装置。The present application relates to the field of information technology, and in particular, to a method and a computing device for establishing an exclusive and fully linear address space for a kernel and a process.
背景技术Background technique
现有的操作系统和应用程序的内存格局通常都是内核态与用户态共用一个线性地址空间,内核占一部分地址段,用户态程序占另一部分地址段。这样的格局为攻击者在用户态代码区事先准备好攻击程序提供了机会,当攻击发生时,使执行序从内核态跳转到用户态的攻击程序,此时用户态的程序具备内核态的特权级,具备极大的攻击力。The memory layout of existing operating systems and applications usually uses a linear address space shared by kernel mode and user mode. The kernel occupies part of the address segment, and user mode programs occupy another part of the address segment. This pattern provides an opportunity for the attacker to prepare the attack program in the user mode code area in advance. When the attack occurs, the execution order jumps from the kernel mode to the user mode attack program. At this time, the user mode program has the kernel mode. Privilege level with great attack power.
在此基础上,攻击者就可以修改授权信息、改变授权状态,从而获得超越授权的状态。进而可以进行诸如以下操作:On this basis, the attacker can modify the authorization information and change the authorization status, thereby obtaining a status beyond authorization. Further operations such as:
1、超越授权读取用户数据(包括内存和外设的数据)。1. Beyond authorization to read user data (including memory and peripheral data).
2、超越授权写入(包括篡改、删除)用户数据。2. Beyond authorization to write (including tampering, delete) user data.
3、超越授权执行系统调用。3. Execute system calls beyond authorization.
4、超越授权执行应用程序。4. Go beyond authorization to execute applications.
发明内容Summary of the Invention
针对现有技术中攻击者可以直接利用用户态事先准备好的攻击程序,进而 超越授权等问题,本发明公开了一种为内核、进程建立独享的全线性地址空间的方法,以确保攻击者无法直接利用其在用户态事先准备好的攻击程序,也无法将攻击获得的数据在不转换线性地址空间的情况下传回用户态程序占用的地址段。进一步的,需要配套的重新设计中断等有关特权级切换的指令,使之能在执行特权级切换指令时,硬件同时自动地切换页管理结构基址寄存器的值。所述页管理结构基址寄存器是指页目录基址寄存器或一级页表基址寄存器,如在INTEL体系中的CR3寄存器。Aiming at the problems in the prior art that an attacker can directly use the user program prepared in advance to go beyond authorization, the invention discloses a method for establishing an exclusive and fully linear address space for the kernel and process to ensure the attacker It cannot directly use its attack program prepared in the user mode in advance, nor can it transfer the data obtained from the attack back to the address segment occupied by the user mode program without converting the linear address space. Further, a related redesigned interrupt and other instructions related to privilege level switching are needed, so that when the privilege level switching instruction is executed, the hardware automatically switches the value of the page management structure base address register at the same time. The page management structure base address register refers to a page directory base address register or a first-level page table base address register, such as a CR3 register in the INTEL system.
为达到上述目的,本发明公开了一种线性地址空间的布局方法,所述方法包括:进程和内核均独享一个完整的线性地址空间。如除进程之外还有其他特权级的程序形式,则每个特权级的程序形式都拥有一个独立的线性地址空间,其管理形式参见进程。In order to achieve the above object, the present invention discloses a method for laying out a linear address space. The method includes: a process and a kernel share a complete linear address space exclusively. If there are other privileged program forms in addition to the process, each privileged program form has an independent linear address space. For the management form, see process.
由于每一个进程的用户态占用一个完整的线性地址空间,没有内核态的部分;内核单独占用一个独立、完整的线性地址空间。在这个条件下,内核的指令指针(例如,eip)无论如何都不可能直接跳转到进程的用户态的线性地址空间,攻击者在用户态线性地址空间预先准备攻击代码实施攻击的可能性彻底消除。Because the user mode of each process occupies a complete linear address space, there is no part of the kernel mode; the kernel alone occupies an independent and complete linear address space. Under this condition, the kernel's instruction pointer (for example, eip) cannot in any case directly jump to the user-mode linear address space of the process. The possibility of an attacker preparing the attack code in advance in the user-mode linear address space is thorough. eliminate.
在本发明的一个具体实现方式中,所述进程的页管理结构和页表由内核管理,进程的线性地址空间内不存在任何内核的代码和数据,也不存在任何0特权级的数据段和代码段。In a specific implementation manner of the present invention, the page management structure and page table of the process are managed by the kernel, and there is no kernel code and data in the linear address space of the process, nor any data segment with 0 privilege level and Snippet.
每个进程在用户态时有自身的用户栈,在进程存续期间,进程始终使用其自身的用户栈,当进程间切换时,用户栈也随之切换;Each process has its own user stack when in user mode. During the duration of the process, the process always uses its own user stack. When switching between processes, the user stack also switches accordingly;
内核还为每个进程在内核的线性地址空间分配一个内核栈,当该进程发起系统调用进入内核后,内核使用这个栈。The kernel also allocates a kernel stack for each process in the linear address space of the kernel. When the process initiates a system call to enter the kernel, the kernel uses this stack.
在本发明的一个具体实现方式中,内核中设置专供中断服务程序使用的内核栈,当发生中断时,直接切换到中断的内核栈,而不使用任何一个进程的内核栈。In a specific implementation manner of the present invention, a kernel stack dedicated to an interrupt service program is set in the kernel, and when an interrupt occurs, it is directly switched to the interrupted kernel stack without using the kernel stack of any process.
在本发明的一种具体实现方式中,当进程发起系统调用时,包括如下步骤:In a specific implementation manner of the present invention, when a process initiates a system call, it includes the following steps:
S1:进程以固定格式将参数压入进程栈,并提供参数的类型、个数、长度;S1: The process pushes parameters into the process stack in a fixed format, and provides the type, number, and length of the parameters;
