WO2021192098A1 - Information processing device, information processing method, and information processing program - Google Patents

Information processing device, information processing method, and information processing program Download PDF

Info

Publication number
WO2021192098A1
WO2021192098A1 PCT/JP2020/013368 JP2020013368W WO2021192098A1 WO 2021192098 A1 WO2021192098 A1 WO 2021192098A1 JP 2020013368 W JP2020013368 W JP 2020013368W WO 2021192098 A1 WO2021192098 A1 WO 2021192098A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
hardware
area
access control
determination
Prior art date
Application number
PCT/JP2020/013368
Other languages
French (fr)
Japanese (ja)
Inventor
昂輝 井川
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2020/013368 priority Critical patent/WO2021192098A1/en
Priority to JP2021560273A priority patent/JP7062142B2/en
Priority to CN202080098449.XA priority patent/CN115349120A/en
Publication of WO2021192098A1 publication Critical patent/WO2021192098A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures

Definitions

  • This disclosure relates to an information processing device, an information processing method, and an information processing program.
  • a configuration for executing multitasking in which a plurality of functions are realized by a plurality of tasks may be adopted.
  • a memory protection function may be required to prevent a task from unintentionally accessing a memory area managed by another task.
  • access control hardware includes MPU (Memory Protection Unit) or MMU (Memory Management Unit).
  • the OS Oleting System
  • HW access right the information about the memory area for which access is permitted
  • Information is set in the control register of the MPU. Then, the MPU monitors whether the memory access of each task violates the memory access right based on the HW access right information set in the control register.
  • Patent Document 1 discloses an HW memory protection technique using an MPU or MMU.
  • access control can be performed only in units of the reference area size, which is the size of the memory area for which access control is possible, and access control to memory areas smaller than the reference area size cannot be performed. There may be an area size constraint called.
  • SW memory protection While SW memory protection can control access without being restricted by area size, there is a problem that the CPU load is larger than that of HW memory protection.
  • One of the main purposes of this disclosure is to solve the above problems, and it is an object to realize access control without being restricted by the area size while suppressing the CPU load.
  • Access control hardware which is hardware that determines whether or not to allow access to a memory area, is a unit of the reference area size, which is the size of the memory area that is the standard for determining whether or not to allow access.
  • Hardware judgment area information indicating a memory area having a size n (n is an integer of 1 or more) times the reference area size as a hardware judgment area is set in the access control hardware, and the access control hardware is described.
  • An access control setting unit that determines whether or not to allow access to the hardware determination area, It has an access determination unit for determining whether or not to allow access to a memory area having a size smaller than the reference area size included in the hardware determination area.
  • access control can be realized without being restricted by the area size while suppressing the CPU load.
  • FIG. 1 The figure which shows the hardware configuration example of the information processing apparatus which concerns on Embodiment 1.
  • FIG. 1 The figure which shows the example of the access control concerning the packet transmission which concerns on Embodiment 1.
  • FIG. The flowchart which shows the operation example of the access determination information generation of the information processing apparatus which concerns on Embodiment 2.
  • FIG. 1 is a diagram showing a hardware configuration example of the information processing device 1 according to the present embodiment.
  • the information processing device 1 is a computer.
  • the information processing device 1 includes a processor 10, a memory 20, an auxiliary storage device 30, a communication interface 40 (also referred to as communication I / F40), and access control hardware 50 as hardware, and is connected to each other by a signal line. ..
  • the processor 10 is an IC (Integrated Circuit) that performs processing.
  • the processor 10 is, as a specific example, a CPU.
  • the memory 20 is a volatile memory that temporarily stores data.
  • the memory 20 is a RAM (Random Access Memory).
  • the auxiliary storage device 30 is a non-volatile memory for storing data.
  • the auxiliary storage device 30 is a hard disk.
  • the auxiliary storage device 30 includes SSD (registered trademark, Solid State Drive), SD (registered trademark, Secure Digital) memory card, CF (registered trademark, CompactFlash), NAND flash, flexible disk, optical disk, compact disk, and Blu-ray (registered trademark, Secure Digital) memory card. It may be a portable recording medium such as a registered trademark) disc or a DVD (registered trademark, Digital Versaille Disk).
  • the auxiliary storage device 30 stores HW access right information and access determination information, which will be described later.
  • the auxiliary storage device 30 stores a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16, which will be described later.
  • the program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 stored in the auxiliary storage device 30 is loaded by the memory 20. NS. Further, the program is read by the processor 10 and executed.
  • the OS is also stored in the auxiliary storage device 30. Then, at least a part of the OS is executed by the processor 10.
  • the processor 10 executes a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 while executing at least a part of the OS. Run.
  • the processor 10 executes the OS, task management, memory management, file management, communication control, and the like are performed.
  • At least one of information, data, a signal value, and a variable value indicating the processing results of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16. Is stored in at least one of the processor 10, the memory 20, the register in the auxiliary storage 30, and the cache memory.
  • the programs that realize the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 are hard disks, SSDs (registered trademarks), and SDs (registered trademarks). It may be stored in a portable recording medium such as a memory card, CF (registered trademark), NAND flash, flexible disk, optical disk, compact disc, Blu-ray (registered trademark) disk, or DVD (registered trademark). Then, a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be distributed.
  • the communication I / F40 is an electronic circuit that executes information communication processing with a connection destination via a signal line.
  • the communication I / F40 is a communication chip for Ethernet (registered trademark) or a NIC (Network Interface Card).
  • the access control hardware 50 executes access control by HW memory protection. More specifically, the access control hardware 50 determines whether or not to allow access to the memory area in units of the reference area size, which is the size of the memory area that is the reference for determining whether or not to allow access. Further, the access control hardware 50 notifies the OS of the memory access violation and causes the OS to execute the memory access violation processing when it is determined that the access is not permitted as a result of determining whether the access is permitted or not.
  • the access control hardware 50 is, as a specific example, an MPU. In this embodiment, MPU will be used as a specific example of the access control hardware 50.
  • the "unit" of the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be read as “process”, “procedure”, or "process”.
  • FIG. 2 shows the functional configuration of the information processing device 1 according to the present embodiment.
  • the information processing device 1 includes a communication task 11, a general task 12, an access control setting unit 13, a task control unit 14, an access determination unit 15, and an access control unit 16.
  • Communication task 11 sends and receives packets via the communication I / F40.
  • the general task 12 generates or processes at least a part of the data of the payload part of the packet sent and received by the communication task 11. There may be a plurality of general tasks 12.
  • the access control setting unit 13 confirms the execution schedule of the communication task 11 or the general task 12, and acquires the HW access right information of the communication task 11 or the general task 12.
  • the HW access right information is information defined for each task. Further, the HW access right information may be defined for each task execution cycle for tasks that are periodically executed.
  • the HW access right information includes hardware determination area information indicating a memory area having a size at least n (n is an integer of 1 or more) times the reference area size as a hardware determination area. Further, the HW access right information may include access attributes such as data read or write in addition to the hardware determination area information. That is, the HW access right information is information that defines which memory area and what kind of access attribute the access control hardware 50 is allowed to access.
  • the access control setting unit 13 sets the HW access right information in the access control hardware 50, and causes the access control hardware 50 to determine whether or not to allow access to the hardware determination area. Further, the access control setting unit 13 may set HW access right information including hardware determination area information for each timing for a plurality of timings in the access control hardware 50. As a specific example, the access control setting unit 13 may set the HW access right information including the hardware determination area information in the access control hardware 50 for each task switching timing. Then, the access control setting unit 13 may cause the access control hardware 50 to determine whether or not to allow access to the corresponding hardware determination area at each timing. The process performed by the access control setting unit 13 corresponds to the access control setting process.
  • the task control unit 14 switches the task to be executed after the access control setting unit 13 completes setting the HW access right information in the access control hardware 50.
  • the access determination unit 15 determines whether or not to allow access to the memory area having a size smaller than the reference area size included in the hardware determination area.
  • the access determination information is information defined for each task. Further, the access determination information may be defined for each task execution cycle for the task to be executed periodically. Further, the access determination information includes software determination area information indicated as a software determination area determined by the access determination unit 15. Further, the access determination information may include access attributes such as data read or write in addition to the software determination area information. That is, the access determination information is information that defines which memory area and what access attribute the access determination unit 15 is allowed to access.
  • the access determination information according to the present embodiment is information specified at the time of designing the information processing apparatus 1. The process performed by the access determination unit 15 corresponds to the access determination process.
  • the access control unit 16 controls access to the memory area based on the permission / rejection determination result of the access determination unit 15. That is, the access determination unit 15 and the access control unit 16 execute access control by SW memory protection.
  • the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be realized as a part of the functions of the OS.
  • a reference area corresponding to a packet structure composed of a header, a payload, and a footer is based on the concept of zero copy.
  • An example of preparing a shared memory area of size is used.
  • the communication task 11 accesses the shared memory area.
  • the general task 12 accesses the payload portion that is smaller than the reference area size.
  • the HW access right information and the access determination information are set so that the access is permitted only by the access control by the HW memory protection. Further, for the access of the general task 12, the HW access right information and the access determination information are set so that the access is permitted only by the access control by the SW memory protection.
  • the shared memory area is described as the reference area size so that it becomes clear that the payload portion is smaller than the reference area size, but the shared memory area is not limited to this and is twice the reference area size. It may be an integral multiple of the above.
  • step S100 the access control setting unit 13 waits until the timing of starting or switching the task arrives.
  • the process proceeds to step S110.
  • step S110 the access control setting unit 13 confirms the task execution schedule from the OS, and then acquires the HW access right information of the task whose execution is to be refrained from starting.
  • step S120 the access control setting unit 13 sets the HW access right information in the access control hardware 50. Then, the access control setting unit 13 notifies the task control unit 14 of the completion of the setting.
  • step S130 the task control unit 14 starts the task whose execution is to be refrained from next based on the task execution schedule. If there is a task being executed, the task control unit 14 switches the task and starts the next task to be refrained from being executed. Then, the process returns to step S100.
  • step S200 the task started by the task control unit 14 executes the process.
  • the communication task 11 executes a process related to sending and receiving packets. Then, when the task reads the data in the memory area or writes the data to the memory area, the process proceeds to step S210.
  • step S210 when the task attempts to access the memory area, the process proceeds to step S220. On the other hand, if the task does not attempt to access the memory area, the process proceeds to step S230.
  • step S220 the access control hardware 50 executes access control by HW memory protection. Details of access control by HW memory protection will be described later.
  • step S230 the task notifies the access determination unit 15 of the access request to the memory area.
  • the task may notify the access request to the memory area by using the API (Application Programming Interface) of the OS.
  • step S240 access control by SW memory protection is executed by the access determination unit 15 and the access control unit 16 notified of the access request from the task. Details of access control by SW memory protection will be described later.
  • step S300 the access control hardware 50 determines whether or not to allow access to the shared memory area by the communication task 11 based on the set HW access right information.
  • step S310 if the access control hardware 50 determines whether or not to allow access is permitted, the process proceeds to step S320. On the other hand, if the access control hardware 50 does not allow the access, the process proceeds to step S330.
  • step S320 the access control hardware 50 causes the communication task 11 to access the shared memory area.
  • step S330 the access control hardware 50 notifies the OS of the memory access violation, and causes the OS to execute the memory access violation processing for removing the cause of the access violation and returning to the state before the access violation.
  • the communication task 11 can access the shared memory area. If the communication task 11 unintentionally attempts to access an unauthorized shared memory area, the access control hardware 50 causes the OS to execute memory access violation processing to protect the memory. ..
  • step S400 the access determination unit 15 determines whether or not to allow access to the shared memory area by the general task 12 based on the set access determination information.
  • step S410 the access control unit 16 acquires the result of determining whether or not to allow access by the access determination unit 15.
  • step S420 the access control unit 16 confirms the result of the access permission / rejection determination by the access determination unit 15. If the result of the access permission / rejection determination by the access determination unit 15 is permission, the process proceeds to step S430. On the other hand, if the result of the access permission / rejection determination by the access determination unit 15 is not permission, the process proceeds to step S440.
  • the access control unit 16 causes the general task 12 to access the shared memory area.
  • the access control unit 16 causes the general task 12 to access the shared memory area via the OS.
  • the access control unit 16 causes the OS to access the shared memory area in response to a request received from the task by the access determination unit 15. You may.
  • step S440 the access control unit 16 notifies the OS of the memory access violation and causes the OS to execute the memory access violation process.
  • the general task 12 can access the shared memory area. Further, when the general task 12 unintentionally requests access to an unauthorized memory area, the access requested by the general task 12 is not permitted to the access determination unit 15, and the access control unit 16 is set to the OS. The memory is protected by letting the memory access violation process be executed.
  • FIG. 7 shows an example of a shared memory area corresponding to the transmission packet structure according to the present embodiment.
  • the shared memory area of the reference area size shown in FIG. 7 is divided into memory areas smaller than the reference area size such as the header, the areas sd1 and sd2 in the payload, and the footer. Then, it is shown that the entire area of the shared memory area is a hardware determination area to which access control by HW memory protection is applied. Further, sd1 and sd2 are shown to be software determination areas to which access control by SW memory protection is applied.
  • FIG. 8 shows an example of access control related to packet transmission according to the present embodiment.
  • An example is used in which the communication task 11 and the general task X and the general task Y, which are the general tasks 12, are executed.
  • each task is executed in a specified cycle, execution timing, and execution time.
  • the three rows from the top of the table in FIG. 8 show the cycle, execution timing, and execution task, which indicate the execution schedule of the task, and indicate that the time advances as it advances to the right end.
  • the three rows from the bottom of the table in FIG. 8 show the status of access control by HW memory protection and SW memory protection during execution of each task.
  • the communication task 11 is executed at the execution timings from 1 to 3 in the cycle 0.
  • the access control setting unit 13 informs the access control hardware 50 of the hardware determination area information in which the shared memory area is used as the hardware determination area, and the access attributes of the read (R) and the write (W). Is set. Then, at the timing, it is shown that the access control by the HW memory protection of the access control hardware 50 allows the read (R) and write (W) access to the shared memory area. On the other hand, at this timing, it is shown that the software determination area information and the access attribute are not set in the access determination information. Further, the general task X is executed at the execution timings from 4 to 7 in the cycle 0.
  • the software determination area information with sd1 as the software determination area and the access attribute of the write (W) are set in the access determination information.
  • the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 enables the write (W) access to the area sd1 in the payload of the shared memory area. It is shown.
  • the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
  • the general task Y is executed at the execution timings from 8 to 10 in the cycle 0.
  • the software determination area information with sd2 as the software determination area and the access attribute of the write (W) are set in the access determination information.
  • the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the write (W) access to the area sd2 in the payload of the shared memory area.
  • the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
  • FIGS. 8 (1) to (3) a series of processing examples related to packet transmission are shown in FIGS. 8 (1) to (3). Specifically, in (1), the general task X accesses sd1 and writes the data. Next, in (2), the general task Y accesses sd2 and writes the data. Then, in (3), the communication task 11 accesses the shared memory area, writes the data to the header and the footer, then reads the data in the entire shared memory area and transfers it to the communication I / F 40 as a transmission packet.
  • FIG. 9 shows an example of a shared memory area corresponding to the received packet structure according to the present embodiment.
  • the shared memory area of the reference area size shown in FIG. 9 is divided into memory areas smaller than the reference area size such as the header, the areas rd1 and rd2 in the payload, and the footer. Then, it is shown that access control by SW memory protection is applied to rd1 and rd2.
  • FIG. 10 shows an example of access control related to packet reception according to the present embodiment.
  • the communication task 11 is executed at the execution timings from 1 to 3 in the cycle 0.
  • the access control setting unit 13 informs the access control hardware 50 of the hardware determination area information in which the shared memory area is used as the hardware determination area, and the access attributes of the read (R) and the write (W). Is set.
  • the access control by the HW memory protection of the access control hardware 50 allows the read (R) and write (W) access to the shared memory area.
  • the software determination area information and the access attribute are not set in the access determination information.
  • the general task X is executed at the execution timings from 4 to 7 in the cycle 0. Then, at the timing, the software determination area information with rd1 as the software determination area and the access attribute of the read (R) are set in the access determination information. Then, at the timing, it is shown that the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the read (R) access to the area rd1 in the payload of the shared memory area. Has been done. On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
  • the general task Y is executed at the execution timings from 8 to 10 in the cycle 0. Then, at the timing, the software determination area information with rd2 as the software determination area and the access attribute of the read (R) are set in the access determination information. Then, at the timing, it is shown that the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the read (R) access to the area rd2 in the payload of the shared memory area. ing. On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
  • FIGS. 10 (1) to (3) a series of processing examples related to packet reception are shown in FIGS. 10 (1) to (3).
  • the communication task 11 acquires the received packet from the communication I / F40, accesses the shared memory area, and writes the data. After that, the communication task 11 reads the header and footer data and verifies the validity.
  • the general task X accesses rd1 and reads the data.
  • the general task Y accesses rd2 and reads the data.
  • the communication task 11 and the general task 12 access the shared memory area and share data by using the shared memory area corresponding to the packet structure. Then, access to the shared memory area, which is the reference area size, is controlled by access control by HW memory protection, and access to the payload portion smaller than the reference area size is controlled by access control by SW memory protection. Therefore, access control is realized without being restricted by the area size associated with HW memory protection. Further, since access control by SW memory protection is used only for a part of the shared memory area, the CPU load can be suppressed.
  • the communication task 11 copies the payload data from the memory area of the packet structure to the memory area to which the general task 12 is allowed access. Then, the general task 12 accesses the memory area to which access is permitted and acquires the copied data so that the data can be shared, but the overhead of the processing time and the memory usage related to the data copy occurs. It ends up.
  • the access control according to the present embodiment, the data copy can be avoided, so that the effect of reducing the overhead of the processing time and the memory usage related to the data copy can also be obtained.
  • Embodiment 2 an example in which access determination information is generated even when the information processing apparatus 1 is operating will be described. In this embodiment, the difference from the first embodiment will be mainly described. The matters not explained below are the same as those in the first embodiment.
  • FIG. 11 shows the functional configuration of the information processing device 1 according to the present embodiment.
  • the information processing device 1 newly includes a determination information generation unit 17.
  • the determination information generation unit 17 generates access determination information in response to a request for access determination information generation from a task that requests access determination information generation (hereinafter referred to as a request task).
  • a request task a task that requests access determination information generation
  • the identifier of the target task (hereinafter, the target task) for which the access determination unit 15 determines the access permission / disapproval and the memory area (hereinafter, the memory area) in which the target task requests the access determination unit 15 to determine the access permission / disapproval. , Request memory area) is included.
  • the execution timing of the target task (hereinafter, request timing) in which the target task requests the access determination unit 15 to determine whether or not to allow access, and the access attribute given to the target task (hereinafter, grant attribute).
  • the requirements for access judgment such as are also included.
  • the requested memory area is at least a part of the memory area in which the requested task is permitted to access but the target task is not permitted to access by the access control by HW memory protection.
  • the request task can access the request memory area where the target task is not permitted to access by access control by HW memory protection only at the request timing with the grant attribute. do.
  • the request task requests the judgment information generation unit 17 to generate access judgment information.
  • the request for generating access determination information includes access determination requirements such as an identifier of the target task, a request memory area, a request timing, and an assigned attribute.
  • step S510 the determination information generation unit 17 confirms the consistency between the access determination requirement included in the access determination information generation request, the HW access right information during the execution of the request task, and the execution schedule of the target task. do. Specifically, the determination information generation unit 17 confirms whether the request memory area is smaller than the reference area size included in the hardware determination area information of the HW access right information. Further, the determination information generation unit 17 confirms whether the request timing is included in the execution schedule of the target task.
  • step S520 the determination information generation unit 17 determines the consistency between the access determination requirement included in the access determination information generation request, the HW access right information during the execution of the request task, and the execution schedule of the target task. do. Specifically, in the determination information generation unit 17, the request memory area is smaller than the reference area size included in the hardware determination area information of the HW access right information during the execution of the request task, and the request timing is the execution schedule of the target task. If it is confirmed that it is included in, it is judged to be consistent. Then, the process proceeds to step S530.
  • the request memory area must not be smaller than the reference area size included in the hardware judgment area information of the HW access right information during the execution of the request task, or the request timing must be included in the execution schedule of the target task. If so, it is determined that there is no consistency. Then, the process proceeds to step S540.
  • step S530 the determination information generation unit 17 generates access determination information. Then, the determination information generation unit 17 stores the generated access determination information in the auxiliary storage device 30. When the access request is notified from the target task, the access determination unit 15 determines whether or not the access of the target task is permitted based on the generated access determination information.
  • step S540 the determination information generation unit 17 does not generate access determination information and executes error processing.
  • access determination information is newly generated when the task being executed requests the generation of access determination information. Then, using the generated access determination information, the access determination unit 15 determines whether or not to allow access to the memory area having a size smaller than the reference area size. Therefore, even if there is a change in the usage method of the memory area, access control can be realized without being restricted by the area size while suppressing the CPU load. Further, it is not necessary to specify the access determination information in advance at the time of design, and the degree of freedom in design can be increased.
  • 1 information processing device 10 processor, 11 communication task, 12 general task, 13 access control setting unit, 14 task control unit, 15 access judgment unit, 16 access control unit, 17 judgment information generation unit, 20 memory, 30 auxiliary storage device , 40 communication I / F, 50 access control hardware.

Abstract

Access control hardware (50) determines whether or not to permit access to a memory region, in units of a reference region size, which is a memory region size used as a basis for determining whether or not to permit access. An access control setting unit (13) sets, in the access control hardware, hardware determination region information that indicates, as a hardware determination region, a memory region of a size equal to n times the reference region size (where n is an integer at least equal to 1), and causes the access control hardware to determine whether or not to permit access to the hardware determination region. An access determination unit (15) determines whether or not to permit access to a memory region that is included in the hardware determination region and that is of a size smaller than the reference region size.

