CN110008692A - A kind of information processing method, device and storage medium - Google Patents

A kind of information processing method, device and storage medium Download PDF

Info

Publication number
CN110008692A
CN110008692A CN201910223212.9A CN201910223212A CN110008692A CN 110008692 A CN110008692 A CN 110008692A CN 201910223212 A CN201910223212 A CN 201910223212A CN 110008692 A CN110008692 A CN 110008692A
Authority
CN
China
Prior art keywords
container
physical memory
page
host
page table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910223212.9A
Other languages
Chinese (zh)
Other versions
CN110008692B (en
Inventor
段立功
刘峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201910223212.9A priority Critical patent/CN110008692B/en
Publication of CN110008692A publication Critical patent/CN110008692A/en
Application granted granted Critical
Publication of CN110008692B publication Critical patent/CN110008692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention discloses a kind of information processing methods, comprising: the page in host virtual memory space is configured for container, to form container physical memory;Receive access request;In response to access request, the physical memory addresses of container are determined according to the virtual memory address of container;According to the mapping relations of the physical memory addresses of container and host-physical memory address, the physical memory addresses of container are converted into corresponding host-physical memory address, to realize access of the access request to host-physical memory address.The invention also discloses a kind of information processing unit and storage mediums.

Description

A kind of information processing method, device and storage medium
Technical field
The present invention relates to place's information processing technology more particularly to a kind of information processing method, device and storage mediums.
Background technique
In the prior art, since the working environment of server and carrying task are many kinds of, extensive use is held Device technology.Based on container, server quickly and conveniently can create its independent running environment for each container, still, this There are following two security risks for mechanism: 1) application program of operation in a reservoir may see host or operate in same one night The data of container application on host;2) application code of operation in a reservoir can be by mentioning the control such as power or access host Or other containers on same host are operated in, influence the safe operation of server.
Summary of the invention
The embodiment of the present invention provides a kind of information processing method, can be according to the physical memory addresses and host of the container The physical memory addresses of the container are converted to corresponding host-physical memory address by the mapping relations of physical memory addresses, The direct access for host-physical address is avoided, the technical solution of the embodiment of the present invention is achieved in that
The embodiment of the present invention provides a kind of information processing method, comprising:
The page in host virtual memory space is configured for container, to form container physical memory;
Receive access request;
In response to the access request, with determining the physical memory of the container according to the virtual memory address of the container Location;
According to the mapping relations of the physical memory addresses of the container and host-physical memory address, by the object of the container Reason memory address is converted to corresponding host-physical memory address, to realize the access request to the host-physical memory The access of location.
In above scheme, the physical memory addresses by the container are converted to corresponding host-physical memory address, Include:
The physical memory addresses of the container are read in multi-level page-table index according to corresponding binary data;
Binary data write-in Jing Guo the multi-level page-table index process is extended into position pointed by page table pointers, with It realizes and obtains corresponding host-physical memory address.
In above scheme,
When multi-level page-table index is level Four Page table index structure, the physical memory addresses of the container are according to correspondence Binary data sequentially enter fourth stage Page table index, third level Page table index, in the level Four Page table index structure Second level Page table index, Page table index.
In above scheme, the method also includes:
When the range for extending position pointed by page table pointers beyond the host-physical memory address, triggering is lacked Page interrupt process.
In above scheme, the method also includes:
Based on acquired host-physical memory address, judge whether to find corresponding page table entry;
If not finding corresponding page table entry, page faults process is triggered.
In above scheme, the method also includes:
In response to the page faults process, building extension page table;
It is that the extension page table configures multistage page index structure from the host-physical page.
In above scheme, the method also includes:
The received access request of parsing institute, obtains the priority tag of the access request,
Based on the priority tag for accessing and asking, the processing sequence of the access request is adjusted.
The present invention also provides a kind of information processing units, comprising:
Memory management module, for configuring the page in host virtual memory space for container, to form container physics Memory;
Information transmission modular, for receiving access request;
The memory management module, in response to the access request, the virtual memory address according to the container to be true The physical memory addresses of the fixed container;
Page table processing module, for being closed according to the physical memory addresses of the container and the mapping of host-physical memory address The physical memory addresses of the container are converted to corresponding host-physical memory address, to realize the access request pair by system The access of the host-physical memory address.
In above scheme,
The page table processing module, for reading in the physical memory addresses of the container according to corresponding binary data In multi-level page-table index;
Extension page is written in the page table processing module, the binary data for that will pass through the multi-level page-table index process Position pointed by list index obtains corresponding host-physical memory address to realize.
In above scheme,
The page table processing module, for by the physical memory addresses of the container according to corresponding binary data successively Into the fourth stage Page table index in level Four Page table index structure, third level Page table index, second level Page table index, page table rope Draw.
In above scheme,