S2:通过软中断或者快速系统调用切换到内核后,内核将进程栈中的参数拷贝至该进程的内核栈;然后再进行系统调用函数的执行;S2: After switching to the kernel through soft interrupt or fast system call, the kernel copies the parameters in the process stack to the kernel stack of the process; then executes the system call function;
S3:当内核需要向用户态返回数据时,先将要拷贝的数据写入进程的用户栈,然后再切换到进程;S3: When the kernel needs to return data to the user mode, write the data to be copied into the user stack of the process, and then switch to the process;
在本发明的一种具体实现方式中,当内核切换到进程时,页管理结构基址寄存器的值切换到指定进程的页管理结构的物理地址;当进程切换到内核时,页管理结构基址寄存器的值切换到内核的页管理结构的物理地址;不允许进程直接切换到另一个进程。所述页管理结构是指页目录表或一级页表。In a specific implementation of the present invention, when the kernel switches to a process, the value of the page management structure base address register switches to the physical address of the page management structure of the specified process; when the process switches to the kernel, the page management structure base address The value of the register switches to the physical address of the kernel's page management structure; a process is not allowed to switch directly to another process. The page management structure refers to a page directory table or a first-level page table.
进一步的,为了能够使CPU能够自动找到内核页管理结构和目标进程页管理结构,增加两个寄存器,内核页管理结构基址寄存器和目标进程页管理结构基址寄存器,分别用于存放内核页管理结构的物理地址和进程页管理结构的物理地址。其中,进程页管理结构基址寄存器的值在内核中被设定为具体某一个进程的页管理结构的物理地址。当需要切换到内核时,将页管理结构基址寄存器赋值为内核页管理结构基址寄存器的值;当需要切换到进程时,将页管理结构基址寄存器赋值为进程页管理结构基址寄存器的值。页管理结构基址寄存器为CPU寻址时访问的寄存器。Further, in order to enable the CPU to automatically find the kernel page management structure and the target process page management structure, two registers are added, the kernel page management structure base address register and the target process page management structure base address register, which are respectively used to store kernel page management The physical address of the structure and the process page manage the physical address of the structure. Among them, the value of the process page management structure base address register is set in the kernel as the physical address of the page management structure of a specific process. When you need to switch to the kernel, set the page management structure base address register to the value of the kernel page management structure base address register; when you need to switch to the process, set the page management structure base address register to the process page management structure base address register. value. The page management structure base register is the register accessed by the CPU when it is addressed.
在本发明的一种具体实现方式中,当发生中断时,CPU在执行其他动作之 前,先将内核页管理结构基址寄存器的值赋给页管理结构基址寄存器。In a specific implementation of the present invention, when an interrupt occurs, the CPU first assigns the value of the kernel page management structure base address register to the page management structure base address register before performing other actions.
当通过中断返回指令进行特权级改变的返回时,首先进行相应的特权级检查,再弹出栈中的返回地址后,CPU自动将进程页管理结构基址寄存器的值赋给页管理结构基址寄存器;如进程页管理结构基址寄存器的值为0,则发生异常。When a privilege level change is returned by an interrupt return instruction, the corresponding privilege level check is performed first, and after the return address in the stack is popped, the CPU automatically assigns the value of the process page management structure base address register to the page management structure base address register. ; If the value of the process page management structure base register is 0, an exception occurs.
其中,进行特权级检查的具体方式可参照现有CPU的方式进行;在Intel体系下,所述页管理结构基址寄存器是指CR3寄存器;在Intel体系下,所述中断返回指令是指iret指令。Among them, the specific way to perform the privilege level check can refer to the way of the existing CPU; under the Intel system, the page management structure base address register refers to the CR3 register; under the Intel system, the interrupt return instruction refers to the iret instruction .
当发生中断时,CPU根据代码段寄存器(例如Intel体系下的CS寄存器)的特权级判断当前是在执行用户程序还是在执行内核程序,如果是执行用户程序,则将页管理结构基址寄存器,赋值为内核页管理结构基址寄存器的值,剩余动作(如找IDT表等、特权级处理等)与现有技术类似,然后将关键寄存器的值压入内核栈中,将其他寄存器的值保存在tss,并将tss保存在进程管理信息中;如果是执行内核程序,则不需要切换页管理结构基址寄存器,其它动作相同。When an interrupt occurs, the CPU judges whether the user program or the kernel program is currently executing according to the privilege level of the code segment register (such as the CS register under the Intel system). If the user program is executing, the page management structure base address register is determined. Assign the value of the kernel page management structure base address register. The remaining actions (such as finding the IDT table, privilege level processing, etc.) are similar to the prior art, and then push the key register values into the kernel stack and save the values of other registers. In tss, save tss in the process management information; if you are executing the kernel program, you do not need to switch the page management structure base address register, and other actions are the same.
所述关键寄存器包括代码段寄存器、数据段寄存器、栈段寄存器、指令指针、栈寄存器等;例如,在Intel体系下,所述关键寄存器可以包括CS、DS、SS、IP、SP。The key register includes a code segment register, a data segment register, a stack segment register, an instruction pointer, a stack register, and the like; for example, under the Intel system, the key register may include CS, DS, SS, IP, SP.
当内核需要对进程数据访问时,具体步骤包括:When the kernel needs to access process data, the specific steps include:
内核先根据进程提供的线性地址,和内存中保管的该进程的页管理结构算出这个地址对应的实际物理地址;The kernel first calculates the actual physical address corresponding to this address according to the linear address provided by the process and the page management structure of the process stored in memory;
