Search

CN-121979591-A - Processor

CN121979591ACN 121979591 ACN121979591 ACN 121979591ACN-121979591-A

Abstract

The invention provides a processor which comprises an execution module and a memory checking module, wherein the execution module is used for executing access constraint instructions generated by a compiler in response to the calling operation of a first function to a second function in an application program to determine a safe execution strategy, and when the second function is executed, the memory checking module is used for analyzing the access address of the second function according to the safe execution strategy to obtain an analysis result and controlling the execution of the second function according to the analysis result. In addition, the safety isolation means of the invention is fast to execute, does not need to be trapped in a kernel mode, and has higher performance, so that the response is quicker.

Inventors

  • LI YAWEI

Assignees

  • 龙芯中科技术股份有限公司

Dates

Publication Date
20260505
Application Date
20251224

Claims (16)

  1. 1. A processor comprising a processor, a memory, and a control unit, characterized by comprising the following steps: an execution module and a memory check module; The method comprises the steps that an execution module is used for executing access constraint instructions generated by a compiler to determine a safe execution strategy in response to the calling operation of a first function to a second function in an application program; And when the second function is executed, the memory checking module is used for analyzing the access address of the second function according to the security execution strategy to obtain an analysis result, and controlling the execution of the second function according to the analysis result.
  2. 2. The processor of claim 1, wherein the memory inspection module comprises a plurality of inspection units and a comparison unit, wherein the security execution strategies corresponding to different inspection units are different; The checking unit is used for analyzing the access address of the second function according to the corresponding security execution strategy to obtain an analysis result, and sending the analysis result to the checking comparison unit; the comparison unit is used for controlling the execution of the second function according to the detection results of the plurality of detection units.
  3. 3. The processor of claim 2, wherein the plurality of inspection units comprises: a constraint window management unit, a domain management unit and a global management unit; the constraint window management unit is used for comparing the access address of the second function with a CSW table to obtain a first detection result; the global management unit is used for comparing the access address of the second function with a preset global memory fragment area to obtain a second detection result, wherein the global memory fragment area is configured for all functions to access; the domain management unit is configured to detect whether the second function operates in a target security domain, and obtain a third detection result, where the target security domain is a memory partition allocated to the second function by the constraint window management unit.
  4. 4. The processor of claim 3, wherein the access constraint instruction defines a memory window accessible to the second function, the secure execution policy comprising allowing the second function to access data in the accessible memory window; the execution module is specifically configured to execute the access constraint instruction, and add the memory window accessible by the second function to the CSW table by calling a constraint window management unit.
  5. 5. The processor of claim 3, wherein the execution module is specifically configured to, when executing the ICall instruction generated by the compiler, invoke the domain management unit to allocate a corresponding target security domain for the second function, so that the second function is executed in the target security domain, where the target security domain is a memory slice allocated for the second function by the constraint window management unit; and the constraint window management unit is further used for executing IRet instructions generated by the compiler when the second function is executed, logging off the target security domain of the second function, and switching to the target security domain of the first function.
  6. 6. A processor according to claim 3, wherein the domain management unit is specifically configured to: Acquiring a target security domain identifier allocated for the second function, and comparing whether the target security domain identifier is consistent with a security domain identifier of a memory partition to be accessed by a memory access address of the second function; If yes, determining that the second function operates in the target security domain; If not, determining that the second function does not run in the target security domain.
  7. 7. A processor according to claim 3, wherein the comparison unit is specifically configured to: and when at least one of the following conditions is met, performing memory access through the memory access address of the second function: A memory window with the access address in the CSW table is obtained as the first detection result; The second detection result is that the access address is in the global memory area; The third detection result is that the access address is in the target security domain.
  8. 8. A processor according to claim 3, wherein the comparison unit is further configured to: Performing exception handling when at least one of the following conditions is satisfied: The first detection result is that the access address is not in a memory window in the CSW table; The second detection result is that the access address is not in the global memory slice; the third detection result is that the access address is not in the target security domain.
  9. 9. The processor of claim 4, wherein in the event that the CSW table does not have an idle entry, the constraint window management unit is to: Calling a kernel to encrypt at least part of history items in the CSW table and moving the encrypted history items to a preset memory area to obtain newly added idle items; and adding the memory window accessible by the second function to the newly added idle entry in the CSW table.
  10. 10. A processor according to claim 3, wherein the global management unit is further configured to: recording a stack space of the second function, and configuring the second function to allow access only to the stack space of the second function, prohibit the second function from modifying the stack space of the first function, and prohibit operation of stack spaces adjacent to the second function.
  11. 11. A processor comprising a processor, a memory, and a control unit, characterized by comprising the following steps: A decoder for decoding an access constraint instruction according to the access constraint instruction comprising an operation code, the access constraint instruction further comprising a first operand identifying a general register and a second operand characterizing security domain information of a callee; A general register storing a storage address of a transfer parameter to be transferred to a callee; the CSW table is used for recording security domain information which is allowed to be accessed by the callee; the execution circuit executes the decoded instruction, reads a memory address in the general register, writes the memory address in a CSW table in association with security domain information, and allows or denies memory access of the callee based on the information in the CSW table.
  12. 12. The processor of claim 11, wherein the processor further comprises, The first operand is in the form of a pointer and the second operand is in the form of a register or an immediate.
  13. 13. The processor of claim 11, wherein the CSW table comprises a plurality of entries, each entry for characterizing a security domain; The CSW table is associated with a first pointer Base PTR and a second pointer Current PTR, the first pointer Base is used for indicating a starting address of a Current security domain in the CSW table, and the second pointer Current PTR is used for indicating the next available free table entry in the CSW table.
  14. 14. The processor of claim 11, wherein each entry of the CSW table comprises Addr-Size-Attrs; Wherein Addr characterizes the memory address of the transfer parameter; the Size characterizes a memory address range, attrs characterizes an access attribute, and the memory address range is used for characterizing an address range of a memory chip area storing the transfer parameter.
  15. 15. A processor comprising a processor, a memory, and a control unit, characterized by comprising the following steps: A decoder for decoding the ICall instruction according to ICall instruction including an opcode, the ICall instruction further including a third operand specifying an entry address for a callee; A first security domain status register storing a current security domain identification; A second security domain status register storing a security domain identification of the callee; And the execution circuit executes the decoded instruction, updates the first security domain state register into the newly allocated security domain identifier of the callee, and switches the pointer of the CSW table to an entry associated with the newly allocated security domain identifier to complete the switching of the security domain.
  16. 16. A processor comprising a processor, a memory, and a control unit, characterized by comprising the following steps: A decoder to decode the IRet instruction according to IRet instructions comprising an opcode; A first security domain status register storing a current security domain identification; A second security domain status register storing a security domain identification of the callee; And the execution circuit executes the decoded instruction, updates the first security domain status register into the security domain identifier of the caller, switches the pointer of the CSW table into an item associated with the security domain identifier of the caller, releases the security domain identifier of the callee and completes the exit of the security domain.

Description

Processor Technical Field The invention relates to the technical field of computers, in particular to a processor. Background The programming language employed by the underlying software stack exposes many programming details for convenience and flexibility in manipulating the underlying hardware, such as direct manipulation of pointers, arbitrary modification of the contents of the stack, unlimited use of inline compilations, and so forth. This creates significant safety issues for the system while providing ease of use. In the related technology, the first scheme can adopt a process isolation technology to solve the security problem so that processes are mutually independent, and the second scheme can adopt a virtualization technology to realize isolation in the processes so as to solve the security problem. However, the scheme I has larger performance loss and longer response time, and the scheme II needs to be in a kernel mode and can only realize the protection of the granularity of the container, so that the protection granularity is rough and the operation cost is larger. Disclosure of Invention In view of the above, embodiments of the present invention have been developed to provide a processor that overcomes, or at least partially solves, the above-described problems. In a first aspect, embodiments of the present invention disclose a processor comprising: an execution module and a memory check module; The method comprises the steps that an execution module is used for executing access constraint instructions generated by a compiler to determine a safe execution strategy in response to the calling operation of a first function to a second function in an application program; And when the second function is executed, the memory checking module is used for analyzing the access address of the second function according to the security execution strategy to obtain an analysis result, and controlling the execution of the second function according to the analysis result. In a second aspect, an embodiment of the present invention further discloses a processor, including: A decoder for decoding an access constraint instruction according to the access constraint instruction comprising an operation code, the access constraint instruction further comprising a first operand identifying a general register and a second operand characterizing security domain information of a callee; A general register storing a storage address of a transfer parameter to be transferred to a callee; the CSW table is used for recording security domain information which is allowed to be accessed by the callee; the execution circuit executes the decoded instruction, reads a memory address in the general register, writes the memory address in a CSW table in association with security domain information, and allows or denies memory access of the callee based on the information in the CSW table. In a third aspect, an embodiment of the present invention further discloses a processor, including: A decoder for decoding the ICall instruction according to ICall instruction including an opcode, the ICall instruction further including a third operand specifying an entry address for a callee; A first security domain status register storing a current security domain identification; A second security domain status register storing a security domain identification of the callee; And the execution circuit executes the decoded instruction, updates the first security domain state register into the newly allocated security domain identifier of the callee, and switches the pointer of the CSW table to an entry associated with the newly allocated security domain identifier to complete the switching of the security domain. In a fourth aspect, an embodiment of the present invention further discloses a processor, including: A decoder to decode the IRet instruction according to IRet instructions comprising an opcode; A third security domain status register storing a current security domain identification; a fourth security domain status register storing a security domain identification of the callee; and the execution circuit executes the decoded instruction, updates the third security domain state register into the security domain identifier of the caller, switches the pointer of the CSW table into an item associated with the security domain identifier of the caller, releases the security domain identifier of the callee in the fourth security domain state register and completes the exit of the security domain. In a fifth aspect, the embodiment of the invention also discloses electronic equipment, which comprises a processor. In the embodiment of the invention, aiming at the function calling process, the processor can execute the access constraint instruction generated by the compiler when jumping to the called second function, determine the safe execution strategy, and then restrict the execution process of the second function through the safe execution strategy