CN1282091C - High-efficiency reliable memory protection method for flushbonding real-time operating system - Google Patents
High-efficiency reliable memory protection method for flushbonding real-time operating system Download PDFInfo
- Publication number
- CN1282091C CN1282091C CN 03131956 CN03131956A CN1282091C CN 1282091 C CN1282091 C CN 1282091C CN 03131956 CN03131956 CN 03131956 CN 03131956 A CN03131956 A CN 03131956A CN 1282091 C CN1282091 C CN 1282091C
- Authority
- CN
- China
- Prior art keywords
- protection
- chained list
- leaf
- memory
- rtos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000008901 benefit Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000001681 protective effect Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000013404 process transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a high-efficiency reliable memory protection method for an embedded real-time operating system. A plurality of memory blocks are arranged for difference application programs and difference progresses to invoke or share; particularly, at least one protection sign is arranged on the edge of an enabled memory connection component. Because the method takes the technical measures of protection words and/or protection pages, the method realizes the independent fine effective protection of stacks, core data and various user data structures under the condition with or without MMU. Consequently, the present invention greatly enhances the safety, the stability and the reliability of RTOS, and has the advantages of wide range of application, high reliability and strong real-time performance.
Description
Technical field:
The present invention relates to a kind of method of computer operating system memory protect, relate in particular to the memory protect in embedded system and real-time system field.
Background technology:
Memory protect is the embedded real-time operating system important content of (being called RTOS), and the quality of method for protecting EMS memory is directly connected to security, stability and the reliability of RTOS.
Existing RTOS lacks effective way aspect memory protect, for memory overwriting, promptly a process can't effectively be caught to the incident that the memory headroom that does not belong to self writes data.
Some large-scale general operating systems all adopt the strategy of " isolation " as UNIX, Linux and Mocrosoft Windows series, promptly the space of each process (virtual address space) are separated fully by different page tables.But the shortcoming of this mode is that handover overhead is excessive between process, and can't pass through the shared drive swap data, is not suitable for RTOS.
Some commercial RTOS as VxWorks, pSOS etc., utilize the guard-page protection mechanism based on processor MMU (Memory Management Unit) fully, code segment and interrupt vector table have been realized write-protect, but the protection between process is short of very much.In addition, in the more applications occasion, processor hardware does not have MMU, and existing in the case RTOS does not all realize memory protect.
In sum, the shortcoming of prior art has two: the one, and the granularity of memory protect is too big, can't implement protection to the data structure less than one page; The 2nd, too rely on hardware, can have to realize memory protect under the situation of MMU.
Summary of the invention:
Technical matters to be solved by this invention is to overcome above-mentioned the deficiencies in the prior art part and the method for protecting EMS memory that proposes a kind of embedded real-time operating system; all realized under the situation of MMU storehouse, core data and various user data structure are implemented independent, fine-grained effective protection having or not, thereby improved security, stability and the reliability of RTOS greatly.
Purpose of the present invention can reach by adopting following technical measures:
Design efficient, the reliable method for protecting EMS memory of a kind of embedded real-time operating system, some memory blocks are set, for different application and different process transfers or shared; Especially set up at least one protective emblem at the edge that is activated the internal memory link.
Adopt the method for the invention; compared with prior art; owing to taked the technical measures of " protection word and/or protection page or leaf ", make and all realized highly reliable, fine-grained valid memory protection under the situation of MMU having or not, improved security, stability and the reliability of system greatly.
Description of drawings:
Fig. 1 is the link and the list structure synoptic diagram of band protection word; Wherein:
Fig. 1 a is the link of band protection word;
Fig. 1 b is the chained list that band protection word link forms;
Fig. 2 is based on the user chain table synoptic diagram of band protection word link;
Fig. 3 is a side-play amount OFFSET synoptic diagram;
Fig. 4 is the memory block synoptic diagram of band protection word;
Fig. 5 is the memory block synoptic diagram of band protection page or leaf.
Embodiment
Below in conjunction with accompanying drawing in detail embodiments of the invention are described in detail.