The page table processing module, for working as position pointed by the extension page table pointers beyond in the host-physical When depositing the range of address, page faults process is triggered.
In above scheme,
The page table processing module, for judging whether to find correspondence based on acquired host-physical memory address Page table entry;
The page table processing module triggers page faults process for not finding corresponding page table entry.
In above scheme,
The memory management module, in response to the page faults process, building extension page table;
The memory management module, for being that the extension page table configures multistage page rope from the host-physical page Guiding structure.
In above scheme,
The page table processing module, for parsing, received access request, obtains the priority mark of the access request Know,
The page table processing module adjusts the place of the access request for accessing the priority tag asked based on described Make sequence in order.
The present invention also provides a kind of information processing unit, the information processing unit includes:
Memory, for storing executable instruction;
Processor executes at information provided by the present invention when for running the executable instruction of the memory storage Reason method.
The present invention also provides a kind of storage mediums, are stored with executable instruction, when for causing processor to execute, realize Information processing method provided by the present invention.
In the embodiment of the present invention, the received access request of response institute, memory management module is according to the virtual memory of container Location determines the physical memory addresses of container;Further, according to the physical memory addresses of the container and host-physical memory address Mapping relations, the physical memory addresses of the container are converted into corresponding host-physical memory address, to realize the visit Ask the access requested to the host-physical memory address.Hereby it is achieved that between container and container and container and host it Between memory isolation reduce since application code is wrong in container to realize the other isolation of virtual machine-level in a reservoir A possibility that host caused by mistake or malicious code and other containers collapse is reduced and is illegally visited between container using kernel loophole Ask the chance of other side's data.
Detailed description of the invention
Fig. 1 is an optional flow diagram of information processing method provided in an embodiment of the present invention;
Fig. 2 is an optional structural schematic diagram of information processing engagement positions 200 provided in an embodiment of the present invention;
Fig. 3 is an optional flow diagram of information processing method provided in an embodiment of the present invention;
Fig. 4 A is the embodiment of the present invention one optional use environment schematic diagram;
Fig. 4 B is the embodiment of the present invention one optional use environment schematic diagram;
Fig. 5 is an optional structural schematic diagram of information processing unit provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into It is described in detail to one step, described embodiment is not construed as limitation of the present invention, and those of ordinary skill in the art are not having All other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term used herein is intended merely to the purpose of the description embodiment of the present invention, It is not intended to limit the present invention.
Before the embodiment of the present invention is further elaborated, to noun involved in the embodiment of the present invention and term It is illustrated, noun involved in the embodiment of the present invention and term are suitable for following explanation.
1) address in internal memory-address register, the real address of memory modules physical address: are loaded into.In front side bus The memory address of upper transmission is all physical memory addresses, numbers since 0 the most significant end until free physical memory.
2) container is the independent operating space kept apart with system other parts, and application program can be in the above-described container Operation has portable and consistency, user and group that can possess the privilege for executing certain operations inside container.
3) memory management module (MMU Memory Management Unit), is used in central processing unit (CPU) The control route of virtual memory, physical storage is managed, while being also responsible for virtual address and being mapped as physical address, and providing The internal storage access authorization of hardware mechanisms, multi-user's multi-process operating system.
4) page table, a kind of data structure are placed on the page table area of system space, and storage logical page (LPAGE) is corresponding with physical page frame to close System.
5) virtual address, after processor starting protection mode, when program is operated in virtual address space, routine access is deposited Logical address used in reservoir.
Fig. 1 is an optional flow diagram of information processing method provided in an embodiment of the present invention;As shown in Figure 1, One optional flow chart of information processing method provided in an embodiment of the present invention, is illustrated the step of showing.
Step 101: receiving access request.
In one embodiment of the invention, before receiving access request, the memory management module of electronic equipment is to hold Device configures the page in host virtual memory space, to form container physical memory.Wherein, the host kernel wound where container Build and safeguard corresponding data structure, and determine the physical address by the container to host-physical address mapping relations.
In one embodiment of the invention, the address set that the processor of electronic equipment can generate, such as one 32 Processor, the capacity of the virtual address that can be generated is 4G, and virtual address set is 0~0xFFFFFFFF, wherein each The size of page table is 4K, and physical address space range is 0x000000000~0x0FFFFFFF (256M);And for one 64 Processor, its virtual address range is 0~0xFFFFFFFFFFFFFFFF (64T).Wherein, page table is positioned at the interior of system In depositing, each single item of page table corresponds to the mapping of virtual address to physical address.The length of each single item is a word Length.
In one embodiment of the invention, the host kernel where container creates and safeguards corresponding data structure, and Determination can be realized by the mapping relations of physical address to the host-physical address of the container by following steps:
1) function: map_memory_bank is called, to be embodied as the physical memory creation memory mapping of host;
2) function: devicemaps_init is called: to be embodied as interrupt vector creation memory mapping;
3) function: iotable_init is called: to be embodied as the creation memory mapping of SOC hardware register.