Description

情報処理装置、情報処理方法及び情報処理プログラムInformation processing equipment, information processing methods and information processing programs
 本開示は、情報処理装置、情報処理方法及び情報処理プログラムに関する。 This disclosure relates to an information processing device, an information processing method, and an information processing program.
 近年、情報処理装置に搭載する機能の多様化に伴い、複数の機能を複数のタスクで実現するマルチタスクを実行する構成がとられることがある。マルチタスク実行環境では、タスクが他のタスクが管理するメモリ領域に対し意図せずアクセスすることを防ぐためのメモリ保護機能が必要になる場合がある。
 メモリ保護機能を実現する一般的な方法として、CPU(Central Processing Unit)と独立したメモリ保護機能を有するハードウェア(以下、アクセス制御ハードウェア)を使用する方法がある。
 アクセス制御ハードウェアの例としては、MPU(Memory Protection Unit)又はMMU(Memory Management Unit)がある。
 メモリ保護機能の具体例として、MPUを用いる場合には、タスク切り替えごとに、OS(Operating System)が個々のタスクごとに予め定義された、アクセスを許可するメモリ領域に関する情報(以下、HWアクセス権情報という)をMPUの制御レジスタに設定する。そして、MPUは、制御レジスタに設定されたHWアクセス権情報に基づき、各タスクのメモリアクセスがメモリアクセス違反を犯していないか監視する。 In recent years, with the diversification of functions installed in information processing devices, a configuration for executing multitasking in which a plurality of functions are realized by a plurality of tasks may be adopted. In a multitasking execution environment, a memory protection function may be required to prevent a task from unintentionally accessing a memory area managed by another task.
As a general method for realizing the memory protection function, there is a method of using hardware having a memory protection function independent of the CPU (Central Processing Unit) (hereinafter, access control hardware).
Examples of access control hardware include MPU (Memory Protection Unit) or MMU (Memory Management Unit).
As a specific example of the memory protection function, when MPU is used, the OS (Operating System) defines in advance for each task each task, and the information about the memory area for which access is permitted (hereinafter, HW access right). Information) is set in the control register of the MPU. Then, the MPU monitors whether the memory access of each task violates the memory access right based on the HW access right information set in the control register.
 もしメモリアクセス違反が検出されれば、MPUは、OSに対してメモリアクセス違反を通知し、OSにアクセス違反要因を取り除いてアクセス違反前の状態へ復帰するためのメモリアクセス違反処理を実行させる。このように、MPUはメモリ領域へのアクセスを制御するアクセス制御を行うことで、メモリ保護機能を実現する。
 以下では、このようなアクセス制御をアクセス制御ハードウェアで実現する方法を、HWメモリ保護と呼ぶ。
 例えば、特許文献1では、MPU又はMMUを用いたHWメモリ保護技術が開示されている。 If a memory access violation is detected, the MPU notifies the OS of the memory access violation and causes the OS to perform memory access violation processing for removing the cause of the access violation and returning to the state before the access violation. In this way, the MPU realizes the memory protection function by performing access control for controlling access to the memory area.
In the following, a method of realizing such access control with access control hardware will be referred to as HW memory protection.
For example, Patent Document 1 discloses an HW memory protection technique using an MPU or MMU.
特開2013-140476号公報JP 2013-140476A
 アクセス制御ハードウェアを用いたHWメモリ保護では、アクセス制御が可能なメモリ領域のサイズである基準領域サイズの単位でしかアクセス制御が行えず、基準領域サイズ未満のメモリ領域へのアクセス制御が行えないという領域サイズ制約が存在する場合がある。 In HW memory protection using access control hardware, access control can be performed only in units of the reference area size, which is the size of the memory area for which access control is possible, and access control to memory areas smaller than the reference area size cannot be performed. There may be an area size constraint called.
 領域サイズ制約を受けないように、アクセス制御処理をCPU上で動作するOS内で行う手法も提案されている。
 以下では、このようなアクセス制御処理をCPUで行う方法を、SWメモリ保護と呼ぶ。
 SWメモリ保護では、領域サイズ制約を受けずにアクセス制御できる一方で、HWメモリ保護と比較してCPU負荷が大きくなるという課題がある。 A method of performing access control processing in an OS running on a CPU has also been proposed so as not to be restricted by the area size.
Hereinafter, the method of performing such access control processing by the CPU is referred to as SW memory protection.
While SW memory protection can control access without being restricted by area size, there is a problem that the CPU load is larger than that of HW memory protection.
 本開示は、上記なような課題を解決することを主な目的の一つとしており、CPU負荷を抑えつつ、領域サイズ制約を受けずにアクセス制御を実現することを目的とする。 One of the main purposes of this disclosure is to solve the above problems, and it is an object to realize access control without being restricted by the area size while suppressing the CPU load.
 本開示に係る情報処理装置は、
 アクセスの許否の判定の基準となるメモリ領域のサイズである基準領域サイズの単位で、メモリ領域へのアクセスの許否を判定するハードウェアであるアクセス制御ハードウェアと、
 前記基準領域サイズのn(nは1以上の整数)倍のサイズのメモリ領域をハードウェア判定領域として示すハードウェア判定領域情報を前記アクセス制御ハードウェアに設定して、前記アクセス制御ハードウェアに前記ハードウェア判定領域へのアクセスの許否を判定させるアクセス制御設定部と、
 前記ハードウェア判定領域に含まれる前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定するアクセス判定部とを有する。 The information processing device according to the present disclosure is
Access control hardware, which is hardware that determines whether or not to allow access to a memory area, is a unit of the reference area size, which is the size of the memory area that is the standard for determining whether or not to allow access.
Hardware judgment area information indicating a memory area having a size n (n is an integer of 1 or more) times the reference area size as a hardware judgment area is set in the access control hardware, and the access control hardware is described. An access control setting unit that determines whether or not to allow access to the hardware determination area,
It has an access determination unit for determining whether or not to allow access to a memory area having a size smaller than the reference area size included in the hardware determination area.
 本開示によれば、CPU負荷を抑えつつ、領域サイズ制約を受けずにアクセス制御を実現することができる。 According to the present disclosure, access control can be realized without being restricted by the area size while suppressing the CPU load.
実施の形態1に係る情報処理装置のハードウェア構成例を示す図。The figure which shows the hardware configuration example of the information processing apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る情報処理装置の機能構成例を示す図。The figure which shows the functional structure example of the information processing apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る情報処理装置の動作例を示すフローチャート。The flowchart which shows the operation example of the information processing apparatus which concerns on Embodiment 1. 実施の形態1に係る情報処理装置のタスクの実行例を示すフローチャート。The flowchart which shows the execution example of the task of the information processing apparatus which concerns on Embodiment 1. 実施の形態1に係る情報処理装置のHWメモリ保護によるアクセス制御の例を示すフローチャート。The flowchart which shows the example of the access control by the HW memory protection of the information processing apparatus which concerns on Embodiment 1. 実施の形態1に係る情報処理装置のSWメモリ保護によるアクセス制御の例を示すフローチャート。The flowchart which shows the example of the access control by the SW memory protection of the information processing apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る送信パケット構造に対応した共有メモリ領域の例を示す図。The figure which shows the example of the shared memory area corresponding to the transmission packet structure which concerns on Embodiment 1. FIG. 実施の形態1に係るパケット送信に関するアクセス制御の例を示す図。The figure which shows the example of the access control concerning the packet transmission which concerns on Embodiment 1. FIG. 実施の形態1に係る受信パケット構造に対応した共有メモリ領域の例を示す図。The figure which shows the example of the shared memory area corresponding to the received packet structure which concerns on Embodiment 1. FIG. 実施の形態1に係るパケット受信に関するアクセス制御の例を示す図。The figure which shows the example of the access control about the packet reception which concerns on Embodiment 1. FIG. 実施の形態2に係る情報処理装置の機能構成例を示す図。The figure which shows the functional structure example of the information processing apparatus which concerns on Embodiment 2. FIG. 実施の形態2に係る情報処理装置のアクセス判定情報生成の動作例を示すフローチャート。The flowchart which shows the operation example of the access determination information generation of the information processing apparatus which concerns on Embodiment 2.
 以下、実施の形態について、図を用いて説明する。以下の実施の形態の説明及び図面において、同一の符号を付したものは、同一の部分又は相当する部分を示す。 Hereinafter, embodiments will be described with reference to figures. In the following description and drawings of the embodiments, those having the same reference numerals indicate the same parts or corresponding parts.
 実施の形態1.
***構成の説明***
 図1は、本実施の形態に係る情報処理装置1のハードウェア構成例を示す図である。
 情報処理装置1は、コンピュータである。情報処理装置1は、ハードウェアとして、プロセッサ10、メモリ20、補助記憶装置30、通信インタフェース40(通信I/F40とも表記する)、及びアクセス制御ハードウェア50を備え、信号線により互いに接続される。 Embodiment 1.
*** Explanation of configuration ***
FIG. 1 is a diagram showing a hardware configuration example of the information processing device 1 according to the present embodiment.
The information processing device 1 is a computer. The information processing device 1 includes a processor 10, a memory 20, an auxiliary storage device 30, a communication interface 40 (also referred to as communication I / F40), and access control hardware 50 as hardware, and is connected to each other by a signal line. ..
 プロセッサ10は、プロセッシングを行うIC(Integrated Circuit)である。プロセッサ10は、具体例としては、CPUである。 The processor 10 is an IC (Integrated Circuit) that performs processing. The processor 10 is, as a specific example, a CPU.
 メモリ20は、データを一時的に記憶する揮発性メモリである。メモリ20は、具体例としては、RAM(Random Access Memory)である。 The memory 20 is a volatile memory that temporarily stores data. As a specific example, the memory 20 is a RAM (Random Access Memory).
 補助記憶装置30は、データを保管する不揮発性メモリである。補助記憶装置30は、具体例としては、ハードディスクである。
 また、補助記憶装置30は、SSD(登録商標、Solid State Drive)、SD(登録商標、Secure Digital)メモリカード、CF(登録商標、CompactFlash)、NANDフラッシュ、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVD(登録商標、Digital Versatile Disk)といった可搬記録媒体であってもよい。
 補助記憶装置30は、後述するHWアクセス権情報及びアクセス判定情報を保管する。
  また、補助記憶装置30は、後述する通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の機能を実現するプログラムを保管する。
 補助記憶装置30に記憶された通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の機能を実現するプログラムは、メモリ20によりロードされる。また当該プログラムはプロセッサ10に読み出され、実行される。 The auxiliary storage device 30 is a non-volatile memory for storing data. As a specific example, the auxiliary storage device 30 is a hard disk.
The auxiliary storage device 30 includes SSD (registered trademark, Solid State Drive), SD (registered trademark, Secure Digital) memory card, CF (registered trademark, CompactFlash), NAND flash, flexible disk, optical disk, compact disk, and Blu-ray (registered trademark, Secure Digital) memory card. It may be a portable recording medium such as a registered trademark) disc or a DVD (registered trademark, Digital Versaille Disk).
The auxiliary storage device 30 stores HW access right information and access determination information, which will be described later.
Further, the auxiliary storage device 30 stores a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16, which will be described later.