Efficient, the reliable method for protecting EMS memory of a kind of embedded real-time operating system is provided with some memory blocks, for different application and different process transfers or shared; It is characterized in that: set up at least one protective emblem at the edge that is activated the internal memory link.
Realization is the chained list base library of node with described outer connection component;
Other program of described application program and real time operating system (RTOS) replaces pointer with link in the statement of node structure, and described chained list base library is all used in all operations that relate to chained list.
This method for protecting EMS memory is further comprising the steps of:
1), described application program and other program application memory block of RTOS and when creating storehouse, enclose described protection word respectively at described memory block initial and end;
2) before an internal storage data piece being operated, verify whether each protection word is original value, at every turn; Checking waits pending not by the abnormal information of then dishing out; By then continuing operation.
Described checking can be called the user and be carried out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system.
Described protection word is endowed a special value.
Under the situation of using MMU (memory management unit), described protective emblem is the exercisable protection page or leaf of MMU.
The size of described protection page or leaf is 4K, is added in the head and the tail part of the memory block or the storehouse of application program respectively.And described protection page or leaf is mapped to invalid physical address.
The method for protecting EMS memory of embedded real-time operating system of the present invention can be summarized as follows:
The first step: the link of definition band protection word, and realize with this link being the chained list base library of node, comprising the whole operations on this type of chained list, referring to Fig. 1.
Second step: defined described chained list base library is all used in all operations that relate to chained list in other program of application program and RTOS, direct control pointer no longer, and its prerequisite is to replace corresponding pointer with link in the statement of node structure.Referring to Fig. 2
The 3rd step: when (comprise and create storehouse), the head and the tail of this memory block are enclosed the protection word respectively, referring to Fig. 3 at other program application memory block of application program and RTOS.
The 4th step: before a data block being operated, verify whether each protection word is original value, checking is not by then dishing out one unusually, by then continuing at every turn.
Obviously, the operation in four steps of the first step to all is suitable for for the situation that has or not MMU.
The 5th step: for the situation that MMU is arranged, when application program memory block or distribution storehouse, can add a protection page or leaf respectively at its head and the tail, and protecting page or leaf to be mapped to invalid physical address.
The 5th step was only applicable to the situation of MMU.In the case, only use the protection page or leaf, and do not use the protection word.
Below in conjunction with accompanying drawing, substantially be described in further detail according to the enforcement of the order of accompanying drawing to technical scheme:
Fig. 1 (a) has introduced the link of band protection word.These parts are divided into two parts: logical gate and protection part.Logical gate is a common doubly linked list connected node, is made up of " next " pointer and " prev " pointer, is respectively applied for to point to its descendant node and forerunner's node.The protection part is to add protection pointer (" guard1 " and " guard2 ") before and after logical gate respectively, and makes it all point to this node.Fig. 1 (b) has introduced the chained list of the link formation of using this band protection word.The C language definition of band protection word link is as follows:
typedef?struct?T_ConnectNode
{
struct?T_ConnectNode?*guard1;
struct?T_ConnectNode?*next;
struct?T_ConnectNode?*prev;
struct?T_ConnectNode?*guard2;
}CNODE;
Except that definition band protection word link, also should realize a chained list storehouse, encapsulated full if (Verify (pNode) in this storehouse!=OK)
return?ERROR;
else
{
if(pNode->prev==NULL)
pList->head=pNode->next;
else
pNode->prev->next=pNode->next;
if(pNode->next==NULL)
pList->tail=pNode->prev;
else
pNode->next->prev=pNode->prev;
}
}
/*******************************************************/
Like this, by the disengaging latch table handling, can guarantee the security and the independence of chain table handling fully.
Fig. 2 has introduced the user chain table based on band protection word link.The user no longer needs the pointer of definition " next " and so on when the node structure of a chained list of definition, the substitute is the link of a band protection word; During the operation chained list, also no longer need oneself to realize concrete operation, but the handling function that directly uses the chained list storehouse to provide.Example is as follows:
/*******************************************************/
Typedef struct/* definition user chain table */
{
int?Mydata;
CNODE?Connect;
char?Name[10];
}MyStruct;
/*******************************************************/
/ * from user chain table deletion of node */
STATUS?MyRemoveNode(List?*myList,MyStruct?*myNode)
{
return(RemoveNode(myList,&(myNode->Connect)));
}
/*******************************************************/
In the top example, link has been defined into the middle part of user structure but not first member of user structure, in this case, what some function in chained list storehouse (such as first node that obtains chained list) returned may be a pointer that points to link, and the user need obtain the pointer of directed towards user structure.