为上述物理地址在内核的线性空间中临时映射一个新的线性地址;Temporarily map a new linear address in the linear space of the kernel for the above physical address;
内核通过临时线性地址对数据进行读写;The kernel reads and writes data through temporary linear addresses;
读写完成后,内核再解除对该物理地址的临时映射关系。After reading and writing, the kernel releases the temporary mapping relationship to the physical address.
一种计算装置,其特征在于:增加两个寄存器,内核页管理结构基址寄存器和目标进程页管理结构基址寄存器,分别用于存放内核的页管理结构的物理地址和进程的页管理结构的物理地址。切换到内核时,将页管理结构基址寄存器赋值为内核页管理结构基址寄存器的值;切换到进程时,将页管理结构基址寄存器赋值为进程页管理结构基址寄存器的值;页管理结构基址寄存器为CPU寻址时访问的寄存器。A computing device is characterized in that two registers are added, a kernel page management structure base address register and a target process page management structure base address register, which are respectively used to store the physical address of the kernel's page management structure and the process's page management structure. Physical address. When switching to the kernel, the page management structure base address register is set to the value of the kernel page management structure base register; when switching to the process, the page management structure base address register is set to the value of the process page management structure base address register; page management The structure base register is the register accessed by the CPU when it is addressed.
如果该装置支持更多的特权级,则为每个特权级增设一个页管理结构基址寄存器,用于存储该特权级对应的线性地址空间的页管理结构基址。If the device supports more privilege levels, a page management structure base address register is added for each privilege level to store the page management structure base address of the linear address space corresponding to the privilege level.
本发明的技术方案可以实现以下技术效果:The technical solution of the present invention can achieve the following technical effects:
1)、攻击者无法直接利用其在用户态事先准备好的攻击程序,也无法将攻击获得的数据在不转换线性地址的情况下传回用户态程序占用的地址段。1) The attacker cannot directly use the attack program prepared in the user mode in advance, and cannot transfer the data obtained from the attack back to the address segment occupied by the user mode program without converting the linear address.
2)、能够防范CPU硬件可能出现的错误,比如CPU中硬件出现对跨特权级访问的失控,即3特权级下程序可以直接访问到0特权级下程序,本方案跨特权级访问必须切换页管理结构基址寄存器,这样可以做到3特权级程序除了进行正常系统调用外(伴随切换页管理结构基址寄存器)外,无法直接访问0特权级下程序。2), can prevent possible errors in the CPU hardware, such as the CPU in the hardware out of control over cross-privileged access, that is, the program under 3 privilege level can directly access the program under 0 privilege level, cross-privileged access in this solution must switch pages Manage the structure base address register. In this way, except for the normal system call (with the management page base structure register switching page), the 3 privilege level program cannot directly access the program under the 0 privilege level.
3)、能够在内存空间比较小的领域内(如嵌入式),以最小的防护成本,最大限度的防止攻击。3) It can prevent attacks to the greatest extent in areas with relatively small memory space (such as embedded) with minimal protection costs.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are merely These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without paying creative labor.
图1:现有技术的线性地址空间布局示意图Figure 1: Schematic diagram of the prior art linear address space layout
图2:本发明的线性地址空间布局示意图Figure 2: Schematic diagram of the linear address space layout of the present invention
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In the following, the technical solutions in the embodiments of the present invention will be clearly and completely described with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
图1是现有技术中线性地址空间布局的示意图,在大多数现有操作系统的线性地址空间分布中,并不存在严格意义上的内核这一概念,在每个线性地址空间中,只有进程的用户态和进程的内核态,当进程处于用户态时,只有权访问线性地址空间中用户态代码的访问范围,当进程处于内核态时,内核态代码能够访问的范围为整个线性地址空间。例如,进程A的用户态程序只能访问图中线性地址空间中的用户态代码访问范围;当通过系统调用进入到进程A内核态,进程A内核态程序有权访问内核态代码访问范围。Figure 1 is a schematic diagram of the linear address space layout in the prior art. In the linear address space distribution of most existing operating systems, the concept of a kernel in the strict sense does not exist. In each linear address space, only processes User mode and the kernel mode of the process. When the process is in user mode, it only has access to the access range of user mode code in the linear address space. When the process is in kernel mode, the range of kernel mode code can access the entire linear address space. For example, the user mode program of process A can only access the user mode code access range in the linear address space in the figure; when entering the process A kernel mode through a system call, the process A kernel mode program has access to the kernel mode code access range.
在攻击条件下,如果攻击者将返回地址修改为用户态地址空间,并且在这个位置准备了攻击代码,就会形成攻击执行序分支。特别是由于攻击发生在系 统特权级(例如0特权级),系统特权级中代码的可访问范围涵盖了包括用户态线性地址空间在内的全部线性地址空间,所以,一旦跳转到被攻击者修改的处于用户态线性地址空间中的位置,且攻击者在所述位置处准备了攻击代码或伪装为数据的攻击代码,由于此时处在系统特权级,上述攻击代码就会在系统特权级被执行。这些代码是攻击者精心准备的,可以实现攻击者想要拥有的一切功能,攻击力很强。Under attack conditions, if the attacker changes the return address to a user-mode address space and prepares attack code at this location, an attack execution order branch will be formed. Especially because the attack occurs at the system privilege level (such as 0 privilege level), the accessible range of the code in the system privilege level covers the entire linear address space including the user-mode linear address space, so once it jumps to the attacked The modified position is in the user-mode linear address space, and the attacker prepares the attack code or the attack code disguised as data at the position. Since the attack code is at the system privilege level, the above attack code will be at the system privilege level. Be executed. These codes are carefully prepared by the attacker, which can implement all the functions the attacker wants to have, and the attack power is very strong.
