Search

CN-121598371-B - Memory management method and electronic equipment

CN121598371BCN 121598371 BCN121598371 BCN 121598371BCN-121598371-B

Abstract

The application discloses a memory management method and electronic equipment, and relates to the technical field of system security, wherein the method comprises the steps of obtaining a kernel native heap memory allocation function and a heap memory release function; the method comprises the steps of obtaining a vulnerability object allocation function, monitoring a kernel heap memory allocation function and the vulnerability object allocation function through a dynamic expansion kernel program, collecting memory pre-allocation data according to monitoring results, performing writing operation on a memory, comparing double boundary memory writing operation parameters with the memory pre-allocation data, detecting heap overflow of the memory writing operation according to comparison results, releasing an original memory application through a heap memory release function in response to the detection result of the heap overflow of the memory writing operation being not passed, and reallocating the memory application through a dynamic cache pool algorithm. The application can block the authority lifting and kernel collapse caused by memory heap overflow in real time, solves the problems of memory fragmentation and defense hysteresis, and remarkably improves the continuous guarantee capability of key business scenes.

Inventors

  • WANG YONG
  • SU ZHIYUAN
  • SHEN ZHONGLI
  • WANG LINHUI

Assignees

  • 苏州元脑智能科技有限公司

Dates

Publication Date
20260508
Application Date
20260129

Claims (9)

