WO2022150966A1 - Processor memory management method for achieving process isolation - Google Patents

Processor memory management method for achieving process isolation Download PDF

Info

Publication number
WO2022150966A1
WO2022150966A1 PCT/CN2021/071272 CN2021071272W WO2022150966A1 WO 2022150966 A1 WO2022150966 A1 WO 2022150966A1 CN 2021071272 W CN2021071272 W CN 2021071272W WO 2022150966 A1 WO2022150966 A1 WO 2022150966A1
Authority
WO
WIPO (PCT)
Prior art keywords
embedded file
host
embedded
file system
file
Prior art date
Application number
PCT/CN2021/071272
Other languages
French (fr)
Chinese (zh)
Inventor
王志平
Original Assignee
王志平
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 王志平 filed Critical 王志平
Priority to PCT/CN2021/071272 priority Critical patent/WO2022150966A1/en
Publication of WO2022150966A1 publication Critical patent/WO2022150966A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to the technical field of integrated circuits and computers, in particular to a processor memory management method for realizing process isolation.
  • the von Neumann structure also known as the Princeton structure, is a computer structure that stores process code and data at different addresses in the same memory; the Harvard structure refers to a computer structure that stores process code and data separately. But whether it is a von Neumann structure or a Haval structure, the access to "data" or "code” is directly performed by the physical address of the storage device.
  • the access of the process to the memory depends on the allocation of the storage space by the operating system, and the process code will convert the logical address of the required access to the target through the operating system during the actual running process into
  • the physical address ie, the physical address of the storage unit
  • the purpose of the present invention is to provide a processor memory management method for realizing process isolation, which does not require the intervention of the operating system, and can better realize the isolation of the process, which is beneficial to relieve the load of the operating system and ensure the security of the process data.
  • the present invention provides a processor memory management method for realizing process isolation, comprising the steps of: constructing an embedded file system that realizes encapsulating memory storage space into an independent unit with file characteristics by means of hardware control ; establish interconnection between the process running by the processor core and the embedded file system through the processor multi-layer bus controller; open up an embedded file corresponding to the process in the memory storage space through the embedded file system .
  • This scheme realizes the encapsulation of the memory storage space into an embedded file system with file characteristics by means of hardware control, and establishes the process of the processor core running with the embedded file system through the multi-layer bus controller of the processor. Interconnection, which can open up embedded files corresponding to the process in the memory storage space through the embedded file system, so that the memory to which any process belongs can only be read or written by the process itself, and any other process, including the operating system, is not available. In the case of process permission, illegal reading or writing of the private memory space of the process will be directly rejected by the accessed memory hardware controller, thereby achieving physical isolation between processes and ensuring the security of process data. Without the intervention of the operating system, it is beneficial to relieve the load of the operating system.
  • opening up an embedded file corresponding to the process in the memory storage space through the embedded file system specifically includes:
  • the embedded file system receives the file creation instruction, opens the embedded file in the memory storage space, and then feeds back the index number of the embedded file to the process, so as to realize the one-to-one correspondence between the process and the embedded file , the process also becomes the file host for the embedded file.
  • the access key corresponding to the embedded file is recorded through the embedded file system, and the host process number of the file host corresponding to the embedded file is recorded.
  • the file host of the embedded file can directly access it without verification; and other processes must have the access key granted by the file host if they want to access the embedded file.
  • And/or receive the host replacement instruction sent by the file host to the embedded file system, and replace the host process number of the file host corresponding to the embedded file recorded by the embedded file system with the The process ID of the other process specified by the key replacement instruction.
  • the embedded file system when judging that the process number of the process is the host process number, uses the corresponding number of the process.
  • the read operation pointer of the embedded file record is the base address, and the data of the specified number of bytes is continuously transmitted to the command initiation port;
  • the embedded file system After recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps: Receive the file host sending a write pointer setting instruction to the embedded file system, and the embedded file system resets the write operation pointer of the embedded file corresponding to the file host to the write pointer setting instruction designation the address of;
  • the step further includes:
  • the step further includes:
  • this solution realizes the encapsulation of memory storage space into an embedded file system with file characteristics in a hardware-controlled manner by constructing an embedded file system, and through multiple processors
  • the layer bus controller interconnects the process running by the processor core with the embedded file system, and can open up the embedded file corresponding to the process in the memory storage space through the embedded file system, so that the memory belonging to any process can only be read by the process itself Read or write, any other process including the operating system, without the permission of the process, illegal reading or writing of the private memory space of the process will be directly rejected by the accessed memory hardware controller, thus realizing the process
  • the physical isolation between them ensures the security of process data.
  • this solution does not require the intervention of the operating system, it is beneficial to relieve the load of the operating system. .
  • Fig. 1 is the overall flow schematic diagram of the embodiment of the present invention.
  • Fig. 2 is the overall structure schematic diagram of the embodiment of the present invention.
  • FIG. 3 is a schematic diagram of process access according to an embodiment of the present invention.
  • the present invention provides a processor memory management method for implementing process isolation, including the steps:
  • EFS embedded File System
  • the "multi-layer" in the processor multi-layer bus controller means that the bus controller in this example can establish the interconnection of multiple "source port” and "destination port” at a certain time, that is, at the same time. It maintains multiple non-interfering bus interconnections, so as to realize simultaneous access of multiple processes.
  • the bus controller in this example can establish the interconnection of multiple "source port” and "destination port” at a certain time, that is, at the same time. It maintains multiple non-interfering bus interconnections, so as to realize simultaneous access of multiple processes.
  • the connection between the processor core, the processor multi-layer bus controller and the embedded file system may be as shown in FIG. 2 and FIG. 3
  • the “memory” in FIG. 2 and FIG. 3 includes the processor External main memory and various caches inside the processor.
  • This example takes the integration of 4 processor cores and 4 memory interfaces as an example (the so-called “memory interface” refers to the existence of 4 memory interfaces on the internal system bus of the processor.
  • each processor core there are multiple “processes” in each processor core, and the box marked by Tx identifies the process that each processor core has run in a period of time, the processor core is running
  • Multiple processes are usually performed in a time-sharing manner, that is, a certain time period is divided into equal small time segments, which can be called kernel time slices.
  • T0 to Tn in the figure represent the time slice from 0 to the nth time slice, and the corresponding processes are run in the kernel (for example, in “processor kernel 1", corresponding to "process 0", “process 1” respectively "Up to “process n”, they are not running in “processor core 1" at the same time, but they mean that they run in "processor core 1" sequentially from 0 to n according to the time slice).
  • an embedded file corresponding to a process is opened up in a memory storage space through an embedded file system, which specifically includes:
  • the character "EFSNEW” may be used as the instruction symbol.
  • EFS executes the EFSNEW instruction, which means that the process sending the instruction opens up a memory space of the required size and encapsulates it in the way of EF.
  • EFS In addition, if EFS cannot create an EF as required by the instruction due to insufficient "memory" space, then EFS needs to feed back an error code to the instruction sending process.
  • the embedded file system When creating an embedded file, the embedded file system receives the file creation instruction, opens the embedded file in the memory storage space, and then feeds back the index number of the embedded file to the process, so as to realize the one-to-one correspondence between the process and the embedded file , the process also becomes the file host for the embedded file.
  • the step further includes: S34 , receiving the access key of the embedded file corresponding to the file host provided by the file host. S35, record the access key corresponding to the embedded file through the embedded file system, and record the host process number of the file host corresponding to the embedded file.
  • EFSNEW must carry the following necessary parameters: "EF Host Process ID”, "Space Size”, "EF Access Key”.
  • the host process number indicates the process number of the process that sends the embedded file creation instruction.
  • the instruction sending process becomes the "EF host” of the currently created EF.
  • EFS needs to use the process number of the "EF host” as the corresponding The only standard for "EF host” identification; the space size indicates the memory space required by the embedded file creation instruction to create EF; the access key is used by the "EF host” to authorize other "non-EF hosts” to access the EF.
  • the "non-EF host” cannot modify the access rights possessed by the key after obtaining the corresponding EF key.
  • the "EF key” provided by the command-initiating process in this command must be a key with full read and write access rights. This parameter will be recorded by EFS and associated with the EF index number to become a "non-EFS host” access. The only standard for EFs created by directives.
  • An embodiment of the present invention after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, further comprises the steps: Determine whether the current access process accessing the embedded file is the file host corresponding to the embedded file; if it is determined to be yes, then access it directly; if it is determined to be no, then determine whether the current access process has an access key; if it is determined to be yes, Access can be performed; if it is judged to be no, access cannot be performed.
  • the file host of the embedded file can directly access it without verification; and other processes must have the access key granted by the file host if they want to access the embedded file.
  • the access key corresponding to the embedded file After recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps:
  • the host replacement instruction sent to the embedded file system replaces the host process number of the file host corresponding to the embedded file recorded in the embedded file system with the process number of other processes specified by the key replacement instruction.
  • the key replacement command uses the character "EFSKEY” as the command symbol, and executing EFSKEY by the EFS will change the "EF key” of the formulated EF to the new "EF key” in the parameters of this command. After the execution of EFSKEY is completed, it means that the previous "EF key” has become invalid, which is equivalent to the "EF host” canceling the access rights of other "non-EF hosts” previously authorized to the specified EF.
  • EFSKEY is only authorized by the "EF host” of the target EF, that is, EFSKEY needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority.
  • EFSKEY must carry the following necessary parameters: "EF host process number”, “target EF index number”, "new EF secret key”.
  • the host replacement instruction uses the character "EFSOWN" as the instruction symbol.
  • EFS executing the EFSOWN instruction will change the "EF host” of the EF specified in the instruction parameter to another process specified in the instruction parameter.
  • the intent of this instruction is that when there is a large amount of data transfer between processes, all permissions of the data can be directly handed over to the other party without the need for the other party to copy the data, and there is no need to consider when the data that should be passed can be released.
  • the memory space occupied by the data (after changing the "EF host”, the new host can delete the data directly after using the data, and the original host can release the memory space occupied by the related data after handing over the permissions).
  • the EFSOWN instruction can also be applied to hand over some state files in the process of initializing the child process in the parent process to ensure that the parent process and the child process also have physical isolation properties.
  • EFSOWN only has the authority of the "EF host” of the target EF, that is, EFSOWN needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority.
  • EFSOWN must carry the following necessary parameters: "EF original host process number”, “target EF index number”, "EF new host process number”.
  • An embodiment of the present invention on the basis of Embodiment 2 or Embodiment 3, after the process becomes the file host of the embedded file, further includes the steps:
  • the type file system resets the value of all data of the embedded file corresponding to the file host to 0 according to the clear instruction.
  • the delete instruction takes the character "EFSDEL" as the instruction symbol, and the execution of the EFSDEL instruction by EFS means that the memory space occupied by the EF specified in the instruction parameter will be released, and at the same time, the "EF" of the EF specified in the instruction parameter will be recovered.
  • the index number The index number
  • EFSDEL only has the authority of the "EF host” of the target EF, that is, EFSDEL needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority.
  • EFSDEL must carry the following necessary parameters: "EF host process number”, "target EF index number”.
  • the clear command uses the character "EFSCLR" as the command symbol.
  • EFS executes EFSCLR to reset the value of all data in the EF specified in the command parameter to 0, and does not do any other operations.
  • the intent of this directive is primarily to provide a process with a quick way to reset a batch of variables.
  • EFSCLR only has the authority of the "EF host” of the target EF, that is, EFSCLR needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority.