The program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 stored in the auxiliary storage device 30 is loaded by the memory 20. NS. Further, the program is read by the processor 10 and executed.
 また、補助記憶装置30には、OSも記憶されている。そして、OSの少なくとも一部がプロセッサ10により実行される。
 プロセッサ10は、OSの少なくとも一部を実行しながら、通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の機能を実現するプログラムを実行する。
 プロセッサ10がOSを実行することで、タスク管理、メモリ管理、ファイル管理、通信制御等が行われる。 The OS is also stored in the auxiliary storage device 30. Then, at least a part of the OS is executed by the processor 10.
The processor 10 executes a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 while executing at least a part of the OS. Run.
When the processor 10 executes the OS, task management, memory management, file management, communication control, and the like are performed.
 また、通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の処理の結果を示す情報、データ、信号値及び変数値の少なくともいずれかが、プロセッサ10、メモリ20、補助記憶装置30内のレジスタ及びキャッシュメモリの少なくともいずれかに記憶される。 Further, at least one of information, data, a signal value, and a variable value indicating the processing results of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16. Is stored in at least one of the processor 10, the memory 20, the register in the auxiliary storage 30, and the cache memory.
 また、通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の機能を実現するプログラムは、ハードディスク、SSD(登録商標)、SD(登録商標)メモリカード、CF(登録商標)、NANDフラッシュ、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVD(登録商標)といった可搬記録媒体に格納されていてもよい。
 そして、通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の機能を実現するプログラムを流通させてもよい。 The programs that realize the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 are hard disks, SSDs (registered trademarks), and SDs (registered trademarks). It may be stored in a portable recording medium such as a memory card, CF (registered trademark), NAND flash, flexible disk, optical disk, compact disc, Blu-ray (registered trademark) disk, or DVD (registered trademark).
Then, a program that realizes the functions of the communication task 11, the general task 12, the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be distributed.
 通信I/F40は、信号線を介して接続先との情報の通信処理を実行する電子回路である。通信I/F40は、具体例としては、Ethernet(登録商標)用の通信チップ又はNIC(Network Interface Card)である。 The communication I / F40 is an electronic circuit that executes information communication processing with a connection destination via a signal line. As a specific example, the communication I / F40 is a communication chip for Ethernet (registered trademark) or a NIC (Network Interface Card).
 アクセス制御ハードウェア50は、HWメモリ保護によるアクセス制御を実行する。
 より具体的には、アクセス制御ハードウェア50は、アクセスの許否の判定の基準となるメモリ領域のサイズである基準領域サイズの単位で、メモリ領域へのアクセスの許否を判定する。また、アクセス制御ハードウェア50は、アクセスの許否を判定した結果、アクセスが許可されないという判定である場合に、OSにメモリアクセス違反を通知し、OSにメモリアクセス違反処理を実行させる。
 アクセス制御ハードウェア50は、具体例としては、MPUである。
 なお、本実施の形態では、アクセス制御ハードウェア50の具体例としてMPUを用いて説明を進める。 The access control hardware 50 executes access control by HW memory protection.
More specifically, the access control hardware 50 determines whether or not to allow access to the memory area in units of the reference area size, which is the size of the memory area that is the reference for determining whether or not to allow access. Further, the access control hardware 50 notifies the OS of the memory access violation and causes the OS to execute the memory access violation processing when it is determined that the access is not permitted as a result of determining whether the access is permitted or not.
The access control hardware 50 is, as a specific example, an MPU.
In this embodiment, MPU will be used as a specific example of the access control hardware 50.
 なお、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16の「部」を、「工程」又は「手順」又は「処理」に読み替えてもよい。 Note that the "unit" of the access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be read as "process", "procedure", or "process".
 図2は、本実施の形態に係る情報処理装置1の機能構成を示す。
 情報処理装置1は、通信タスク11、一般タスク12、アクセス制御設定部13、タスク制御部14、アクセス判定部15、及びアクセス制御部16を備える。 FIG. 2 shows the functional configuration of the information processing device 1 according to the present embodiment.
The information processing device 1 includes a communication task 11, a general task 12, an access control setting unit 13, a task control unit 14, an access determination unit 15, and an access control unit 16.
 通信タスク11は、通信I/F40を介してパケットの送受信を行う。 Communication task 11 sends and receives packets via the communication I / F40.
 一般タスク12は、通信タスク11が送受信するパケットのペイロード部分の少なくとも一部のデータを生成又は処理する。なお、一般タスク12は、複数あってもよい。 The general task 12 generates or processes at least a part of the data of the payload part of the packet sent and received by the communication task 11. There may be a plurality of general tasks 12.
 アクセス制御設定部13は、通信タスク11又は一般タスク12の実行スケジュールを確認し、通信タスク11又は一般タスク12のHWアクセス権情報を取得する。
 なお、HWアクセス権情報は、タスクごとに規定される情報である。また、HWアクセス権情報は、周期的に実行されるタスクについては、タスクの実行周期ごとに規定されてもよい。
 そして、HWアクセス権情報は、少なくとも基準領域サイズのn(nは1以上の整数)倍のサイズのメモリ領域をハードウェア判定領域として示すハードウェア判定領域情報が含まれる。また、HWアクセス権情報は、ハードウェア判定領域情報に加えて、データのリード又はライトといったアクセス属性を含んでいてもよい。つまり、HWアクセス権情報は、アクセス制御ハードウェア50に、どのメモリ領域への、どのようなアクセス属性によるアクセスを許可させるかを規定した情報である。
 そして、アクセス制御設定部13は、HWアクセス権情報をアクセス制御ハードウェア50に設定して、アクセス制御ハードウェア50にハードウェア判定領域へのアクセスの許否を判定させる。
 また、アクセス制御設定部13は、複数のタイミングについてタイミングごとにハードウェア判定領域情報を含むHWアクセス権情報をアクセス制御ハードウェア50に設定してもよい。具体例としては、アクセス制御設定部13は、タスクの切り替えのタイミングごとにハードウェア判定領域情報を含むHWアクセス権情報をアクセス制御ハードウェア50に設定してもよい。そして、アクセス制御設定部13は、タイミングごとにアクセス制御ハードウェア50に、該当するハードウェア判定領域へのアクセスの許否を判定させてもよい。
 アクセス制御設定部13で行われる処理はアクセス制御設定処理に相当する。 The access control setting unit 13 confirms the execution schedule of the communication task 11 or the general task 12, and acquires the HW access right information of the communication task 11 or the general task 12.
The HW access right information is information defined for each task. Further, the HW access right information may be defined for each task execution cycle for tasks that are periodically executed.
The HW access right information includes hardware determination area information indicating a memory area having a size at least n (n is an integer of 1 or more) times the reference area size as a hardware determination area. Further, the HW access right information may include access attributes such as data read or write in addition to the hardware determination area information. That is, the HW access right information is information that defines which memory area and what kind of access attribute the access control hardware 50 is allowed to access.
Then, the access control setting unit 13 sets the HW access right information in the access control hardware 50, and causes the access control hardware 50 to determine whether or not to allow access to the hardware determination area.
Further, the access control setting unit 13 may set HW access right information including hardware determination area information for each timing for a plurality of timings in the access control hardware 50. As a specific example, the access control setting unit 13 may set the HW access right information including the hardware determination area information in the access control hardware 50 for each task switching timing. Then, the access control setting unit 13 may cause the access control hardware 50 to determine whether or not to allow access to the corresponding hardware determination area at each timing.
The process performed by the access control setting unit 13 corresponds to the access control setting process.
 タスク制御部14は、アクセス制御設定部13がHWアクセス権情報をアクセス制御ハードウェア50に設定完了後、実行されるタスクの切り替えを行う。 The task control unit 14 switches the task to be executed after the access control setting unit 13 completes setting the HW access right information in the access control hardware 50.
 アクセス判定部15は、アクセス判定情報に基づき、ハードウェア判定領域に含まれる前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定する。
 なお、アクセス判定情報は、タスクごとに規定される情報である。また、アクセス判定情報は、周期的に実行されるタスクについては、タスクの実行周期ごとに規定されてもよい。
 また、アクセス判定情報は、アクセス判定部15が判定するソフトウェア判定領域として示すソフトウェア判定領域情報が含まれる。また、アクセス判定情報は、ソフトウェア判定領域情報に加えて、データのリード又はライトといったアクセス属性を含んでいてもよい。つまり、アクセス判定情報は、アクセス判定部15に、どのメモリ領域への、どのようなアクセス属性によるアクセスを許可させるかを規定した情報である。
 なお、本実施の形態に係るアクセス判定情報は、情報処理装置1の設計時に規定される情報である。
 アクセス判定部15で行われる処理はアクセス判定処理に相当する。 Based on the access determination information, the access determination unit 15 determines whether or not to allow access to the memory area having a size smaller than the reference area size included in the hardware determination area.
The access determination information is information defined for each task. Further, the access determination information may be defined for each task execution cycle for the task to be executed periodically.
Further, the access determination information includes software determination area information indicated as a software determination area determined by the access determination unit 15. Further, the access determination information may include access attributes such as data read or write in addition to the software determination area information. That is, the access determination information is information that defines which memory area and what access attribute the access determination unit 15 is allowed to access.
The access determination information according to the present embodiment is information specified at the time of designing the information processing apparatus 1.
The process performed by the access determination unit 15 corresponds to the access determination process.
 アクセス制御部16は、アクセス判定部15の許否判定結果に基づいて、メモリ領域へのアクセスを制御する。
 つまり、アクセス判定部15及びアクセス制御部16は、SWメモリ保護によるアクセス制御を実行する。
 なお、アクセス制御設定部13、タスク制御部14、アクセス判定部15及びアクセス制御部16は、OSの一部の機能として実現されてもよい。 The access control unit 16 controls access to the memory area based on the permission / rejection determination result of the access determination unit 15.
That is, the access determination unit 15 and the access control unit 16 execute access control by SW memory protection.
The access control setting unit 13, the task control unit 14, the access determination unit 15, and the access control unit 16 may be realized as a part of the functions of the OS.
***動作の説明***
 次に、図3のフローチャートを用いて、本実施の形態に係る情報処理装置1の動作例について説明する。
 以下では、通信タスク11及び一般タスク12間のデータ共有において、データのコピー回数を削減する方法として、ゼロコピーの考え方に基づき、ヘッダ、ペイロード、及びフッタで構成されるパケット構造に対応した基準領域サイズの共有メモリ領域を用意する例を用いる。
 以下の例では、通信タスク11は、共有メモリ領域にアクセスをする。また、一般タスク12は、基準領域サイズ未満であるペイロード部分にアクセスをする。
 したがって、通信タスク11のアクセスに対しては、HWメモリ保護によるアクセス制御でのみアクセスが許可されるように、HWアクセス権情報及びアクセス判定情報が設定される。また、一般タスク12のアクセスに対しては、SWメモリ保護によるアクセス制御でのみアクセスが許可されるように、HWアクセス権情報及びアクセス判定情報が設定される。
 なお、本実施の形態では、ペイロード部分が基準領域サイズ未満であることが明瞭となるように共有メモリ領域は基準領域サイズとして説明するが、それに限らず、共有メモリ領域は基準領域サイズの2倍以上の整数倍であってもよい。 *** Explanation of operation ***
Next, an operation example of the information processing apparatus 1 according to the present embodiment will be described with reference to the flowchart of FIG.