Optionally, in some embodiments of the invention, operation has monitor of virtual machine virtual at least one on host Machine, target virtual machine are the extension page of control register CR3 and the first virtual machine that monitor of virtual machine modifies the first virtual machine What table obtained, wherein modified first virtual machine and host share host kernel, the first virtual machine be this at least one it is virtual Any one in machine.
It should be understood that control register CR3 is one of control register (CR0-CR3), for controlling and determining processing The operation mode of device and the current characteristic for executing task.Contain page directory physical memory addresses in CR3.Therefore, CR3 register Also referred to as page directory base address register (Page-Directory Base address Register, PDBR).
Step 102: in response to the access request, the object of the container is determined according to the virtual memory address of the container Manage memory address.
Step 103:, will be described according to the mapping relations of the physical memory addresses of the container and host-physical memory address The physical memory addresses of container are converted to corresponding host-physical memory address.
In one embodiment of the invention, the physical memory addresses by the container are converted to corresponding host object Manage memory address, comprising:
The physical memory addresses of the container are read in multi-level page-table index according to corresponding binary data;
Binary data write-in Jing Guo the multi-level page-table index process is extended into position pointed by page table pointers, with It realizes and obtains corresponding host-physical memory address.
In one embodiment of the invention, after the container starts, application program energy that electronic equipment is run It is enough that corresponding address space is accessed by using the virtual memory address for accessing container in the container.The memory of electronic equipment Management module determines the physical memory addresses of the container, the physical memory of the container according to the virtual memory address of the container Address is the virtual memory address of the host.Further, the not phase of virtual memory address corresponding to different containers Together, to realize the isolation between different vessels.
In one embodiment of the invention, when multi-level page-table index is level Four Page table index structure, the appearance The physical memory addresses of device sequentially enter the fourth stage page in the level Four Page table index structure according to corresponding binary data Table index, third level Page table index, second level Page table index, Page table index.Specifically, in 64 servers, due to object It is very big to manage address space, certain tissue has been carried out to physical address: there are 512 projects in each page table, in each project Memory comprising 4096 bytes includes the Page table index address of next stage in the memory, therefore, through this embodiment shown in side Formula, when the information processing method provided by the present embodiment is run in 64 servers, in the physics for parsing the container During depositing address, page table processing module can successively be read by the physical memory addresses of container according to corresponding binary digit Enter the fourth stage Page table index, third level Page table index, second level Page table index, Page table index of the page table processing module, it will Position pointed by the write-in extension of data entrained by application program page table pointers (EPTP), and obtain corresponding host object Manage memory address.
In one embodiment of the invention, the method also includes:
When the range for extending position pointed by page table pointers beyond the host-physical memory address, triggering is lacked Page interrupt process.Specifically, exceeding virtual address range when extending position pointed by page table pointers by taking 64 servers as an example When 0~0xFFFFFFFFFFFFFFFF, page faults process is triggered immediately.
In one embodiment of the invention, the method also includes:
Based on acquired host-physical memory address, judge whether to find corresponding page table entry;If not finding pair The page table entry answered then triggers page faults process.Specifically, by taking 64 servers as an example, pointed by extension page table pointers When position is without departing from 0~0xFFFFFFFFFFFFFFFF of virtual address range, searched in the virtual address range corresponding Page table entry triggers page faults process when determining that page table entry lacks.
It in one embodiment of the invention, may be since relevant page table has been added the reason of the page faults Be loaded into memory, but do not registered to MMU, alternatively, the page table is removed from the working set of processor, but not yet by It exchanges in corresponding storage medium, it is possible to further handle the void in the VMCS in function by EPT page table page fault Quasi- machine contextual information judges the state of current EPTP pointer, and the attribute information of the respective page of page fault occurs, such as The current EPTP pointer of fruit is directed toward EPT-S page table, and the page that page fault occurs is the shared library page, then directly by EPTP pointer It is modified to point to EPT-L page table, if current EPTP pointer is directed toward EPT-L page table, and the page that page fault occurs is application The program page, then directly by EPTP pointer modified to be directed toward EPT-S page table, other situations are without any processing.
In one embodiment of the invention, the method also includes:
In response to the page faults process, building extension page table;It is the extension from the host-physical page Page table configures multistage page index structure.Specifically, can be triggered by taking 64 servers as an example in response to the page faults process Building extension page table program distributes suitable page by building extension page table program from host-physical page and creates page Concordance list, 2 grades of Page table index, 3 grades of Page table index and 4 grades of Page table index, form complete Page table index.Wherein, each page table In have 512 projects, include the memory of 4096 bytes in each project, include the Page table index address of next stage in the memory.
In one embodiment of the invention, the method also includes:
The received access request of parsing institute, obtains the priority tag of the access request, asks excellent based on the access First grade mark, adjusts the processing sequence of the access request.Specifically, and when handling access request, it is high preferential when detecting When the access request of grade, the MMU can be hung up the access request of the low priority in waiting list, preferential to execute height preferentially The access request of grade.
Step 104: according to the received access request of institute, accessing to the host-physical memory address converted.