  • EFSCLR must carry the following necessary parameters: "EF host process number”, "target EF index number”.
  • the access key corresponding to the embedded file is recorded through the embedded file system, and after the host process number of the file host corresponding to the embedded file is recorded , which also includes the steps:
  • the embedded file system determines that the process ID of the process is the host process ID, the embedded file system uses the read operation pointer recorded in the embedded file corresponding to the process as the base address, and continuously transmits the specified bytes to the command initiation port. and/or; the non-host read command sent by the receiving process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, it will use the non-host read command specified in the non-host read command.
  • the base address continuously transmits the specified number of bytes of data to the command-initiating port.
  • the read pointer setting instruction uses the character "EFSSKR" as the instruction symbol, and EFS executes EFSSKR to reset the read operation pointer of the target EF to the address specified in the instruction parameter.
  • EFS will maintain the read and write operation pointers of each EF, but only for the operations of the "EF host” on the EF. That is, only the read or write command that uses the "EF host” process ID to access security authentication (the EFS is required to maintain the read or write pointer. This command allows the "EF host” process to reset the EF read operation pointer, that is, the read operation.
  • EFSRD must carry the following necessary parameters: "EF host process number”, "target EF index number”, "EF read operation pointer".
  • the host read command uses the character "EFSRD” as the command symbol, and EFSRD refers to reading the data in the target EF.
  • the word “host” in the so-called “host read instruction” indicates that the current instruction can only use the host process ID of the file host of the EF as the only criterion for EF access security authentication.
  • EFS executes this command, it will use the read pointer recorded by EF as the base address, and continuously transmit the specified number of bytes of data to the command initiation port.
  • the "specified number of bytes” is the command parameter "Maximum read offset address" plus 1.
  • EFSRD must carry the following necessary parameters: "EF host process number”, "target EF index number”, "maximum read offset address”.
  • the non-host read instruction uses the character "EFSFR" as the instruction symbol, and EFSFR refers to reading the data in the target EF.
  • EFSFR refers to reading the data in the target EF.
  • the "non-host” in the so-called “non-host read command” means that the current command can only use the "EF key” as the only standard for EF access security authentication.
  • EFS When executing this instruction, EFS cannot use the read pointer recorded by EF as the base address, but can only use the base address specified by the parameter "read base address” in the instruction to continuously transmit the specified number of bytes of data to the instruction initiation port. "Number of bytes” is the instruction parameter "Maximum read offset address” plus 1.
  • the main purpose of this directive is that the "EF host” authorizes the “non-EF host” to directly access the target EF. The host” obtains the relevant permissions to directly access the target EF.
  • EFSRD must carry the following necessary parameters: "EF key”, “target EF index number”, “read base address”, “maximum read offset address”.
  • the access key corresponding to the embedded file is recorded through the embedded file system, and after the host process number of the file host corresponding to the embedded file is recorded , which also includes the steps:
  • the receiving file host sends a write pointer setting instruction to the embedded file system, and the embedded file system resets the write operation pointer of the embedded file corresponding to the file host to the address specified by the write pointer setting instruction; and/or; the receiving process sends the embedded file to the embedded file system.
  • the embedded file system determines that the process ID of the process is the host process ID
  • the embedded file system uses the write operation pointer recorded in the embedded file corresponding to the process as the base address, and receives the command to initiate the specified bytes of the port continuous transmission.
  • the non-host write instruction sent by the receiving process to the embedded file system when the embedded file system judges that the process carries the access key corresponding to the embedded file, it will use the non-host write instruction specified in the non-host write instruction.
  • the base address receives the specified number of bytes of data that the command initiates the port to transmit continuously.
  • the write pointer setting instruction uses the character "EFSSKW" as the instruction symbol, and EFS executes EFSSKW to reset the write operation pointer of the target EF to the address specified in the instruction parameter.
  • EFS will maintain the read and write operation pointers of each EF, but only for the operations of the "EF host” on the EF. That is, only read or write instructions that use the "EF host” process ID for access security authentication require EFS to maintain the read or write pointer.
  • This instruction allows the "EF host” process to reset the EF's write operation pointer, that is, the base address of the write operation.
  • EFSRW must carry the following necessary parameters: "EF host process number”, “target EF index number”, “EF write pointer”.
  • the host write command uses the character “EFSWR" as the command symbol, and EFSRD points to the write data in the target EF.
  • the word “host” in the so-called “host write instruction” means that the current instruction can only use the "EF host” process ID as the only criterion for EF access security authentication.
  • EFS When EFS executes this command, it will use the write pointer recorded by EF as the base address to receive the specified number of bytes of data continuously transmitted by the command initiation port.
  • the "specified number of bytes” is the command parameter "maximum read offset address” plus 1.
  • EFSWR must carry the following necessary parameters: "EF host process number”, “target EF index number”, “maximum write offset address”.
  • the non-host write instruction uses the character "EFSFR" as the instruction symbol, and EFSFR refers to reading the data in the target EF.
  • EFSFR refers to reading the data in the target EF.
  • the "non-host” in the so-called “non-host read command” means that the current command can only use the "EF key” as the only standard for EF access security authentication.
  • EFS When executing this instruction, EFS cannot use the read pointer recorded by EF as the base address, but can only use the base address specified by the parameter "read base address” in the instruction to continuously transmit the specified number of bytes of data to the instruction initiation port. "Number of bytes” is the instruction parameter "Maximum read offset address” plus 1.
  • the main purpose of this directive is that the "EF host” authorizes the “non-EF host” to directly access the target EF. The host” obtains the relevant permissions to directly access the target EF.
  • EFSRD must carry the following necessary parameters: "EF key”, “target EF index number”, “read base address”, “maximum read offset address”.
  • Embodiment 7 An embodiment of the present invention, on the basis of any of the above-mentioned embodiments, after the embedded file corresponding to the process is opened in the memory storage space by the embedded file system, further includes the step of: receiving and sending the embedded file system to the embedded file system.
  • a tripartite operation data transfer instruction for transferring data between ports of the processor's multilayer bus controller is received.
  • the three-party operation host RX transmission establishment command uses the character "EFSRX" as the command symbol, and EFSRX establishes a data receiving end for "three-way operation and transmission", that is, notifies the data receiving end that EFS is ready to receive the EFSX command. data sent.
  • EFSRX is "Three-party operation host RX transmission establishment", which means that this command is sent by the C port to the B port in the "three-party operation and transmission".
  • the "host” in “Three-party operation host RX transmission establishment” means that C must be the host of the EF of the data destination B port, and it also means that the EFS uses the "EF host” process number as the only standard for access security authentication when executing this command. After the EFS of port B executes this command, the port will be temporarily locked to wait for the EFSX command from port A.
  • port B After port B enters the locked state, if the EFSX command from port A is successfully received, after completing the data transmission, port B will enter the unlocked state.
  • the intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
  • EFSRX must carry the following necessary parameters: "target EF index number”, “EF host process number”, “base address”, “maximum offset address”, "data sender port number”.
  • the three-way operation host RX transmission establishment command uses the character "EFSFRX" as the command symbol.
  • EFSFRX establishes a data receiving end for "three-way operation and transmission", that is, it informs the data receiving end that EFS is ready to receive the data sent by the EFSX command (refer to EFS command 16).
  • Data this instruction can only be transferred between ports of the "processor multi-layer bus controller” as shown in Figure 1, so it essentially has the parameter of "port").
  • the so-called "three-way operation transmission” means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission.
  • EFSFRX is "Three-party operation non-host RX transmission establishment", which means that this command is sent by the C port to the B port in the "three-party operation and transmission".
  • "Non-host” in “Three-party operation non-host RX transmission establishment” means that C is not the host of the EF of the data destination B port, and also means that EFS must use the "EF key” as the only standard for access security authentication when executing this command .
  • the port will be temporarily locked to wait for the EFSX command from port A. After port B enters the locked state, if the EFSX command from port A is successfully received, after completing the data transmission, port B will enter the unlocked state.
  • EFSFRX must carry the following necessary parameters: "target EF index number”, “EF key”, “base address”, “maximum offset address”, "data sender port number”.
  • EFSX The three-way operation data transmission command takes the character "EFSX" as the command symbol.
  • EFSX is the command to actually send the data for the "three-way operation transmission" data sender. EF, but it is the process of port C or other hardware module of port C that initiates the transfer. Therefore, EFSX is an instruction issued by port A after port C completes "RX transfer establishment” and "TX transfer establishment” of "three-way operation transfer". The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
  • the three-party operation cancel RX transmission establishment command uses the character "EFSCNS" as the command symbol.
  • EFSCNS is the data receiving end that cancels the "three-party operation transmission” that has been established by EFSRX or EFSFRX, that is, releases the "lock" of the relevant port. state.
  • Three-way operation transmission means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission.
  • the EFSCNS command may only be issued by port C, the initiator of the "three-way operation transfer".
  • EFSCNS is rejected by port A when port C tries to send EFSTX or EFSFTX to port A (possibly because the port is in a busy state or the EF access security authentication fails).
  • port C can cancel the established port B in time ( That is, the receiving state of the data receiving end of the "three-party operation transmission", so that port B can release the "locked” state in time.
  • EFSFTX must carry the following necessary parameters: "data sender port number”.
  • Embodiment 8 An embodiment of the present invention, on the basis of any of the above-mentioned embodiments, after the embedded file corresponding to the process is opened in the memory storage space through the embedded file system, further includes the step of: receiving and sending the embedded file system to the embedded file system.
  • a tripartite operation data transfer instruction for transferring data between ports of the processor's multilayer bus controller is received.
  • the three-party operation host TX transmission establishment command uses the character "EFSTX" as the command symbol, and EFSTX establishes a data sending end for the "three-party operation and transmission".
  • EFSTX is "Three-party operation host TX transmission establishment", which means that this command is sent by the C port to the A port in the "three-party operation and transmission".
  • Host in “Three-party operation host TX transmission establishment” means that C must be the host of EF of port A of the data sender, and it also means that EFS uses the "EF host” process number as the only standard for access security authentication when executing this command.
  • EFSTX must carry the following necessary parameters: "source EF index number”, “EF host process number”, “base address”, “maximum offset address”, "data receiver port number”.
  • EFSX is the command to actually send data for the "three-way operation and transmission" data sender. , but it is a process on port C or another hardware module on port C that initiates the transfer. Therefore, EFSX is an instruction issued by port A after port C completes "RX transfer establishment” and "TX transfer establishment” of "three-way operation transfer". The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
  • the three-party operation non-host TX transmission establishment command uses the character "EFSFTX" as the command symbol.
  • EFSFTX establishes a data sender for "three-party operation and transmission", that is, notifies the data sender EFS to prepare to send the specified EF data with the EFSX command.
  • EFSFTX is "Three-party operation non-host TX transmission establishment", which means that this command is sent by the C port to the A port in the "three-party operation and transmission".
  • "Non-host” in “Three-party operation non-host TX transmission establishment” means that C is not the host of the EF of port A of the data sender, and also means that EFS must use the "EF key” as the only standard for access security authentication when executing this command .
  • the port will either refuse to execute or leave to send the corresponding EF data to port B through the EFSX command.
  • the intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
  • EFSFTX must carry the following necessary parameters: "source EF index number”, “EF key”, “base address”, “maximum offset address”, "data sink port number”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A processor memory management method for achieving process isolation, comprising steps of: constructing an embedded file system for encapsulating, in a hardware control mode, a memory storage space into an independent unit having file characteristics (S1); establishing interconnection between a process operated by a processor core and the embedded file system by means of a processor multi-layer bus controller (S2); and opening up an embedded file corresponding to the process in the memory storage space by means of the embedded file system (S3). The method does not need intervention of an operation system, can better achieve process isolation, facilitates reduction of the load of the operation system, and guarantees security of process data.

Description

一种实现进程隔离的处理器内存管理方法A processor memory management method for process isolation 技术领域technical field
本发明涉及集成电路及计算机技术领域,尤指一种实现进程隔离的处理器内存管理方法。The present invention relates to the technical field of integrated circuits and computers, in particular to a processor memory management method for realizing process isolation.
背景技术Background technique
无论是微型控制器、个人电脑、服务器以及大型计算机,其对于存储部件的使用无外乎有两种结构:冯·诺依曼结构和哈弗结构。冯·诺依曼结构也称作普林斯顿结构,是一种将进程代码和数据存放在同一个存储器的不同地址的计算机结构;而哈弗结构是指将进程代码和数据分开存储的计算机结构。但不管是冯·诺依曼结构还是哈弗结构,其对于“数据”或“代码”的访问都是以存储设备的物理地址直接进行存储操作的。对于有操作系统的计算机系统,进程对于内存,即对于存储部件的访问依赖于操作系统对于存储空间的分配,进程代码将在实际运行过程中通过操作系统将所需对目标访问的逻辑地址转换成物理地址(即存储部件的物理地址)以完成对代码/数据的读和写的访问操作。Whether it is a microcontroller, a personal computer, a server or a mainframe computer, there are no more than two structures for the use of storage components: the von Neumann structure and the Haval structure. The von Neumann structure, also known as the Princeton structure, is a computer structure that stores process code and data at different addresses in the same memory; the Harvard structure refers to a computer structure that stores process code and data separately. But whether it is a von Neumann structure or a Haval structure, the access to "data" or "code" is directly performed by the physical address of the storage device. For a computer system with an operating system, the access of the process to the memory, that is, to the storage component, depends on the allocation of the storage space by the operating system, and the process code will convert the logical address of the required access to the target through the operating system during the actual running process into The physical address (ie, the physical address of the storage unit) is used to complete read and write access operations for code/data.
在信息处理量暴增的今天,一个计算机系统内所运行的进程总数以及所需要提供的各种服务进程的总数日益庞大,当所有对于内存使用的问题都集中到操作系统这一点来进行处理,势必会造成整个操作系统的处理能力变得不堪重负;并且操作系统在应对大量进程及服务的情况下无法做到精确到每一个进程及服务进行完全隔离的安全控制,只能以安全等级来对进程进行分类,所以,操作系统并不是对所有进程都进行了完全地隔离,这就势必给整个系统留下了许多不可确定的安全漏洞。因此,需要一种无需操作系统干预,且能够更好的实现进程隔离的处理器内存管理方法。Today, with the explosion of information processing, the total number of processes running in a computer system and the total number of various service processes that need to be provided are increasing. When all the problems of memory usage are concentrated on the operating system for processing, It will inevitably cause the processing capacity of the entire operating system to become overwhelmed; and the operating system cannot achieve accurate security control of complete isolation of each process and service when dealing with a large number of processes and services. Processes are classified, so the operating system does not completely isolate all processes, which is bound to leave many uncertain security holes for the entire system. Therefore, there is a need for a processor memory management method that does not require operating system intervention and can better implement process isolation.
发明内容SUMMARY OF THE INVENTION
本发明的目的是提供一种实现进程隔离的处理器内存管理方法,该方案无需操作系统干预,且能够更好的实现进程的隔离,有利于缓解操作系统的负荷,保证进程数据的安全。The purpose of the present invention is to provide a processor memory management method for realizing process isolation, which does not require the intervention of the operating system, and can better realize the isolation of the process, which is beneficial to relieve the load of the operating system and ensure the security of the process data.
本发明提供的技术方案如下:本发明提供一种实现进程隔离的处理器内存管理方法,包括步骤:构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统;通过处理器多层总线控制器将处理器内核运行的进程与所述嵌入式文件系统建立互连;通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件。The technical solution provided by the present invention is as follows: the present invention provides a processor memory management method for realizing process isolation, comprising the steps of: constructing an embedded file system that realizes encapsulating memory storage space into an independent unit with file characteristics by means of hardware control ; establish interconnection between the process running by the processor core and the embedded file system through the processor multi-layer bus controller; open up an embedded file corresponding to the process in the memory storage space through the embedded file system .
本方案通过构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统,并通过处理器多层总线控制器将处理器内核运行的进程与嵌入式文件系统建立互连,能够通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件,使得任何进程所属的内存只有进程本身可以读取或写入,其它任何进程包括操作系统在内,在没有获得进程许可的情况下,非法读取或写入进程私有内存空间都将会被所访问的内存硬件控制器直接拒绝,从而实现进程之间的物理隔离,保证进程数据的安全,另外,由于本方案无需操作系统干预,有利于缓解操作系统的负荷。This scheme realizes the encapsulation of the memory storage space into an embedded file system with file characteristics by means of hardware control, and establishes the process of the processor core running with the embedded file system through the multi-layer bus controller of the processor. Interconnection, which can open up embedded files corresponding to the process in the memory storage space through the embedded file system, so that the memory to which any process belongs can only be read or written by the process itself, and any other process, including the operating system, is not available. In the case of process permission, illegal reading or writing of the private memory space of the process will be directly rejected by the accessed memory hardware controller, thereby achieving physical isolation between processes and ensuring the security of process data. Without the intervention of the operating system, it is beneficial to relieve the load of the operating system.
进一步地,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件,具体包括:Further, opening up an embedded file corresponding to the process in the memory storage space through the embedded file system specifically includes:
接收所述进程向所述嵌入式文件系统发送的嵌入式文件创建指令;通过所述嵌入式文件系统在所述内存存储空间开辟所述嵌入式文件;将所述嵌入式文件的索引号反馈至所述进程,并通过所述索引号将所述进 程与所述嵌入式文件关联,使所述进程成为所述嵌入式文件的文件宿主。在创建嵌入式文件时,嵌入式文件系统接收文件创建指令,并在内存存储空间开辟嵌入式文件,之后将该嵌入式文件的索引号反馈至进程,从而实现进程与嵌入式文件的一一对应,该进程也成为了该嵌入式文件的文件宿主。Receive an embedded file creation instruction sent by the process to the embedded file system; open the embedded file in the memory storage space through the embedded file system; feed back the index number of the embedded file to the process, and associate the process with the embedded file through the index number, so that the process becomes the file host of the embedded file. When creating an embedded file, the embedded file system receives the file creation instruction, opens the embedded file in the memory storage space, and then feeds back the index number of the embedded file to the process, so as to realize the one-to-one correspondence between the process and the embedded file , the process also becomes the file host for the embedded file.
进一步地,所述的使所述进程成为所述嵌入式文件的文件宿主之后,还包括步骤:Further, after the process is made to become the file host of the embedded file, it also includes the steps:
接收所述文件宿主提供的与所述文件宿主对应的所述嵌入式文件的访问秘钥;receiving the access key of the embedded file corresponding to the file host provided by the file host;
通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,并记录所述嵌入式文件对应的所述文件宿主的宿主进程号。The access key corresponding to the embedded file is recorded through the embedded file system, and the host process number of the file host corresponding to the embedded file is recorded.
进一步地,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:Further, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps:
判断访问所述嵌入式文件的当前访问进程是否为所述嵌入式文件对应的所述文件宿主;Determine whether the current access process accessing the embedded file is the file host corresponding to the embedded file;
若判断为是,则直接进行访问;若判断为否,则判断所述当前访问进程是否具有所述访问秘钥;若判断为是,则可进行访问;If it is judged to be yes, then directly access; if it is judged to be no, then to judge whether the current access process has the access key; if it is judged to be yes, it can be accessed;
若判断为否,则不可进行访问。在访问嵌入式文件时,该嵌入式文件的文件宿主可以直接进行访问,无需进行验证;而其它进程若要访问该嵌入式文件,必须具有文件宿主授予的访问秘钥。If it is judged to be no, access is not possible. When accessing an embedded file, the file host of the embedded file can directly access it without verification; and other processes must have the access key granted by the file host if they want to access the embedded file.
进一步地,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:Further, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps:
接收所述文件宿主向所述嵌入式文件系统发送的秘钥更换指令,将所述嵌入式文件系统记录的所述嵌入式文件对应的所述访问秘钥更换为所述秘钥更换指令参数中的新秘钥;Receive the key replacement instruction sent by the file host to the embedded file system, and replace the access key corresponding to the embedded file recorded by the embedded file system with the key replacement instruction parameter 's new key;
和/或;接收所述文件宿主向所述嵌入式文件系统发送的宿主更换指令,将所述嵌入式文件系统记录的所述嵌入式文件对应的所述文件宿主的宿主进程号更换为所述秘钥更换指令指定的其它进程的进程号。And/or; receive the host replacement instruction sent by the file host to the embedded file system, and replace the host process number of the file host corresponding to the embedded file recorded by the embedded file system with the The process ID of the other process specified by the key replacement instruction.
进一步地,所述的使所述进程成为所述嵌入式文件的文件宿主之后,还包括步骤:Further, after the process is made to become the file host of the embedded file, it also includes the steps:
接收所述文件宿主向所述嵌入式文件系统发送的删除指令,所述嵌入式文件系统根据所述删除指令释放所述文件宿主对应的所述嵌入式文件的内存空间;receiving a deletion instruction sent by the file host to the embedded file system, and the embedded file system releases the memory space of the embedded file corresponding to the file host according to the deletion instruction;
和/或;接收所述文件宿主向所述嵌入式文件系统发送的清除指令,所述嵌入式文件系统根据所述清除指令将所述文件宿主对应的所述嵌入式文件的所有数据的值复位为0。and/or: receiving a clear instruction sent by the file host to the embedded file system, and the embedded file system resets the value of all data of the embedded file corresponding to the file host according to the clear instruction is 0.
进一步地,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:Further, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps:
接收所述文件宿主向所述嵌入式文件系统发送的读指针设置指令,所述嵌入式文件系统将所述文件宿主对应的所述嵌入式文件的读操作指针重新设置为所述读指针设置指令指定的地址;Receive a read pointer setting instruction sent by the file host to the embedded file system, and the embedded file system resets the read operation pointer of the embedded file corresponding to the file host to the read pointer setting instruction designated address;
和/或;接收所述进程向所述嵌入式文件系统发送的宿主读指令,所述嵌入式文件系统在判断所述进程的进程号为所述宿主进程号时,以所述进程对应的所述嵌 入式文件记录的读操作指针为基地址,向指令发起端口连续传输指定字节数的数据;And/or: receiving the host read instruction sent by the process to the embedded file system, the embedded file system, when judging that the process number of the process is the host process number, uses the corresponding number of the process. The read operation pointer of the embedded file record is the base address, and the data of the specified number of bytes is continuously transmitted to the command initiation port;
和/或;接收所述进程向所述嵌入式文件系统发送的非宿主读指令,所述嵌入式文件系统在判断所述进程携带有与所述嵌入式文件对应的所述访问秘钥时,以所述非宿主读指令中指定的基地址向指令发起端口连续传输指定字节数的数据。and/or: receiving a non-host read instruction sent by the process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, The specified number of bytes of data are continuously transmitted to the command initiating port with the base address specified in the non-host read command.
进一步地,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:接收所述文件宿主向所述嵌入式文件系统发送写指针设置指令,所述嵌入式文件系统将所述文件宿主对应的所述嵌入式文件的写操作指针重新设置为所述写指针设置指令指定的地址;Further, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps: Receive the file host sending a write pointer setting instruction to the embedded file system, and the embedded file system resets the write operation pointer of the embedded file corresponding to the file host to the write pointer setting instruction designation the address of;
和/或;接收所述进程向所述嵌入式文件系统发送的宿主写指令,所述嵌入式文件系统在判断所述进程的进程号为所述宿主进程号时,以所述进程对应的所述嵌入式文件记录的写操作指针为基地址,接收指令发起端口连续传输的指定字节数的数据;And/or: receiving the host write instruction sent by the process to the embedded file system, the embedded file system, when judging that the process number of the process is the host process number, uses the corresponding number of the process. The write operation pointer recorded in the embedded file is the base address, and the received instruction initiates the port to continuously transmit the specified number of bytes of data;
和/或;接收所述进程向所述嵌入式文件系统发送的非宿主写指令,所述嵌入式文件系统在判断所述进程携带有与所述嵌入式文件对应的所述访问秘钥时,以所述非宿主写指令中指定的基地址接收指令发起端口连续传输的指定字节数的数据。and/or: receiving a non-host write instruction sent by the process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, The specified number of bytes of data continuously transmitted by the command initiation port are received at the base address specified in the non-host write command.
进一步地,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件之后,还包括步骤:Further, after the embedded file corresponding to the process is opened up in the memory storage space by the embedded file system, the step further includes:
接收向所述嵌入式文件系统发送的三方操作宿主RX传输建立指令和/或三 方操作非宿主RX传输建立指令;接收用于在所述处理器多层总线控制器的端口之间传输数据的三方操作数据传输指令;通知所述嵌入式文件系统的数据接收端接收由所述三方操作数据传输指令发送的数据;Receive a tripartite operation host RX transfer establishment instruction and/or a tripartite operation non-host RX transfer establishment instruction sent to the embedded file system; receive tripartite data transfer between ports of the processor multi-layer bus controller operating data transmission instructions; informing the data receiving end of the embedded file system to receive the data sent by the three-party operation data transmission instructions;
接收向所述嵌入式文件系统发送的三方取消RX传输建立指令,并取消由所述三方操作宿主RX传输建立指令和/或所述三方操作非宿主RX传输建立指令建立的数据接收端。Receive the three-party cancel RX transmission establishment instruction sent to the embedded file system, and cancel the data receiving end established by the three-party operation host RX transmission establishment instruction and/or the three-party operation non-host RX transmission establishment instruction.
进一步地,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件之后,还包括步骤:Further, after the embedded file corresponding to the process is opened up in the memory storage space by the embedded file system, the step further includes:
接收向所述嵌入式文件系统发送的三方操作宿主TX传输建立指令和/或三方操作非宿主TX传输建立指令;Receive the three-party operation host TX transmission establishment instruction and/or the three-party operation non-host TX transmission establishment instruction sent to the embedded file system;
接收用于在所述处理器多层总线控制器的端口之间传输数据的三方操作数据传输指令;receiving a tripartite operation data transfer instruction for transferring data between ports of the processor multi-layer bus controller;
通知所述嵌入式文件系统的数据发送端以所述三方操作数据传输指令发送指定的所述嵌入式文件数据。Notifying the data sending end of the embedded file system to send the specified embedded file data with the three-party operation data transmission instruction.
根据本发明提供的一种实现进程隔离的处理器内存管理方法,本方案通过构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统,并通过处理器多层总线控制器将处理器内核运行的进程与嵌入式文件系统建立互连,能够通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件,使得任何进程所属的内存只有进程本身可以读取或写入,其它任何进程包括操作系统在内,在没有获得进程许可的情况下,非法读取或写入进程私有内存空间都将会被所访问的内存硬件控制器直接拒绝,从而实现进程之间的物理隔离,保证进程数据的安全,另外,由于本方案无需操作 系统干预,有利于缓解操作系统的负荷。。According to a processor memory management method for realizing process isolation provided by the present invention, this solution realizes the encapsulation of memory storage space into an embedded file system with file characteristics in a hardware-controlled manner by constructing an embedded file system, and through multiple processors The layer bus controller interconnects the process running by the processor core with the embedded file system, and can open up the embedded file corresponding to the process in the memory storage space through the embedded file system, so that the memory belonging to any process can only be read by the process itself Read or write, any other process including the operating system, without the permission of the process, illegal reading or writing of the private memory space of the process will be directly rejected by the accessed memory hardware controller, thus realizing the process The physical isolation between them ensures the security of process data. In addition, since this solution does not require the intervention of the operating system, it is beneficial to relieve the load of the operating system. .
附图说明Description of drawings
下面将以明确易懂的方式,结合附图说明优选实施方式,对本方案的上述特性、技术特征、优点及其实现方式予以进一步说明。The preferred embodiments will be described below in a clear and easy-to-understand manner with reference to the accompanying drawings, and the above-mentioned characteristics, technical features, advantages and implementations of the present solution will be further described.
图1是本发明实施例的整体流程示意图;Fig. 1 is the overall flow schematic diagram of the embodiment of the present invention;
图2是本发明实施例的整体结构示意图;Fig. 2 is the overall structure schematic diagram of the embodiment of the present invention;
图3是本发明实施例的进程访问示意图。FIG. 3 is a schematic diagram of process access according to an embodiment of the present invention.
具体实施方式Detailed ways
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对照附图说明本发明的具体实施方式。显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图,并获得其他的实施方式。In order to more clearly describe the embodiments of the present invention or the technical solutions in the prior art, the specific embodiments of the present invention will be described below with reference to the accompanying drawings. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative efforts, and obtain other implementations.
为使图面简洁,各图中只示意性地表示出了与本发明相关的部分,它们并不代表其作为产品的实际结构。另外,以使图面简洁便于理解,在有些图中具有相同结构或功能的部件,仅示意性地绘示了其中的一个,或仅标出了其中的一个。在本文中,“一个”不仅表示“仅此一个”,也可以表示“多于一个”的情形。In order to keep the drawings concise, the drawings only schematically show the parts related to the present invention, and they do not represent its actual structure as a product. In addition, in order to make the drawings concise and easy to understand, in some drawings, only one of the components having the same structure or function is schematically shown, or only one of them is marked. As used herein, "one" not only means "only one", but also "more than one".
实施例1Example 1
本发明的一个实施例,如图1所示,本发明提供一种实现进程隔离的处理器内存管理方法,包括步骤:An embodiment of the present invention, as shown in FIG. 1, the present invention provides a processor memory management method for implementing process isolation, including the steps:
S1、构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统(Embedded File System,可以简写为EFS)。S1. Construct an embedded file system (Embedded File System, which can be abbreviated as EFS) that encapsulates the memory storage space into an independent unit with file characteristics by means of hardware control.
与现有技术中通过软件进行内存隔离的方式不同,本方案是以硬件控制的 方式实现对内存存储空间进行封装,达到隔离的效果。S2、通过处理器多层总线控制器将处理器内核运行的进程与嵌入式文件系统建立互连。Different from the way of performing memory isolation through software in the prior art, this solution implements the encapsulation of the memory storage space by means of hardware control to achieve the effect of isolation. S2. The process running by the processor core is interconnected with the embedded file system through the multi-layer bus controller of the processor.
处理器多层总线控制器中的“多层”的意思是在本示例中的总线控制器可以在某一时刻同时建立多个“源端端口”与“目标端端口”的互连,即同时维持多个互不干涉的总线互连,从而实现多个进程的同时访问,另外,在处理器内部总线互连技术中也存在着某一时刻只能维持一个总线互连的总线控制器。The "multi-layer" in the processor multi-layer bus controller means that the bus controller in this example can establish the interconnection of multiple "source port" and "destination port" at a certain time, that is, at the same time. It maintains multiple non-interfering bus interconnections, so as to realize simultaneous access of multiple processes. In addition, there is also a bus controller that can only maintain one bus interconnection at a certain time in the bus interconnection technology inside the processor.
S3、通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件(Embedded File,可以简写为EF)。本方案通过构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统,并通过处理器多层总线控制器将处理器内核运行的进程与嵌入式文件系统建立互连,能够通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件,使得任何进程所属的内存只有进程本身可以读取或写入,其它任何进程包括操作系统在内,在没有获得进程许可的情况下,非法读取或写入进程私有内存空间都将会被所访问的内存硬件控制器直接拒绝,从而实现进程之间的物理隔离,保证进程数据的安全,另外,由于本方案无需操作系统干预,有利于缓解操作系统的负荷。S3. Open up an embedded file (Embedded File, which can be abbreviated as EF) corresponding to the process in the memory storage space through the embedded file system. This scheme realizes the encapsulation of the memory storage space into an embedded file system with file characteristics by means of hardware control, and establishes the process of the processor core running with the embedded file system through the multi-layer bus controller of the processor. Interconnection, which can open up embedded files corresponding to the process in the memory storage space through the embedded file system, so that the memory to which any process belongs can only be read or written by the process itself, and any other process, including the operating system, is not available. In the case of process permission, illegal reading or writing of the private memory space of the process will be directly rejected by the accessed memory hardware controller, thereby achieving physical isolation between processes and ensuring the security of process data. Without the intervention of the operating system, it is beneficial to relieve the load of the operating system.
具体的,在本实施例中,处理器内核、处理器多层总线控制器和嵌入式文件系统的连接可以如图2和图3所示,图2和图3中的“内存”包括处理器外部的主存以及处理器内部的各种缓存,本示例以集成4个处理器内核及拥有4个内存接口为例(所谓“内存接口”是指在处理器内部系统总线上存在4个用于访问“内存”的总线端口),每个处理器内核中存在多个“进程”,且以Tx标识的方框标识在一段时间内每个处理器内核所运行过的进程,处理器内核在运行多个进程时通常以分时的方式来进行,即将一定时间段划分为均等的小的时间片段,这个时间片段可以被称之为内核时间片。图示中的T0至Tn表示从 0时间片开始一直到第n个时间片,在内核中运行所对应的进程(例如在“处理器内核1”中分别对应于“进程0”、“进程1”一直到“进程n”,它们并不是同时在“处理器内核1”中运行,而是表示依据时间片从0到n依次在“处理器内核1”中运行)。Specifically, in this embodiment, the connection between the processor core, the processor multi-layer bus controller and the embedded file system may be as shown in FIG. 2 and FIG. 3 , and the “memory” in FIG. 2 and FIG. 3 includes the processor External main memory and various caches inside the processor. This example takes the integration of 4 processor cores and 4 memory interfaces as an example (the so-called "memory interface" refers to the existence of 4 memory interfaces on the internal system bus of the processor. access to the bus port of the "memory"), there are multiple "processes" in each processor core, and the box marked by Tx identifies the process that each processor core has run in a period of time, the processor core is running Multiple processes are usually performed in a time-sharing manner, that is, a certain time period is divided into equal small time segments, which can be called kernel time slices. T0 to Tn in the figure represent the time slice from 0 to the nth time slice, and the corresponding processes are run in the kernel (for example, in "processor kernel 1", corresponding to "process 0", "process 1" respectively "Up to "process n", they are not running in "processor core 1" at the same time, but they mean that they run in "processor core 1" sequentially from 0 to n according to the time slice).
实施例2Example 2
本发明的一个实施例,在实施例1的基础上,通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件,具体包括:In an embodiment of the present invention, on the basis of Embodiment 1, an embedded file corresponding to a process is opened up in a memory storage space through an embedded file system, which specifically includes:
S31、接收进程向嵌入式文件系统发送的嵌入式文件创建指令,可以以字符“EFSNEW”作为指令符号。S31, receiving the embedded file creation instruction sent by the process to the embedded file system, the character "EFSNEW" may be used as the instruction symbol.
S32、通过嵌入式文件系统在内存存储空间开辟嵌入式文件。S32, developing an embedded file in the memory storage space through the embedded file system.
EFS执行EFSNEW指令即意味着指令发送的进程开辟了其所要求大小的内存空间,并以EF的方式进行封装。EFS executes the EFSNEW instruction, which means that the process sending the instruction opens up a memory space of the required size and encapsulates it in the way of EF.
另外,如果EFS因为“内存”空间不足而无法按指令要求创建EF,那么EFS需要反馈回一个错误代码给指令发送进程。In addition, if EFS cannot create an EF as required by the instruction due to insufficient "memory" space, then EFS needs to feed back an error code to the instruction sending process.
S33、将嵌入式文件的索引号反馈至进程,并通过索引号将进程与嵌入式文件关联,使进程成为嵌入式文件的文件宿主。S33. Feed back the index number of the embedded file to the process, and associate the process with the embedded file through the index number, so that the process becomes the file host of the embedded file.
在创建嵌入式文件时,嵌入式文件系统接收文件创建指令,并在内存存储空间开辟嵌入式文件,之后将该嵌入式文件的索引号反馈至进程,从而实现进程与嵌入式文件的一一对应,该进程也成为了该嵌入式文件的文件宿主。When creating an embedded file, the embedded file system receives the file creation instruction, opens the embedded file in the memory storage space, and then feeds back the index number of the embedded file to the process, so as to realize the one-to-one correspondence between the process and the embedded file , the process also becomes the file host for the embedded file.
优选的,使进程成为嵌入式文件的文件宿主之后,还包括步骤:S34、接收文件宿主提供的与文件宿主对应的嵌入式文件的访问秘钥。S35、通过嵌入式文件系统记录嵌入式文件对应的访问秘钥,并记录嵌入式文件对应的文件宿主的宿主进程号。Preferably, after the process becomes the file host of the embedded file, the step further includes: S34 , receiving the access key of the embedded file corresponding to the file host provided by the file host. S35, record the access key corresponding to the embedded file through the embedded file system, and record the host process number of the file host corresponding to the embedded file.
具体的,EFSNEW必须携带以下必要参数:“EF宿主进程号”、“空间大 小”、“EF访问秘钥”。宿主进程号表示嵌入式文件创建指令发送进程的进程号,当EF创建成功后,指令发送进程便成为了当前被创建EF的“EF宿主”,EFS需要以“EF宿主”的进程号来作为对“EF宿主”识别的唯一标准;空间大小表示嵌入式文件创建指令创建EF所需的内存空间;访问秘钥用于“EF宿主”授权其它“非EF宿主”访问EF的唯一凭证,该秘钥由指令发送进程提供,并将读、写权限以加密的方式至于秘钥当中,即“非EF宿主”获得相应EF秘钥后并不能修改秘钥所拥有的访问权限。另外,指令发起进程在本指令中所提供的“EF秘钥”必须是具有读和写全部访问权限的秘钥,该参数会被EFS记录并与EF索引号关联,成为“非EFS宿主”访问被指令所创建EF的唯一标准。Specifically, EFSNEW must carry the following necessary parameters: "EF Host Process ID", "Space Size", "EF Access Key". The host process number indicates the process number of the process that sends the embedded file creation instruction. When the EF is successfully created, the instruction sending process becomes the "EF host" of the currently created EF. EFS needs to use the process number of the "EF host" as the corresponding The only standard for "EF host" identification; the space size indicates the memory space required by the embedded file creation instruction to create EF; the access key is used by the "EF host" to authorize other "non-EF hosts" to access the EF. It is provided by the command sending process, and the read and write permissions are encrypted into the key, that is, the "non-EF host" cannot modify the access rights possessed by the key after obtaining the corresponding EF key. In addition, the "EF key" provided by the command-initiating process in this command must be a key with full read and write access rights. This parameter will be recorded by EFS and associated with the EF index number to become a "non-EFS host" access. The only standard for EFs created by directives.
实施例3Example 3
本发明的一个实施例,在实施例2的基础上,的通过嵌入式文件系统记录嵌入式文件对应的访问秘钥,以及记录嵌入式文件对应的文件宿主的宿主进程号之后,还包括步骤:判断访问嵌入式文件的当前访问进程是否为嵌入式文件对应的文件宿主;若判断为是,则直接进行访问;若判断为否,则判断当前访问进程是否具有访问秘钥;若判断为是,则可进行访问;若判断为否,则不可进行访问。An embodiment of the present invention, on the basis of Embodiment 2, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, further comprises the steps: Determine whether the current access process accessing the embedded file is the file host corresponding to the embedded file; if it is determined to be yes, then access it directly; if it is determined to be no, then determine whether the current access process has an access key; if it is determined to be yes, Access can be performed; if it is judged to be no, access cannot be performed.
在访问嵌入式文件时,该嵌入式文件的文件宿主可以直接进行访问,无需进行验证;而其它进程若要访问该嵌入式文件,必须具有文件宿主授予的访问秘钥。When accessing an embedded file, the file host of the embedded file can directly access it without verification; and other processes must have the access key granted by the file host if they want to access the embedded file.
优选的,通过嵌入式文件系统记录嵌入式文件对应的访问秘钥,以及记录嵌入式文件对应的文件宿主的宿主进程号之后,还包括步骤:Preferably, after recording the access key corresponding to the embedded file through the embedded file system, and recording the host process number of the file host corresponding to the embedded file, it also includes the steps:
接收文件宿主向嵌入式文件系统发送的秘钥更换指令,将嵌入式文件系统记录的嵌入式文件对应的访问秘钥更换为秘钥更换指令参数中的新秘钥;和/或;接收文件宿主向嵌入式文件系统发送的宿主更换指令,将嵌入式文件系统 记录的嵌入式文件对应的文件宿主的宿主进程号更换为秘钥更换指令指定的其它进程的进程号。Receive the key replacement instruction sent by the file host to the embedded file system, and replace the access key corresponding to the embedded file recorded in the embedded file system with the new key in the key replacement instruction parameter; and/or; receive the file host The host replacement instruction sent to the embedded file system replaces the host process number of the file host corresponding to the embedded file recorded in the embedded file system with the process number of other processes specified by the key replacement instruction.
在本实施例中,秘钥更换指令以字符“EFSKEY”作为指令符号,EFS执行EFSKEY会将制定EF的“EF秘钥”更改为本指令参数中的新的“EF秘钥”。在EFSKEY执行完毕后意味着以前的“EF秘钥”已经失效,即等同于“EF宿主”取消了此前已经授权其它“非EF宿主”对指定EF的访问权限。In this embodiment, the key replacement command uses the character "EFSKEY" as the command symbol, and executing EFSKEY by the EFS will change the "EF key" of the formulated EF to the new "EF key" in the parameters of this command. After the execution of EFSKEY is completed, it means that the previous "EF key" has become invalid, which is equivalent to the "EF host" canceling the access rights of other "non-EF hosts" previously authorized to the specified EF.
EFSKEY只有目标EF的“EF宿主”具有权限,即EFSKEY需要携带指令发起进程的进程号,EFS会以该进程号作为本指令是否具有执行权限的唯一标准。EFSKEY必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”、“新EF秘钥”。EFSKEY is only authorized by the "EF host" of the target EF, that is, EFSKEY needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority. EFSKEY must carry the following necessary parameters: "EF host process number", "target EF index number", "new EF secret key".
宿主更换指令以字符“EFSOWN”作为指令符号,EFS执行EFSOWN指令将会令指令参数中所指定EF的“EF宿主”更改为由指令参数中所指定的其它进程。该指令的意图是当进程与进程之间存在大批数量的数据传递时,可以直接将数据的所有权限交予对方,而不需要对方拷贝数据,也不需要考虑什么时候可以释放本应该传递出去的数据所占领的内存空间(更改“EF宿主”后,新的宿主在使用完数据后可直接删除,原宿主在交出权限后即可以不用管理相关数据所占内存空间的释放)。The host replacement instruction uses the character "EFSOWN" as the instruction symbol. EFS executing the EFSOWN instruction will change the "EF host" of the EF specified in the instruction parameter to another process specified in the instruction parameter. The intent of this instruction is that when there is a large amount of data transfer between processes, all permissions of the data can be directly handed over to the other party without the need for the other party to copy the data, and there is no need to consider when the data that should be passed can be released. The memory space occupied by the data (after changing the "EF host", the new host can delete the data directly after using the data, and the original host can release the memory space occupied by the related data after handing over the permissions).
EFSOWN的指令意图除向其它进程移交数据之外,还可以应用在父进程在为子进程初始化的过程中移交一些状态文件,确保父进程与子进程之间也具备物理上的隔离性质。In addition to handing over data to other processes, the EFSOWN instruction can also be applied to hand over some state files in the process of initializing the child process in the parent process to ensure that the parent process and the child process also have physical isolation properties.
EFSOWN只有目标EF的“EF宿主”具有权限,即EFSOWN需要携带指令发起进程的进程号,EFS会以该进程号作为本指令是否具有执行权限的唯一标准。EFSOWN必须携带以下必要参数:“EF原宿主进程号”、“目标EF索引号”、“EF新宿主进程号”。EFSOWN only has the authority of the "EF host" of the target EF, that is, EFSOWN needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority. EFSOWN must carry the following necessary parameters: "EF original host process number", "target EF index number", "EF new host process number".
实施例4Example 4
本发明的一个实施例,在实施例2或实施例3的基础上,使进程成为嵌入式文件的文件宿主之后,还包括步骤:An embodiment of the present invention, on the basis of Embodiment 2 or Embodiment 3, after the process becomes the file host of the embedded file, further includes the steps:
接收文件宿主向嵌入式文件系统发送的删除指令,嵌入式文件系统根据删除指令释放文件宿主对应的嵌入式文件的内存空间;和/或;接收文件宿主向嵌入式文件系统发送的清除指令,嵌入式文件系统根据清除指令将文件宿主对应的嵌入式文件的所有数据的值复位为0。Receive the deletion instruction sent by the file host to the embedded file system, and the embedded file system releases the memory space of the embedded file corresponding to the file host according to the deletion instruction; and/or; The type file system resets the value of all data of the embedded file corresponding to the file host to 0 according to the clear instruction.
在本实施例中,删除指令以字符“EFSDEL”作为指令符号,EFS执行EFSDEL指令意味着将释放指令参数中所指定EF所占领的内存空间,与此同时收回指令参数中所指定EF的“EF索引号”。In this embodiment, the delete instruction takes the character "EFSDEL" as the instruction symbol, and the execution of the EFSDEL instruction by EFS means that the memory space occupied by the EF specified in the instruction parameter will be released, and at the same time, the "EF" of the EF specified in the instruction parameter will be recovered. The index number".
EFSDEL只有目标EF的“EF宿主”具有权限,即EFSDEL需要携带指令发起进程的进程号,EFS会以该进程号作为本指令是否具有执行权限的唯一标准。EFSDEL必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”。EFSDEL only has the authority of the "EF host" of the target EF, that is, EFSDEL needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority. EFSDEL must carry the following necessary parameters: "EF host process number", "target EF index number".
清除指令以字符“EFSCLR”作为指令符号,EFS执行EFSCLR表示将指令参数中所指定EF中的所有数据的值复位为0,除此之外不做任何其它操作。该指令的意图主要是为进程提供一个快速将批量的变量复位方法。The clear command uses the character "EFSCLR" as the command symbol. EFS executes EFSCLR to reset the value of all data in the EF specified in the command parameter to 0, and does not do any other operations. The intent of this directive is primarily to provide a process with a quick way to reset a batch of variables.
EFSCLR只有目标EF的“EF宿主”具有权限,即EFSCLR需要携带指令发起进程的进程号,EFS会以该进程号作为本指令是否具有执行权限的唯一标准。EFSCLR必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”。EFSCLR only has the authority of the "EF host" of the target EF, that is, EFSCLR needs to carry the process ID of the process that initiated the instruction, and EFS will use the process ID as the only criterion for whether the instruction has execution authority. EFSCLR must carry the following necessary parameters: "EF host process number", "target EF index number".
实施例5Example 5
本发明的一个实施例,在实施例2至4任一实施例的基础上,通过嵌入式文件系统记录嵌入式文件对应的访问秘钥,以及记录嵌入式文件对应的文件宿主的宿主进程号之后,还包括步骤:In an embodiment of the present invention, on the basis of any one of Embodiments 2 to 4, the access key corresponding to the embedded file is recorded through the embedded file system, and after the host process number of the file host corresponding to the embedded file is recorded , which also includes the steps:
接收文件宿主向嵌入式文件系统发送的读指针设置指令,嵌入式文件系统 将文件宿主对应的嵌入式文件的读操作指针重新设置为读指针设置指令指定的地址;和/或;接收进程向嵌入式文件系统发送的宿主读指令,嵌入式文件系统在判断进程的进程号为宿主进程号时,以进程对应的嵌入式文件记录的读操作指针为基地址,向指令发起端口连续传输指定字节数的数据;和/或;接收进程向嵌入式文件系统发送的非宿主读指令,嵌入式文件系统在判断进程携带有与嵌入式文件对应的访问秘钥时,以非宿主读指令中指定的基地址向指令发起端口连续传输指定字节数的数据。Receive the read pointer setting instruction sent by the file host to the embedded file system, and the embedded file system resets the read operation pointer of the embedded file corresponding to the file host to the address specified by the read pointer setting instruction; and/or; the receiving process sends the embedded file to the embedded file system. When the embedded file system determines that the process ID of the process is the host process ID, the embedded file system uses the read operation pointer recorded in the embedded file corresponding to the process as the base address, and continuously transmits the specified bytes to the command initiation port. and/or; the non-host read command sent by the receiving process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, it will use the non-host read command specified in the non-host read command. The base address continuously transmits the specified number of bytes of data to the command-initiating port.
在本实施例中,读指针设置指令以字符“EFSSKR”作为指令符号,EFS执行EFSSKR会将目标EF的读操作指针重新设置为指令参数中指定的地址。EFS会维护每个EF的读操作和写操作指针,但是只针对“EF宿主”对EF的操作。即只有使用“EF宿主”进程号进行访问安全认证的读或写指令(才需要EFS来维护读或写指针。本指令可以让“EF宿主”进程重置EF的读操作指针,亦即读操作的基地址。EFSRD必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”、“EF读操作指针”。In this embodiment, the read pointer setting instruction uses the character "EFSSKR" as the instruction symbol, and EFS executes EFSSKR to reset the read operation pointer of the target EF to the address specified in the instruction parameter. EFS will maintain the read and write operation pointers of each EF, but only for the operations of the "EF host" on the EF. That is, only the read or write command that uses the "EF host" process ID to access security authentication (the EFS is required to maintain the read or write pointer. This command allows the "EF host" process to reset the EF read operation pointer, that is, the read operation. EFSRD must carry the following necessary parameters: "EF host process number", "target EF index number", "EF read operation pointer".
宿主读指令以字符“EFSRD”作为指令符号,EFSRD是指读取目标EF中的数据。所谓“宿主读指令”中的“宿主”二字表示当前指令只能使用EF的文件宿主的宿主进程号作为对EF访问安全认证的唯一标准。EFS在执行本指令时会以EF所记录的读指针为基地址,向指令发起端口连续传输指定字节数的数据,该“指定字节数”即为指令参数“最大读偏移地址”加1。EFSRD必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”、“最大读偏移地址”。The host read command uses the character "EFSRD" as the command symbol, and EFSRD refers to reading the data in the target EF. The word "host" in the so-called "host read instruction" indicates that the current instruction can only use the host process ID of the file host of the EF as the only criterion for EF access security authentication. When EFS executes this command, it will use the read pointer recorded by EF as the base address, and continuously transmit the specified number of bytes of data to the command initiation port. The "specified number of bytes" is the command parameter "Maximum read offset address" plus 1. EFSRD must carry the following necessary parameters: "EF host process number", "target EF index number", "maximum read offset address".
非宿主读指令以字符“EFSFR”作为指令符号,EFSFR是指读取目标EF中的数据。所谓“非宿主读指令”中的“非宿主”表示当前指令只能使用“EF秘钥”作为对EF访问安全认证的唯一标准。The non-host read instruction uses the character "EFSFR" as the instruction symbol, and EFSFR refers to reading the data in the target EF. The "non-host" in the so-called "non-host read command" means that the current command can only use the "EF key" as the only standard for EF access security authentication.
EFS在执行本指令时不能以EF所记录的读指针作为基地址,而只能以指令 中参数“读基地址”指定的基地址向指令发起端口连续传输指定字节数的数据,该“指定字节数”即为指令参数“最大读偏移地址”加1。本指令的主要意图是“EF宿主”授权“非EF宿主”可以直接访问目标EF,其方法就是“EF宿主”通过授予“非EF宿主”访问目标EF的“EF秘钥”,令“非EF宿主”获得直接访问目标EF的相关权限。EFSRD必须携带以下必要参数:“EF秘钥”、“目标EF索引号”、“读基地址”、“最大读偏移地址”。When executing this instruction, EFS cannot use the read pointer recorded by EF as the base address, but can only use the base address specified by the parameter "read base address" in the instruction to continuously transmit the specified number of bytes of data to the instruction initiation port. "Number of bytes" is the instruction parameter "Maximum read offset address" plus 1. The main purpose of this directive is that the "EF host" authorizes the "non-EF host" to directly access the target EF. The host" obtains the relevant permissions to directly access the target EF. EFSRD must carry the following necessary parameters: "EF key", "target EF index number", "read base address", "maximum read offset address".
实施例6Example 6
本发明的一个实施例,在实施例2至5任一实施例的基础上,通过嵌入式文件系统记录嵌入式文件对应的访问秘钥,以及记录嵌入式文件对应的文件宿主的宿主进程号之后,还包括步骤:In an embodiment of the present invention, on the basis of any one of Embodiments 2 to 5, the access key corresponding to the embedded file is recorded through the embedded file system, and after the host process number of the file host corresponding to the embedded file is recorded , which also includes the steps:
接收文件宿主向嵌入式文件系统发送写指针设置指令,嵌入式文件系统将文件宿主对应的嵌入式文件的写操作指针重新设置为写指针设置指令指定的地址;和/或;接收进程向嵌入式文件系统发送的宿主写指令,嵌入式文件系统在判断进程的进程号为宿主进程号时,以进程对应的嵌入式文件记录的写操作指针为基地址,接收指令发起端口连续传输的指定字节数的数据;和/或;接收进程向嵌入式文件系统发送的非宿主写指令,嵌入式文件系统在判断进程携带有与嵌入式文件对应的访问秘钥时,以非宿主写指令中指定的基地址接收指令发起端口连续传输的指定字节数的数据。The receiving file host sends a write pointer setting instruction to the embedded file system, and the embedded file system resets the write operation pointer of the embedded file corresponding to the file host to the address specified by the write pointer setting instruction; and/or; the receiving process sends the embedded file to the embedded file system. The host write command sent by the file system. When the embedded file system determines that the process ID of the process is the host process ID, the embedded file system uses the write operation pointer recorded in the embedded file corresponding to the process as the base address, and receives the command to initiate the specified bytes of the port continuous transmission. and/or; the non-host write instruction sent by the receiving process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, it will use the non-host write instruction specified in the non-host write instruction. The base address receives the specified number of bytes of data that the command initiates the port to transmit continuously.
具体的,在本实施例中,写指针设置指令以字符“EFSSKW”作为指令符号,EFS执行EFSSKW会将目标EF的写操作指针重新设置为指令参数中指定的地址。Specifically, in this embodiment, the write pointer setting instruction uses the character "EFSSKW" as the instruction symbol, and EFS executes EFSSKW to reset the write operation pointer of the target EF to the address specified in the instruction parameter.
EFS会维护每个EF的读操作和写操作指针,但是只针对“EF宿主”对EF的操作。即只有使用“EF宿主”进程号进行访问安全认证的读或写指令才需要EFS来维护读或写指针。本指令可以让“EF宿主”进程重置EF的写操作指针,亦即写操作的基地址。EFSRW必须携带以下必要参数:“EF宿主进程号”、“目 标EF索引号”、“EF写指针”。宿主写指令以字符“EFSWR”作为指令符号,EFSRD是指向目标EF中写入数据。所谓“宿主写指令”中的“宿主”二字表示当前指令只能使用“EF宿主”进程号作为对EF访问安全认证的唯一标准。EFS will maintain the read and write operation pointers of each EF, but only for the operations of the "EF host" on the EF. That is, only read or write instructions that use the "EF host" process ID for access security authentication require EFS to maintain the read or write pointer. This instruction allows the "EF host" process to reset the EF's write operation pointer, that is, the base address of the write operation. EFSRW must carry the following necessary parameters: "EF host process number", "target EF index number", "EF write pointer". The host write command uses the character "EFSWR" as the command symbol, and EFSRD points to the write data in the target EF. The word "host" in the so-called "host write instruction" means that the current instruction can only use the "EF host" process ID as the only criterion for EF access security authentication.
EFS在执行本指令时会以EF所记录的写指针为基地址,接收指令发起端口连续传输的指定字节数的数据,该“指定字节数”即为指令参数“最大读偏移地址”加1。EFSWR必须携带以下必要参数:“EF宿主进程号”、“目标EF索引号”、“最大写偏移地址”。When EFS executes this command, it will use the write pointer recorded by EF as the base address to receive the specified number of bytes of data continuously transmitted by the command initiation port. The "specified number of bytes" is the command parameter "maximum read offset address" plus 1. EFSWR must carry the following necessary parameters: "EF host process number", "target EF index number", "maximum write offset address".
非宿主写指令以字符“EFSFR”作为指令符号,EFSFR是指读取目标EF中的数据。所谓“非宿主读指令”中的“非宿主”表示当前指令只能使用“EF秘钥”作为对EF访问安全认证的唯一标准。The non-host write instruction uses the character "EFSFR" as the instruction symbol, and EFSFR refers to reading the data in the target EF. The "non-host" in the so-called "non-host read command" means that the current command can only use the "EF key" as the only standard for EF access security authentication.
EFS在执行本指令时不能以EF所记录的读指针作为基地址,而只能以指令中参数“读基地址”指定的基地址向指令发起端口连续传输指定字节数的数据,该“指定字节数”即为指令参数“最大读偏移地址”加1。本指令的主要意图是“EF宿主”授权“非EF宿主”可以直接访问目标EF,其方法就是“EF宿主”通过授予“非EF宿主”访问目标EF的“EF秘钥”,令“非EF宿主”获得直接访问目标EF的相关权限。EFSRD必须携带以下必要参数:“EF秘钥”、“目标EF索引号”、“读基地址”、“最大读偏移地址”。When executing this instruction, EFS cannot use the read pointer recorded by EF as the base address, but can only use the base address specified by the parameter "read base address" in the instruction to continuously transmit the specified number of bytes of data to the instruction initiation port. "Number of bytes" is the instruction parameter "Maximum read offset address" plus 1. The main purpose of this directive is that the "EF host" authorizes the "non-EF host" to directly access the target EF. The host" obtains the relevant permissions to directly access the target EF. EFSRD must carry the following necessary parameters: "EF key", "target EF index number", "read base address", "maximum read offset address".
实施例7本发明的一个实施例,在上述任一实施例的基础上,通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件之后,还包括步骤:接收向嵌入式文件系统发送的三方操作宿主RX传输建立指令和/或三方操作非宿主RX传输建立指令。接收用于在处理器多层总线控制器的端口之间传输数据的三方操作数据 传输指令。Embodiment 7 An embodiment of the present invention, on the basis of any of the above-mentioned embodiments, after the embedded file corresponding to the process is opened in the memory storage space by the embedded file system, further includes the step of: receiving and sending the embedded file system to the embedded file system. The three-party operation host RX transfer setup command and/or the three-party operation non-host RX transfer setup command. A tripartite operation data transfer instruction for transferring data between ports of the processor's multilayer bus controller is received.
通知嵌入式文件系统的数据接收端接收由三方操作数据传输指令发送的数据。Notify the data receiving end of the embedded file system to receive the data sent by the three-party operation data transmission instruction.
接收向嵌入式文件系统发送的三方取消RX传输建立指令,并取消由三方操作宿主RX传输建立指令和/或三方操作非宿主RX传输建立指令建立的数据接收端。Receive the three-party cancel RX transfer establishment command sent to the embedded file system, and cancel the data receiver established by the three-party operation host RX transfer establishment command and/or the three-party operation non-host RX transfer establishment command.
具体的,在本实施例中,三方操作宿主RX传输建立指令以字符“EFSRX”作为指令符号,EFSRX是为“三方操作传输”建立起数据接收端,即通知数据接收端EFS准备接收由EFSX指令发送过来的数据。Specifically, in this embodiment, the three-party operation host RX transmission establishment command uses the character "EFSRX" as the command symbol, and EFSRX establishes a data receiving end for "three-way operation and transmission", that is, notifies the data receiving end that EFS is ready to receive the EFSX command. data sent.
所谓“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中,但发起这一传输的是端口C的进程或端口C的其它硬件模块。EFSRX为“三方操作宿主RX传输建立”,即表示本指令是由“三方操作传输”中的C端口向B端口发出指令。“三方操作宿主RX传输建立”中的“宿主”即表示C必须为数据目标端B端口EF的宿主,同时也意味EFS执行本指令时使用“EF宿主”进程号作为访问安全认证的唯一标准。端口B的EFS执行了本指令后,该端口会暂时锁定为等待来自A端口的EFSX指令。端口B进入锁定状态后,如果顺利接收到来自端口A的EFSX指令,在完成数据传输后,端口B会会到解锁状态。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。EFSRX必须携带以下必要参数:“目标EF索引号”、“EF宿主进程号”、“基地址”、“最大偏移地址”、“数据发送端端口号”。The so-called "three-way operation transmission" means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission. EFSRX is "Three-party operation host RX transmission establishment", which means that this command is sent by the C port to the B port in the "three-party operation and transmission". The "host" in "Three-party operation host RX transmission establishment" means that C must be the host of the EF of the data destination B port, and it also means that the EFS uses the "EF host" process number as the only standard for access security authentication when executing this command. After the EFS of port B executes this command, the port will be temporarily locked to wait for the EFSX command from port A. After port B enters the locked state, if the EFSX command from port A is successfully received, after completing the data transmission, port B will enter the unlocked state. The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF. EFSRX must carry the following necessary parameters: "target EF index number", "EF host process number", "base address", "maximum offset address", "data sender port number".
三方操作宿主RX传输建立指令以字符“EFSFRX”作为指令符号,EFSFRX是为“三方操作传输”建立起数据接收端,即通知数据接收端EFS准备接收由EFSX指令(参考EFS指令16)发送过来的数据(本指令只能在如图1中所示的“处理器多层总线控制器”的端口间传输,所以本质具有“端口”的参数)。The three-way operation host RX transmission establishment command uses the character "EFSFRX" as the command symbol. EFSFRX establishes a data receiving end for "three-way operation and transmission", that is, it informs the data receiving end that EFS is ready to receive the data sent by the EFSX command (refer to EFS command 16). Data (this instruction can only be transferred between ports of the "processor multi-layer bus controller" as shown in Figure 1, so it essentially has the parameter of "port").
所谓“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中, 但发起这一传输的是端口C的进程或端口C的其它硬件模块。The so-called "three-way operation transmission" means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission.
EFSFRX为“三方操作非宿主RX传输建立”,即表示本指令是由“三方操作传输”中的C端口向B端口发出指令。“三方操作非宿主RX传输建立”中的“非宿主”即表示C不是数据目标端B端口EF的宿主,同时也意味EFS执行本指令时必须使用“EF秘钥”作为访问安全认证的唯一标准。端口B的EFS执行了本指令后,该端口会暂时锁定为等待来自A端口的EFSX指令。端口B进入锁定状态后,如果顺利接收到来自端口A的EFSX指令,在完成数据传输后,端口B会会到解锁状态。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。EFSFRX必须携带以下必要参数:“目标EF索引号”、“EF秘钥”、“基地址”、“最大偏移地址”、“数据发送端端口号”。EFSFRX is "Three-party operation non-host RX transmission establishment", which means that this command is sent by the C port to the B port in the "three-party operation and transmission". "Non-host" in "Three-party operation non-host RX transmission establishment" means that C is not the host of the EF of the data destination B port, and also means that EFS must use the "EF key" as the only standard for access security authentication when executing this command . After the EFS of port B executes this command, the port will be temporarily locked to wait for the EFSX command from port A. After port B enters the locked state, if the EFSX command from port A is successfully received, after completing the data transmission, port B will enter the unlocked state. The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF. EFSFRX must carry the following necessary parameters: "target EF index number", "EF key", "base address", "maximum offset address", "data sender port number".
三方操作数据传输指令以字符“EFSX”作为指令符号,EFSX是为“三方操作传输”数据发送端实际发送数据的指令,所谓“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中,但发起这一传输的是端口C的进程或端口C的其它硬件模块。因此,EFSX是在端口C完成“三方操作传输”的“RX传输建立”和“TX传输建立”之后由A端口发出的指令。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。The three-way operation data transmission command takes the character "EFSX" as the command symbol. EFSX is the command to actually send the data for the "three-way operation transmission" data sender. EF, but it is the process of port C or other hardware module of port C that initiates the transfer. Therefore, EFSX is an instruction issued by port A after port C completes "RX transfer establishment" and "TX transfer establishment" of "three-way operation transfer". The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
三方操作取消RX传输建立指令以字符“EFSCNS”作为指令符号,EFSCNS是取消“三方操作传输”已经由EFSRX或EFSFRX所建立的“三方操作传输”的数据接收端,即解除相关端口的“锁定”状态。The three-party operation cancel RX transmission establishment command uses the character "EFSCNS" as the command symbol. EFSCNS is the data receiving end that cancels the "three-party operation transmission" that has been established by EFSRX or EFSFRX, that is, releases the "lock" of the relevant port. state.
“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中,但发起这一传输的是端口C的进程或端口C的其它硬件模块。EFSCNS指令只可能由端口C,即“三方操作传输”的发起者发出。EFSCNS是在端口C试图向端口A发送EFSTX或EFSFTX时遭遇端口A拒绝(可能由于端口处于繁忙状态或EF访问安全认证未通过而拒绝),此时端口C可以及时取消已经建立起来的B端口 (即“三方操作传输”的数据接收端)的接收状态,令端口B及时解除“锁定”状态。EFSFTX必须携带以下必要参数:“数据发送端端口号”。"Three-way operation transmission" means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission. The EFSCNS command may only be issued by port C, the initiator of the "three-way operation transfer". EFSCNS is rejected by port A when port C tries to send EFSTX or EFSFTX to port A (possibly because the port is in a busy state or the EF access security authentication fails). At this time, port C can cancel the established port B in time ( That is, the receiving state of the data receiving end of the "three-party operation transmission", so that port B can release the "locked" state in time. EFSFTX must carry the following necessary parameters: "data sender port number".
实施例8本发明的一个实施例,在上述任一实施例的基础上,通过嵌入式文件系统在内存存储空间开辟与进程对应的嵌入式文件之后,还包括步骤:接收向嵌入式文件系统发送的三方操作宿主TX传输建立指令和/或三方操作非宿主TX传输建立指令。接收用于在处理器多层总线控制器的端口之间传输数据的三方操作数据传输指令。Embodiment 8 An embodiment of the present invention, on the basis of any of the above-mentioned embodiments, after the embedded file corresponding to the process is opened in the memory storage space through the embedded file system, further includes the step of: receiving and sending the embedded file system to the embedded file system. The three-way operation host TX transmission setup command and/or the three-way operation non-host TX transmission setup command. A tripartite operation data transfer instruction for transferring data between ports of the processor's multilayer bus controller is received.
通知嵌入式文件系统的数据发送端以三方操作数据传输指令发送指定的嵌入式文件数据。Notify the data sending end of the embedded file system to send the specified embedded file data with a three-party operation data transmission instruction.
在本实施例中,三方操作宿主TX传输建立指令以字符“EFSTX”作为指令符号,EFSTX是为“三方操作传输”建立起数据发送端。In this embodiment, the three-party operation host TX transmission establishment command uses the character "EFSTX" as the command symbol, and EFSTX establishes a data sending end for the "three-party operation and transmission".
“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中,但发起这一传输的是端口C的进程或端口C的其它硬件模块。EFSTX为“三方操作宿主TX传输建立”,即表示本指令是由“三方操作传输”中的C端口向A端口发出指令。“三方操作宿主TX传输建立”中的“宿主”即表示C必须为数据发送端A端口EF的宿主,同时也意味EFS执行本指令时使用“EF宿主”进程号作为访问安全认证的唯一标准。端口A的EFS执行了本指令后,该端口会要么拒绝执行,要么会离开通过EFSX指令向端口B发送相应的EF数据。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。EFSTX必须携带以下必要参数:“源EF索引号”、“EF宿主进程号”、“基地址”、“最大偏移地址”、“数据接收端端口号”。"Three-way operation transmission" means that the EF data of port A is transmitted to the EF of port B, but the process of port C or other hardware modules of port C initiates the transmission. EFSTX is "Three-party operation host TX transmission establishment", which means that this command is sent by the C port to the A port in the "three-party operation and transmission". "Host" in "Three-party operation host TX transmission establishment" means that C must be the host of EF of port A of the data sender, and it also means that EFS uses the "EF host" process number as the only standard for access security authentication when executing this command. After the EFS of port A executes this command, the port will either refuse to execute or leave to send the corresponding EF data to port B through the EFSX command. The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF. EFSTX must carry the following necessary parameters: "source EF index number", "EF host process number", "base address", "maximum offset address", "data receiver port number".
三方操作数据传输指令以字符“EFSX”作为指令符号,EFSX是为“三方操 作传输”数据发送端实际发送数据的指令,“三方操作传输”是指完成端口A的EF数据传输到端口B的EF中,但发起这一传输的是端口C的进程或端口C的其它硬件模块。因此,EFSX是在端口C完成“三方操作传输”的“RX传输建立”和“TX传输建立”之后由A端口发出的指令。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。The three-way operation data transmission command uses the character "EFSX" as the command symbol. EFSX is the command to actually send data for the "three-way operation and transmission" data sender. , but it is a process on port C or another hardware module on port C that initiates the transfer. Therefore, EFSX is an instruction issued by port A after port C completes "RX transfer establishment" and "TX transfer establishment" of "three-way operation transfer". The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF.
三方操作非宿主TX传输建立指令以字符“EFSFTX”作为指令符号,EFSFTX是为“三方操作传输”建立起数据发送端,即通知数据发送端EFS准备以EFSX指令发送指定的EF数据。The three-party operation non-host TX transmission establishment command uses the character "EFSFTX" as the command symbol. EFSFTX establishes a data sender for "three-party operation and transmission", that is, notifies the data sender EFS to prepare to send the specified EF data with the EFSX command.
EFSFTX为“三方操作非宿主TX传输建立”,即表示本指令是由“三方操作传输”中的C端口向A端口发出指令。“三方操作非宿主TX传输建立”中的“非宿主”即表示C不是数据发送端A端口EF的宿主,同时也意味EFS执行本指令时必须使用“EF秘钥”作为访问安全认证的唯一标准。端口A的EFS执行了本指令后,该端口会要么拒绝执行,要么会离开通过EFSX指令向端口B发送相应的EF数据。本指令的意图是让处理器内核中的进程可以快速、轻松地完成对EF的拷贝、剪切操作。EFSFTX必须携带以下必要参数:“源EF索引号”、“EF秘钥”、“基地址”、“最大偏移地址”、“数据接收端端口号”。EFSFTX is "Three-party operation non-host TX transmission establishment", which means that this command is sent by the C port to the A port in the "three-party operation and transmission". "Non-host" in "Three-party operation non-host TX transmission establishment" means that C is not the host of the EF of port A of the data sender, and also means that EFS must use the "EF key" as the only standard for access security authentication when executing this command . After the EFS of port A executes this command, the port will either refuse to execute or leave to send the corresponding EF data to port B through the EFSX command. The intent of this instruction is to allow processes in the processor core to quickly and easily complete copy and cut operations on EF. EFSFTX must carry the following necessary parameters: "source EF index number", "EF key", "base address", "maximum offset address", "data sink port number".
应当说明的是,上述实施例均可根据需要自由组合。以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。It should be noted that the above embodiments can be freely combined as required. The above are only the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, several improvements and modifications can be made. It should be regarded as the protection scope of the present invention.

Claims (10)

  1. 一种实现进程隔离的处理器内存管理方法,其特征在于,包括步骤:A processor memory management method for realizing process isolation, comprising the steps of:
    构建以硬件控制的方式实现将内存存储空间封装成为具有文件特性的独立单元的嵌入式文件系统;通过处理器多层总线控制器将处理器内核运行的进程与所述嵌入式文件系统建立互连;通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件。Build an embedded file system that encapsulates the memory storage space into an independent unit with file characteristics by means of hardware control; establishes interconnection between the process running by the processor core and the embedded file system through the processor multi-layer bus controller ; Open up an embedded file corresponding to the process in the memory storage space through the embedded file system.
  2. 根据权利要求1所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件,具体包括:The processor memory management method for implementing process isolation according to claim 1, wherein the embedded file corresponding to the process is opened in the memory storage space by the embedded file system, Specifically include:
    接收所述进程向所述嵌入式文件系统发送的嵌入式文件创建指令;通过所述嵌入式文件系统在所述内存存储空间开辟所述嵌入式文件;将所述嵌入式文件的索引号反馈至所述进程,并通过所述索引号将所述进程与所述嵌入式文件关联,使所述进程成为所述嵌入式文件的文件宿主。Receive an embedded file creation instruction sent by the process to the embedded file system; open the embedded file in the memory storage space through the embedded file system; feed back the index number of the embedded file to the process, and associate the process with the embedded file through the index number, so that the process becomes the file host of the embedded file.
  3. 根据权利要求2所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的使所述进程成为所述嵌入式文件的文件宿主之后,还包括步骤:The processor memory management method for implementing process isolation according to claim 2, characterized in that, after the process becomes the file host of the embedded file, the method further comprises the steps of:
    接收所述文件宿主提供的与所述文件宿主对应的所述嵌入式文件的访问秘钥;receiving the access key of the embedded file corresponding to the file host provided by the file host;
    通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,并记录所述嵌入式文件对应的所述文件宿主的宿主进程号。The access key corresponding to the embedded file is recorded through the embedded file system, and the host process number of the file host corresponding to the embedded file is recorded.
  4. 根据权利要求3所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:The processor memory management method for implementing process isolation according to claim 3, wherein the access key corresponding to the embedded file is recorded by the embedded file system, and the access key corresponding to the embedded file is recorded by the embedded file system. After the host process number of the file host corresponding to the embedded file, it also includes the steps:
    判断访问所述嵌入式文件的当前访问进程是否为所述嵌入式文件对应的所述文件宿主;Determine whether the current access process accessing the embedded file is the file host corresponding to the embedded file;
    若判断为是,则直接进行访问;若判断为否,则判断所述当前访问进程是否具有所述访问秘钥;若判断为是,则可进行访问;If it is judged to be yes, then directly access; if it is judged to be no, then to judge whether the current access process has the access key; if it is judged to be yes, it can be accessed;
    若判断为否,则不可进行访问。If it is judged to be no, access is not possible.
  5. 根据权利要求3所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:The processor memory management method for implementing process isolation according to claim 3, wherein the access key corresponding to the embedded file is recorded by the embedded file system, and the access key corresponding to the embedded file is recorded by the embedded file system. After the host process number of the file host corresponding to the embedded file, it also includes the steps:
    接收所述文件宿主向所述嵌入式文件系统发送的秘钥更换指令,将所述嵌入式文件系统记录的所述嵌入式文件对应的所述访问秘钥更换为所述秘钥更换指令参数中的新秘钥;Receive the key replacement instruction sent by the file host to the embedded file system, and replace the access key corresponding to the embedded file recorded by the embedded file system with the key replacement instruction parameter 's new key;
    和/或;接收所述文件宿主向所述嵌入式文件系统发送的宿主更换指令,将所述嵌入式文件系统记录的所述嵌入式文件对应的所述文件宿主的宿主进程号更换为所述秘钥更换指令指定的其它进程的进程号。And/or; receive the host replacement instruction sent by the file host to the embedded file system, and replace the host process number of the file host corresponding to the embedded file recorded by the embedded file system with the The process ID of the other process specified by the key replacement instruction.
  6. 根据权利要求2所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的使所述进程成为所述嵌入式文件的文件宿主之后,还包括 步骤:A kind of processor memory management method for realizing process isolation according to claim 2, is characterized in that, after described making described process become the file host of described embedded file, also comprises step:
    接收所述文件宿主向所述嵌入式文件系统发送的删除指令,所述嵌入式文件系统根据所述删除指令释放所述文件宿主对应的所述嵌入式文件的内存空间;receiving a deletion instruction sent by the file host to the embedded file system, and the embedded file system releases the memory space of the embedded file corresponding to the file host according to the deletion instruction;
    和/或;接收所述文件宿主向所述嵌入式文件系统发送的清除指令,所述嵌入式文件系统根据所述清除指令将所述文件宿主对应的所述嵌入式文件的所有数据的值复位为0。and/or: receiving a clear instruction sent by the file host to the embedded file system, and the embedded file system resets the value of all data of the embedded file corresponding to the file host according to the clear instruction is 0.
  7. 根据权利要求3所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:The processor memory management method for implementing process isolation according to claim 3, wherein the access key corresponding to the embedded file is recorded by the embedded file system, and the access key corresponding to the embedded file is recorded by the embedded file system. After the host process number of the file host corresponding to the embedded file, it also includes the steps:
    接收所述文件宿主向所述嵌入式文件系统发送的读指针设置指令,所述嵌入式文件系统将所述文件宿主对应的所述嵌入式文件的读操作指针重新设置为所述读指针设置指令指定的地址;Receive a read pointer setting instruction sent by the file host to the embedded file system, and the embedded file system resets the read operation pointer of the embedded file corresponding to the file host to the read pointer setting instruction designated address;
    和/或;接收所述进程向所述嵌入式文件系统发送的宿主读指令,所述嵌入式文件系统在判断所述进程的进程号为所述宿主进程号时,以所述进程对应的所述嵌入式文件记录的读操作指针为基地址,向指令发起端口连续传输指定字节数的数据;And/or; receiving the host read instruction sent by the process to the embedded file system, the embedded file system, when judging that the process number of the process is the host process number, uses the corresponding number of the process. The read operation pointer of the embedded file record is the base address, and the data of the specified number of bytes is continuously transmitted to the command initiation port;
    和/或;接收所述进程向所述嵌入式文件系统发送的非宿主读指令,所述嵌入式文件系统在判断所述进程携带有与所述嵌入式文件对应的所述访问秘钥时,以所述非宿主读指令中指定的基地址向指令发起端口连续传输指定字节数的 数据。and/or: receiving a non-host read instruction sent by the process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, Continuously transmit the specified number of bytes of data to the command initiating port with the base address specified in the non-host read command.
  8. 根据权利要求3所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统记录所述嵌入式文件对应的所述访问秘钥,以及记录所述嵌入式文件对应的所述文件宿主的宿主进程号之后,还包括步骤:The processor memory management method for implementing process isolation according to claim 3, wherein the access key corresponding to the embedded file is recorded by the embedded file system, and the access key corresponding to the embedded file is recorded by the embedded file system. After the host process number of the file host corresponding to the embedded file, it also includes the steps:
    接收所述文件宿主向所述嵌入式文件系统发送写指针设置指令,所述嵌入式文件系统将所述文件宿主对应的所述嵌入式文件的写操作指针重新设置为所述写指针设置指令指定的地址;Receive the file host sending a write pointer setting instruction to the embedded file system, and the embedded file system resets the write operation pointer of the embedded file corresponding to the file host to the write pointer setting instruction designation the address of;
    和/或;接收所述进程向所述嵌入式文件系统发送的宿主写指令,所述嵌入式文件系统在判断所述进程的进程号为所述宿主进程号时,以所述进程对应的所述嵌入式文件记录的写操作指针为基地址,接收指令发起端口连续传输的指定字节数的数据;And/or: receiving the host write instruction sent by the process to the embedded file system, the embedded file system, when judging that the process number of the process is the host process number, uses the corresponding number of the process. The write operation pointer recorded in the embedded file is the base address, and the received instruction initiates the port to continuously transmit the specified number of bytes of data;
    和/或;接收所述进程向所述嵌入式文件系统发送的非宿主写指令,所述嵌入式文件系统在判断所述进程携带有与所述嵌入式文件对应的所述访问秘钥时,以所述非宿主写指令中指定的基地址接收指令发起端口连续传输的指定字节数的数据。and/or: receiving a non-host write instruction sent by the process to the embedded file system, when the embedded file system judges that the process carries the access key corresponding to the embedded file, The specified number of bytes of data continuously transmitted by the command initiation port are received at the base address specified in the non-host write command.
  9. 根据权利要求1-8任一所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件之后,还包括步骤:The processor memory management method for implementing process isolation according to any one of claims 1 to 8, wherein the embedded file system is used to open up a memory storage space corresponding to the process in the memory storage space. After the embedded file, there are also steps:
    接收向所述嵌入式文件系统发送的三方操作宿主RX传输建立指令和/或三方操作非宿主RX传输建立指令;Receive the three-party operation host RX transmission establishment instruction and/or the three-party operation non-host RX transmission establishment instruction sent to the embedded file system;
    接收用于在所述处理器多层总线控制器的端口之间传输数据的三方操作数据传输指令;receiving a tripartite operation data transfer instruction for transferring data between ports of the processor multi-layer bus controller;
    通知所述嵌入式文件系统的数据接收端接收由所述三方操作数据传输指令发送的数据;Notifying the data receiving end of the embedded file system to receive the data sent by the three-party operation data transmission instruction;
    接收向所述嵌入式文件系统发送的三方取消RX传输建立指令,并取消由所述三方操作宿主RX传输建立指令和/或所述三方操作非宿主RX传输建立指令建立的数据接收端。Receive the three-party cancel RX transmission establishment instruction sent to the embedded file system, and cancel the data receiving end established by the three-party operation host RX transmission establishment instruction and/or the three-party operation non-host RX transmission establishment instruction.
  10. 根据权利要求1-8任一所述的一种实现进程隔离的处理器内存管理方法,其特征在于,所述的通过所述嵌入式文件系统在所述内存存储空间开辟与所述进程对应的嵌入式文件之后,还包括步骤:The processor memory management method for implementing process isolation according to any one of claims 1 to 8, wherein the embedded file system is used to open up a memory storage space corresponding to the process in the memory storage space. After the embedded file, there are also steps:
    接收向所述嵌入式文件系统发送的三方操作宿主TX传输建立指令和/或三方操作非宿主TX传输建立指令;Receive the three-party operation host TX transmission establishment instruction and/or the three-party operation non-host TX transmission establishment instruction sent to the embedded file system;
    接收用于在所述处理器多层总线控制器的端口之间传输数据的三方操作数据传输指令;receiving a tripartite operation data transfer instruction for transferring data between ports of the processor multi-layer bus controller;
    通知所述嵌入式文件系统的数据发送端以所述三方操作数据传输指令发送指定的所述嵌入式文件数据。Notifying the data sending end of the embedded file system to send the specified embedded file data with the three-party operation data transmission instruction.
PCT/CN2021/071272 2021-01-12 2021-01-12 Processor memory management method for achieving process isolation WO2022150966A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071272 WO2022150966A1 (en) 2021-01-12 2021-01-12 Processor memory management method for achieving process isolation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071272 WO2022150966A1 (en) 2021-01-12 2021-01-12 Processor memory management method for achieving process isolation

Publications (1)

Publication Number Publication Date
WO2022150966A1 true WO2022150966A1 (en) 2022-07-21

Family

ID=82446390

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/071272 WO2022150966A1 (en) 2021-01-12 2021-01-12 Processor memory management method for achieving process isolation

Country Status (1)

Country Link
WO (1) WO2022150966A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105138905A (en) * 2015-08-25 2015-12-09 中国科学院信息工程研究所 Isolation operation method for Linux application program
US20160162451A1 (en) * 2011-08-19 2016-06-09 Yongyong Xu Online software execution platform
CN108874699A (en) * 2018-06-19 2018-11-23 北京元心科技有限公司 Multisystem uses the method, apparatus and electronic equipment of MTP function
US20190207631A1 (en) * 2018-01-03 2019-07-04 Morgan State University Multi-band multi-mode software defined radio
CN110362382A (en) * 2019-06-24 2019-10-22 湖南麒麟信安科技有限公司 A kind of vessel safety partition method, system and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160162451A1 (en) * 2011-08-19 2016-06-09 Yongyong Xu Online software execution platform
CN105138905A (en) * 2015-08-25 2015-12-09 中国科学院信息工程研究所 Isolation operation method for Linux application program
US20190207631A1 (en) * 2018-01-03 2019-07-04 Morgan State University Multi-band multi-mode software defined radio
CN108874699A (en) * 2018-06-19 2018-11-23 北京元心科技有限公司 Multisystem uses the method, apparatus and electronic equipment of MTP function
CN110362382A (en) * 2019-06-24 2019-10-22 湖南麒麟信安科技有限公司 A kind of vessel safety partition method, system and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG ZHI-PING , ET AL.: "THE DESIGN AND IMPLEMENTATION OF A EMBEDDED REAL -TIME OPERATING SYSTEM FOR MULTIPROCESSING", JOURNAL OF COMPUTER APPLICATIONS, JISUANJI YINGYONG, CN, vol. 20, no. 4, 30 April 2000 (2000-04-30), CN , pages 4 - 6, XP055951802, ISSN: 1001-9081 *

Similar Documents

Publication Publication Date Title
US20220091998A1 (en) Technologies for secure device configuration and management
US8402269B2 (en) System and method for controlling exit of saved data from security zone
CN105022954B (en) Soar tri-state operation system security kernel service dynamic operation method on CPU
US8533494B2 (en) Storage system to which removable encryption/decryption module is connected
KR20210040569A (en) Blockchain based data management system and method thereof
CN111709056A (en) Data sharing method and system based on block chain
US20080046898A1 (en) Method and System for Implementing an External Trusted Platform Module
JP2010512605A (en) Method and apparatus for separating binding information from object and enabling appropriate rights management
JP2001504968A (en) Agent implementation locking mechanism
EP0803154A1 (en) A mechanism for providing security to a dual decor command host system
WO2018054079A1 (en) Method for storing file, first virtual machine and namenode
JP7489672B2 (en) Method and system for blocking ransomware or phishing attacks
US20200145419A1 (en) Secure accelerator device pairing for trusted accelerator-to-accelerator communication
JP2005276158A (en) Storage system, computer system and method of establishing attribute of storage area
US20210216222A1 (en) Data Management Method and Apparatus, and Server
WO2023016414A1 (en) Credential rotation method, computing device, and storage medium
US20090106348A1 (en) Method and system for limiting instances of a client-server program within a restricted distributed network
WO2022150966A1 (en) Processor memory management method for achieving process isolation
CA2910391C (en) Encryption solution for protecting file systems in multi-host clusters
KR100692999B1 (en) Key cache management through multiple localities
US10970383B2 (en) Device manager providing resource control and synchronization
RU2571380C2 (en) System and method of isolating resources using resource managers
KR20100027556A (en) Method for managing program excution by logined account permission and recording medium
CN112231707A (en) Processor memory management method for realizing process isolation
EP3602390B1 (en) System and method for securely isolating a system feature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21918184

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21918184

Country of ref document: EP

Kind code of ref document: A1