In the following, in data sharing between communication task 11 and general task 12, as a method of reducing the number of data copies, a reference area corresponding to a packet structure composed of a header, a payload, and a footer is based on the concept of zero copy. An example of preparing a shared memory area of size is used.
In the following example, the communication task 11 accesses the shared memory area. In addition, the general task 12 accesses the payload portion that is smaller than the reference area size.
Therefore, for the access of the communication task 11, the HW access right information and the access determination information are set so that the access is permitted only by the access control by the HW memory protection. Further, for the access of the general task 12, the HW access right information and the access determination information are set so that the access is permitted only by the access control by the SW memory protection.
In the present embodiment, the shared memory area is described as the reference area size so that it becomes clear that the payload portion is smaller than the reference area size, but the shared memory area is not limited to this and is twice the reference area size. It may be an integral multiple of the above.
 まず、ステップS100では、アクセス制御設定部13は、タスクの開始又は切り替えのタイミングが到来するまで待機する。タスクの開始又は切り替えのタイミングが到来すれば、処理はステップS110に進む。 First, in step S100, the access control setting unit 13 waits until the timing of starting or switching the task arrives. When the timing of starting or switching the task arrives, the process proceeds to step S110.
 次に、ステップS110では、アクセス制御設定部13が、OSからタスクの実行スケジュールを確認し、次に実行開始を控えるタスクのHWアクセス権情報を取得する。 Next, in step S110, the access control setting unit 13 confirms the task execution schedule from the OS, and then acquires the HW access right information of the task whose execution is to be refrained from starting.
 次に、ステップS120では、アクセス制御設定部13が、HWアクセス権情報をアクセス制御ハードウェア50に設定する。そして、アクセス制御設定部13は、タスク制御部14に設定完了の通知を行う。 Next, in step S120, the access control setting unit 13 sets the HW access right information in the access control hardware 50. Then, the access control setting unit 13 notifies the task control unit 14 of the completion of the setting.
 次に、ステップS130では、タスク制御部14が、タスクの実行スケジュールに基づき、次に実行開始を控えるタスクを開始させる。実行中のタスクが存在する場合は、タスク制御部14はタスクの切り替えを行い次に実行を控えるタスクを開始させる。そして、処理はステップS100に戻る。 Next, in step S130, the task control unit 14 starts the task whose execution is to be refrained from next based on the task execution schedule. If there is a task being executed, the task control unit 14 switches the task and starts the next task to be refrained from being executed. Then, the process returns to step S100.
 次に、図4のフローチャートを用いて、本実施の形態に係る情報処理装置1のタスクの実行例について説明する。 Next, an execution example of the task of the information processing apparatus 1 according to the present embodiment will be described with reference to the flowchart of FIG.
 まず、ステップS200では、タスク制御部14により開始したタスクが処理を実行する。具体例として、開始したタスクが通信タスク11であれば、通信タスク11はパケットの送受信に関する処理を実行する。
 そして、タスクがメモリ領域のデータをリード又はメモリ領域へデータをライトする場合、処理はステップS210に進む。 First, in step S200, the task started by the task control unit 14 executes the process. As a specific example, if the started task is the communication task 11, the communication task 11 executes a process related to sending and receiving packets.
Then, when the task reads the data in the memory area or writes the data to the memory area, the process proceeds to step S210.
 次に、ステップS210では、タスクがメモリ領域へのアクセスを試行する場合、処理はステップS220に進む。一方、タスクがメモリ領域へのアクセスを試行しない場合、処理はステップS230に進む。 Next, in step S210, when the task attempts to access the memory area, the process proceeds to step S220. On the other hand, if the task does not attempt to access the memory area, the process proceeds to step S230.
 ステップS220では、アクセス制御ハードウェア50により、HWメモリ保護によるアクセス制御が実行される。
 HWメモリ保護によるアクセス制御の詳細は後述する。 In step S220, the access control hardware 50 executes access control by HW memory protection.
Details of access control by HW memory protection will be described later.
 ステップS230では、アクセス判定部15に対し、タスクがメモリ領域へのアクセス要求を通知する。
 なお、アクセス判定部15及びアクセス制御部16がOSの一部の機能として実現される場合、タスクはOSのAPI(Application Programming Interface)を用いてメモリ領域へのアクセス要求を通知してもよい。 In step S230, the task notifies the access determination unit 15 of the access request to the memory area.
When the access determination unit 15 and the access control unit 16 are realized as a part of the functions of the OS, the task may notify the access request to the memory area by using the API (Application Programming Interface) of the OS.
 ステップS240では、タスクからアクセス要求を通知されたアクセス判定部15とアクセス制御部16とにより、SWメモリ保護によるアクセス制御が実行される。
 SWメモリ保護によるアクセス制御の詳細は後述する。 In step S240, access control by SW memory protection is executed by the access determination unit 15 and the access control unit 16 notified of the access request from the task.
Details of access control by SW memory protection will be described later.
 次に、図5のフローチャートを用いて、本実施の形態に係る情報処理装置1のHWメモリ保護によるアクセス制御の例について説明する。 Next, an example of access control by HW memory protection of the information processing apparatus 1 according to the present embodiment will be described with reference to the flowchart of FIG.
 まず、ステップS300では、アクセス制御ハードウェア50が、設定されたHWアクセス権情報に基づき、通信タスク11による共有メモリ領域へのアクセスの許否を判定する。 First, in step S300, the access control hardware 50 determines whether or not to allow access to the shared memory area by the communication task 11 based on the set HW access right information.
 次に、ステップS310では、アクセス制御ハードウェア50によるアクセスの許否の判定が許可であれば、処理はステップS320に進む。一方、アクセス制御ハードウェア50によるアクセスの許否の判定が許可でなければ、処理はステップS330に進む。 Next, in step S310, if the access control hardware 50 determines whether or not to allow access is permitted, the process proceeds to step S320. On the other hand, if the access control hardware 50 does not allow the access, the process proceeds to step S330.
 ステップS320では、アクセス制御ハードウェア50は、通信タスク11に共有メモリ領域へアクセスをさせる。 In step S320, the access control hardware 50 causes the communication task 11 to access the shared memory area.
 ステップS330では、アクセス制御ハードウェア50は、OSにメモリアクセス違反を通知し、OSにアクセス違反要因を取り除いてアクセス違反前の状態へ復帰するためのメモリアクセス違反処理を実行させる。 In step S330, the access control hardware 50 notifies the OS of the memory access violation, and causes the OS to execute the memory access violation processing for removing the cause of the access violation and returning to the state before the access violation.
 このように、通信タスク11が試行するアクセスがアクセス制御ハードウェア50に許可されれば、通信タスク11は共有メモリ領域へアクセスすることが可能となる。また、通信タスク11が意図せず許可されない共有メモリ領域へアクセスを試行してしまったような場合には、アクセス制御ハードウェア50がOSにメモリアクセス違反処理を実行させることでメモリは保護される。 In this way, if the access tried by the communication task 11 is permitted to the access control hardware 50, the communication task 11 can access the shared memory area. If the communication task 11 unintentionally attempts to access an unauthorized shared memory area, the access control hardware 50 causes the OS to execute memory access violation processing to protect the memory. ..
 次に、図6のフローチャートを用いて、本実施の形態に係る情報処理装置1のSWメモリ保護によるアクセス制御の例について説明する。 Next, an example of access control by SW memory protection of the information processing device 1 according to the present embodiment will be described with reference to the flowchart of FIG.
 まず、ステップS400では、アクセス判定部15が、設定されたアクセス判定情報に基づき、一般タスク12による共有メモリ領域へのアクセスの許否を判定する。 First, in step S400, the access determination unit 15 determines whether or not to allow access to the shared memory area by the general task 12 based on the set access determination information.
 次に、ステップS410では、アクセス制御部16が、アクセス判定部15によるアクセスの許否の判定結果を取得する。 Next, in step S410, the access control unit 16 acquires the result of determining whether or not to allow access by the access determination unit 15.
 次に、ステップS420では、アクセス制御部16が、アクセス判定部15によるアクセスの許否の判定結果を確認する。アクセス判定部15によるアクセスの許否の判定結果が許可であれば、処理はステップS430に進む。一方、アクセス判定部15によるアクセスの許否の判定結果が許可でなければ、処理はステップS440に進む。 Next, in step S420, the access control unit 16 confirms the result of the access permission / rejection determination by the access determination unit 15. If the result of the access permission / rejection determination by the access determination unit 15 is permission, the process proceeds to step S430. On the other hand, if the result of the access permission / rejection determination by the access determination unit 15 is not permission, the process proceeds to step S440.
 次に、ステップS430では、アクセス制御部16が、一般タスク12に共有メモリ領域へアクセスさせる。具体例としては、アクセス制御部16は一般タスク12にOSを介して共有メモリ領域へアクセスをさせる。なお、アクセス判定部15及びアクセス制御部16がOSの一部の機能として実現される場合、アクセス判定部15がタスクより受けた要求に応じてアクセス制御部16がOSに共有メモリ領域にアクセスさせてもよい。 Next, in step S430, the access control unit 16 causes the general task 12 to access the shared memory area. As a specific example, the access control unit 16 causes the general task 12 to access the shared memory area via the OS. When the access determination unit 15 and the access control unit 16 are realized as a part of the functions of the OS, the access control unit 16 causes the OS to access the shared memory area in response to a request received from the task by the access determination unit 15. You may.
 次に、ステップS440では、アクセス制御部16は、OSにメモリアクセス違反を通知し、OSにメモリアクセス違反処理を実行させる。 Next, in step S440, the access control unit 16 notifies the OS of the memory access violation and causes the OS to execute the memory access violation process.
 このように、一般タスク12が要求するアクセスがアクセス判定部15に許可されれば、一般タスク12は共有メモリ領域へアクセスすることが可能となる。また、一般タスク12が意図せず許可されないメモリ領域へアクセスを要求してしまったような場合には、一般タスク12が要求するアクセスがアクセス判定部15に許可されず、アクセス制御部16がOSにメモリアクセス違反処理を実行させることでメモリは保護される。 In this way, if the access requested by the general task 12 is permitted to the access determination unit 15, the general task 12 can access the shared memory area. Further, when the general task 12 unintentionally requests access to an unauthorized memory area, the access requested by the general task 12 is not permitted to the access determination unit 15, and the access control unit 16 is set to the OS. The memory is protected by letting the memory access violation process be executed.
 次に、図7及び図8を用いて本実施の形態に係るパケット送信に関する情報処理装置1の動作例を説明する。
 図7は、本実施の形態に係る送信パケット構造に対応した共有メモリ領域の例を示す。
 図7に示す基準領域サイズの共有メモリ領域は、ヘッダ、ペイロード中の領域sd1及びsd2、及びフッタといった基準領域サイズ未満のメモリ領域に分割される。そして、共有メモリ領域の全域は、HWメモリ保護によるアクセス制御が適用されるハードウェア判定領域であることが示されている。また、sd1及びsd2には、SWメモリ保護によるアクセス制御が適用されるソフトウェア判定領域であることが示されている。 Next, an operation example of the information processing apparatus 1 relating to packet transmission according to the present embodiment will be described with reference to FIGS. 7 and 8.
FIG. 7 shows an example of a shared memory area corresponding to the transmission packet structure according to the present embodiment.