针对上述问题,本发明为每一个进程的用户态建立一个完整的线性地址空间,没有内核态的部分。为内核建立一个独立、完整的线性地址空间。实现了内核和进程的线性隔离。In view of the above problems, the present invention establishes a complete linear address space for the user mode of each process, and there is no part of the kernel mode. Create an independent, complete linear address space for the kernel. Achieve linear isolation between kernel and process.
本发明中线性地址空间的布局如图2所示,进程和内核均独享一个完整的线性地址空间。在原有模式下,进程和内核共享一个线性地址空间,意味着,用户态下的一个线性地址所对应的物理地址,进入内核态后仍然对应着原来的物理地址。用户态到内核态的切换,本质只是特权级的切换,而在内核态时,理论上可以直接跳转到当前线性地址空间内的任何位置的代码,也可以直接访问任何这个空间内的数据。此时,进程和内核不是隔离的。The layout of the linear address space in the present invention is shown in FIG. 2, and both the process and the kernel share a complete linear address space. In the original mode, the process and the kernel share a linear address space, which means that the physical address corresponding to a linear address in user mode still corresponds to the original physical address after entering kernel mode. The switch from user mode to kernel mode is essentially a privilege level switch. In kernel mode, in theory, you can directly jump to any code in the current linear address space and directly access any data in this space. At this point, the process and the kernel are not isolated.
在本发明的线性地址空间布局下,每个进程独享一个完整的线性空间。进程的页管理结构由内核管理。进程的线性地址空间内不存在任何内核的代码和数据,也不存在任何0特权级的数据段和代码段。因此,当内核执行时,不可能直接跳转到任何一个进程的线性地址空间内的代码执行,也不可以直接访问进程的线性地址空间内的数据。Under the linear address space layout of the present invention, each process enjoys a complete linear space exclusively. The page management structure of a process is managed by the kernel. There is no kernel code and data in the linear address space of the process, nor any data segment or code segment with 0 privilege level. Therefore, when the kernel executes, it is impossible to directly jump to code execution in the linear address space of any process, and it is also impossible to directly access data in the linear address space of the process.
在一个具体的实施方式中,改进主要包括以下方面:In a specific embodiment, the improvement mainly includes the following aspects:
进程拥有独立的线性地址空间Processes have independent linear address spaces
进程使用的cs、ds、ss段的起始位置为0,段限长为CPU最大寻址空间, 特权级为3。The starting position of the cs, ds, and ss segments used by the process is 0, the segment length is the maximum addressing space of the CPU, and the privilege level is 3.
每个进程拥有独立于内核的页管理结构。Each process has a kernel-independent page management structure.
进程可以在0到最大寻址空间内任意寻址,如发生缺页,则通过引发缺页中断由内核进行页面分配,整个线性空间对应的物理页面在页管理结构和页表中的U/S标志位都为1。一个完整的线性空间不再切割为内核态可访问的空间和用户进程可访问的空间。当前为用户态时,整个线性地址空间全部属于进程。A process can be arbitrarily addressed from 0 to the maximum addressing space. If a page fault occurs, the kernel allocates pages by causing a page fault interrupt. The physical page corresponding to the entire linear space is in the page management structure and the page table. The flags are all 1. A complete linear space is no longer cut into kernel-accessible space and user-process accessible space. When currently in user mode, the entire linear address space belongs to the process.
内核拥有独立的线性地址空间Kernel has independent linear address space
内核使用的cs、ds、ss段的起始位置为0,段限长为CPU最大寻址空间,特权级为0。The starting position of the cs, ds, and ss segments used by the kernel is 0, the segment length is the maximum addressing space of the CPU, and the privilege level is 0.
内核拥有独立于所有进程的页管理结构。The kernel has a page management structure that is independent of all processes.
内核也可以在0到最大寻址空间内任意寻址,如发生缺页,则通过引发缺页中断由内核进行页面分配,整个线性空间对应的物理页面在页管理结构中的U/S标志位都为0。内核管理所有的进程的页管理结构。The kernel can also be arbitrarily addressed from 0 to the maximum addressing space. If a page fault occurs, the kernel allocates pages by causing a page fault interrupt. The U / S flag bit of the physical page corresponding to the entire linear space in the page management structure. Both are 0. The kernel manages the page management structure of all processes.
进程的栈和内核的栈Process stack and kernel stack
每个进程在用户态时有自身的用户栈,栈的页面由内核分配,属于用户态,在进程的线性地址空间。在进程存续期间,进程始终使用其自身的用户栈。当进程间切换时,用户栈也随之切换。Each process has its own user stack in user mode. The pages of the stack are allocated by the kernel and belong to the user mode. They are in the linear address space of the process. During the lifetime of a process, the process always uses its own user stack. When switching between processes, the user stack also switches.
每个进程创建后,内核为该进程分配一个内核栈,在内核的线性地址空间,当该进程发起系统调用进入内核后,内核使用这个栈。After each process is created, the kernel allocates a kernel stack for the process. In the linear address space of the kernel, when the process initiates a system call to enter the kernel, the kernel uses this stack.
内核中除了有进程的内核栈,还有供中断服务程序使用的内核栈。当发生中断时,切换到中断的内核栈,而不使用任何一个进程的内核栈。In addition to the kernel stack of the process, there is also a kernel stack for interrupt service routines. When an interrupt occurs, switch to the interrupted kernel stack without using the kernel stack of any process.
内核中的每个独立线程,也拥有属于自己的内核栈,不与其他内核栈混用。Each independent thread in the kernel also has its own kernel stack and is not mixed with other kernel stacks.
进程的用户栈和内核栈分别记录在进程的tss结构中,在切换时可由CPU自动找到对应的栈段、栈顶指针、栈底指针,实现切换。The user stack and the kernel stack of the process are recorded in the tss structure of the process, respectively, and the CPU can automatically find the corresponding stack segment, stack top pointer, and stack bottom pointer when switching, to achieve switching.