Fig. 2 is an optional structural schematic diagram of information processing engagement positions 200 provided in an embodiment of the present invention, such as Fig. 2 Shown, information processing engagement positions 200 provided in an embodiment of the present invention include:
Memory management module 201, for configuring the page in host virtual memory space for container, to form container object Manage memory.
Information transmission modular 202, for receiving access request.
In one embodiment of the invention, before receiving access request, the memory management module of electronic equipment is to hold Device configures the page in host virtual memory space, to form container physical memory.Wherein, the host kernel wound where container Build and safeguard corresponding data structure, and determine the physical address by the container to host-physical address mapping relations.
In one embodiment of the invention, the address set that memory management module 201 can generate, such as one 32 The capacity of processor, the virtual address that can be generated is 4G, and virtual address set is 0~0xFFFFFFFF, wherein each page The size of table is 4K, and physical address space range is 0x000000000~0x0FFFFFFF (256M);And for one 64 Processor, its virtual address range are 0~0xFFFFFFFFFFFFFFFF (64T).Wherein, page table is the memory positioned at system In, each single item of page table corresponds to the mapping of virtual address to physical address.The length of each single item is the length of a word Degree.
In one embodiment of the invention, memory management module 201 creates and safeguards corresponding data structure, and determines It can be realized by following steps by the mapping relations of physical address to the host-physical address of the container:
1) function: map_memory_bank is called, to be embodied as the physical memory creation memory mapping of host;
2) function: devicemaps_init is called: to be embodied as interrupt vector creation memory mapping;
3) function: iotable_init is called: to be embodied as the creation memory mapping of SOC hardware register.
The memory management module 201 is used in response to the access request, according to the virtual memory address of the container Determine the physical memory addresses of the container;
The page table processing module 203, for the physical memory addresses and host-physical memory address according to the container Mapping relations, the physical memory addresses of the container are converted into corresponding host-physical memory address, to realize the visit Ask the access requested to the host-physical memory address.
In one embodiment of the invention, the page table processing module 203, for by the physical memory of the container It is read in multi-level page-table index according to corresponding binary data location;
The page table processing module 203, the binary data for that will pass through the multi-level page-table index process, which is written, to be expanded Position pointed by page table pointers is opened up, obtains corresponding host-physical memory address to realize.
In one embodiment of the invention, after the container starts, application program energy that electronic equipment is run It is empty that corresponding address is enough accessed using the virtual memory address for accessing container in the container by page table processing module 203 Between.The memory management module 201 with can determining the physical memory of the container according to the virtual memory address of the container Location, the physical memory addresses of the container are the virtual memory address of the host.Further, corresponding to different containers Virtual memory address is not identical, to realize the isolation between different vessels.
In one embodiment of the invention, the page table processing module 203, for by the physical memory of the container Location sequentially enters fourth stage Page table index in level Four Page table index structure, third level page table rope according to corresponding binary data Draw, second level Page table index, Page table index.Specifically, in 64 servers, it is right since physical address space is very big Physical address has carried out certain tissue: has 512 projects in each page table, includes the memory of 4096 bytes in each project, In the memory include next stage Page table index address, therefore, through this embodiment shown in mode, when the present embodiment is provided Information processing method when running in 64 servers, during parsing the physical memory addresses of the container, page table Processing module can successively read in the page table processing module by the physical memory addresses of container according to corresponding binary digit Fourth stage Page table index, third level Page table index, second level Page table index, Page table index, will be entrained by the application program Position pointed by data write-in extension page table pointers (EPTP), and obtain corresponding host-physical memory address.
In one embodiment of the invention, the page table processing module 203, for when the extension page table pointers meaning To position exceed the host-physical memory address range when, trigger page faults process.Specifically, with 64 servers For, when extending position pointed by page table pointers beyond 0~0xFFFFFFFFFFFFFFFF of virtual address range, touch immediately Send out page faults process;And by taking 32 processors as an example, it extends position pointed by page table pointers and exceeds virtual address range 0 When~0xFFFFFFFF, page faults process is triggered.
It in one embodiment of the invention, may be since relevant page table has been added the reason of the page faults Be loaded into memory, but do not registered to MMU, alternatively, the page table is removed from the working set of processor, but not yet by It exchanges in corresponding storage medium, further, page table processing module 203 can handle letter by EPT page table page fault Virtual machine context information in VMCS in number judges the state of current EPTP pointer, and the corresponding page of page fault occurs The attribute information in face, if current EPTP pointer is directed toward EPT-S page table, and the page that page fault occurs is the shared library page, Then directly it is to be directed toward EPT-L page table for EPTP pointer modified, if current EPTP pointer is directed toward EPT-L page table, and skips leaf The abnormal page is the application program page, then directly by EPTP pointer modified to be directed toward EPT-S page table, other situations are not done any Processing.
In one embodiment of the invention, the page table processing module 203, for based in acquired host-physical Address is deposited, judges whether to find corresponding page table entry;
The page table processing module 203 triggers page faults process for not finding corresponding page table entry.
In one embodiment of the invention, the memory management module 201, in response to the page faults into Journey, building extension page table;