The shared memory area of the reference area size shown in FIG. 7 is divided into memory areas smaller than the reference area size such as the header, the areas sd1 and sd2 in the payload, and the footer. Then, it is shown that the entire area of the shared memory area is a hardware determination area to which access control by HW memory protection is applied. Further, sd1 and sd2 are shown to be software determination areas to which access control by SW memory protection is applied.
 図8は、本実施の形態に係るパケット送信に関するアクセス制御の例を示す。
 なお、通信タスク11と一般タスク12である一般タスクX及び一般タスクYとが実行される例を用いる。また、各々のタスクは規定された周期、実行タイミング、及び実行時間で実行されるとする。
 図8の表の上端から3つの行では、タスクの実行スケジュールを示す、周期、実行タイミング、実行タスクが示され、右端に進むにつれ時間が進むことが示される。
 また、図8の表の下端から3つの行では、各々のタスクの実行中のHWメモリ保護及びSWメモリ保護によるアクセス制御の状態が示される。
 具体的には、周期0の1から3までの実行タイミングでは、通信タスク11が実行される。そして、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、共有メモリ領域をハードウェア判定領域とするハードウェア判定領域情報と、リード(R)及びライト(W)のアクセス属性とが設定される。そして、当該タイミングでは、アクセス制御ハードウェア50のHWメモリ保護によるアクセス制御により、共有メモリ領域へのリード(R)及びライト(W)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス判定情報に、ソフトウェア判定領域情報及びアクセス属性が設定されていないことが示されている。
 また、周期0の4から7までの実行タイミングでは、一般タスクXが実行される。そして、当該タイミングでは、アクセス判定情報に、sd1をソフトウェア判定領域としたソフトウェア判定領域情報と、ライト(W)のアクセス属性とが設定される。そして、当該実行タイミングでは、アクセス判定部15及びアクセス制御部16のSWメモリ保護によるアクセス制御により、共有メモリ領域のペイロード中の領域sd1へのライト(W)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、HWアクセス権情報として、共有メモリ領域をハードウェア判定領域としないハードウェア判定領域情報が設定されることが示されている。
 また、周期0の8から10までの実行タイミングでは、一般タスクYが実行される。そして、当該タイミングでは、アクセス判定情報に、sd2をソフトウェア判定領域としたソフトウェア判定領域情報と、ライト(W)のアクセス属性とが設定される。そして、当該実行タイミングでは、アクセス判定部15及びアクセス制御部16のSWメモリ保護によるアクセス制御により共有メモリ領域のペイロード中の領域sd2へのライト(W)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、HWアクセス権情報として、共有メモリ領域をハードウェア判定領域としないハードウェア判定領域情報が設定されることが示されている。 FIG. 8 shows an example of access control related to packet transmission according to the present embodiment.
An example is used in which the communication task 11 and the general task X and the general task Y, which are the general tasks 12, are executed. In addition, it is assumed that each task is executed in a specified cycle, execution timing, and execution time.
The three rows from the top of the table in FIG. 8 show the cycle, execution timing, and execution task, which indicate the execution schedule of the task, and indicate that the time advances as it advances to the right end.
In addition, the three rows from the bottom of the table in FIG. 8 show the status of access control by HW memory protection and SW memory protection during execution of each task.
Specifically, the communication task 11 is executed at the execution timings from 1 to 3 in the cycle 0. Then, at the timing, the access control setting unit 13 informs the access control hardware 50 of the hardware determination area information in which the shared memory area is used as the hardware determination area, and the access attributes of the read (R) and the write (W). Is set. Then, at the timing, it is shown that the access control by the HW memory protection of the access control hardware 50 allows the read (R) and write (W) access to the shared memory area.
On the other hand, at this timing, it is shown that the software determination area information and the access attribute are not set in the access determination information.
Further, the general task X is executed at the execution timings from 4 to 7 in the cycle 0. Then, at the timing, the software determination area information with sd1 as the software determination area and the access attribute of the write (W) are set in the access determination information. Then, at the execution timing, the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 enables the write (W) access to the area sd1 in the payload of the shared memory area. It is shown.
On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
Further, the general task Y is executed at the execution timings from 8 to 10 in the cycle 0. Then, at the timing, the software determination area information with sd2 as the software determination area and the access attribute of the write (W) are set in the access determination information. Then, at the execution timing, it is shown that the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the write (W) access to the area sd2 in the payload of the shared memory area. Has been done.
On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
 また、図8の(1)から(3)までにパケット送信に係る一連の処理例が示される。
 具体的には、(1)では、一般タスクXがsd1にアクセスしデータをライトする。次に、(2)では、一般タスクYがsd2にアクセスしデータをライトする。そして、(3)では、通信タスク11が共有メモリ領域にアクセスしヘッダ及びフッタにデータをライトし、その後共有メモリ領域全域のデータをリードし送信パケットとして通信I/F40に転送する。 Further, a series of processing examples related to packet transmission are shown in FIGS. 8 (1) to (3).
Specifically, in (1), the general task X accesses sd1 and writes the data. Next, in (2), the general task Y accesses sd2 and writes the data. Then, in (3), the communication task 11 accesses the shared memory area, writes the data to the header and the footer, then reads the data in the entire shared memory area and transfers it to the communication I / F 40 as a transmission packet.
 次に、図9及び図10を用いて本実施の形態に係るパケット受信に関する情報処理装置1の動作例を説明する。なお、パケット送信と同一の構成又は動作については説明を省略し差異を説明する。
 図9は、本実施の形態に係る受信パケット構造に対応した共有メモリ領域の例を示す。
 図9に示す基準領域サイズの共有メモリ領域は、ヘッダ、ペイロード中の領域rd1及びrd2、及びフッタといった基準領域サイズ未満のメモリ領域に分割される。そして、rd1及びrd2には、SWメモリ保護によるアクセス制御が適用されることが示されている。 Next, an operation example of the information processing apparatus 1 relating to packet reception according to the present embodiment will be described with reference to FIGS. 9 and 10. The same configuration or operation as packet transmission will be omitted and the differences will be described.
FIG. 9 shows an example of a shared memory area corresponding to the received packet structure according to the present embodiment.
The shared memory area of the reference area size shown in FIG. 9 is divided into memory areas smaller than the reference area size such as the header, the areas rd1 and rd2 in the payload, and the footer. Then, it is shown that access control by SW memory protection is applied to rd1 and rd2.
 図10は、本実施の形態に係るパケット受信に関するアクセス制御の例を示す。
 具体的には、周期0の1から3までの実行タイミングでは、通信タスク11が実行される。そして、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、共有メモリ領域をハードウェア判定領域とするハードウェア判定領域情報と、リード(R)及びライト(W)のアクセス属性とが設定される。そして、当該タイミングでは、アクセス制御ハードウェア50のHWメモリ保護によるアクセス制御により、共有メモリ領域へのリード(R)及びライト(W)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス判定情報に、ソフトウェア判定領域情報及びアクセス属性が設定されていないことが示されている。
 また、周期0の4から7までの実行タイミングでは、一般タスクXが実行される。そして、当該タイミングでは、アクセス判定情報に、rd1をソフトウェア判定領域としたソフトウェア判定領域情報と、リード(R)のアクセス属性とが設定される。そして、当該タイミングでは、アクセス判定部15及びアクセス制御部16のSWメモリ保護によるアクセス制御により、共有メモリ領域のペイロード中の領域rd1へのリード(R)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、HWアクセス権情報として、共有メモリ領域をハードウェア判定領域としないハードウェア判定領域情報が設定されることが示されている。
 また、周期0の8から10までの実行タイミングでは、一般タスクYが実行される。そして、当該タイミングでは、アクセス判定情報に、rd2をソフトウェア判定領域としたソフトウェア判定領域情報と、リード(R)のアクセス属性とが設定される。そして、当該タイミングでは、アクセス判定部15及びアクセス制御部16のSWメモリ保護によるアクセス制御により共有メモリ領域のペイロード中の領域rd2へのリード(R)でのアクセスが許可されていることが示されている。
 一方で、当該タイミングでは、アクセス制御設定部13により、アクセス制御ハードウェア50に、HWアクセス権情報として、共有メモリ領域をハードウェア判定領域としないハードウェア判定領域情報が設定されることが示されている。 FIG. 10 shows an example of access control related to packet reception according to the present embodiment.
Specifically, the communication task 11 is executed at the execution timings from 1 to 3 in the cycle 0. Then, at the timing, the access control setting unit 13 informs the access control hardware 50 of the hardware determination area information in which the shared memory area is used as the hardware determination area, and the access attributes of the read (R) and the write (W). Is set. Then, at the timing, it is shown that the access control by the HW memory protection of the access control hardware 50 allows the read (R) and write (W) access to the shared memory area.
On the other hand, at this timing, it is shown that the software determination area information and the access attribute are not set in the access determination information.
Further, the general task X is executed at the execution timings from 4 to 7 in the cycle 0. Then, at the timing, the software determination area information with rd1 as the software determination area and the access attribute of the read (R) are set in the access determination information. Then, at the timing, it is shown that the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the read (R) access to the area rd1 in the payload of the shared memory area. Has been done.
On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
Further, the general task Y is executed at the execution timings from 8 to 10 in the cycle 0. Then, at the timing, the software determination area information with rd2 as the software determination area and the access attribute of the read (R) are set in the access determination information. Then, at the timing, it is shown that the access control by the SW memory protection of the access determination unit 15 and the access control unit 16 allows the read (R) access to the area rd2 in the payload of the shared memory area. ing.
On the other hand, at this timing, the access control setting unit 13 indicates that the access control hardware 50 is set with hardware determination area information that does not use the shared memory area as the hardware determination area as HW access right information. ing.
 また、図10の(1)から(3)までにパケット受信に係る一連の処理例が示される。
 具体的には、(1)では、通信タスク11が受信パケットを通信I/F40から取得し、共有メモリ領域にアクセスしデータをライトする。その後、通信タスク11がヘッダ及びフッタのデータをリードし、妥当性を検証する。次に、(2)では、一般タスクXがrd1にアクセスしデータをリードする。そして、(3)では、一般タスクYがrd2にアクセスしデータをリードする。 Further, a series of processing examples related to packet reception are shown in FIGS. 10 (1) to (3).
Specifically, in (1), the communication task 11 acquires the received packet from the communication I / F40, accesses the shared memory area, and writes the data. After that, the communication task 11 reads the header and footer data and verifies the validity. Next, in (2), the general task X accesses rd1 and reads the data. Then, in (3), the general task Y accesses rd2 and reads the data.
***実施の形態の効果の説明***
 以上のように、本実施の形態では、メモリ保護環境下において、パケット構造に対応した共有メモリ領域を用いて、通信タスク11及び一般タスク12が共有メモリ領域へアクセスしデータ共有を行う。そして、基準領域サイズである共有メモリ領域へのアクセスはHWメモリ保護によるアクセス制御により制御され、基準領域サイズ未満のペイロード部分へのアクセスはSWメモリ保護によるアクセス制御により制御される。したがって、HWメモリ保護に伴う領域サイズ制約を受けずにアクセス制御が実現される。また、共有メモリ領域の一部にのみSWメモリ保護によるアクセス制御が用いられるため、CPU負荷を抑えることができる。
 HWメモリ保護によるアクセス制御のみを利用し、通信タスク11のみがアクセスが可能なパケット構造のメモリ領域に記憶されるデータを一般タスク12と共有する場合、データコピーによるオーバーヘッドが発生する。
 より具体的には、通信タスク11が、パケット構造のメモリ領域から一般タスク12がアクセスを許可されるメモリ領域へとペイロードのデータをコピーする。そして、一般タスク12がアクセスを許可されるメモリ領域へアクセスし、コピーされたデータを取得することでデータが共有可能となるが、データコピーに係る処理時間及びメモリ使用量のオーバーヘッドが発生してしまう。本実施の形態に係るアクセス制御を用いることで、データコピーを回避することができるため、データコピーに係る処理時間及びメモリ使用量のオーバーヘッドを削減する効果も得られる。 *** Explanation of the effect of the embodiment ***