进程与内核的参数传递Process and kernel parameter passing
当进程发起系统调用时,有可能需要传递参数。When a process makes a system call, it may be necessary to pass parameters.
一种优选的方案是:A preferred solution is:
进程以固定格式将参数压入进程栈,并提供参数的类型、个数、长度。The process pushes parameters into the process stack in a fixed format and provides the type, number, and length of the parameters.
通过软中断或者快速系统调用切换到内核后,内核将进程栈中的参数拷贝至该进程的内核栈。然后再进行系统调用函数的执行。After switching to the kernel through soft interrupt or fast system call, the kernel copies the parameters in the process stack to the kernel stack of the process. Then execute the system call function.
当内核需要向用户态返回数据时,先将要拷贝的数据写入进程的用户态栈,然后再切换到进程。When the kernel needs to return data to the user mode, it first writes the data to be copied into the user mode stack of the process, and then switches to the process.
内核与进程的切换Kernel and process switching
在本发明中,导致线性地址空间切换共有以下几种方式:In the present invention, there are the following ways to cause a linear address space switch:
a)内核切换到进程。a) The kernel switches to a process.
这与现有技术中的进程切换基本相似。都是在内核中选定要切换的进程目标,然后切换tss以及各种寄存器。差别在于,在现有技术中,页管理结构基址寄存器的值是由一个进程的页管理结构的物理地址切换到另外一个进程的页管理结构的物理地址;而在本发明中,是将目标进程的页管理结构的物理地址赋值给进程页管理结构基址寄存器的值,然后将进程页管理结构基址寄存器的值的值赋给页管理结构基址寄存器。This is basically similar to the process switching in the prior art. In the kernel, the process target to be switched is selected, and then the tss and various registers are switched. The difference is that in the prior art, the value of the page management structure base address register is switched from the physical address of the page management structure of one process to the physical address of the page management structure of another process; while in the present invention, the target is The physical address of the page management structure of the process is assigned to the value of the process page management structure base register, and then the value of the process page management structure base register is assigned to the page management structure base register.
b)发生中断,切换到内核b) An interrupt occurs, switching to the kernel
在现有系统中,当中断发生时系统正处于内核态,那么既不需要切换特权级,也不需要切换线性地址空间,只需跳转到对应的中断服务程序;如果中断发生时正处于用户态,那么需要切换特权级到0,但是不需要切换线性地址空间,使用的内核栈是刚才正在运行的进程的内核栈。所以发生中断时,硬件会自动完成特权级的切换,但是不会对线性地址空间进行任何改变。In the existing system, when the system is in the kernel state when an interrupt occurs, neither the privilege level nor the linear address space needs to be switched, and only the corresponding interrupt service routine needs to be jumped to; if the interrupt occurs, it is in the user State, then you need to switch the privilege level to 0, but you do not need to switch the linear address space. The kernel stack used is the kernel stack of the process that was just running. So when an interrupt occurs, the hardware will automatically complete the privilege level switch, but will not make any changes to the linear address space.
在本发明中,进程和内核处于不同的线性地址空间,当在进程运行时发生中断,CPU必须自动切换特权级以及将线性地址空间从用户的线性地址空间切换到内核的线性地址空间。CPU的IDTR寄存器记录着中断描述符表(IDT)的地址,这个地址是线性地址,而且是内核空间的线性地址。因此CPU在访问IDT表前代码地址之前,须先将页管理结构基址寄存器寄存器的值记为内核页管理结构的物理地址,这样CPU才能正常访问IDT。In the present invention, the process and the kernel are in different linear address spaces. When an interrupt occurs while the process is running, the CPU must automatically switch the privilege level and switch the linear address space from the user's linear address space to the kernel's linear address space. The IDTR register of the CPU records the address of the interrupt descriptor table (IDT). This address is a linear address and is a linear address in the kernel space. Therefore, before accessing the code address in front of the IDT table, the CPU must first record the value of the page management structure base address register register as the physical address of the kernel page management structure, so that the CPU can access the IDT normally.
本发明的另外一种实施方式如下:Another embodiment of the present invention is as follows:
CPU增加两个寄存器:内核页管理结构基址寄存器,存放内核的页管理结构的物理地址;目标进程页管理结构基址寄存器,存放即将执行的进程的页管理结构的物理地址。The CPU adds two registers: the kernel page management structure base address register, which stores the physical address of the kernel's page management structure; the target process page management structure base address register, which stores the physical address of the page management structure of the process to be executed.
在内核的页管理结构创建完成后,内核代码将页管理结构的物理地址赋给内核页管理结构基址寄存器。在系统退出之前,不再修改寄存器的值。After the kernel page management structure is created, the kernel code assigns the physical address of the page management structure to the kernel page management structure base address register. The value of the register is no longer modified until the system exits.
在内核选定即将切换的进程后,内核代码将该进程的页管理结构的物理地址赋给目标进程页管理结构基址寄存器,在完成切换后自动将该寄存器清0。After the kernel selects the process to be switched, the kernel code assigns the physical address of the process's page management structure to the target process's page management structure base address register, which is automatically cleared to 0 after the switch is completed.
发生中断信号时(包含硬件中断、软件中断、异常),CPU在执行其他动作之前,首先将内核页管理结构基址寄存器的值赋给页管理结构基址寄存器,实现将当前线性地址空间切换到内核的线性地址空间。When an interrupt signal (including hardware interrupt, software interrupt, exception) occurs, the CPU first assigns the value of the kernel page management structure base address register to the page management structure base address register before performing other actions, so as to switch the current linear address space to The linear address space of the kernel.