  1. 1. A memory management method, the method comprising: acquiring a kernel native heap memory allocation function and a heap memory release function through a dynamic expansion kernel program; Obtaining a vulnerability object allocation function; Monitoring a kernel heap memory allocation function and a vulnerability object allocation function by a probe tool of a dynamic expansion kernel program EBPF, and collecting memory pre-allocation data according to a monitoring result, wherein the memory pre-allocation data comprises one or more of a memory starting address, a memory space size and a memory sentinel value placement position of memory pre-allocation; Performing writing operation on the memory, and comparing a double-boundary memory writing operation parameter with the memory pre-allocation data, wherein the double-boundary memory writing operation parameter comprises a memory writing data length and a target memory address; Detecting heap overflow of the memory write operation according to the comparison result; Responding to the failure of the heap overflow detection result of the memory writing operation, releasing the original memory application through the heap memory release function, and reallocating the memory application through a dynamic cache pool algorithm; the reassigning the memory application by the dynamic cache pool algorithm includes: Creating a memory cache Chi Hou selection; the creating the memory cache Chi Hou selection set includes: Determining a first cache pool according to the memory application size; acquiring the memory allocation times in the vulnerability object allocation function characteristic hash table; Determining that the cache of the memory application is a second cache pool in response to the memory allocation times being greater than a first threshold; determining that the cache of the memory application is a third cache pool in response to the memory allocation times being smaller than or equal to a first threshold; generating a cache Chi Hou selection set according to the first cache pool, the second cache pool and the third cache pool; And determining a target cache pool from the cache pool candidate set, and reallocating the memory application through the target cache pool.
  2. 2. The memory management method according to claim 1, wherein before the kernel native heap memory allocation function and the heap memory release function are obtained by the dynamic extension kernel program, the method comprises: Configuring kernel heap overflow defense service; The configuration kernel heap overflow defense service includes: And setting a kernel stack overflow defense service start-stop control mode through a service manager, wherein the kernel stack overflow defense service start-stop control mode comprises one or more of manual start-stop, fault restart and start-up self-start.
  3. 3. The memory management method according to claim 1, wherein before the kernel native heap memory allocation function and the heap memory release function are obtained by the dynamic expansion kernel program, further comprising: Initializing the dynamic expansion kernel program; The initializing the dynamic expansion kernel program comprises the following steps: Defining a memory allocation function metadata hash table, setting a memory allocation function metadata hash table key as a pre-allocated memory address, and setting a memory allocation function metadata hash table value as a memory allocation function metadata structure body, wherein the memory allocation function metadata structure body is used for recording the size of a memory space pre-allocated by a memory and the placement position of a memory sentinel value; Defining a vulnerability object allocation function characteristic hash table, setting a vulnerability object allocation function characteristic hash table key as a process for allocating vulnerability memory objects, and setting a vulnerability object allocation function characteristic hash table value as a vulnerability object allocation function characteristic structure, wherein the vulnerability object allocation function characteristic structure is used for recording memory allocation times, a process for allocating vulnerability memory objects and vulnerability object allocation function call stack information.
  4. 4. The memory management method according to claim 1, wherein the obtaining, by the dynamic extension kernel program, the kernel native heap memory allocation function and the heap memory release function includes: respectively determining proxy functions of the kernel native heap memory allocation function and the heap memory release function through a kernel function calling mechanism of the dynamic expansion kernel program; And respectively acquiring the kernel native heap memory allocation function and the heap memory release function through proxy functions of the kernel native heap memory allocation function and the heap memory release function.
  5. 5. The memory management method according to claim 1, wherein the monitoring the kernel heap memory allocation function and the vulnerability object allocation function by the probe tool of the dynamic extension kernel program, and collecting memory pre-allocation data according to a monitoring result, includes: Monitoring the vulnerability object distribution function through a probe tool of the dynamic expansion kernel program, acquiring vulnerability distribution point metadata according to a vulnerability object distribution function monitoring result, and storing the vulnerability distribution point metadata in a vulnerability object distribution function characteristic hash table; The vulnerability allocation point metadata comprises memory allocation times, a process for allocating vulnerability memory objects and stack identifications generated by vulnerability object allocation function call stack information.
  6. 6. The memory management method according to claim 5, wherein the obtaining vulnerability distribution point metadata according to the vulnerability object distribution function monitoring result and storing the vulnerability distribution point metadata in the vulnerability object distribution function feature hash table comprises: monitoring the memory allocation function of the kernel stack through a probe tool of a dynamic expansion kernel program; Judging whether the vulnerability memory object process and vulnerability object allocation function call stack information of the current memory application are consistent with the vulnerability memory object process and vulnerability object allocation function call stack information in the vulnerability object allocation function feature hash table; And in response to the fact that the vulnerability memory object process and vulnerability object allocation function call stack information of the current memory application are consistent with the vulnerability memory object process and vulnerability object allocation function call stack information in the vulnerability object allocation function feature hash table, storing memory allocation function metadata in a memory allocation function metadata hash table, wherein the memory allocation function metadata is memory pre-allocation data.
  7. 7. The memory management method according to claim 5, wherein comparing the double boundary memory write operation parameter with the memory pre-allocation data, detecting heap overflow of the memory write operation according to the comparison result, releasing the original memory application through the heap memory release function in response to the detection result of the heap overflow of the memory write operation not passing, and re-allocating the memory application through a dynamic cache pool algorithm, comprises: acquiring double boundary memory write operation parameters through a memory write operation function of the dynamic expansion kernel program, wherein the memory write operation parameters comprise a target memory address and a memory write data length; judging whether the length of the memory writing data is larger than the memory size pre-allocated to the memory or whether the target memory address invades a memory sentinel value placement position area or not; responding to the memory writing data length being larger than the memory size of the memory pre-allocation or the target memory address invading the memory sentinel value placement position area, releasing the original memory application through the heap memory release function, and reallocating the memory application through a dynamic cache pool algorithm; the method further comprises the steps of: And responding to the memory writing data length being smaller than or equal to the memory size pre-allocated to the memory and the target memory address not invading the memory sentinel value placement position area, continuing writing the application memory through the memory application request.
  8. 8. The memory management method according to claim 6, wherein after releasing the original memory application by the heap memory release function and reallocating the memory application by the dynamic cache pool algorithm, the method comprises: verifying the release process of the original memory application; The verifying the release process of the original memory application comprises the following steps: Deleting metadata of the vulnerability object allocation function characteristic hash table and the memory allocation function metadata hash table through the heap memory release function; Deleting the metadata of the vulnerability object allocation function characteristic hash table and the memory allocation function metadata hash table through the heap memory release function, including: Deleting metadata corresponding to the original memory application in the memory allocation function metadata hash table in response to the metadata corresponding to the original memory application in the memory allocation function metadata hash table; and deleting metadata corresponding to the original memory application in the vulnerability object allocation function characteristic hash table in response to the released memory application belonging to the process of allocating the vulnerability memory object and the process of allocating the vulnerability memory object ending.
  9. 9. An electronic device, the electronic device comprising: A memory for storing a computer program; A processor for implementing the steps of the memory management method according to any one of claims 1 to 8 when executing said computer program.