As shown in Figure 3, for addressing this problem, we have defined such one grand (advantage of defmacro is the problem that need not to comprehend byte-aligned and so on):
#define?OFFSET(structure,member)\
((int)&(((structure*)0)->member))
By the grand side-play amount that can obtain a member in the structure of OFFSET, can obtain following formula thus:
Structure address=member address-OFFSET (structure, member)
Particularly, for top MyStruct structure, if obtain Connect member's address by a certain function:
CNODE?pNode=GetNode(myList);
Following relation is then arranged:
#define?ULONG(unsigned?int)
myNode=(MyStruct*)((ULONG)pNode-OFFSET(MyStruct,Connect));
/*******************************************************/
void?InitNode(CNODE*pNode)
{
pNode->guard1=pNode->guard2=pNode;
}
/*******************************************************/
STATUS Verify (CNODE*pNode)/* node verification */
{
if((pNode->guard1==pNode)&&(pNode->guard2==pNode))
return?OK;
else
return?ERROR;
}
/*******************************************************/
Typedef struct/* definition chained list */
{
CNODE?*head;
CNODE?*tail;
}List;
/*******************************************************/
STATUS RemoveNode (List * pList, CNODE*pNode)/* from chained list deletion of node */
{
Fig. 4 has introduced the memory block of band protection word.This structure is suitable for the user and obtains an internal memory by malloc, for avoiding user's write-overflow, has all added the protection word before and after it, and similar with the band protection word link that Fig. 1 a introduces, special value composed in the protection word, is convenient to verify its validity.Can call the user and carry out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system, checking by then dishing out one unusually, does not produce alarm.
Fig. 5 has introduced the memory block of band protection page or leaf under the situation that has MMU to support.Similar with Fig. 4, the head and the tail of memory block all have protection, and difference is to protect word to change the protection page or leaf into.The attribute of protection page or leaf is set to and can not writes, and when user's write-overflow, will dish out one " Page Fault " unusually by CPU.The real-time of guard-page protection mode is very high, may become method for protecting EMS memory commonly used when MMU is arranged.
Foregoing is exactly the core of this method, and detail repeats no more.By other concrete application that above-mentioned core methed derived from, all at the row of the protection of patent of the present invention.
Claims (4)
1, a kind of method for protecting EMS memory of embedded real-time operating system is characterized in that, said method comprising the steps of:
The first step: the link of definition band protection word, and realize with this link being the chained list base library of node, comprising the whole operations on this type of chained list;
Second step: defined described chained list base library, no longer direct control pointer are all used in all operations that relate to chained list in other program of application program and RTOS;
The 3rd step:, the head and the tail of application memory block are enclosed the protection word respectively at other program application memory block of application program and RTOS or when creating storehouse;
The 4th step: before a data block being operated, verify whether each protection word is original value, checking is not by then dishing out one unusually, by then continuing at every turn.
2, method for protecting EMS memory according to claim 1 is characterized in that:
Described protection word is endowed a special value;
Described checking can be called the user and be carried out single checking when free discharges this internal memory, also can use a low priority task to verify one by one during the free time in system.
3, a kind of method for protecting EMS memory of embedded real-time operating system is characterized in that, when the processor that uses when system has MMU, said method comprising the steps of:
The first step: the link of definition band protection page or leaf, and realize with this link being the chained list base library of node, comprising the whole operations on this type of chained list;
Second step: defined described chained list base library, no longer direct control pointer are all used in all operations that relate to chained list in other program of application program and RTOS;
The 3rd step:, can add a protection page or leaf respectively at its head and the tail, and the protection page or leaf is mapped to invalid physical address at other program application memory block of application program and RTOS or when creating storehouse;
The 4th step: the attribute of protection page or leaf is set to and can not writes, and when user's write-overflow, will dish out one unusually by CPU.