通过iret指令进行特权级改变的返回时,首先进行相应的特权级检查,这一 部分与现有CPU相同,再弹出栈中的返回地址后,CPU自动将进程页管理结构基址寄存器的值赋给页管理结构基址寄存器。如进程页管理结构基址寄存器的值为0,则发生异常。When returning privilege level changes through the iret instruction, the corresponding privilege level check is performed first. This part is the same as the existing CPU. After the return address in the stack is popped, the CPU automatically assigns the value of the process page management structure base register to Page management structure base register. If the value of the process page management structure base register is 0, an exception occurs.
c)进程发起系统调用,切换到内核c) The process initiates a system call and switches to the kernel
以下以INTEL体系下的快速系统调用为例:The following takes the fast system call in the INTEL system as an example:
当进程发起一个系统调用,会通过软中断或者快速系统调用指令进入内核。在现有系统中,这仅带来特权级的切换和栈的切换,在本发明中,还会带来页管理结构基址寄存器的切换。When a process initiates a system call, it enters the kernel through soft interrupts or fast system call instructions. In the existing system, this only brings about the switching of the privilege level and the switching of the stack. In the present invention, it also brings about the switching of the base address register of the page management structure.
1)快速系统调用1) Fast system call
具体方案如下:The specific scheme is as follows:
增加SYSENTER_CR_MSR寄存器Increase SYSENTER_CR_MSR register
SYSENTER指令:执行时,CR3内是进程的页管理结构首地址,内核页管理结构基址寄存器的值是内核的页管理结构首地址,在其他操作之前,首先将进程页管理结构基址寄存器的值的值赋值给CR3,完成后,将CR3的值(进程的页管理结构首地址值)赋给SYSENTER_CR_MSR寄存器。后续处理动作与现在相同SYSENTER instruction: During execution, CR3 is the first address of the page management structure of the process, and the value of the kernel page management structure base address register is the first address of the kernel page management structure. Before other operations, the process page management structure base address register is first set. The value is assigned to CR3. After completion, the value of CR3 (the first address of the page management structure of the process) is assigned to the SYSENTER_CR_MSR register. Follow-up actions are the same as now
SYSEXIT指令:EIP跳转之前,读取SYSENTER_CR_MSR寄存器的值,赋给CR3。SYSEXIT instruction: Before EIP jump, read the value of SYSENTER_CR_MSR register and assign it to CR3.
栈切换与现在的方式一致。Stack switching is the same as it is now.
2)软中断2) Soft interrupt
软中断也是中断的一种,方式与中断导致切换到内核的基本一致,差别在于当通过软中断的方式进入内核后,内核会使用发起系统调用的进程的内核栈,内核栈信息从该进程的tss中获得。Soft interrupts are also a type of interrupt. The method is basically the same as the interrupt that caused the switch to the kernel. The difference is that after entering the kernel through the soft interrupt, the kernel uses the kernel stack of the process that initiated the system call. The kernel stack information is obtained from the process. tss.
内核对进程数据的访问Kernel access to process data
内核有可能会需要读写用户线性空间下的数据,如文件读写时,为该地址临时在内核线性空间中映射一个新的线性地址,读写完成后,解除该映射关系。The kernel may need to read and write data in the user's linear space. For example, when a file is read or written, a new linear address is temporarily mapped in the kernel's linear space for the address. After the reading and writing is completed, the mapping relationship is released.
内核必须根据该进程的页管理结构、页表和具体的线性地址算出实际的物理地址,再由实际的物理地址反推出它在内核的线性地址,再根据内核里的线性地址进行读写。The kernel must calculate the actual physical address based on the process's page management structure, page table, and specific linear address, and then derive the linear address in the kernel from the actual physical address, and then read and write according to the linear address in the kernel.
具体步骤为:The specific steps are:
内核先根据进程提供的线性地址,和内存中保管的进程的页管理结构算出这块内存实际的物理地址;为该物理地址临时映射内核中一个新的线性地址,进行读写。The kernel first calculates the actual physical address of this memory according to the linear address provided by the process and the page management structure of the process stored in memory; temporarily maps a new linear address in the kernel for the physical address, and reads and writes.
这样,内核态的eip无论如何都不可能直接跳转到用户态的线性地址空间,攻击者在用户态线性地址空间预先准备攻击代码的可能性彻底消除。In this way, the kernel-state eip cannot directly jump to the user-mode linear address space in any case, and the possibility of an attacker preparing the attack code in the user-mode linear address space in advance is completely eliminated.
通过以上的具体实施方式,本领域技术人员可以清晰的理解,在目前的CPU体系下,仅靠软件无法实现进程与内核的线性地址空间完全隔离,本发明对CPU进行了一系列的改造。Through the above specific implementations, those skilled in the art can clearly understand that in the current CPU system, the software cannot achieve complete isolation of the process from the linear address space of the kernel, and the present invention makes a series of modifications to the CPU.
基于改造后的CPU体系下的线性地址空间隔离的设计,即使攻击程序能够改变内核执行序,也只能让被更改内核的执行序跳转到内核本身的其他指令,或者是跳转到一个无意义的地址。如果是跳转到无意义地址,内核会当即或者很快发生各种执行异常;如果是跳转到内核固有指令,能起到的攻击效果也非常有限。相较于内核执行到用户程序安排好的攻击代码,这两种情况的恶果会弱得多,能有效遏制攻击效果。Based on the linear address space isolation design of the transformed CPU system, even if the attack program can change the kernel execution order, it can only make the changed kernel execution order jump to other instructions in the kernel itself, or jump to a Meaningful address. If it jumps to a meaningless address, the kernel will immediately or various execution exceptions occur; if it jumps to the kernel's inherent instructions, the attack effect can be very limited. Compared with the execution code arranged by the kernel to the user program, the consequences of these two situations are much weaker, which can effectively curb the effect of the attack.
以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。 凡在本发明的精神和原则之内所作的任何修改、等同替换、改进等,均包含在本发明的保护范围内。The above descriptions are merely preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (15)