The memory management module 201, for being that the extension page table configuration is multistage from the host-physical page Page index structure.Specifically, building extension page table can be triggered in response to the page faults process by taking 64 servers as an example Program distributes suitable page by building extension page table program from host-physical page and creates a page concordance list, 2 grades of pages Table index, 3 grades of Page table index and 4 grades of Page table index, form complete Page table index.Wherein, there are 512 items in each page table Mesh, includes the memory of 4096 bytes in each project, includes the Page table index address of next stage in the memory.
In one embodiment of the invention, the page table processing module 203, the received access request for parsing, The priority tag of the access request is obtained,
The page table processing module 203 adjusts the access request for accessing the priority tag asked based on described Processing sequence.Body, and when handling access request, when detecting the access request of high priority, the MMU can by etc. Access request to the low priority in queue is hung up, the preferential access request for executing high priority.
Fig. 3 is an optional flow diagram of information processing method provided in an embodiment of the present invention;As shown in figure 3, One optional flow chart of information processing method provided in an embodiment of the present invention, use environment is 64 bit processors, to showing Out the step of, is illustrated.
Step 301: memory management module is the page in container configuration host virtual memory space, to form container object Manage memory.
Specifically, be directed to the use environment 64 bit processors, virtual address range be 0~ 0xFFFFFFFFFFFFFFFF, memory management module complete the mapping from virtual address to physical address by page table entry, because The Physical Page of this each page table mapping 4K size.Page table under 64 bit processors accounts for 64.Wherein.The Physical Page of single page table can To accommodate 512 page tables, all page tables can map the virtual address of 2MB (512*4KB), be formed by 4 grades of index structures In, include the memory of 4096 bytes in each page table entry, includes the Page table index address of next stage in the memory.
Step 302: receiving access request A and request B;
Wherein, access request A and B is run in cell therefor respectively;
Step 303: the received access request A and B of parsing institute obtains the priority tag of the access request A and B;
Step 304: when the priority of the access request A is higher than access request B, hanging up the place of the access request A Manage process;
Since the occupied system resource of the lower access request of priority is less, priority processing priority is lower Access request, can effectively reduce request waiting list in access request to be processed quantity, promote the processor Overall treatment efficiency.
Step 305: in response to the access request B, the container being determined according to the virtual memory address of the container Physical memory addresses;
Step 306: according to the mapping relations of the physical memory addresses of the container and host-physical memory address, container Physical memory addresses sequentially enter the fourth stage page table rope in the level Four Page table index structure according to corresponding binary data Draw, third level Page table index, second level Page table index, Page table index.
Step 307: determining whether position pointed by the extension page table pointers exceeds the host-physical memory address Range, if so, execute step 308, it is no to then follow the steps 309;
Step 308: triggering page faults process;
Step 309: will be pointed by the binary data write-in extension page table pointers Jing Guo the multi-level page-table index process Position, obtain corresponding host-physical memory address to realize.
In one embodiment of the invention, Fig. 4 A is the embodiment of the present invention one optional use environment schematic diagram, such as It, can be directly to master by the virtual memory address of container 1 in the case where not set host virtual memory address shown in Fig. 4 A The physical address of machine accesses, and when malicious code occurs in the application program in container 1, the malicious code in container 1 is direct Cause the collapse of host.Simultaneously as be not isolated between container 1 and container 2, therefore, the malicious code in container 1 The application program in container 2 can also be invaded, and accesses the data in container 2.
In one embodiment of the invention, Fig. 4 B is the embodiment of the present invention one optional use environment schematic diagram, such as Shown in Fig. 4 B, in the case where host virtual memory address is arranged, container 1 realizes being isolated for memory, while container with container 2 Being isolated for memory is also achieved between 1 and host.Application program in container 1 is after issuing access request, memory management unit Determine that the physical memory addresses of the container 1, the physical memory addresses are the host according to the virtual memory address of container 1 Virtual memory address, later according to the physical memory addresses of the container and host-physical memory by page table processing module The physical memory addresses of the container are converted to corresponding host-physical memory address, realized to host by the mapping relations of location The access of physical memory addresses.
Step 310: in response to the page faults process, building extension page table;It is from the host-physical page The extension page table configures 4 grades of page index structures.
Fig. 5 is an optional structural schematic diagram of information processing unit provided in an embodiment of the present invention, as shown in figure 5, Information processing unit 500 can be with include with the mobile phone of the information processing function, computer, digital broadcast terminal, Information transceiving equipment, game console, tablet device, Medical Devices, body-building equipment, personal digital assistant etc..Letter shown in fig. 5 Ceasing processing unit 500 includes: at least one processor 501, memory 502, at least one network interface 504 and user interface 503.Various components in information processing unit 500 are coupled by bus system 505.It is understood that bus system 505 is used Connection communication between these components of realization.Bus system 505 further includes power bus, control in addition to including data/address bus Bus and status signal bus in addition processed.But for the sake of clear explanation, various buses are all designated as bus system 505 in Fig. 5.
Wherein, user interface 503 may include display, keyboard, mouse, trace ball, click wheel, key, button, sense of touch Plate or touch screen etc..