4, method for protecting EMS memory according to claim 3 is characterized in that:
The size of described protection page or leaf is 4K.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03131956 CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03131956 CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567254A CN1567254A (en) | 2005-01-19 |
| CN1282091C true CN1282091C (en) | 2006-10-25 |
Family
ID=34469824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03131956 Expired - Fee Related CN1282091C (en) | 2003-06-17 | 2003-06-17 | High-efficiency reliable memory protection method for flushbonding real-time operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1282091C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0504325D0 (en) * | 2005-03-02 | 2005-04-06 | Symbian Software Ltd | Real time paged computing device and method of operation |
| CN100363905C (en) * | 2005-10-25 | 2008-01-23 | 北京启明星辰信息技术有限公司 | Object reuse test of operation system based on absolute coordinate system |
| CN101071388B (en) * | 2006-05-12 | 2010-05-12 | 联想(北京)有限公司 | Process-isolation control system and method |
| CN101414339B (en) * | 2007-10-15 | 2012-05-23 | 北京瑞星信息技术有限公司 | Method for protecting proceeding internal memory and ensuring drive program loading safety |
| CN103164348B (en) * | 2013-02-28 | 2016-06-08 | 浙江大学 | To the protection method of internal memory shared by real time operating system (RTOS) under a kind of multisystem |
| CN104007993B (en) * | 2014-06-11 | 2017-05-10 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
-
2003
- 2003-06-17 CN CN 03131956 patent/CN1282091C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1567254A (en) | 2005-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102572262B1 (en) | Metadata processing technology | |
| Dhurjati et al. | Backwards-compatible array bounds checking for C with very low overhead | |
| Francillon et al. | Defending embedded systems against control flow attacks | |
| US9213623B2 (en) | Memory allocation with identification of requesting loadable kernel module | |
| CN1700136A (en) | Processor expansion and software authentication | |
| CN1679001A (en) | Control over faults occurring during the operation of guest software in the virtual-machine architecture | |
| CN1692332A (en) | Handling faults associated with operation of guest software in the virtual-machine architecture | |
| EP3314514B1 (en) | Protecting basic input/output (bios) code | |
| CN1764906A (en) | Memory management in a data processing system | |
| CN1282091C (en) | High-efficiency reliable memory protection method for flushbonding real-time operating system | |
| CN1725187A (en) | Method and device for storing user data on computer when software crashing | |
| CN1285038C (en) | System and method for handling device accesses to a memory providing increased memory access security | |
| Wickman et al. | Preventing {Use-After-Free} Attacks with Fast Forward Allocation | |
| CN1269047C (en) | Internal memory management method with internal memory protection function | |
| CN1920780A (en) | Method and system for accessing critical region | |
| CN101061466A (en) | Apparatus and method for processing data of flash memory | |
| WO2023178857A1 (en) | Function address space layout randomization method for deep embedded system | |
| CN1848111A (en) | Realizing method of a data operating interface used in internal-memory database | |
| CN1758253A (en) | File management system and method | |
| KR20040051322A (en) | Data retouching method for executing file on real time and virus elimination method using the data retouching method thereof | |
| CN1801086A (en) | Equipment support implementing method applied in Java operation system | |
| CN1920786A (en) | System and method for implementing safety control of operation system | |
| CN111373405B (en) | Computer-implemented method for preventing bit flipping attacks in computing devices | |
| CN1866205A (en) | Smoothing updating method and apparatus for configuration information | |
| CN1687910A (en) | Interrupt recovering method and apparatus under continuous access environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: ZTE CO., LTD. Free format text: FORMER OWNER: NANJING BRANCH OF SHENZHEN ZTE CORPORATION Effective date: 20050715 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20050715 Address after: 518057 Department of law, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen Applicant after: ZTE Corp. Address before: 210012, Bauhinia Road, Yuhua District, Jiangsu, Nanjing 68, China Applicant before: Shenzhen Zhongxing Communication Co.,Ltd. Nanjing Branch |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180426 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: 518057 Department of law, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen Patentee before: ZTE Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061025 |