Description

Memory management method and electronic equipment Technical Field The present application relates to the field of system security technologies, and in particular, to a memory management method and an electronic device. Background The Linux kernel is used as a core component of a modern operating system and is widely applied to servers, cloud computing, embedded equipment and mobile terminals, a kernel heap memory management function is responsible for dynamically distributing and releasing heap memory and is a core function when the kernel runs, however, the complexity of the heap memory management function makes the heap memory management function easily threatened by heap overflow attack or program errors. The heap overflows and covers the next memory heap block adjacent to the heap overflow to influence the normal execution of the program, if the next memory heap block adjacent to the heap overflow stores a function pointer, the aim of hijacking the execution flow of the program and further raising the authority to the highest authority user can be achieved, and if the next memory heap block adjacent to the heap overflow stores a core key data structure, the data damage can cause the core crash and even the system is completely unavailable, and the security and the reliability of the system are seriously threatened. Disclosure of Invention The application provides a memory management method and electronic equipment, the method comprises the steps of obtaining a kernel native heap memory allocation function and a heap memory release function through a dynamic expansion kernel program, obtaining a vulnerability object allocation function, monitoring the kernel heap memory allocation function and the vulnerability object allocation function through a probe tool of the dynamic expansion kernel program, collecting memory pre-allocation data according to monitoring results, wherein the memory pre-allocation data comprises one or more of a memory starting address, a memory space size and a memory whistle value placement position of the memory pre-allocation data, performing writing operation on a memory, comparing a double boundary memory writing operation parameter with the memory pre-allocation data, wherein the double boundary memory writing operation parameter comprises a memory writing data length and a target memory address, detecting heap overflow of the memory writing operation according to comparison results, releasing an original memory application through the heap memory release function and performing reallocation on the memory application through a dynamic cache pool algorithm in response to the failure of the heap overflow detection result of the memory writing operation. The application can block the authority lifting and kernel collapse caused by memory heap overflow in real time, solves the problems of memory fragmentation and defense hysteresis, and remarkably improves the continuous guarantee capability of key business scenes. The application provides a memory management method, which is applied to a processor of a server and comprises the following steps: acquiring a kernel native heap memory allocation function and a heap memory release function through a dynamic expansion kernel program; Obtaining a vulnerability object allocation function; Monitoring a kernel heap memory allocation function and a vulnerability object allocation function by a probe tool of a dynamic expansion kernel program, and acquiring memory pre-allocation data according to a monitoring result, wherein the memory pre-allocation data comprises one or more of a memory starting address, a memory space size and a memory sentinel value placement position of memory pre-allocation; Writing the memory; comparing the double-boundary memory write operation parameters with the memory pre-allocation data, wherein the double-boundary memory write operation parameters comprise a memory write data length and a target memory address; Detecting heap overflow of the memory write operation according to the comparison result; And in response to the failure of the heap overflow detection result of the memory write operation, releasing the original memory application through a heap memory release function, and reallocating the memory application through a dynamic cache pool algorithm. The application also provides a server, which comprises a processor, wherein the processor is used for: acquiring a kernel native heap memory allocation function and a heap memory release function through a dynamic expansion kernel program; Obtaining a vulnerability object allocation function; Monitoring a kernel heap memory allocation function and a vulnerability object allocation function by a probe tool of a dynamic expansion kernel program, and acquiring memory pre-allocation data according to a monitoring result, wherein the memory pre-allocation data comprises one or more of a memory starting address, a memory space size and a memory sentinel value place