It is appreciated that memory 502 can be volatile memory or nonvolatile memory, may also comprise volatibility and Both nonvolatile memories.Wherein, nonvolatile memory can be read-only memory (ROM, Read Only Memory), PROM, EPROM, EEPROM, FRAM, Flash Memory, magnetic surface storage, CD or CD-ROM;Magnetic surface storage can To be magnetic disk storage or magnetic tape storage.Volatile memory can be RAM, be used as External Cache.Pass through example Property but be not restricted explanation, the RAM of many forms is available, for example, SRAM, SSRAM, DRAM, SDRAM, DDRSDRAM, ESDRAM,SLDRAM,DRRAM.The memory 502 of description of the embodiment of the present invention is intended to include these and any other suitable type Memory.
Memory 502 in the embodiment of the present invention includes but is not limited to: three-state content addressing memory, static random storage Device can receive access request, and can store the mapping relations of the physical memory addresses and host-physical memory address of stating container To support the operation of information processing unit 500.The example of these data includes: for operating on information processing unit 500 Any computer program, in operating system 5021 and application program 5022, status information, connection relationship, the received container of institute The application program etc. of operation.Wherein, operating system 5021 includes various system programs, such as ccf layer, core library layer, driving layer Deng for realizing various basic businesses and the hardware based task of processing.Application program 5022 may include various using journey Sequence, such as the client with the information processing function or application program etc., for realizing include: for container configure host it is virtual Page in memory headroom, to form container physical memory;
Receive access request;In response to the access request, the appearance is determined according to the virtual memory address of the container The physical memory addresses of device;According to the mapping relations of the physical memory addresses of the container and host-physical memory address, by institute The physical memory addresses for stating container are converted to corresponding host-physical memory address, to realize the access request to the host The access of physical memory addresses.Realize that the program of information processing method of the embodiment of the present invention may be embodied in application program 5022 In.
The method that the embodiments of the present invention disclose can be applied in processor 501, or be realized by processor 501. Processor 501 may be a kind of IC chip, the processing capacity with signal.During realization, the above method it is each Step can be completed by the integrated logic circuit of the hardware in processor 501 or the operation of software form.Above-mentioned processing Device 501 can be general processor, DSP or other programmable logic device, discrete gate or transistor logic, divide Vertical hardware component etc..Processor 501 may be implemented or execute disclosed each method, step and logic in the embodiment of the present invention Block diagram.General processor can be microprocessor or any conventional processor etc..In conjunction with disclosed in the embodiment of the present invention The step of method, can be embodied directly in hardware decoding processor and execute completion, or with hardware in decoding processor and soft Part block combiner executes completion.Software module can be located in storage medium, which is located at memory 502, processor 501 read the information in memory 502, in conjunction with the step of its hardware completion preceding method.
In the exemplary embodiment, information processing unit 500 can by one or more ASIC, DSP, PLD, CPLD, FPGA, general processor, controller, MCU, Microprocessor or other electronic components are realized, for executing the information Processing method.
In the exemplary embodiment, the embodiment of the invention also provides a kind of computer readable storage medium, for example including The memory 502 of computer program, above-mentioned computer program can be executed by the processor 501 of information processing unit 500, to complete Step described in preceding method.Computer readable storage medium can be FRAM, ROM, PROM, EPROM, EEPROM, Flash The memories such as Memory, magnetic surface storage, CD or CD-ROM;It is also possible to include one of above-mentioned memory or any group The various equipment closed, such as mobile phone, computer, tablet device, personal digital assistant.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, the meter When calculation machine program is run by processor, execute:
The page in host virtual memory space is configured for container, to form container physical memory;
Receive access request;
In response to the access request, with determining the physical memory of the container according to the virtual memory address of the container Location;
According to the mapping relations of the physical memory addresses of the container and host-physical memory address, by the object of the container Reason memory address is converted to corresponding host-physical memory address, to realize the access request to the host-physical memory The access of location.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as the production of method, system or computer program Product.Therefore, hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the embodiment of the present invention Form.Moreover, it wherein includes the calculating of computer usable program code that the embodiment of the present invention, which can be used in one or more, The form for the computer program product implemented in machine usable storage medium (including magnetic disk storage and optical memory etc.).
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, equipment (system) and computer program product Flowchart and/or the block diagram describe.It should be understood that can be operated by computer program in implementation flow chart and/or block diagram The combination of process and/or box in each flow and/or block and flowchart and/or the block diagram.It can provide these calculating Processing of the machine procedure operation to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices Device is to generate a machine, so that being generated by the operation that computer or the processor of other programmable data processing devices execute For realizing the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram Device.
The operation of these computer programs, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes behaviour that operation stored in the computer readable memory, which generates, Make the manufacture of device, the operating device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
The operation of these computer programs also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The operation executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention, it is all Made any modifications, equivalent replacements, and improvements etc. within the spirit and principles in the present invention, should be included in protection of the invention Within the scope of.