  1. 一种线性地址空间的布局方法,其特征在于:进程和内核均独享一个完整的线性地址空间。A linear address space layout method is characterized in that both the process and the kernel share a complete linear address space.
  2. 根据权利要求1所述的方法,其特征在于:进程的页管理结构由内核管理,进程的线性地址空间内不存在任何内核的代码和数据,也不存在任何0特权级的数据段和代码段,所述页管理结构是指页目录表或一级页表。The method according to claim 1, characterized in that the page management structure of the process is managed by the kernel, and there is no kernel code and data in the linear address space of the process, nor any data segment and code segment with 0 privilege level The page management structure refers to a page directory table or a first-level page table.
  3. 根据权利要求1-2之一所述的方法,其特征在于:The method according to any one of claims 1-2, characterized in that:
    每个进程在用户态时有自身的用户栈,在进程存续期间,进程始终使用其自身的用户栈,当进程间切换时,用户栈也随之切换;Each process has its own user stack when in user mode. During the duration of the process, the process always uses its own user stack. When switching between processes, the user stack also switches accordingly;
    内核还为每个进程在内核的线性地址空间分配一个内核栈,当该进程发起系统调用进入内核后,内核使用这个栈。The kernel also allocates a kernel stack for each process in the linear address space of the kernel. When the process initiates a system call to enter the kernel, the kernel uses this stack.
  4. 根据权利要求1-3之一所述的方法,其特征在于:内核中设置专供中断服务程序使用的内核栈,当发生中断时,直接切换到中断的内核栈,而不使用任何一个进程的内核栈。The method according to any one of claims 1-3, characterized in that: a kernel stack dedicated to an interrupt service program is set in the kernel, and when an interrupt occurs, it is directly switched to the interrupted kernel stack without using any one of the processes. The kernel stack.
  5. 根据权利要求1所述的方法,其特征在于:当进程发起系统调用时,包括如下步骤:The method according to claim 1, characterized in that, when the process initiates a system call, the method comprises the following steps:
    进程以固定格式将参数压入进程栈,并提供参数的类型、个数、长度;The process pushes parameters into the process stack in a fixed format, and provides the type, number, and length of the parameters;
    通过软中断或者快速系统调用切换到内核后,内核将进程栈中的参数拷贝至该进程的内核栈。然后再进行系统调用函数的执行;After switching to the kernel through soft interrupt or fast system call, the kernel copies the parameters in the process stack to the kernel stack of the process. Then execute the system call function;
    当内核需要向用户态返回数据时,先将要拷贝的数据写入进程的用户栈,然后再切换到进程。When the kernel needs to return data to the user mode, it first writes the data to be copied into the user stack of the process, and then switches to the process.
  6. 根据权利要求1所述的方法,其特征在于:当内核切换到进程时,页管理结构基址寄存器的值切换到指定进程的页管理结构的物理地址;当进程切换到内核时,页管理结构基址寄存器的值切换到内核的页管理结构的物理地址; 不允许进程直接切换到另一个进程,页管理结构基址寄存器为CPU寻址时访问的寄存器。The method according to claim 1, characterized in that when the kernel is switched to a process, the value of the page management structure base address register is switched to the physical address of the page management structure of the specified process; when the process is switched to the kernel, the page management structure The value of the base register is switched to the physical address of the kernel's page management structure; the process is not allowed to switch directly to another process. The page management structure base register is the register accessed by the CPU when it is addressed.
  7. 根据权利要求1所述的方法,其特征在于:增加两个寄存器,内核页管理结构基址寄存器和目标进程页管理结构基址寄存器,分别用于存放内核页管理结构的物理地址和进程页管理结构的物理地址。The method according to claim 1, characterized in that: two registers are added, a kernel page management structure base address register and a target process page management structure base address register, respectively for storing a physical address of the kernel page management structure and a process page management. The physical address of the structure.
  8. 根据权利要求7所述的方法,其特征在于:当发生中断时,CPU在执行其他动作之前,先将内核页管理结构基址寄存器的值赋给页管理结构基址寄存器。The method according to claim 7, wherein, when an interrupt occurs, the CPU first assigns the value of the kernel page management structure base address register to the page management structure base address register before performing other actions.
  9. 根据权利要求7所述的方法,其特征在于:当通过中断返回指令进行特权级改变的返回时,首先进行相应的特权级检查,再弹出栈中的返回地址后,CPU自动将进程页管理结构基址寄存器的值赋给页管理结构基址寄存器。The method according to claim 7, characterized in that when returning a privilege level change by an interrupt return instruction, first perform a corresponding privilege level check, and then pop the return address in the stack, and the CPU automatically manages the process page management structure The value of the base register is assigned to the page management structure base register.
  10. 根据权利要求7所述的方法,其特征在于:当发生中断时,CPU根据代码段寄存器的的特权级判断当前是在执行用户程序还是在执行内核程序,如果是执行用户程序,则将页管理结构基址寄存器赋值为内核页管理结构基址寄存器的值。The method according to claim 7, characterized in that: when an interrupt occurs, the CPU determines whether the user program or the kernel program is currently being executed according to the privilege level of the code segment register, and if the user program is executing, the page management The structure base register is assigned the value of the kernel page management structure base register.
  11. 根据权利要求6-10之一所述的方法,其特征在于:所述页管理结构基址是指页目录表基址或一级页表基址。The method according to any one of claims 6 to 10, wherein the base address of the page management structure refers to a page directory table base address or a first-level page table base address.
  12. 根据权利要求1所述的方法,其特征在于:当内核需要对进程数据访问时,具体步骤包括:The method according to claim 1, characterized in that when the kernel needs to access process data, the specific steps include:
    内核先根据进程提供的线性地址,和内存中保管的该进程的页管理结构算出这个地址对应的实际物理地址;The kernel first calculates the actual physical address corresponding to this address according to the linear address provided by the process and the page management structure of the process stored in memory;
    为上述物理地址在内核的线性空间中临时映射一个新的线性地址;Temporarily map a new linear address in the linear space of the kernel for the above physical address;
    内核通过临时线性地址对数据进行读写;The kernel reads and writes data through temporary linear addresses;
    读写完成后,内核再解除对该物理地址的临时映射关系。After reading and writing, the kernel releases the temporary mapping relationship to the physical address.
  13. 一种计算装置,其特征在于:增加两个寄存器,内核页管理结构基址寄存器和进程页管理结构基址寄存器,分别用于存放内核的页管理结构的物理地址和进程的页管理结构的物理地址。A computing device is characterized by adding two registers, a kernel page management structure base address register and a process page management structure base address register, respectively for storing the physical address of the kernel's page management structure and the physical of the process's page management structure. address.
  14. 根据权利要求13所述的装置,其特征在于:切换到内核时,将页目录基址寄存器赋值为内核页管理结构基址寄存器的值;切换到进程时,将页目录基址寄存器赋值为进程页管理结构基址寄存器的值。The device according to claim 13, characterized in that: when switching to the kernel, the page directory base address register is assigned to the value of the kernel page management structure base address register; when switching to the process, the page directory base address register is assigned to the process The value of the page management structure base register.
  15. 根据权利要求13-14之一所述的装置,其特征在于:如果所述装置支持更多的特权级,则为每个特权级增设一个页管理结构基址寄存器,用于存储该特权级对应的线性地址空间的页管理结构基址。The device according to any one of claims 13 to 14, wherein if the device supports more privilege levels, a page management structure base address register is added for each privilege level to store the corresponding privilege level. The base address of the page management structure of the linear address space.
PCT/CN2019/086492 2018-06-12 2019-05-11 Layout method for linear address space, and computing device WO2019237862A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810605380.XA CN110597641A (en) 2018-06-12 2018-06-12 Linear address space layout method and computing device
CN201810605380.X 2018-06-12