As described above, in the present embodiment, in the memory protection environment, the communication task 11 and the general task 12 access the shared memory area and share data by using the shared memory area corresponding to the packet structure. Then, access to the shared memory area, which is the reference area size, is controlled by access control by HW memory protection, and access to the payload portion smaller than the reference area size is controlled by access control by SW memory protection. Therefore, access control is realized without being restricted by the area size associated with HW memory protection. Further, since access control by SW memory protection is used only for a part of the shared memory area, the CPU load can be suppressed.
When only the access control by HW memory protection is used and the data stored in the memory area of the packet structure accessible only by the communication task 11 is shared with the general task 12, an overhead due to data copying occurs.
More specifically, the communication task 11 copies the payload data from the memory area of the packet structure to the memory area to which the general task 12 is allowed access. Then, the general task 12 accesses the memory area to which access is permitted and acquires the copied data so that the data can be shared, but the overhead of the processing time and the memory usage related to the data copy occurs. It ends up. By using the access control according to the present embodiment, the data copy can be avoided, so that the effect of reducing the overhead of the processing time and the memory usage related to the data copy can also be obtained.
 実施の形態2.
 本実施の形態では、アクセス判定情報が情報処理装置1の動作時にも生成される例を説明する。
 本実施の形態では、主に実施の形態1との差異を説明する。
 なお、以下で説明していない事項は、実施の形態1と同様である。 Embodiment 2.
In this embodiment, an example in which access determination information is generated even when the information processing apparatus 1 is operating will be described.
In this embodiment, the difference from the first embodiment will be mainly described.
The matters not explained below are the same as those in the first embodiment.
***構成の説明***
 図11は、本実施の形態に係る情報処理装置1の機能構成を示す。
 本実施の形態では、情報処理装置1は、新たに判定情報生成部17を備える。
 判定情報生成部17は、アクセス判定情報生成を要求するタスク(以下、要求タスクという)からのアクセス判定情報生成の要求に応じて、アクセス判定情報を生成する。
 生成の要求には、アクセス判定部15がアクセスの許否の判定を行う対象のタスク(以下、対象タスク)の識別子と対象タスクがアクセス判定部15にアクセスの許否の判定を要求するメモリ領域(以下、要求メモリ領域という)といったアクセス判定の要件が含まれる。また、生成の要求には、対象タスクがアクセス判定部15にアクセスの許否の判定を要求する対象タスクの実行タイミング(以下、要求タイミング)と対象タスクに付与されるアクセス属性(以下、付与属性)といったアクセス判定の要件も含まれる。
 なお、要求メモリ領域は、HWメモリ保護によるアクセス制御により要求タスクはアクセスを許可されるが対象タスクはアクセスを許可されないメモリ領域の少なくとも一部の領域である。
 要求タスクは、アクセス判定情報生成を要求することで、対象タスクがHWメモリ保護によるアクセス制御によりアクセスを許可されない要求メモリ領域に、要求タイミングでのみ、付与属性で対象タスクがアクセスすることを可能とする。 *** Explanation of configuration ***
FIG. 11 shows the functional configuration of the information processing device 1 according to the present embodiment.
In the present embodiment, the information processing device 1 newly includes a determination information generation unit 17.
The determination information generation unit 17 generates access determination information in response to a request for access determination information generation from a task that requests access determination information generation (hereinafter referred to as a request task).
In the generation request, the identifier of the target task (hereinafter, the target task) for which the access determination unit 15 determines the access permission / disapproval and the memory area (hereinafter, the memory area) in which the target task requests the access determination unit 15 to determine the access permission / disapproval. , Request memory area) is included. Further, in the generation request, the execution timing of the target task (hereinafter, request timing) in which the target task requests the access determination unit 15 to determine whether or not to allow access, and the access attribute given to the target task (hereinafter, grant attribute). The requirements for access judgment such as are also included.
The requested memory area is at least a part of the memory area in which the requested task is permitted to access but the target task is not permitted to access by the access control by HW memory protection.
By requesting the generation of access judgment information, the request task can access the request memory area where the target task is not permitted to access by access control by HW memory protection only at the request timing with the grant attribute. do.
***動作の説明***
 次に、図12のフローチャートを用いて、本実施の形態に係る情報処理装置1のアクセス判定情報生成の動作例について説明する。 *** Explanation of operation ***
Next, an operation example of generating access determination information of the information processing apparatus 1 according to the present embodiment will be described with reference to the flowchart of FIG.
 まず、ステップS500では、要求タスクの実行中に、要求タスクが判定情報生成部17にアクセス判定情報生成を要求する。なお、アクセス判定情報生成の要求には、対象タスクの識別子、要求メモリ領域、要求タイミング、及び付与属性といったアクセス判定の要件が含まれる。 First, in step S500, during the execution of the request task, the request task requests the judgment information generation unit 17 to generate access judgment information. The request for generating access determination information includes access determination requirements such as an identifier of the target task, a request memory area, a request timing, and an assigned attribute.
 次に、ステップS510では、判定情報生成部17が、アクセス判定情報生成の要求に含まれるアクセス判定の要件と、要求タスク実行中のHWアクセス権情報及び対象タスクの実行スケジュールとの整合性を確認する。
 具体的には、判定情報生成部17は、要求メモリ領域が、HWアクセス権情報のハードウェア判定領域情報に含まれる基準領域サイズ未満であるかを確認する。また、判定情報生成部17は、要求タイミングが対象タスクの実行スケジュールに含まれるかを確認する。 Next, in step S510, the determination information generation unit 17 confirms the consistency between the access determination requirement included in the access determination information generation request, the HW access right information during the execution of the request task, and the execution schedule of the target task. do.
Specifically, the determination information generation unit 17 confirms whether the request memory area is smaller than the reference area size included in the hardware determination area information of the HW access right information. Further, the determination information generation unit 17 confirms whether the request timing is included in the execution schedule of the target task.
 次に、ステップS520では、判定情報生成部17は、アクセス判定情報生成の要求に含まれるアクセス判定の要件と、要求タスク実行中のHWアクセス権情報及び対象タスクの実行スケジュールとの整合性を判定する。
 具体的には、判定情報生成部17は、要求メモリ領域が要求タスク実行中のHWアクセス権情報のハードウェア判定領域情報に含まれる基準領域サイズ未満であり、且つ要求タイミングが対象タスクの実行スケジュールに含まれることが確認されれば、整合性ありと判定する。そして、処理はステップS530に進む。
 一方、判定情報生成部17は、要求メモリ領域が要求タスク実行中のHWアクセス権情報のハードウェア判定領域情報に含まれる基準領域サイズ未満でない、又は要求タイミングが対象タスクの実行スケジュールに含まれなければ、整合性なしと判定する。そして、処理はステップS540に進む。 Next, in step S520, the determination information generation unit 17 determines the consistency between the access determination requirement included in the access determination information generation request, the HW access right information during the execution of the request task, and the execution schedule of the target task. do.
Specifically, in the determination information generation unit 17, the request memory area is smaller than the reference area size included in the hardware determination area information of the HW access right information during the execution of the request task, and the request timing is the execution schedule of the target task. If it is confirmed that it is included in, it is judged to be consistent. Then, the process proceeds to step S530.
On the other hand, in the judgment information generation unit 17, the request memory area must not be smaller than the reference area size included in the hardware judgment area information of the HW access right information during the execution of the request task, or the request timing must be included in the execution schedule of the target task. If so, it is determined that there is no consistency. Then, the process proceeds to step S540.
 ステップS530では、判定情報生成部17は、アクセス判定情報を生成する。そして、判定情報生成部17は、生成したアクセス判定情報を、補助記憶装置30に記憶させる。
 アクセス判定部15は、対象タスクからアクセス要求を通知されれば、生成されたアクセス判定情報に基づき対象タスクのアクセスの許否を判定する。 In step S530, the determination information generation unit 17 generates access determination information. Then, the determination information generation unit 17 stores the generated access determination information in the auxiliary storage device 30.
When the access request is notified from the target task, the access determination unit 15 determines whether or not the access of the target task is permitted based on the generated access determination information.
 ステップS540では、判定情報生成部17は、アクセス判定情報を生成せず、エラー処理を実行する。 In step S540, the determination information generation unit 17 does not generate access determination information and executes error processing.
***実施の形態の効果の説明***
 以上のように、本実施の形態では、実行中のタスクがアクセス判定情報生成を要求することで新たにアクセス判定情報が生成される。そして、生成されたアクセス判定情報を用いてアクセス判定部15は基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定する。このため、メモリ領域の利用方法に変更等があった場合でも、CPU負荷を抑えつつ、領域サイズ制約を受けずにアクセス制御を実現することができる。更に、アクセス判定情報を設計時に予め規定する必要がなくなり設計の自由度が高めることもできる。 *** Explanation of the effect of the embodiment ***
As described above, in the present embodiment, access determination information is newly generated when the task being executed requests the generation of access determination information. Then, using the generated access determination information, the access determination unit 15 determines whether or not to allow access to the memory area having a size smaller than the reference area size. Therefore, even if there is a change in the usage method of the memory area, access control can be realized without being restricted by the area size while suppressing the CPU load. Further, it is not necessary to specify the access determination information in advance at the time of design, and the degree of freedom in design can be increased.
 以上、実施の形態について説明したが、これら2つの実施の形態を組み合わせて実施しても構わない。
 あるいは、これら2つの実施の形態のうち、1つを部分的に実施しても構わない。
 あるいは、これら2つの実施の形態を部分的に組み合わせて実施しても構わない。
 なお、これらの実施の形態に限定されるものではなく、必要に応じて種々の変更が可能である。 Although the embodiments have been described above, the two embodiments may be combined and implemented.
Alternatively, one of these two embodiments may be partially implemented.
Alternatively, these two embodiments may be partially combined and implemented.
It should be noted that the present invention is not limited to these embodiments, and various changes can be made as needed.
 1 情報処理装置、10 プロセッサ、11 通信タスク、12 一般タスク、13 アクセス制御設定部、14 タスク制御部、15 アクセス判定部、16 アクセス制御部、17 判定情報生成部、20 メモリ、30 補助記憶装置、40 通信I/F、50 アクセス制御ハードウェア。 1 information processing device, 10 processor, 11 communication task, 12 general task, 13 access control setting unit, 14 task control unit, 15 access judgment unit, 16 access control unit, 17 judgment information generation unit, 20 memory, 30 auxiliary storage device , 40 communication I / F, 50 access control hardware.