Claims (10)

1. a kind of information processing method, which is characterized in that the described method includes:
The page in host virtual memory space is configured for container, to form container physical memory;
Receive access request;
In response to the access request, the physical memory addresses of the container are determined according to the virtual memory address of the container;
It, will be in the physics of the container according to the mapping relations of the physical memory addresses of the container and host-physical memory address Depositing address conversion is corresponding host-physical memory address, to realize the access request to the host-physical memory address Access.
2. the method according to claim 1, wherein the physical memory addresses by the container are converted to phase The host-physical memory address answered, comprising:
The physical memory addresses of the container are read in multi-level page-table index according to corresponding binary data;
By position pointed by the binary data write-in extension page table pointers Jing Guo the multi-level page-table index process, to realize Obtain corresponding host-physical memory address.
3. according to the method described in claim 2, it is characterized in that,
When multi-level page-table index is level Four Page table index structure, the physical memory addresses of the container are according to corresponding two Binary data sequentially enters fourth stage Page table index, third level Page table index, the second level in the level Four Page table index structure Page table index, Page table index.
4. according to the method described in claim 2, it is characterized in that, the method also includes:
When the range for extending position pointed by page table pointers beyond the host-physical memory address, trigger in skipping leaf Disconnected process.
5. according to the method described in claim 2, it is characterized in that, the method also includes:
Based on acquired host-physical memory address, judge whether to find corresponding page table entry;
If not finding corresponding page table entry, page faults process is triggered.
6. method according to claim 4 or 5, which is characterized in that the method also includes:
In response to the page faults process, building extension page table;
It is that the extension page table configures multistage page index structure from the host-physical page.
7. the method according to claim 1, wherein the method also includes:
The received access request of parsing institute, obtains the priority tag of the access request,
Based on the priority tag for accessing and asking, the processing sequence of the access request is adjusted.
8. a kind of information processing unit, which is characterized in that described device includes:
Memory management module, for configuring the page in host virtual memory space for container, to form container physical memory;
Information transmission modular, for receiving access request;
The memory management module, for determining institute according to the virtual memory address of the container in response to the access request State the physical memory addresses of container;
Page table processing module, for the mapping relations according to the physical memory addresses of the container and host-physical memory address, The physical memory addresses of the container are converted into corresponding host-physical memory address, to realize the access request to described The access of host-physical memory address.
9. a kind of information processing unit, which is characterized in that the information processing unit includes:
Memory, for storing executable instruction;
Processor, when for running the executable instruction of the memory storage, at information described in perform claim requirement 1 to 7 Reason method.
10. a kind of storage medium, which is characterized in that being stored with executable instruction, when for causing processor to execute, realizing right It is required that 1 to 7 described in any item information processing methods.
CN201910223212.9A 2019-03-22 2019-03-22 Information processing method and device and storage medium Active CN110008692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910223212.9A CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910223212.9A CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Publications (2)