Publications (1)

Publication Number Publication Date
WO2019237862A1 true WO2019237862A1 (en) 2019-12-19

Family

ID=68841922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/086492 WO2019237862A1 (en) 2018-06-12 2019-05-11 Layout method for linear address space, and computing device

Country Status (2)

Country Link
CN (1) CN110597641A (en)
WO (1) WO2019237862A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131019A (en) * 2020-09-17 2020-12-25 国网宁夏电力有限公司营销服务中心(国网宁夏电力有限公司计量中心) Method for rapidly communicating processes of microkernel operating system
CN112579514B (en) * 2020-12-10 2022-07-26 海光信息技术股份有限公司 Method and device for initializing multi-core processor stack

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249019A1 (en) * 2008-03-28 2009-10-01 Inventec Corporation Method of allocating physical memory in specified address range under linux system platform
CN102819497A (en) * 2012-05-31 2012-12-12 华为技术有限公司 Method, device and system for memory allocation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955438B (en) * 2014-05-21 2016-11-23 南京大学 Proceeding internal memory guard method based on hardware auxiliary Intel Virtualization Technology
US10157268B2 (en) * 2016-09-27 2018-12-18 Microsoft Technology Licensing, Llc Return flow guard using control stack identified by processor register

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249019A1 (en) * 2008-03-28 2009-10-01 Inventec Corporation Method of allocating physical memory in specified address range under linux system platform
CN102819497A (en) * 2012-05-31 2012-12-12 华为技术有限公司 Method, device and system for memory allocation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CLUMSY ROOKIE: "Full Analysis of Memory Management in Linux Kernel", LINUX, 8 November 2016 (2016-11-08), pages 1, Retrieved from the Internet <URL:https://www.cnblogs.com/zengyiwen/p/5fd4435a0f2f98a8fd9d4551c42d49f6.html> *
ISLAMWORSHIP: "Non-official translation: Process Address Space as well as Kernel Stack and User Mode Stack Thereof", 9 June 2011 (2011-06-09), pages 3, 4 - 6-9, Retrieved from the Internet <URL:http://www.docin.com/p-217990541.html> *

Also Published As

Publication number Publication date
CN110597641A (en) 2019-12-20

Similar Documents

Publication Publication Date Title
RU2602793C2 (en) Method of modifying memory access grants in secure processor environment
EP1966706B1 (en) Identifier associated with memory locations for managing memory accesses
US8127107B2 (en) Virtualization with merged guest page table and shadow page directory
US8943288B2 (en) Method of controlling memory access
KR102599484B1 (en) Processor with advanced operating system support
US6349355B1 (en) Sharing executable modules between user and kernel threads
RU2374675C2 (en) System and methods for use of synthesised commands in virtual machine
JP5571201B2 (en) Limit memory area for read instructions based on hardware mode and security flags
US20040064668A1 (en) Memory addressing for a virtual machine implementation on a computer processor supporting virtual hash-page-table searching
RU2580016C1 (en) Method for transfer of control between memory areas
WO2003042839A2 (en) Memory management system and method providing linear address based memory access security
WO2020057394A1 (en) Method and device for monitoring memory access behavior of sample process
JP2022544384A (en) Ability to write address tracking
WO2019237862A1 (en) Layout method for linear address space, and computing device
JP3454854B2 (en) Memory management device and method
US7680999B1 (en) Privilege promotion based on check of previous privilege level
WO2019237865A1 (en) Data protection method and computing device
US11200175B2 (en) Memory accessor invailidation
JP2001175486A (en) Computer system
WO2017044124A1 (en) Switch process virtual address space
RU2623883C1 (en) Method of implementating instructions in systemic memory
Early ESPRIT LTR 21917 (Pegasus II) Deliverable 2.1. 2 Pentium Port Report
JPS6354647A (en) Virtual computer controlling system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19818780

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19818780

Country of ref document: EP

Kind code of ref document: A1