Claims (7)

  1.  アクセスの許否の判定の基準となるメモリ領域のサイズである基準領域サイズの単位で、メモリ領域へのアクセスの許否を判定するハードウェアであるアクセス制御ハードウェアと、
     前記基準領域サイズのn(nは1以上の整数)倍のサイズのメモリ領域をハードウェア判定領域として示すハードウェア判定領域情報を前記アクセス制御ハードウェアに設定して、前記アクセス制御ハードウェアに前記ハードウェア判定領域へのアクセスの許否を判定させるアクセス制御設定部と、
     前記ハードウェア判定領域に含まれる前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定するアクセス判定部とを有する情報処理装置。     Access control hardware, which is hardware that determines whether or not to allow access to a memory area, is a unit of the reference area size, which is the size of the memory area that is the standard for determining whether or not to allow access.
    Hardware judgment area information indicating a memory area having a size n (n is an integer of 1 or more) times the reference area size as a hardware judgment area is set in the access control hardware, and the access control hardware is described. An access control setting unit that determines whether or not to allow access to the hardware determination area,
    An information processing device including an access determination unit that determines whether or not to allow access to a memory area having a size smaller than the reference area size included in the hardware determination area.
  2.  前記アクセス制御設定部は、
     複数のタイミングについてタイミングごとにハードウェア判定領域が示されるハードウェア判定領域情報を前記アクセス制御ハードウェアに設定して、タイミングごとに前記アクセス制御ハードウェアに該当するハードウェア判定領域へのアクセスの許否を判定させる請求項1に記載の情報処理装置。     The access control setting unit
    Hardware judgment area information indicating a hardware judgment area for each timing for a plurality of timings is set in the access control hardware, and access to the hardware judgment area corresponding to the access control hardware is permitted or denied for each timing. The information processing apparatus according to claim 1.
  3.  前記情報処理装置は、更に、
     前記アクセス判定部がアクセスの許否の判定を行うタスクの識別子と、前記タスクが前記アクセス判定部にアクセスの許否の判定を要求するメモリ領域と、前記タスクが前記アクセス判定部にアクセスの許否の判定を要求する前記タスクの実行タイミングと、前記タスクに付与されるアクセス属性とに基づき、前記アクセス判定部のアクセスの許否の判定に用いられるアクセス判定情報を生成する判定情報生成部を有し、
     前記アクセス判定部は、
     前記アクセス判定情報を用いて、前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定する請求項1に記載の情報処理装置。     The information processing device further
    An identifier of a task for which the access determination unit determines access permission, a memory area for which the task requests the access determination unit to determine access permission, and a determination for access permission for the task to the access determination unit. It has a determination information generation unit that generates access determination information used for determining access permission / rejection of the access determination unit based on the execution timing of the task and the access attribute given to the task.
    The access determination unit
    The information processing device according to claim 1, wherein the access determination information is used to determine whether or not to allow access to a memory area having a size smaller than the reference area size.
  4.  前記判定情報生成部は、
     タスクの実行スケジュールを確認し、前記タスクの実行タイミングが前記実行スケジュールと一致するときに前記アクセス判定情報を生成する請求項3に記載の情報処理装置。     The determination information generation unit
    The information processing device according to claim 3, wherein the access determination information is generated when the execution schedule of the task is confirmed and the execution timing of the task matches the execution schedule.
  5.  前記アクセス制御ハードウェアは、
     MPU(Memory Protection Unit)である請求項1に記載の情報処理装置。     The access control hardware
    The information processing device according to claim 1, which is an MPU (Memory Protection Unit).
  6.  アクセスの許否の判定の基準となるメモリ領域のサイズである基準領域サイズの単位で、メモリ領域へのアクセスの許否を判定するハードウェアであるアクセス制御ハードウェアを有するコンピュータが、前記基準領域サイズのn(nは1以上の整数)倍のサイズのメモリ領域をハードウェア判定領域として示すハードウェア判定領域情報を前記アクセス制御ハードウェアに設定して、前記アクセス制御ハードウェアに前記ハードウェア判定領域へのアクセスの許否を判定させ、
     前記コンピュータが、前記ハードウェア判定領域に含まれる前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定する情報処理方法。     A computer having access control hardware, which is hardware for determining whether or not to allow access to a memory area, is a unit of the reference area size, which is the size of the memory area that is the standard for determining whether or not to allow access. Hardware judgment area information indicating a memory area having a size n (n is an integer of 1 or more) times as a hardware judgment area is set in the access control hardware, and the access control hardware is sent to the hardware judgment area. Let's judge the access permission of
    An information processing method in which the computer determines whether or not to allow access to a memory area having a size smaller than the reference area size included in the hardware determination area.
  7.  アクセスの許否の判定の基準となるメモリ領域のサイズである基準領域サイズの単位で、メモリ領域へのアクセスの許否を判定するハードウェアであるアクセス制御ハードウェアを有するコンピュータに、
     前記基準領域サイズのn(nは1以上の整数)倍のサイズのメモリ領域をハードウェア判定領域として示すハードウェア判定領域情報を前記アクセス制御ハードウェアに設定して、前記アクセス制御ハードウェアに前記ハードウェア判定領域へのアクセスの許否を判定させるアクセス制御設定処理と、
     前記ハードウェア判定領域に含まれる前記基準領域サイズ未満のサイズのメモリ領域へのアクセスの許否を判定するアクセス判定処理とを実行させる情報処理プログラム。     A computer that has access control hardware, which is hardware that determines whether or not to allow access to a memory area, in units of the reference area size, which is the size of the memory area that is the standard for determining whether or not to allow access.
    Hardware judgment area information indicating a memory area having a size n (n is an integer of 1 or more) times the reference area size as a hardware judgment area is set in the access control hardware, and the access control hardware is described. Access control setting processing that determines whether or not to allow access to the hardware determination area,
    An information processing program that executes an access determination process for determining whether or not to allow access to a memory area having a size smaller than the reference area size included in the hardware determination area.
PCT/JP2020/013368 2020-03-25 2020-03-25 Information processing device, information processing method, and information processing program WO2021192098A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/JP2020/013368 WO2021192098A1 (en) 2020-03-25 2020-03-25 Information processing device, information processing method, and information processing program
JP2021560273A JP7062142B2 (en) 2020-03-25 2020-03-25 Information processing equipment, information processing methods and information processing programs
CN202080098449.XA CN115349120A (en) 2020-03-25 2020-03-25 Information processing apparatus, information processing method, and information processing program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/013368 WO2021192098A1 (en) 2020-03-25 2020-03-25 Information processing device, information processing method, and information processing program

Publications (1)

Publication Number Publication Date
WO2021192098A1 true WO2021192098A1 (en) 2021-09-30

Family

ID=77891088

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/013368 WO2021192098A1 (en) 2020-03-25 2020-03-25 Information processing device, information processing method, and information processing program

Country Status (3)

Country Link
JP (1) JP7062142B2 (en)
CN (1) CN115349120A (en)
WO (1) WO2021192098A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013084219A (en) * 2011-10-12 2013-05-09 Toyota Motor Corp Information processing device and abnormality determination method
JP2013140476A (en) * 2012-01-04 2013-07-18 Toyota Motor Corp Information processing device, access authority giving method, program generation device, and method therefor
JP2019049928A (en) * 2017-09-12 2019-03-28 日立オートモティブシステムズ株式会社 Electronic control device and control method for electronic control device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013084219A (en) * 2011-10-12 2013-05-09 Toyota Motor Corp Information processing device and abnormality determination method
JP2013140476A (en) * 2012-01-04 2013-07-18 Toyota Motor Corp Information processing device, access authority giving method, program generation device, and method therefor
JP2019049928A (en) * 2017-09-12 2019-03-28 日立オートモティブシステムズ株式会社 Electronic control device and control method for electronic control device

Also Published As

Publication number Publication date
JPWO2021192098A1 (en) 2021-09-30
JP7062142B2 (en) 2022-05-02
CN115349120A (en) 2022-11-15

Similar Documents

Publication Publication Date Title
JP4356765B2 (en) Information processing apparatus and method, and program
US7707337B2 (en) Object-based storage device with low process load and control method thereof
JP5127722B2 (en) Delayed application launch
US8850154B2 (en) Processing system having memory partitioning
JP2007026094A (en) Execution device and application program
JP2007122664A (en) Information processing method and information processor
JP4407956B2 (en) Information processing method and information processing apparatus
JP5338435B2 (en) Information processing program, information processing apparatus, and information processing method
JP2005276158A (en) Storage system, computer system and method of establishing attribute of storage area
US20140082275A1 (en) Server, host and method for reading base image through storage area network
JP4311386B2 (en) File operation restriction system, file operation restriction program, file operation restriction method, electronic apparatus, and printing apparatus
KR101460451B1 (en) Apparatus and method for controlling process address space
KR101535792B1 (en) Apparatus for configuring operating system and method thereof
WO2021192098A1 (en) Information processing device, information processing method, and information processing program
JP7354361B2 (en) Processing equipment, processing method and program
JP2010257045A (en) Computer for controlling storage system including encryption/decryption function
US11269549B2 (en) Storage device and command processing method
KR20070048079A (en) Memory access protection system and method for memory access protection
JP2006252550A (en) File operation limiting system, file operation limiting program, file operation limiting method, electronic equipment and printer
WO2013031130A1 (en) Information processing device, access control method for same and integrated circuit
JP2006085209A (en) Deployment method of computer system
JP5754778B2 (en) Storage device sharing system, management device, processing device, storage device sharing method, management method, access method, and program
JP2005209178A (en) Memory protection unit, memory protection method, and memory protection program
KR100696322B1 (en) Hardware medium access control system and method using the same
JP6438381B2 (en) Electronic control unit

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2021560273

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20927705

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20927705

Country of ref document: EP

Kind code of ref document: A1