Publication Number Publication Date
CN110008692A true CN110008692A (en) 2019-07-12
CN110008692B CN110008692B (en) 2021-08-17

Family

ID=67168006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910223212.9A Active CN110008692B (en) 2019-03-22 2019-03-22 Information processing method and device and storage medium

Country Status (1)

Country Link
CN (1) CN110008692B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111221758A (en) * 2019-09-30 2020-06-02 华为技术有限公司 Method and computer equipment for processing remote direct memory access request
CN111935095A (en) * 2020-07-15 2020-11-13 广东电网有限责任公司 Source code leakage monitoring method and device and computer storage medium
CN112631720A (en) * 2020-12-23 2021-04-09 海光信息技术股份有限公司 Memory control method, medium, and device
CN112925606A (en) * 2019-12-06 2021-06-08 阿里巴巴集团控股有限公司 Memory management method, device and equipment
CN114936064A (en) * 2022-04-08 2022-08-23 科东(广州)软件科技有限公司 Access method, device, equipment and storage medium of shared memory
WO2024001644A1 (en) * 2022-06-27 2024-01-04 中兴通讯股份有限公司 Method and apparatus for controlling transparent huge page, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765371A (en) * 2011-08-26 2014-04-30 威睿公司 Data storage system exporting logical volumes as storage objects
CN105677879A (en) * 2016-01-12 2016-06-15 诸葛晴凤 Data organizing method and accessing method for relational database in memory
CN107085535A (en) * 2017-03-30 2017-08-22 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN107341115A (en) * 2017-06-30 2017-11-10 联想(北京)有限公司 Virutal machine memory access method, system and electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765371A (en) * 2011-08-26 2014-04-30 威睿公司 Data storage system exporting logical volumes as storage objects
CN105677879A (en) * 2016-01-12 2016-06-15 诸葛晴凤 Data organizing method and accessing method for relational database in memory
CN107085535A (en) * 2017-03-30 2017-08-22 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN107341115A (en) * 2017-06-30 2017-11-10 联想(北京)有限公司 Virutal machine memory access method, system and electronic equipment

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111221758A (en) * 2019-09-30 2020-06-02 华为技术有限公司 Method and computer equipment for processing remote direct memory access request
CN112925606A (en) * 2019-12-06 2021-06-08 阿里巴巴集团控股有限公司 Memory management method, device and equipment
CN112925606B (en) * 2019-12-06 2024-05-28 阿里巴巴集团控股有限公司 Memory management method, device and equipment
CN111935095A (en) * 2020-07-15 2020-11-13 广东电网有限责任公司 Source code leakage monitoring method and device and computer storage medium
CN112631720A (en) * 2020-12-23 2021-04-09 海光信息技术股份有限公司 Memory control method, medium, and device
CN112631720B (en) * 2020-12-23 2023-05-23 海光信息技术股份有限公司 Memory control method, medium and equipment
CN114936064A (en) * 2022-04-08 2022-08-23 科东(广州)软件科技有限公司 Access method, device, equipment and storage medium of shared memory
WO2023193687A1 (en) * 2022-04-08 2023-10-12 科东(广州)软件科技有限公司 Shared memory access method and apparatus, device, and storage medium
WO2024001644A1 (en) * 2022-06-27 2024-01-04 中兴通讯股份有限公司 Method and apparatus for controlling transparent huge page, and storage medium

Also Published As

Publication number Publication date
CN110008692B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
CN110008692A (en) A kind of information processing method, device and storage medium
CN102789429B (en) The virtual address of page attributes is to the conversion of physical address
CN101203838B (en) Address window support for direct memory access translation
CN105164653B (en) The multinuclear set of page tables of attribute field
CN104081346B (en) For being interrupted using between tracking data Processing for removing device to support the method and apparatus of the address conversion in multiprocessor virtual machine environment
US9298642B2 (en) Sharing address translation between CPU and peripheral devices
JP4768083B2 (en) Method for discovering the topology of one or more guest processors in a guest configuration
TWI721060B (en) Address translation apparatus, method and system for scalable virtualization of input/output devices
CN104798061B (en) Access of the control to locked memory pages group in virtualized environment
CN106201646A (en) The technology of shared RAM communication between secure virtual machine
US11474951B2 (en) Memory management unit, address translation method, and processor
JPS60221851A (en) Data processor and memory access controller used therefor
CN109213697A (en) The storage of intelligence memory data or loading method and device
WO1999035579A1 (en) Two-level address translation and memory registration system and method
CN110196757A (en) TLB filling method, device and the storage medium of virtual machine
US20120331265A1 (en) Apparatus and Method for Accelerated Hardware Page Table Walk
CN108491334A (en) A kind of the physical memory management method and device of embedded real time system
KR101893966B1 (en) Memory management method and device, and memory controller
US20140040563A1 (en) Shared virtual memory management apparatus for providing cache-coherence
EP4227814A1 (en) Method and apparatus for solving address ambiguity problem of cache
US20060085599A1 (en) Processing of self-modifying code in multi-address-space and multi-processor systems
US20020169936A1 (en) Optimized page tables for address translation
CN114761934A (en) In-process Translation Lookaside Buffer (TLB) (mTLB) for enhancing a Memory Management Unit (MMU) TLB for translating Virtual Addresses (VA) to Physical Addresses (PA) in a processor-based system
US20230289295A1 (en) Virtual Memory Management Method and Apparatus Supporting Physical Addresses Larger Than Virtual Addresses
US7562204B1 (en) Identifying and relocating relocatable kernel memory allocations in kernel non-relocatable memory

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant