[go: up one dir, main page]

CN116894275B - Page table updating method, server, graphics processor, chip and storage medium - Google Patents

Page table updating method, server, graphics processor, chip and storage medium Download PDF

Info

Publication number
CN116894275B
CN116894275B CN202311159977.3A CN202311159977A CN116894275B CN 116894275 B CN116894275 B CN 116894275B CN 202311159977 A CN202311159977 A CN 202311159977A CN 116894275 B CN116894275 B CN 116894275B
Authority
CN
China
Prior art keywords
page table
driver
updated
verification
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311159977.3A
Other languages
Chinese (zh)
Other versions
CN116894275A (en
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mole Thread Intelligent Technology Beijing Co ltd
Original Assignee
Moore Threads Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Moore Threads Technology Co Ltd filed Critical Moore Threads Technology Co Ltd
Priority to CN202311159977.3A priority Critical patent/CN116894275B/en
Publication of CN116894275A publication Critical patent/CN116894275A/en
Application granted granted Critical
Publication of CN116894275B publication Critical patent/CN116894275B/en
Priority to TW113134002A priority patent/TW202511997A/en
Priority to PCT/CN2024/117826 priority patent/WO2025051279A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a page table updating method, a server, a graphic processor, a chip and a storage medium, which are applied to the server, wherein the server runs a first driver and a second driver; the method comprises the following steps: under the condition that a jump mechanism is triggered through a first drive, verifying the content of a page table to be updated written in a first storage space by the first drive through a second drive to obtain a verification result; the verification result is used for indicating whether the page table to be updated is credible or not; updating the information table currently maintained by the second driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table. The security of updating the page table can be improved through the method and the device.

Description

Page table updating method, server, graphics processor, chip and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, but not limited to a method for updating a page table, a server, a graphics processor, a chip, and a storage medium.
Background
Graphics processor (Graphics Processing Unit, GPU) virtualization is the passing of a GPU through software and hardware slicing techniques so that multiple virtual machines (Virtual Manufacturing, VM) can share computing power using the GPU.
GPU virtualization technology involves a virtual machine manager (Virtual Machine Manager, VMM), and a virtual machine operating system. Each VM maintains an independent GPU page table that is used to manage the mapping between virtual and physical addresses of the GPU. In the related art, when the GPU page table stored by the VM is updated, malicious modification of the GPU page table by other VMs occurs, which affects the security of the page table.
Disclosure of Invention
The embodiment of the application provides a page table updating method, a server, a graphics processor, a chip and a storage medium, which can improve the security of updating a page table.
The technical scheme of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a method for updating a page table, which is applied to a server, where the server runs a first driver and a second driver, and the method includes:
under the condition that a jump mechanism is triggered by the first drive, verifying the page table content to be updated written in a first storage space by the first drive by the second drive to obtain a verification result; the check result is used for indicating whether the page table to be updated is credible or not;
Updating the information table currently maintained by the second driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In a second aspect, an embodiment of the present application provides a method for updating a page table, applied to a graphics processor, where the graphics processor runs a third driver, the method includes:
obtaining a verification result through the third drive; the verification result is used for indicating whether the content of the page table to be updated is credible or not; the verification result is that the second driver informs the third driver in a task issuing mode;
updating the information table currently maintained by the third driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In a third aspect, embodiments of the present application provide a server, where the server includes a first driving unit and a second driving unit; the first driving unit is used for checking the page table content to be updated written in the first storage space by the first driving unit through the second driving unit under the condition that the jump mechanism is triggered by the first driving unit, so as to obtain a checking result; the check result is used for indicating whether the page table to be updated is credible or not;
The second driving unit is used for updating the information table currently maintained by the second driving unit according to the verification result to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In a fourth aspect, embodiments of the present application provide a graphics processor, including a third driving unit; the acquisition unit is used for acquiring a verification result through the third drive; the verification result is used for indicating whether the content of the page table to be updated is credible or not; the verification result is that the second driver informs the third driver in a task issuing mode; updating the information table currently maintained by the third driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In a fifth aspect, embodiments of the present application provide a server, including: the first processor is used for calling and running the computer program stored in the first memory, and executing the updating method of the page table on the server side.
In a sixth aspect, embodiments of the present application provide a graphics processor, including: the second processor is used for calling and running the computer program stored in the second memory, and executing the updating method of the page table on the side of the graphic processor.
In a seventh aspect, embodiments of the present application provide a chip, including: a processor for calling and running a computer program from a memory so that a device mounted with the chip performs a method of updating a page table on a server side; alternatively, a method of updating the page table on the graphics processor side is performed.
In an eighth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program that, when executed by at least one processor, implements a method of updating a page table on a server side; alternatively, a method of updating the page table on the graphics processor side is implemented.
The embodiment of the application provides a page table updating method, a server, a graphics processor, a chip and a storage medium, which are applied to the server, wherein the server runs a first driver and a second driver, and the method comprises the following steps: firstly, under the condition that a jump mechanism is triggered through a first drive, verifying the content of a page table to be updated written in a first storage space by the first drive through a second drive to obtain a verification result; the verification result is used for indicating whether the page table to be updated is credible or not; then, according to the verification result, updating the information table currently maintained by the second driver to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table. Under the condition that a jump mechanism is triggered through the first drive, the server checks the page table to be updated through the second drive, so that the first drive can not update the page table by itself, and can only entrust the second drive to update the page table.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the technical aspects of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Fig. 1 is a schematic flow chart of an alternative method for updating a page table according to an embodiment of the present application;
FIG. 2 is a second flow chart of an alternative method for updating a page table according to the embodiment of the present application;
FIG. 3 is a schematic diagram of an alternative communication mechanism between a first driver and a second driver according to an embodiment of the present application;
fig. 4 is a flowchart third of an alternative method for updating a page table according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an alternative basic verification provided in an embodiment of the present application;
fig. 6 is a flowchart of an alternative method for updating a page table according to an embodiment of the present application;
FIG. 7 is a schematic diagram of an alternative full link check provided in an embodiment of the present application;
FIG. 8 is a schematic diagram of an alternative supplemental check provided by an embodiment of the present application;
FIG. 9 is a second schematic diagram of an alternative communication mechanism between a first driver and a second driver according to an embodiment of the present disclosure;
fig. 10 is a flowchart fifth of an alternative method for updating a page table according to an embodiment of the present application;
FIG. 11 is a schematic diagram of an alternative communication mechanism of the first drive, the second drive, and the third drive according to an embodiment of the present application;
FIG. 12 is a schematic illustration of interaction of an alternative first, second and third drive provided in an embodiment of the present application;
FIG. 13 is a second schematic interaction diagram of an alternative first, second, and third drive provided in an embodiment of the present application;
fig. 14 is a schematic structural diagram of an alternative server according to an embodiment of the present application;
FIG. 15 is a schematic diagram of an alternative graphics processor according to an embodiment of the present disclosure;
Fig. 16 is a schematic diagram ii of an alternative server according to an embodiment of the present application;
FIG. 17 is a second schematic diagram of an alternative graphics processor according to an embodiment of the present disclosure;
fig. 18 is a schematic structural diagram of a chip according to an embodiment of the present application;
fig. 19 is a schematic block diagram of a communication system according to an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the embodiments of the present application to be more apparent, the specific technical solutions of the present application will be described in further detail below with reference to the accompanying drawings in the embodiments of the present application. The following examples are illustrative of the present application, but are not intended to limit the scope of the present application.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the present application.
In the following description reference is made to "some embodiments," "this embodiment," and examples, etc., which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
GPU virtualization is to make the GPU pass through a certain software and hardware segmentation technology so that multiple virtual machines can share the computing capacity of using the GPU. At present, security during GPU-oriented virtualization is not considered in the related art, and a two-stage GPU memory management unit (Memory Management Unit, MMU) or a hardware module with similar functions is lacking in a chip, so that VMs can access data of other VMs through the GPU, and serious security problems are brought.
The MMU is used for managing address translation and access authority control of the GPU to access the system memory. The two-stage GPU MMU generally refers to a structure in which a memory management unit of the GPU adopts two-stage address translation, a first stage MMU is responsible for translating GPU virtual addresses into GPU physical addresses, and a second stage MMU is responsible for translating GPU physical addresses into system physical addresses, thereby providing more flexible address mapping and finer granularity of authority control. Thus, if the GPU chip lacks a two-stage GPU MMU, some limitations and problems may result, including:
1) Address mapping limits: lack of a two-stage MMU may limit the size and mapping of GPU address space and may not effectively utilize system memory resources;
2) Permission control limit: lack of a two-phase MMU may result in insufficient granularity of authority control, making flexible access control to different memory regions difficult;
3) Performance limitations: the two-stage MMU may split the address translation task into two levels of MMU, thereby improving the efficiency and performance of address translation, so the lack of a two-stage MMU may result in reduced performance.
Currently, in the standard solution of virtualized GPUs (vGPU), a virtualization manager (VMM) is included, as well as guest operating systems (VM), where each VM needs to maintain a separate page table of the GPU. The GPU page table is a data structure, and is used for managing the mapping relationship between the virtual address and the physical address of the GPU. The GPU page table is similar to the page table in the operating system, but is optimized for the specific needs of the GPU. The GPU page table is used to translate virtual addresses used by the GPU program into actual physical addresses to access data stored in the GPU memory. When a GPU program accesses a virtual address, the GPU page table looks up the corresponding location of the address in physical memory and maps the access operation to the correct physical address.
Further, GPU page tables are typically composed of page table entries, each containing a virtual address and a corresponding physical address. The page table entry may also contain other relevant information such as access rights, cache policies, etc. The GPU page table may be a hierarchy that contains multiple levels of page tables to support a larger address space and more efficient address translation. By using the GPU page table, the GPU can realize virtual memory management, provide larger address space, memory isolation and security, and support concurrent execution of multiple tasks.
In the related art, a conventional GPU three-level page table includes: a primary Page Table (PC), a secondary Page Table (PD), a tertiary Page Table (PT). Specifically, the PC includes entries of a plurality of PDs, and the PC functions to map the higher-order part of the virtual machine address to the corresponding PD; the role of the PD is to map the middle bit portion of the virtual address to the corresponding PT; the PT contains a plurality of page table entries, each page table entry corresponds to a page of the virtual address, and records the position information of the page in the physical address space.
When the GPU program accesses a certain virtual address, the GPU sequentially searches the corresponding page table entries according to the hierarchical structure to find a physical address corresponding to the virtual address. First, the GPU will find the first page table PC, and find the address of the second page table PD according to the high order bits of the virtual address. Then, a lookup is continued in the second stage page table PD, and the address of the third stage page table PT is found from the middle bit of the virtual address. Finally, a physical address corresponding to the virtual address is found in the three-stage page table PT. By introducing three levels of page tables, the GPU can support a larger address space to meet the requirements of large-scale data processing and computation. In addition, the three-level page table can also improve the address conversion efficiency, reduce the storage overhead and support a more flexible address mapping strategy so as to optimize the performance and the memory management capability of the GPU.
The specific addresses and contents of the primary page table PC, the secondary page table PD and the tertiary page table PT are allocated by the operating system. When the operating system issues a task, the operating system carries the information of the head address of the GPU page table, and is named PCROOT. PCROOT is the starting address of the page table, which is the pointer or reference of the starting entry pointing to the primary page table, and in order to inform the position of the primary page table used by the GPU task, when the dispatching processing chip in the GPU receives the task of the operating system VM, the dispatching processing chip processes according to the PCROOT to dispatch the GPU chip to work.
However, in the related art, when the operating system issues a task to the GPU, the GPU uses the page table to perform data read-write operation, and if the GPU page table points to an illegal address due to an attack in a certain VM, the task issued by the operating system to the GPU will cause a serious security problem.
Based on this, the embodiment of the application provides a method for updating a page table, which is applied to a server, and the server runs a first driver and a second driver, and the method includes: firstly, under the condition that a jump mechanism is triggered through a first drive, a server verifies the content of a page table to be updated written in a first storage space by the first drive through a second drive to obtain a verification result; the verification result is used for indicating whether the page table to be updated is credible or not; then, according to the verification result, the server updates the information table currently maintained by the server through a second drive to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table. Under the condition that a jump mechanism is triggered through the first drive, the server checks the page table to be updated through the second drive, so that the first drive can not update the page table by itself, and can only entrust the second drive to update the page table.
The page table updating method provided by the embodiment of the application is executed by the server and the graphics processor, wherein the server and the graphics processor are connected through a hardware interface.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
Fig. 1 is a flowchart of an alternative method for updating a page table according to an embodiment of the present application, as shown in fig. 1, the method includes S101 to S102:
s101, under the condition that a jump mechanism is triggered through a first drive, verifying the content of a page table to be updated written in a first storage space by the first drive through a second drive to obtain a verification result; the check result is used to indicate whether the page table to be updated is trusted.
In the embodiment of the application, under the condition that the jump mechanism is triggered through the first drive, the server verifies the content of the page table to be updated, written in the first storage space by the first drive, through the second drive, and a verification result is obtained.
In the embodiment of the application, a plurality of VM virtual machines are run on a server, each operating system runs a first driver, and a second driver is run on the server. The first drive is a VM drive, and the second drive is a VMM drive.
In the embodiment of the application, the jump mechanism is a control flow operation in the execution process, which allows the program to jump to another instruction sequence during the execution, thereby changing the execution sequence of the program.
In the present embodiment, the jump mechanism is also referred to as VM-Exit.
In some embodiments of the present application, in the event that the jump mechanism is triggered by the first driver, the task process of the first driver is in a suspended state; wherein the task process is associated with updating page table contents.
In the embodiment of the application, in the case that the first driver triggers the jump mechanism (VM-Exit), the task process related to updating the page table content in the VM is suspended.
It will be appreciated that by the jump mechanism, the second drive can monitor and schedule the operation of the first drive, thereby ensuring the safety and stability of the system.
In the embodiment of the application, under the condition that the first drive triggers the jump mechanism, the second drive checks the content of the page table to be updated written in the first storage space by the first drive, so as to obtain a check result for indicating whether the page table to be updated is credible.
In some embodiments of the present application, the method further comprises: applying for a first storage space through a first drive; the first storage space is used for enabling communication between the first drive and the second drive.
In this embodiment of the present application, the first storage space is applied for by the first driver, and a communication mechanism of the first driver and the second driver may be established through the first storage space.
In this embodiment of the present application, the first storage space is used to store relevant data of the page table to be updated.
In the embodiment of the present application, the first storage space is a shared memory of the first drive and the second drive, and the first storage space may be denoted as a by way of example.
It will be appreciated that the communication mechanism between the VM and the VMM may be established through the first storage space to facilitate the transfer and update of page table data, so that the VM system may fulfill the need to send page table data to be updated to the VMM driver.
It should be noted that, the first storage space is used as a data transmission channel between the first driver and the second driver, the first driver may store the related data of the page table content to be updated in a specific position in the first storage space a, and the related data of the page table content to be updated may be laid out by using a structure body, where the structure body includes related information such as a page table address, a page table content, and the like.
For example, the communication between the first drive and the second drive by sharing the memory may include the following steps:
1) The server applies for a first storage space A (also called a shared memory area) through a first drive, and is used for storing a page table to be updated, which is required to be updated by the VM system;
2) The server writes the page table content to be updated into the first storage space A through the first drive, and the page table content to be updated can be packaged into a structural body or other specific data formats so that the second drive can accurately analyze and process the page table content;
3) The server detects the data change in the first storage space A through the second drive and reads the content of the page table to be updated;
4) And the server performs a subsequent verification process on the acquired page table content to be updated through the second driver.
It can be understood that, on one hand, the communication mechanism of the first drive and the second drive is established in a memory sharing manner, so that the first drive and the second drive can perform effective data exchange, update and management of page table data are realized, and correctness and consistency of page tables are ensured; on the other hand, through the communication mechanism established by the shared memory, data exchange and communication between the first drive and the second drive can be realized, high-efficiency data sharing between the first drive and the second drive can be realized, and the cost of copying data and the delay of communication are avoided.
It should be noted that, in the embodiment of the present application, the communication between the first driver and the second driver may also be implemented by other communication mechanisms (such as a socket mode), which is not limited in this application, and may specifically be selected according to an actual application scenario.
S102, updating the information table currently maintained by the second driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table.
In the embodiment of the application, after the server verifies the content of the page table to be updated in the first storage space through the second driver, the server updates the information table currently maintained by the server through the second driver to obtain a trusted information table.
In the embodiment of the present application, the trusted information table is used to store relevant information of the trusted page table, for example, the page table address, page table content, page table root information (PCROOT) and the like of the trusted page table may be stored in the trusted information table, which is not limited in this application.
In some embodiments of the present application, the trusted information table includes at least: page table root information of the trusted page table.
In embodiments of the present application, page table root information may be represented as PCROOT.
In the embodiment of the present application, the page table root information PCROOT is used to represent the header address information (also referred to as the header position) of the GPU page table, where the header address information refers to the start address of the GPU page table, which is also referred to as the base address of the page table. PCROOT is a pointer or reference to the first entry of the GPU page table. That is, the head location of the GPU page table stores the starting address of the page table, through which the first entry of the page table can be accessed. Therefore, through the head position of the page table, the GPU can search the corresponding page table item according to the index of the virtual address, and then obtain the corresponding physical address to finish the memory access operation.
In the embodiment of the present application, the information table is also referred to as a PCROOT table. The PCROOT Table is a data structure for managing Page tables, and is used for determining the position of a Root node (Root Page Table) of each Page Table in a virtual address space. In a virtualized scenario, each Virtual Machine (VM) has its own page table for address translation, while the PCROOT table is used to store the root node location of each virtual machine's page table. The PCROOT table contains a plurality of entries, each entry corresponding to a page table of a virtual machine. Each entry records the physical address or other identifier of the page table of the virtual machine so that the corresponding page table can be found at address translation. The function of the PCROOT table is to provide a way to centrally manage and find page tables so that the virtualization manager can quickly find and use the correct page table for address translation.
It should be noted that, the head Position (PCROOT) of the GPU page table is usually initialized and managed by the operating system or the driver, and the GPU accesses the page table through the head position when address translation is required.
In some embodiments of the present application, updating the currently maintained information table by the second driver according to the verification result in S102 to obtain a trusted implementation of the information table may include S1021 to S1022:
s1021, when the verification result indicates that the content of the page table to be updated is credible, adding page table root information corresponding to the content of the page table to be updated into an information table currently maintained by a second driver through the second driver, so as to obtain a credible information table;
s1022, deleting page table root information corresponding to the page table content to be updated in the information table currently maintained by the second driver under the condition that the verification result indicates that the page table content to be updated is not trusted, so as to obtain a trusted information table.
In the embodiment of the present application, S1021 and S1022 are in parallel, that is, S1021 and S1022 may be alternatively executed.
In the embodiment of the application, the second driver maintains an information table, and if the verification result indicates that the content of the page table to be updated is credible, the second driver adds the page table root information corresponding to the content of the page table to be updated into the currently maintained information table, so that the credible information table is obtained; or if the verification result indicates that the content of the page table to be updated is not trusted, deleting page table root information corresponding to the content of the page table to be updated in the currently maintained information table through a second drive, so as to obtain a trusted information table.
That is, the second driver adds or deletes the page table root information in the currently maintained information table according to the checking result of the page table content to be updated, so that the second driver maintains a trusted information table, and the security of the page table can be improved by performing subsequent task processing based on the trusted information table.
It can be understood that the second driver is used for checking the content of the page table to be updated, and the second driver is used for updating the information table maintained by the second driver according to the checking result of the content of the page table to be updated, so that a trusted information table is maintained, and therefore, the content of each page table in the information table is ensured to be sufficiently checked and verified, the influence of malicious modification on the content of the page table on the system can be effectively prevented, and the stability and the safety of the system are ensured.
In an embodiment of the present application, a method for updating a page table is provided, where the method includes: firstly, under the condition that a jump mechanism is triggered through a first drive, a server verifies the content of a page table to be updated written in a first storage space by the first drive through a second drive to obtain a verification result; the verification result is used for indicating whether the page table to be updated is credible or not; then, according to the verification result, the server updates the information table currently maintained by the server through a second drive to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table. Under the condition that a jump mechanism is triggered through the first drive, the server checks the page table to be updated through the second drive, so that the first drive can not update the page table by itself, and can only entrust the second drive to update the page table.
In some embodiments of the present application, based on fig. 1, as shown in fig. 2, in S102, updating, by a second driver, a currently maintained information table according to a verification result, to obtain a trusted information table, and then implementing the trusted information table, further includes S103: and informing a third driver running on the graphic processor of the verification result through the second driver in a task issuing mode, so that the third driver synchronously updates the information table currently maintained by the third driver according to the verification result, and the third driver obtains a trusted information table.
In the embodiment of the application, the third driver is a dispatch chip driver (Schedule Chip Driver), and the third driver runs on the image processor GPU.
In the embodiment of the application, after the information table maintained by the second driver is updated, the second driver informs the third driver in a task issuing manner, so that the third driver also maintains the same trusted information table.
In this embodiment, when the member (page table root information PCROOT) stored in the trusted information table maintained by the second driver increases or decreases, it is characterized that a new member or an existing member is removed, so, in order to ensure consistency of each part in the whole system, the third driver needs to be notified, so that the inside of the third driver also maintains the same trusted information as that of the second driver.
In the embodiment of the application, the second driver sends a message to the third driver by means of issuing the task, informing it that the information table needs to be updated. In this way, the third drive will update its internal information table accordingly, thereby maintaining consistency with the trusted information table in the second drive.
In the embodiment of the present application, the manner of issuing the task is generally implemented by establishing a communication mechanism in the system, and the specific implementation depends on the system architecture and application requirements, and the following are several common manners of issuing the task:
1) Message queues: the message queue is used as a channel for task delivery. The second driver may encapsulate the task information (e.g., check results) into a message and place it in a message queue, and the third driver listens to the message queue and processes it when a task arrives.
2) Shared memory: task information is transferred through the shared memory. The second driver may write task data (e.g., check results) to the shared memory area, while the third driver periodically or according to some trigger mechanism checks whether new task data arrives in the shared memory.
3) Event mechanism: the second driver may send a task notification to the third driver using an event mechanism, which may be implemented by an event notification mechanism provided by the operating system, such as a semaphore, an event object, etc.
4) Remote procedure call (Remote Procedure Call, RPC): the RPC framework is used for task delivery and processing. The second driver may send the task data (such as the verification result) to the third driver through the RPC call, and the third driver processes after receiving the task data.
It should be noted that, the above task issuing manner is only an example, and the task issuing manner is not limited in any way, and an appropriate communication mechanism may be selected to issue the task in an actual application scenario, so as to ensure reliability and security of communication between the second driver and the third driver.
It can be understood that each driver in the system maintains the same trusted information, so that the correctness and consistency of the conversion from the virtual address to the physical address in the whole system are ensured, and the safety and correct operation of the virtual machine are ensured.
In some embodiments of the present application, notifying, by the second driver, the implementation of the third driver running on the graphics processor in the manner of issuing the task in S103 includes:
writing the verification result into a fifth storage space through a second drive so that a third drive obtains the verification result through the fifth storage space; wherein the fifth storage space is used for enabling the second drive to communicate with the third drive.
In this embodiment of the present application, the fifth storage space is a shared memory between the second driver and the third driver, and the fifth storage space is used to implement communication between the second driver (VMM driver) and the third driver (scheduling chip driver).
It may be appreciated that in the embodiment of the present application, the server writes, through the second driver, the check result of the page table content to be updated in the fifth storage space, so that the third driver may synchronously update the information table maintained by the third driver according to the check result in the fifth storage space.
In some embodiments of the present application, the method further comprises S104: writing a task instruction into a sixth storage space through the first drive, so that the third drive executes corresponding task processing according to the task instruction acquired in the sixth storage space; the task instruction carries page table root information of a target page table; the sixth storage space is for enabling the first drive to communicate with the third drive.
In this embodiment of the present application, after the third driver and the second driver both maintain the same trusted information table, the first driver may issue a task to the third driver, and the third driver performs corresponding task processing according to the trusted information table maintained by the third driver.
In this embodiment of the present application, the sixth storage space is a shared memory between the first drive and the third drive, and the sixth storage space is used to implement communication between the first drive and the third drive.
In the embodiment of the application, when the first driver issues a task (carrying a task instruction) to the third driver, the third driver judges whether page table root information carried by the task instruction is a member in a trusted information table; if trusted, the third driver will perform the task, and if untrusted, the third driver will refuse to perform the task.
In some embodiments of the present application, in S102, according to the verification result, the current maintained information table is updated by the second driver, so as to obtain a trusted information table, and the method further includes: the first driven task process is in an operational state.
In the embodiment of the application, after the server updates the information table currently maintained by the server through the second driver, the first driver continues to execute the suspended instruction, so that the task process of the first driver is in a running state.
In some embodiments of the present application, in S101, the second driver performs verification on the content of the page table to be updated written in the first storage space by the first driver, so as to obtain a verification result, where the method further includes:
Writing the content of the page table to be updated into a first storage space through a first drive; the first storage space is used for enabling the first drive and the second drive to communicate;
in the event that it is determined by the first driver that the page table contents update condition is satisfied, then the jump mechanism is triggered by the first driver.
In this embodiment of the present application, the page table content to be updated issued by the operating system is written into the first storage space through the first driver (VM driver).
In the embodiment of the application, when the content of the page table to be updated in the first storage space meets the updating condition of the content of the page table, a jump mechanism is triggered through the first driver.
In some embodiments of the present application, page table contents to be updated include: the page table to be updated and/or the page table root to be updated, the method further comprises:
and determining that the page table content updating condition is met through the first drive under the condition that the number of the page tables to be updated in the first storage space meets a preset number threshold value and/or the first storage space has the page table root to be updated.
In the embodiment of the present application, the Page Table content to be updated may be a Page Table to be updated (Page Table) or a Page Table root to be updated (PCROOT).
In the embodiment of the present application, the following two cases are satisfied when the page table content update condition is satisfied:
Case one: under the condition that the content of the page table to be updated written in the first storage space through the first drive is the page table to be updated, when the number of the page tables to be updated meets a preset number threshold, determining that the updating condition of the content of the page table is met; the preset number threshold is a preset value, for example, the preset number threshold is 16 page table entries.
And a second case: in the case that the page table content to be updated written in the first storage space by the first drive is the page table root to be updated, it is determined that the page table content update condition is satisfied.
Wherein if one or both of the above two conditions are met, the jump mechanism is triggered by the first drive.
In this embodiment of the present application, the contents of the page table to be updated delegated to the first driver by the VM operating system are stored in the first storage space a, and when the number of page tables to be updated in the first storage space a meets a preset number threshold, or the first storage space has a root of the page table to be updated, the server triggers a jump mechanism, i.e., VM-Exit, through the first driver, and at this time, a task process of the first driver is in a suspended state.
In some embodiments of the present application, triggering the implementation of the jump mechanism by the first driver includes:
Accessing a second storage space through the first drive to realize a trigger jump mechanism; the first drive is readable and writable with respect to the rights of the second storage space.
In an embodiment of the present application, the second storage space is exposed to the first drive with readable and writable properties.
In the embodiment of the present application, the second memory space is a virtual base register (Base Address Register, BAR) space, which may be denoted as BAR1. Wherein the second memory space is a virtual I/O address space configured as a readable and writable attribute, i.e. the first drive can write data into it through the second memory space and trigger a specific operation (i.e. trigger a jump mechanism).
In the embodiment of the present application, the second storage space may be a specific address range or a specific register in the system memory, and the address range or the register is used as a communication channel between the first drive and the second drive.
It will be appreciated that by accessing the second storage space through the first drive, thereby enabling the trigger-jump mechanism, a communication mechanism between the first drive and the second drive may be established.
In some embodiments of the present application, the implementation of the trigger-jump mechanism is implemented by accessing the second storage space through the first driver, including:
The trigger jump mechanism is implemented by the first drive reading data of a specific byte in the second storage space and/or by the first drive writing data into a specific byte in the second storage space.
In the embodiment of the application, the server writes data in or reads data from a specific byte of the second storage space through the first drive to trigger the jump mechanism.
Illustratively, the trigger-jump mechanism is implemented by the first drive accessing the 64 th byte in the second memory space.
In this embodiment of the present application, when the first drive writes data into the second storage space, this operation immediately triggers the jump mechanism (VM-Exit), at this time, the vCPU being executed in the first drive is suspended, and control is transferred to the VMM. The VMM captures the VM-Exit event and executes the code logic corresponding thereto, completing the corresponding process.
It will be appreciated that in this manner a communication mechanism is established between the first drive and the second drive, the first drive being able to send requests or transfer information to the second drive by writing data to the second storage space. Triggering the jump mechanism ensures that control can be transferred to the second driver in time when the first driver executes the relevant code of the page table update to execute the processing flow of the page table checksum update through the second driver. In this way, the second drive can effectively control and manage the operation of the first drive, and communicate and cooperate with the first drive in real time, so that function expansion and resource management in a virtualized environment are realized.
In this embodiment of the present application, fig. 3 is a schematic diagram of an optional communication mechanism between the first driver and the second driver provided in this embodiment of the present application, as shown in fig. 3, a server performs subsequent verification and update procedures on page table contents to be updated in the first storage space through the second driver by using the shared system memory (Shared System Memory) between the first driver application and the second driver, where the shared system memory is the first storage space a, and when the first driver determines that the page table contents update condition is met, the first driver accesses the second storage space (BAR 1), and then triggers the jump mechanism, and at this time, the task process of the first driver is in a suspended state.
It can be understood that by caching the page table entry delegated by the operating system in the first storage space and accessing the second storage space by the first driver to trigger the jump mechanism, it can be ensured that the first driver cannot directly modify the page table content to be updated, and meanwhile, the security and the correctness of the page table are ensured.
In some embodiments of the present application, as shown in fig. 4, verifying, in S101, the page table content to be updated written in the first storage space by the first driver through the second driver, to obtain a verification result, may include S1011 to S1012:
S1011, performing address verification on the page table to be updated through a second drive under the condition that the page table content to be updated comprises the page table to be updated; wherein the address check is used to determine whether the page table address and the pointing address of the page table to be updated are trusted.
S1012, under the condition that the page table to be updated passes address verification, determining that the verification result of the page table to be updated is credible through a second driver.
In this embodiment of the present application, the page table address is the address of the page table content itself to be updated, and the pointing address is the address pointed to by the page table entry in the page table content to be updated.
In the embodiment of the present application, the page table to be updated may be a primary page table (PC), a secondary page table (PD), or a tertiary Page Table (PT).
In some embodiments of the present application, address verification includes: basic verification; the implementation of address checking of the page table to be updated through the second driver in S1011 may include: performing basic verification on a page table to be updated through a second driver; wherein the basic check is used to determine if the page address and the pointing address of the page table to be updated are within an allowable range.
In some embodiments of the present application, the page table to be updated belongs to any one of a first stage page table, a second stage page table, and a third stage page table; the page table entries in the first-stage page table point to a second-stage page table, the page table entries in the second-stage page table point to a third-stage page table, and the page table entries in the third-stage page table point to a physical memory space for storing real data.
In the embodiment of the application, for the three-stage GPU page table, the first stage page table may be denoted as PC, the second stage page table may be denoted as PD, and the third stage page table may be denoted as PT.
In the embodiment of the application, the second drive performs the basic verification of the page table to be updated as the first-stage verification, and the page address and the pointing address of the page table to be updated can be determined whether to be within the allowable range or not by performing the basic verification of the page table to be updated, so that the page table to be updated is ensured to have no domain crossing, and the basic correctness of the page table to be updated is ensured.
In some embodiments of the present application, the implementation of the basic check on the page table to be updated through the second driver may include:
if the page table to be updated belongs to the first-stage page table or the second-stage page table, determining that the page table to be updated passes basic verification through a second driver under the condition that the page address and the pointing address of the page table to be updated are located in the address range of the third storage space; the third storage space is a storage space for storing a page table through the second driving application; or if the page table to be updated belongs to the third-level page table, determining that the page table to be updated passes basic verification through the second drive under the condition that the page address of the page table to be updated is located in the address range of the third storage space and the pointing address of the page table to be updated is located in the address range of the fourth storage space; the fourth storage space is a physical memory space for storing real data.
In the embodiment of the present application, the third storage space is used to store the page table content to be updated.
In this embodiment of the present application, the third storage space is unreadable and non-writable to the authority of the first drive. Therefore, the first driver can be guaranteed not to write the content of the page table to be updated into the third storage space, and further the first driver can be guaranteed not to modify and access the page table by itself, and all page table updating operations are required to be managed and controlled through the second driver, so that the safety and stability of the virtual machine can be guaranteed.
In the present embodiment, the third memory space may be denoted as BAR4.
In some embodiments of the present application, the fourth storage space includes a Frame Buffer space (Frame Buffer) and/or a System memory space (System Memroy).
For example, fig. 5 is a schematic diagram of an optional basic check provided in the embodiment of the present application, as shown in fig. 5, for a GPU three-level page table, a page table address in the first-level page table PC and a pointing address of a page table entry thereof all belong to an address range of a third memory space (BAR 4), a page table address in the second-level page table PD and a pointing address of a page table entry thereof all belong to an address range of a third memory space (BAR 4), and a pointing address of a page table entry in the third-level page table PT belongs to an address range of a fourth memory space. The fourth storage space comprises a frame buffer space and a system memory space.
It will be appreciated that for a three-stage page table, the page table addresses and the pointed addresses of the first, second and third stage page tables are primarily checked during the basic check phase. The page table addresses of the first-stage page table, the second-stage page table and the third-stage page table must be located in the address range of the third storage space, and the pointing addresses of the first-stage page table and the second-stage page table must be located in the address range of the third storage space, and the pointing address of the third-stage page table can only point to the specified fourth storage space range, so that the basic validity and correctness of the page table to be updated can be ensured by performing basic verification on the page table to be updated.
As shown in fig. 6, in S101, the verification of the page table content to be updated written in the first storage space by the first driver through the second driver, to obtain the implementation of the verification result may further include S1013 to S1014:
s1013, performing full link verification on the page table root to be updated through a second drive under the condition that the page table content to be updated comprises the page table root to be updated; the full link check is used for determining whether the pointing relation of all page tables associated with the page table root to be updated is correct.
S1014, determining that the verification result of the page table root to be updated is credible through a second drive under the condition that the page table root to be updated passes address verification.
S1011 to S1012 and S1013 to S1014 are parallel schemes, that is: the server may perform S1011 to S1012, or may perform S1013 to S1014.
In some embodiments of the present application, where the page table contents to be updated include a page table root to be updated (PCROOT), full link verification is performed on all page tables associated with the page table root to be updated by the second driver.
In some embodiments of the present application, the page table with which the page table root to be updated is associated includes: a first page table, a second page table, and a third page table.
In some embodiments of the present application, implementation of full link check by the second driver according to the page table root to be updated may include:
and under the condition that a first page table pointed by the page table root to be updated belongs to a first-stage page table, a second page table pointed by a page table item in the first page table belongs to a second-stage page table, a third page table pointed by a page table item in the second page table belongs to a third-stage page table, and an address pointed by a page table item in the third page table belongs to a fourth storage space, determining that the page table root to be updated passes full link verification through a second drive.
Fig. 7 is a schematic diagram of an alternative full link check provided in the embodiment of the present application, as shown in fig. 7, in the full link check stage, when the content of the page table to be updated is a page table root to be updated (shown by "page table root information" in fig. 7), checking whether the pointed addresses of all page tables associated with the page table root to be updated are abnormal through a second driver, if yes, indicating that the page table root to be updated is invalid. That is, taking the GPU three-level page table as an example, it needs to be ensured that the first page table pointed by the page table root to be updated belongs to the first-level page table PC, the second page table pointed by the page table entry in the first page table belongs to the second-level page table PD, and the third page table pointed by the page table entry in the second page table belongs to the third-level page table PT. Meanwhile, page table addresses of the first-stage page table, the second-stage page table and the third-stage page table must be located in an address range of the third memory space, and pointing addresses of the first-stage page table and the second-stage page table must be located in an address range of the third memory space, and pointing addresses of the third-stage page table can only point to a prescribed fourth memory space range. The fourth storage space comprises a frame buffer space and a system memory space.
In this embodiment of the present application, the second driver performs full link verification according to the currently maintained information table, that is, all the page tables associated with the page table root to be updated are verified, and if it is found that the pointing of the page table entry of a certain page table has a problem, it is modified to be invalid. Thus, a trusted information table can be established through full link verification, and the integrity and the correctness of the page table are ensured.
In some embodiments of the present application, the address verification further includes: supplementing and checking; in the case that the page table content to be updated passes the basic check or the full link check, the method further includes:
carrying out supplementary verification on the page table to be updated through a second drive under the condition that the page table to be updated contains the page table to be updated; wherein the supplementary check is used to determine if the pointing relationship of the page table to be updated is correct.
In some embodiments of the present application, implementation of supplemental check on page tables to be updated by the second driver may include: and checking the page address of the page table to be updated through the second drive according to the information table currently maintained by the second drive.
In this embodiment of the present application, the page table stored in the information table currently maintained by the second driver is a verified page table, that is, the page table in the information table currently maintained by the second driver is a known trusted page table. Therefore, the page address of the page table to be updated can be checked according to the known trusted page table in the information table, so that whether the page table address of the page table to be updated is valid or not can be determined.
In some embodiments of the present application, for a GPU three-level page table, the page table to be updated belongs to any one of a first-level page table (PC), a second-level page table (PD), and a third-level Page Table (PT).
In some embodiments of the present application, according to a page table address in an information table currently maintained by the second driver, implementation of checking, by the second driver, a page address of a page table to be updated may include:
if the page table to be updated belongs to the first-stage page table, determining that the page table to be updated does not pass the supplementary check through the second drive under the condition that the page table address of the page table to be updated is located at any one page table address of the second-stage page table and/or the third-stage page table in the information table; or if the page table to be updated belongs to the second-stage page table, determining that the page table to be updated does not pass the supplementary check through the second drive under the condition that the page table address of the page table to be updated is located at any one of the page table addresses of the first-stage page table and/or the third-stage page table in the information table; or if the page table to be updated belongs to the third-stage page table, determining that the page table to be updated does not pass the supplementary check through the second drive under the condition that the page table address of the page table to be updated is located at any one of the page table addresses of the first-stage page table and/or the second-stage page table in the information table.
Fig. 8 is a schematic diagram of an optional supplementary check provided in the embodiment of the present application, where, as shown in fig. 8, a page table to be updated is unknown, a page table in an information table currently maintained by the second driver is known, and if the page table to be updated belongs to a third-level page table, if a page table address of a page table entry of the page table to be updated is any one of a first-level page table and/or a second-level page table in the information table, it indicates that the page table entry in the page table to be updated is abnormal. Or if the page table address of the page table item of the page table to be updated is any one of the page table addresses of the first-stage page table and/or the third-stage page table in the information table, indicating that the page table item of the page table to be updated is abnormal. Or if the page table address of the page table item of the page table to be updated is any page table address of the second-stage page table and/or the third-stage page table in the information table under the condition that the page table to be updated belongs to the first-stage page table, indicating that the page table item of the page table to be updated is abnormal. Meanwhile, page table addresses of the first-stage page table, the second-stage page table and the third-stage page table must be located in an address range of the third memory space, and pointing addresses of the first-stage page table and the second-stage page table must be located in an address range of the third memory space, and pointing addresses of the third-stage page table can only point to a prescribed fourth memory space range. The fourth storage space comprises a frame buffer space and a system memory space.
It will be appreciated that in the append check phase, when a page table entry in the page table to be updated needs to be updated, it is checked whether the page table address of the page table entry to be updated belongs to the page table address in the known information table, as shown in fig. 8. Performing an updating operation according to circumstances, if a page table entry of a page table to be updated belonging to the first-stage page table PC appears to be updated to a known second-stage page table PD (shown by arrow pointing to "a" in fig. 8) or a page table entry of the third-stage page table PT (shown by arrow pointing to "b" in fig. 8) in the information table; alternatively, the page table entry of the page table to be updated belonging to the second-stage page table PD is updated to a known first-stage page table PC (shown by arrow pointing to "c" in fig. 8) or page table entry of the third-stage page table PT (shown by arrow pointing to "d" in fig. 8) in the information table; alternatively, an update of a page table entry of the page table to be updated belonging to the third stage page table PT to a known first stage page table PC (shown by arrow "e" in fig. 8) or a page table entry of the second stage page table PD (shown by arrow "f" in fig. 8) in the information table may result in a corresponding page table root information failure. By performing supplementary verification on the page table to be updated, a trusted page table to be updated can be ensured, and each page table item in the trusted page table to be updated is fully verified. In the supplementary verification stage, if the page table address of the page table to be updated is not matched with the page table address of the known trusted page table, namely, an incorrect pointing relation exists, the page table to be updated is marked as invalid, so that the stability and the safety of the system are ensured.
In this embodiment of the present application, in general, the basic check is a first-stage check, the full-link check is a second-stage check, and the supplementary check is a third-stage check. It should be noted that the execution sequence of the three stages is not limited in any way, and may be specifically selected according to the actual application scenario.
It can be understood that by the three-stage checking mechanism, a trusted information table can be ensured to be generated, and each page table item contained in the trusted information table is strictly checked, so that the correctness and the safety of the page table are ensured, and the influence of maliciously modified or invalid page table items on the system is prevented. The verification mechanism can ensure that the page table updated by the GPU driver is credible and effective, and further ensure the stability and safety of the system.
In some embodiments of the present application, the method for updating the page table further includes:
applying for a second storage space through a second drive, and setting the authority of the second storage space to the first drive to be readable and writable through the second drive;
applying for a third storage space through a second drive, and setting the authority of the third storage space to be unreadable or unwritable for the first drive through the second drive; the page table content to be updated is the page table content which is required to be updated and is required to be distributed to the third storage space by the first drive by the operating system.
In an embodiment of the present application, the server applies for a second storage space (BAR 1) through a second drive, the second storage space being exposed to the first drive with readable and writable properties. When the first drive writes data into the second storage space, the jump mechanism is triggered immediately, and at this time, the vCPU executing the code in the first drive is suspended, and the vCPU executes the code of the corresponding second drive.
In this embodiment of the present application, the server applies for a third memory space (BAR 4) through the second driver, where the second driver reserves an independent MMU VRAM space (i.e., a third memory space) for the vGPU, and the third memory space is unwritable and unreadable when exposed to the field of view of the first driver, so that it can be ensured that the first driver does not have the ability to write into the page table by itself. By limiting access rights of the virtual machine to the page table, the second driver can better control and manage memory operations of the virtual machine, while protecting overall stability and security of the system.
In this embodiment of the present application, the third memory space may be one of the unused BARs 0 to BAR5 in the system, for example, the third memory space is BAR4, and the second memory space is BAR1.
In some embodiments of the present application, the method for updating the page table further includes:
And reporting the third storage space to the operating system in the form of a memory segment through the first drive, so that the operating system entrusts the first drive to distribute the content of the page table to be updated to the third storage space.
In the embodiment of the present application, the third storage space is set by the first driver to be in the form of a separate memory segment (segment) and reported to the operating system, so that the operating system only allocates the page table to the BAR4.
In the embodiment of the present application, by setting the third memory space as an independent memory segment, it is ensured that the operating system allocates the page table content to be updated to the memory area corresponding to the third memory space, so that the operating system can manage and access the data related to the page table through the independent memory segment, which is helpful to improve the security and performance of the system and ensure the correctness and consistency of the page table data.
Fig. 9 is a second schematic diagram of an alternative communication mechanism between the first driver and the second driver, as shown in fig. 9, where the graphics processor 1 (GPU) is connected to a server, and a virtual manager 2 (VMM) is running on the server, and multiple Virtual Machines (VMs) may be running on the server, for example, a first virtual machine 31, a second virtual machine 32, and a third virtual machine 33, where each virtual machine may run an operating system, for example, a Windows operating system (shown as a "first operating system" in fig. 9) on the first virtual machine 31, a Linux operating system (shown as a "second operating system" in fig. 9) on the second virtual machine 32, an Android operating system (shown as a "third operating system" in fig. 9) on the third virtual machine 33, and so on. The server applies for a second memory space (BAR 1) and a third memory space (BAR 4) for a virtual graphics processor (vGPU) through a second driver (VMM driver) running on the virtualization manager, wherein the second memory space is readable and writable for the authority of the first driver running on the vGPU, and the third memory space is unreadable and writable for the authority of the first driver running on the vGPU. The first driver sets the third memory space as a separate memory segment and reports the third memory space to an operating system (VM) in the form of a memory segment such that the operating system allocates only page tables into the third memory space.
The embodiment of the application provides a page table updating method, which is applied to a graphics processor, wherein the graphics processor runs a third driver, and the method comprises the following steps: firstly, the graphic processor acquires a verification result through a third drive; and then, according to the verification result, the graphic processor updates the information table currently maintained by the graphic processor through a third drive to obtain a trusted information table. The third driver is informed of the verification result of the page table content to be updated by the second driver in a task issuing mode, so that the third driver can synchronously update the information table maintained by the third driver, the third driver and the second driver maintain the same trusted information table, the consistency of the trusted information table in the whole system is ensured, the influence on the system caused by malicious modification of the page table content can be effectively prevented, and the stability and the safety of the system are ensured.
Fig. 10 is a flowchart fifth of an alternative method for updating a page table according to an embodiment of the present application, as shown in fig. 10, the method includes S301 to S302:
s301, obtaining a verification result through a third driver; the verification result is used for indicating whether the content of the page table to be updated is credible or not; the verification result is that the second driver informs the third driver in a task issuing manner.
In some embodiments of the present application, the implementation of obtaining the verification result through the third driver in S301 may include:
obtaining a verification result written in a fifth storage space by the second drive through the third drive; the fifth storage space is used to enable the second drive to communicate with the third drive.
In this embodiment of the present application, the fifth storage space is a shared memory between the second driver and the third driver, and the fifth storage space is used to implement communication between the second driver (VMM driver) and the third driver (scheduling chip driver).
In this embodiment of the present application, the server writes, by the second driver, a check result of the page table content to be updated in the fifth storage space, so that the third driver may update the information table maintained by the third driver synchronously according to the check result in the fifth storage space.
S302, updating the information table currently maintained by the third driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing relevant information of the trusted page table.
In some embodiments of the present application, the trusted information table includes at least: page table root information of the trusted page table.
In some embodiments of the present application, updating, in S302, the information table currently maintained by the third driver according to the verification result to obtain a trusted implementation of the information table may include S3021 to S3022:
S3021, when the verification result indicates that the content of the page table to be updated is credible, adding page table root information corresponding to the content of the page table to be updated to an information table currently maintained by a third driver through the third driver, so as to obtain a credible information table;
or, if the verification result indicates that the page table content to be updated is not trusted, deleting the page table root information corresponding to the page table content to be updated in the currently maintained information table through the third driver, thereby obtaining a trusted information table.
In the embodiment of the present application, S3021 and S3022 are in a parallel arrangement, that is, S3021 and S3022 may be alternatively executed.
In the embodiment of the application, the third driver maintains an information table, and if the verification result indicates that the content of the page table to be updated is credible, the third driver adds the page table root information corresponding to the content of the page table to be updated into the currently maintained information table, so that the credible information table is obtained; or if the verification result indicates that the content of the page table to be updated is not trusted, deleting page table root information corresponding to the content of the page table to be updated in the currently maintained information table through a third drive, so as to obtain a trusted information table.
That is, the third driver adds or deletes the page table root information in the currently maintained information table according to the checking result of the page table content to be updated, so that the third driver maintains a trusted information table, and the security of the page table can be improved by performing subsequent task processing based on the trusted information table.
In some embodiments of the present application, the method for updating the page table further includes S303 to S304:
s303, acquiring a task instruction written in a sixth storage space by the first drive through the third drive; the sixth storage space is used for enabling the first drive to communicate with the third drive; the task instruction carries page table root information of a target page table;
s304, executing task processing corresponding to the task instruction through the third driver when the page table root information of the target page table is the page table root information of any one of the trusted page tables.
In this embodiment of the present application, after the third driver and the second driver both maintain the same trusted information table, the first driver may issue a task to the third driver, and the third driver performs corresponding task processing according to the trusted information table maintained by the third driver.
In this embodiment of the present application, the sixth storage space is a shared memory between the first drive and the third drive, and the sixth storage space is used to implement communication between the first drive and the third drive.
In this embodiment of the present application, when a task is issued to a GPU through a first driver, a third driver running on the GPU may verify page table root information (PCROOT) of a target page table carried in a task instruction, if the third driver determines that the page table root information of the target page table is in a trusted information table maintained by the third driver, it indicates that the target page table is trusted, that is, the target page table is maintained and issued by the second driver and passes through validity verification, and at this time, the third driver may receive the task instruction and submit the task instruction to the GPU, so that the GPU performs corresponding task processing.
In the present application and embodiments, if the third driver determines that the page table root information of the target page table is not in the trusted information table maintained by the third driver, it indicates that the target page table may be illegal or unauthorized. In this case, the third drive may refuse to execute the task instruction to ensure the security and trustworthiness of the system. In addition, after the task is refused to be performed, corresponding security measures, such as logging, alerting, etc., may be taken to further protect the system from potential security threats.
It can be understood that, because the trusted page table in the trusted information table maintained by the third driver is verified and verified by the second driver, the third driver determines whether to execute the task processing corresponding to the task instruction according to the trusted information table, so that the execution authority of the task can be effectively controlled, and only the task execution from the trusted page table is allowed, thereby improving the safety and the reliability of the system.
Fig. 11 is a schematic diagram of an alternative communication mechanism of the first driver, the second driver and the third driver provided in the embodiment of the present application, as shown in fig. 11, in which the virtual machine operating system 3 (VM) runs the first driver (VM driver), the virtualization manager 2 (VMM) runs the second driver (VMM driver), the graphics processor 1 (GPU) includes a plurality of graphics processor core units (GPU Inner units), such as a first graphics processor core Unit 111 and a second graphics processor core Unit 112, and the third driver 113 (scheduling chip driver) runs on the graphics processor. Updating the page table content to be updated through the second driver, wherein the page table content to be updated comprises a page table to be updated and a page table root to be updated, and when members in an information table maintained in the second driver are increased or decreased, the second driver informs the third driver in a task issuing mode, so that the third driver also maintains the same trusted information table. When the virtual machine operating system issues a task to the graphics processor through the first drive, a third drive running on the graphics processor judges whether page table root information of a target page table carried by a task instruction is a member of a trusted information table, and if the page table root information of the target page table is a member of the trusted information table, the target page table is trusted. If the page table root information of the target page table is trusted, the third driver executes task processing, and if the page table root information of the target page table is not trusted, the third driver refuses the task instruction to protect the security of the system. Through the mechanism and the flow, the updating of the page table by the first driver can be strictly controlled and verified, and the safety and the credibility of the system are ensured.
Fig. 12 is a schematic interaction diagram of an optional first driver, second driver and third driver provided in an embodiment of the present application, as shown in fig. 12, where the first driver and the second driver are running on a server, and the third driver is running on a graphics processor, where the method may include S501 to S521:
s501, initializing a graphic processor.
S502, initializing a third drive.
S503, creating a second storage space.
S504, creating a third storage space.
S505, preparing a virtual graphics processor device.
S506, initializing the virtual graphics processor.
S507, creating a first storage space.
The execution subjects of S501 to S505 are the second drive, and the execution subjects of S506 to S507 are the first drive.
In the embodiment of the present application, for S501 to S507 described above, in the process of starting up the server, the graphics processor is initialized by the second driver, and the third driver is initialized by the second driver. Then, a second memory space (BAR 1) and a third memory space (BAR 4) are created by the second driver, and a virtual graphics processor (vGPU) device is prepared by the second driver. Subsequently, the virtual GPU is initialized by the first driver, and a first memory space is created by the first driver.
After the first driver receives the page table content to be updated issued by the operating system, if the page table content to be updated is the page table to be updated, S508 to S512 may be executed:
s508, storing the page table to be updated in the first storage space.
S509, accessing the second storage space triggers a jump mechanism.
S510, performing verification of the first stage and the third stage.
S511, updating the information table currently maintained by the second driver.
S512, updating the information table currently maintained by the third drive.
The execution bodies of S508 to S509 are the first drive, the execution bodies of S510 to S511 are the second drive, and the execution bodies of S512 are the third drive.
In the embodiment of the present application, for S508 to S512, in the embodiment of the present application, the page table to be updated is stored in the first storage space through the first driver, and in the case that the number of page tables to be updated meets the preset number threshold, the first driver triggers the jump mechanism by accessing the second storage space. If the content of the page table to be updated is the page table to be updated, the page table to be updated can be checked in the first stage (basic check) and the third stage (supplementary check) through the second drive, so that a check result is obtained. Further, the second driver informs the third driver of the verification result of the page table content to be updated, so that the third driver synchronously updates the information table currently maintained according to the verification result, and the second driver and the third driver can maintain the same trusted information table.
In this embodiment, checking the page table to be updated through the second driver may include the following two cases:
under the first condition, if page table root information (PCROOT) corresponding to the page table to be updated is not given, the page table to be updated is checked in a first stage through a second driver to obtain a check result, and then the information table currently maintained is updated through the second driver according to the check result.
And secondly, under the condition that the page table root information (PCROOT) corresponding to the page table to be updated is given and the page table root information passes the verification of the second stage (full link verification), the third stage verification is continuously carried out on the page table to be updated to obtain a verification result, and then the currently maintained information table is updated according to the verification result through a second driver.
If the page table content to be updated is the page table root to be updated, S513 to S517 may be executed:
s513, storing the page table root to be updated into the first storage space.
S514, accessing the second storage space triggers a jump mechanism.
S515, performing a second-stage verification.
S516, updating the information table currently maintained by the second driver.
S517, updating the information table currently maintained by the third drive.
The execution bodies of S513 to S514 are the first drive, the execution bodies of S515 to S516 are the second drive, and the execution body of S517 is the third drive.
In this embodiment of the present application, for S513 to S517, the page table root to be updated is stored in the first storage space by the first driver, the first driver triggers the jump mechanism by accessing the second storage space, and at this time, the second driver performs the second-stage verification on the page table root to be updated to obtain the verification result, and then updates the information table currently maintained by the second driver according to the verification result. Further, the second driver informs the third driver of the verification result of the page table content to be updated, so that the third driver synchronously updates the information table currently maintained according to the verification result, and the second driver and the third driver can maintain the same trusted information table.
In the embodiment of the present application, after the third driver updates the currently maintained information table to obtain the trusted information table, S518 to S521 may be performed:
s518, sending a task instruction.
S519, checking whether the page table is a trusted page table.
S520, executing tasks.
S521, neglecting tasks.
The execution subject of S518 is the first drive, and the execution subjects of S519 to S521 are the third drive.
In S519, if the page table is trusted, S520 is executed; if it is an untrusted page table, then S521 is performed.
In this embodiment of the present application, for S518 to S521, the virtual machine operating system sends a task instruction to the graphics processor through the first driver, and the third driver running on the graphics processor checks the target page table carried by the task instruction sent by the first driver, and checks whether the target page table is a trusted page table through the third driver, if the third driver determines that the target page table is a trusted page table, the graphics processor executes a task corresponding to the task instruction, and if the third driver determines that the target page table is an untrusted page table, the graphics processor ignores the task corresponding to the task instruction.
Fig. 13 is a second alternative interaction schematic diagram of the first driver, the second driver and the third driver provided in the embodiment of the present application, as shown in fig. 13, the server is connected to the graphics processor through a hardware interface, the first driver and the second driver are running on the server, the third driver is running on the graphics processor, and the method for updating the page table includes S401 to S409:
s401, applying for a second storage space and a third storage space through a second drive.
S402, applying for a first storage space through a first drive.
S403, writing the page table content to be updated into the first storage space through the first drive, and triggering a jump mechanism through the first drive when the first drive determines that the page table content updating condition is met, wherein the task process of the first drive is in a suspended state.
S404, under the condition that a jump mechanism is triggered through the first drive, at least one of basic verification, full-link verification and supplementary verification is carried out on the page table content to be updated through the second drive, and a verification result of the page table content to be updated is obtained.
And S405, updating the information table currently maintained by the second driver according to the verification result to obtain a trusted information table.
S406, informing a third driver running on the graphic processor of the verification result through the second driver in a task issuing mode.
S407, according to the verification result, synchronously updating the information table currently maintained by the third driver to obtain a trusted information table.
S408, writing the task instruction into a sixth storage space through the first drive so that the third drive executes corresponding task processing according to the task instruction acquired in the sixth storage space; the task instruction carries page table root information of a target page table.
S409, acquiring a task instruction written in the sixth storage space by the first drive through the third drive, and executing task processing corresponding to the task instruction through the third drive when the page table root information of the target page table is the page table root information of any one of the trusted page tables.
Through the mechanism and the flow, the server checks the page table to be updated through the second drive under the condition that the jump mechanism is triggered through the first drive, so that the first drive can not update the page table by itself and can only entrust the second drive to update the page table.
The following describes a method for updating a page table provided in the present application in detail with reference to a specific embodiment, where the method for updating a page table provided in the present application needs to modify a VMM driver (second driver), a VM guest operating system driver (first driver), and a scheduler chip driver (third driver) in a linkage manner, and the method includes the following steps:
step 1, the GPU driver (corresponding to the second driver) in the VMM creates a dedicated MMU BAR for the vGPU, and the view exposed to the VM is one more independent BAR space for the vGPU device, here named MMU BAR. The separate MMU BAR space is not writable or readable when exposed to the VM, which is used to ensure that the VM does not have the ability to write to the page table by itself. For example, any unused BAR from BAR0 to BAR5 may be selected, and the unused BAR is visible as BAR4 (corresponding to the third memory space) in the VM, and the VM does not have read-write permission for the BAR4, i.e. neither the read-write can take effect.
Step 2, the GPU driver (corresponding to the second driver) in the VMM creates a virtualized BAR for the vGPU for VM-Exit use (corresponding to the jump mechanism), which is seen in the VM as BAR1 (corresponding to the second memory space), and updates the MMU specific byte at the 64 th byte of BAR1, so that the vmcpu will sink into the VMM to execute the logic of the page table update when the VM writes.
That is, the GPU driver in the VMM exposes a virtual BAR space, here commanded as vBAR, to the VM in readable and writable properties. When the VM writes data to the virtual BAR, the VM-Exit is triggered immediately, and the vCPU executing the code in the VM is suspended, and the vCPU executes the code of the corresponding VMM.
Step 3, the driver (corresponding to the first driver) in the VM sets the BAR4 (corresponding to the third storage space) as a separate segment (corresponding to the memory segment) to report to the VM operating system, and causes the operating system to allocate only the page table to the BAR 4.
Step 4, a driver (corresponding to a first driver) in the VM opens up a shared memory area A (corresponding to a first storage space), wherein page table addresses and page table contents which the VM operating system wants to update are stored; when the memory reaches a certain amount (say 16 page table entries) or the operating system requires updating PCROOT (i.e. satisfies the page table content update condition), the VM driver will access BAR1 (corresponding to the second memory space) at 64 th byte, immediately trigger VM-Exit, at which time the vCPU will jump to the VMM to execute the page table update logic.
That is, the driver (corresponding to the first driver) in the VM establishes a communication mechanism with the VMM (the second driver), including but not limited to a shared memory, socket, etc. Illustratively, the driver in the VM opens up a shared memory area A (corresponding to the first memory space) for the VM driver to communicate with the VMM driver, primarily storing page table data that the VM operating system wants to update, which is organized in a structure that includes page table addresses and page table contents. And caching page table entries which are updated by the VM driver of the operating system entrusted to the shared memory A, storing the page table entries in the shared memory A, and when a certain amount of page table entries reach or the operating system requires updating PCROOT, accessing a designated position in the vBAR by the VM driver to trigger the VM-Exit, wherein the vCPU jumps to logic for executing page table updating in the VMM.
And step 5, the page table updating logic of the GPU driver (corresponding to the second driver) in the VMM reads the page table to be updated (corresponding to the content of the page table to be updated) in the shared memory area A, and writes the page table to be updated after verification. The verification is divided into three phases in total,
stage one: the first stage (equivalent to basic check) is to check only the page table addresses and pointing addresses of the PC (equivalent to the first stage page table), the PD (equivalent to the second stage page table) and the PT (equivalent to the third stage page table) before the PCROOT is given, wherein the PC, PD and PT page table addresses must be located in the BAR4 (i.e. the third memory space) address range, the PC and PD point to addresses within the BAR4 range, and the PT point to addresses (equivalent to the fourth memory space) which are specified (usually, frame Buffer and system memory in GPU design).
Stage two: the second stage is complete link check (equivalent to full link check), and is triggered when the operating system requires updating PCROOT, a driver in the VMM can perform full link complete check according to the given PCROOT, namely, all page tables associated with the PCROOT are checked completely, if the problem of pointing of a page table item is found, the page table item is modified to be invalid, and the second stage check can ensure that a trusted PCROOT is established.
Stage three: and the third stage is supplementary verification, when the table entry is updated, whether the PC, the PD and the PT which need to be updated belong to the addresses of the PC, the PD and the PT in a known trusted PCROOT table (equivalent to an information table) is checked, the updating is performed according to the situation, and if the situation that the PC is updated to the addresses of the PD, the PT and the like in the known PCROOT, the PD is updated to the addresses of the PC and the PT or the PT is updated to the addresses of the PC and the PT is caused, the PCROOT is invalid. By the three-stage checking mechanism, a trusted PCROOT table can be ensured, and each page table entry in the PCROOT table is sufficiently checked.
And step 6, informing the dispatching chip driver by a mode of issuing a task when members in the trusted PCROOT table in the VMM driver increase or decrease, so that the same trusted PCROOT table is maintained in the dispatching chip driver.
Step 7, when the VM operating system issues a task to the GPU, the scheduling chip driver (equivalent to a third driver) judges whether the PCROOT carried by the VM operating system is a member of the trusted PCROOT or not; if trusted, the task will be performed, and if not, the task will be refused to be performed.
Step 8, by establishing a unique channel of the VM updating page table, the VM can not update the page table by itself and can only entrust the VMM to update the page table, and in addition, a trusted PCROOT table (equivalent to a trusted information table) can be ensured to be maintained by using a three-stage checking mechanism. The scheduler (corresponding to the third driver) determines whether the task issued by the os is executed according to the PCROOT. In this way, the mechanism can realize an efficient page table update checking mechanism, and ensure that the VM cannot access data of other VMs through the GPU.
The page table updating method provided by the embodiment of the application can solve the safety problem caused by the lack of two-stage MMU of the GPU, and has the effects of rapidness, high efficiency, no sense of user and no obvious loss of reference on the premise of realizing safety compared with the conventional implementation of not performing GPU page table protection.
The embodiments of the present application have been described in detail above with reference to the accompanying drawings, but the present application is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solutions of the present application within the scope of the technical concept of the present application, and all the simple modifications belong to the protection scope of the present application. For example, the specific features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various possible combinations are not described in detail. As another example, any combination of the various embodiments of the present application may be made without departing from the spirit of the present application, which should also be considered as disclosed herein. For example, the various embodiments and/or technical features of the various embodiments described herein may be combined with any other of the prior art without conflict, and the combined technical solutions should also fall within the scope of protection of the present application.
It should be understood that, in the various method embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Based on the same inventive concept as the foregoing embodiments, fig. 14 is a schematic structural diagram of an alternative server provided in the embodiment of the present application, as shown in fig. 14, the server 10 includes: a first driving unit 11 and a second driving unit 12; the first driving unit 11 is configured to verify, by using the second driving unit, the content of the page table to be updated written in the first storage space by using the first driving unit to obtain a verification result when the jump mechanism is triggered by using the first driving unit; the check result is used for indicating whether the page table to be updated is credible or not;
the second driving unit 12 is configured to update, according to the verification result, the information table currently maintained by the second driving unit to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In some embodiments of the present application, in a case where the jump mechanism is triggered by the first driver, the task process of the first driver is in a suspended state; wherein the task process is associated with updating page table contents.
In some embodiments of the present application, the first driving unit 11 is further configured to write, by the first driver, the page table content to be updated into the first storage space; the first storage space is used for enabling the first drive and the second drive to communicate; in the event that it is determined by the first driver that a page table content update condition is met, then the jump mechanism is triggered by the first driver.
In some embodiments of the present application, the page table content to be updated includes: the first driving unit 11 is further configured to determine, by using the first driving, that the page table content update condition is met when the number of page tables to be updated in the first storage space meets a preset number threshold, and/or when the first storage space has the page table root to be updated.
In some embodiments of the present application, the first driving unit 11 is further configured to access, through the first driving, the second storage space, so as to implement triggering the jump mechanism; the first drive is readable and writable with respect to the rights of the second storage space.
In some embodiments of the present application, the first driving unit 11 is further configured to read, by the first driving, the specific byte of data in the second storage space, and/or write, by the first driving, the specific byte of data in the second storage space, so as to implement triggering the jump mechanism.
In some embodiments of the present application, the first driving unit 11 is further configured to perform address verification on the page table to be updated through the second driving when the page table content to be updated includes the page table to be updated; the address verification is used for determining whether the page table address and the pointing address of the page table to be updated are trusted or not; and under the condition that the page table to be updated passes the address verification, determining that the verification result of the page table to be updated is credible through the second drive.
In some embodiments of the present application, the first driving unit 11 is further configured to perform basic verification on the page table to be updated through the second driving unit; wherein the basic check is used to determine whether the page address and the pointing address of the page table to be updated are within an allowable range.
In some embodiments of the present application, the page table to be updated belongs to any one of a first-stage page table, a second-stage page table and a third-stage page table; the direction of the page table entry in the first-stage page table is the second-stage page table, the direction of the page table entry in the second-stage page table is the third-stage page table, and the direction of the page table entry in the third-stage page table is a physical memory space for storing real data.
In some embodiments of the present application, the second driving unit 12 is further configured to determine, by the second driving unit, that the page table to be updated passes the basic check if the page table to be updated belongs to a first stage page table or a second stage page table, and if the page address and the pointing address of the page table to be updated are in an address range of a third storage space; the third storage space is a storage space for storing a page table through the second driving application; or if the page table to be updated belongs to a third-level page table, determining that the page table to be updated passes the basic verification through the second drive under the condition that the page address of the page table to be updated is located in the address range of the third storage space and the pointing address of the page table to be updated is located in the address range of the fourth storage space; the fourth storage space is a physical memory space for storing real data.
In some embodiments of the present application, the fourth storage space includes a frame buffer space and/or a system memory space.
In some embodiments of the present application, the first driving unit 11 is further configured to perform, when the page table content to be updated includes a page table root to be updated, full link verification on the page table root to be updated through the second driving; the full link check is used for determining whether the pointing relation of all page tables associated with the page table root to be updated is correct; and under the condition that the page table root to be updated passes the address verification, determining that the verification result of the page table root to be updated is credible through the second drive.
In some embodiments of the present application, the page table associated with the page table root to be updated includes: a first page table, a second page table, and a third page table; the first driving unit 11 is further configured to determine, by the second driving unit, that the page table root to be updated passes the full link check, in a case where the first page table pointed to by the page table root to be updated belongs to a first-stage page table, the second page table pointed to by a page table item in the first page table belongs to a second-stage page table, the third page table pointed to by a page table item in the second page table belongs to a third-stage page table, and the address pointed to by a page table item in the third page table belongs to a fourth storage space.
In some embodiments of the present application, the address verification further includes: supplementing and checking; the first driving unit 11 is further configured to perform supplementary verification on the page table to be updated through the second driving unit when the page table to be updated includes the page table to be updated, where the page table to be updated passes basic verification or full link verification; wherein the supplemental check is used to determine whether the pointing relationship of the page table to be updated is correct.
In some embodiments of the present application, the first driving unit 11 is further configured to verify, by using the second driving unit, a page address of the page table to be updated according to the information table currently maintained by the second driving unit.
In some embodiments of the present application, the page table to be updated belongs to any one of a first-stage page table, a second-stage page table and a third-stage page table; the first driving unit 11 is further configured to determine, if the page table to be updated belongs to a first-stage page table, that the page table to be updated fails the supplementary check through the second driving when the page table address of the page table to be updated is located at a page table address of any one of a second-stage page table and/or a third-stage page table in the information table; or if the page table to be updated belongs to the second-stage page table, determining that the page table to be updated does not pass the supplementary check through the second driver under the condition that the page table address of the page table to be updated is located at any one of the page table addresses of the first-stage page table and/or the third-stage page table in the information table; or if the page table to be updated belongs to the third-stage page table, determining that the page table to be updated does not pass the supplement verification through the second driver under the condition that the page table address of the page table to be updated is located at any one of the page table addresses of the first-stage page table and/or the second-stage page table in the information table.
In some embodiments of the present application, the first driving unit 11 is further configured to apply for a second storage space through the second driving, and set, through the second driving, a right of the second storage space to the first driving to be readable and writable; applying for a third storage space through the second drive, and setting the authority of the third storage space to the first drive to be unreadable or unwritable through the second drive so that the first drive writes the page table content to be updated into the first storage space; the page table content to be updated is the page table content which is required to be updated and is required to be distributed to the third storage space by the first drive by the operating system.
In some embodiments of the present application, the second driving unit 12 is further configured to apply for the first storage space through the first driving; the first storage space is used for enabling communication between the first drive and the second drive.
In some embodiments of the present application, the trusted information table includes at least: page table root information of the trusted page table; the second driving unit 12 is further configured to, when the verification result indicates that the page table content to be updated is trusted, add, by the second driver, page table root information corresponding to the page table content to be updated to an information table currently maintained by the second driver, thereby obtaining the trusted information table; or deleting page table root information corresponding to the page table content to be updated in the information table currently maintained by the second driver under the condition that the verification result indicates that the page table content to be updated is not trusted, so as to obtain the trusted information table.
In some embodiments of the present application, the second driving unit 12 is further configured to inform, by using the second driving unit, a third driving unit running on the graphics processor of the verification result in a task issuing manner, so that the third driving unit synchronously updates the information table currently maintained by the third driving unit according to the verification result, so that the third driving unit obtains the trusted information table.
In some embodiments of the present application, the second driving unit 12 is further configured to write, by using the second driving unit, the verification result in a fifth storage space, so that the third driving unit obtains the verification result through the fifth storage space; wherein the fifth storage space is used for enabling the second drive to communicate with the third drive.
In some embodiments of the present application, the second driving unit 12 is further configured to write, by the first driving unit, a task instruction in a sixth storage space, so that the third driving unit performs a corresponding task process according to the task instruction acquired in the sixth storage space; the task instruction carries page table root information of a target page table; the sixth storage space is for enabling the first drive to communicate with the third drive.
In some embodiments of the present application, the second driving unit 12 is further configured to report, by the first driving unit, the third storage space to an operating system in a memory segment form, so that the operating system delegates the first driving unit to allocate the page table content to be updated to the third storage space.
In some embodiments of the present application, according to the verification result, the second driver updates the information table currently maintained by the second driver, and after obtaining the trusted information table, the task process of the first driver is in an operation state.
Those skilled in the art will appreciate that the above description of the server of the embodiments of the present application may be understood with reference to the description of the method of updating the page table of the embodiments of the present application.
Based on the same inventive concept as the previous embodiments, fig. 15 is a schematic structural view of an alternative graphics processor provided in the present embodiment, as shown in fig. 15, where the graphics processor 20 includes a third driving unit 21; wherein,
the third driving unit 21 is configured to obtain a verification result through the third driving; the verification result is used for indicating whether the content of the page table to be updated is credible or not; the verification result is that the second driver informs the third driver in a task issuing mode; updating the information table currently maintained by the third driver according to the verification result to obtain a trusted information table; the trusted information table is used for storing related information of the trusted page table.
In some embodiments of the present application, the third driving unit 21 is further configured to obtain, by using the third driving, the verification result written in the fifth storage space by the second driving; the fifth storage space is used for enabling the second drive to communicate with the third drive.
In some embodiments of the present application, the trusted information table includes at least: page table root information of the trusted page table; the third driving unit 21 is further configured to, when the verification result indicates that the page table content to be updated is trusted, add, by the third driver, page table root information corresponding to the page table content to be updated to an information table currently maintained by the third driver, thereby obtaining the trusted information table; or deleting page table root information corresponding to the page table content to be updated in the information table currently maintained by the third driver under the condition that the verification result indicates that the page table content to be updated is not trusted, so as to obtain the trusted information table.
In some embodiments of the present application, the third driving unit 21 is further configured to obtain, by using the third driving unit, a task instruction written in the sixth storage space by the first driving unit; the sixth storage space is used for enabling the first drive to communicate with the third drive; the task instruction carries page table root information of a target page table; and executing task processing corresponding to the task instruction through the third driver under the condition that the page table root information of the target page table is the page table root information of any one of the trusted page tables.
Those skilled in the art will appreciate that the above description of the graphics processor of the embodiments of the present application may be understood with reference to the description of the method of updating the page table of the embodiments of the present application.
Fig. 16 is a schematic diagram of a second structure of an alternative server according to the embodiment of the present application, as shown in fig. 16, the server 10 includes a first memory 13 and a first processor 14, where the first memory 13 is configured to store executable instructions;
the first processor 14 is configured to implement the method for updating the page table on the server side as described above when executing the executable instructions stored in the first memory.
FIG. 17 is a schematic diagram II of an alternative graphics processor according to the embodiment of the present application, as shown in FIG. 17, the graphics processor 20 includes a second memory 22 and a second processor 23, where the second memory 22 is used for storing executable instructions;
the second processor 23 is configured to implement the method for updating the page table on the graphics processor side as described above when executing the executable instructions stored in the second memory.
Fig. 18 is a schematic structural diagram of a chip provided in the embodiment of the present application, as shown in fig. 18, where, the chip 40 includes a processor 41, and the processor 41 may call and run a computer program from a memory to implement a method in the embodiment of the present application.
In some embodiments of the present application, as shown in fig. 18, the chip 40 may also include a memory 42. Wherein the processor 41 may call and run a computer program from the memory 42 to implement the method in the embodiments of the present application.
The memory 42 may be a separate device independent of the processor 41 or may be integrated in the processor 41. The processor 41 may include a first processor 14 and a second processor 23.
In some embodiments of the present application, the chip 40 may also include an input interface 43. The processor 41 may control the input interface 43 to communicate with other devices or chips, and specifically may acquire information or data sent by the other devices or chips.
In some embodiments of the present application, the chip 40 may also include an output interface 44. Wherein the processor 41 may control the output interface 44 to communicate with other devices or chips, in particular may output information or data to other devices or chips.
In some embodiments of the present application, the chip may be applied to the server in the embodiments of the present application, and for brevity, will not be described herein.
In some embodiments of the present application, the chip may be applied to the graphics processor in the embodiments of the present application, and for brevity, will not be described herein.
It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, or the like.
Fig. 19 is a schematic block diagram of a communication system provided in an embodiment of the present application, and as shown in fig. 19, the communication system 50 includes a server 51 and a graphics processor 52.
Wherein the server 51 may be used to implement the corresponding functions implemented by the server in the above-described method, and the graphics processor 52 may be used to implement the corresponding functions implemented by the graphics processor in the above-described method. For brevity, the description is omitted here.
The server 51 may be the server 10, and the graphics processor 52 may be the graphics processor 20.
It is understood that the processor of the embodiments of the present application may be an integrated circuit chip having information processing capabilities. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
It will also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAM (DR RAM). It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It is also understood that the above memory is exemplary but not limiting, and for example, the memory in the embodiments of the present application may be Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), direct Rambus RAM (DR RAM), and the like. That is, the memory in embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
Embodiments of the present application also provide a computer-readable storage medium for storing a computer program.
In some embodiments of the present application, the computer readable storage medium may be applied to a server in embodiments of the present application, and when the computer program is executed by at least one processor, the corresponding flow implemented by the server in each method in embodiments of the present application is implemented, which is not described herein for brevity.
In some embodiments of the present application, the computer readable storage medium may be applied to the graphics processor in the embodiments of the present application, and when the computer program is executed by at least one processor, the corresponding flow implemented by the graphics processor in each method in the embodiments of the present application is implemented, which is not described herein for brevity.
Embodiments of the present application also provide a computer program product comprising computer program instructions.
In some embodiments of the present application, the computer program product may be applied to a server in embodiments of the present application, and the computer program instructions cause the computer to execute corresponding processes implemented by the server in each method of the embodiments of the present application, which are not described herein for brevity.
In some embodiments of the present application, the computer program product may be applied to the graphics processor in the embodiments of the present application, and the computer program instructions cause the computer to execute the corresponding processes implemented by the graphics processor in the methods of the embodiments of the present application, which are not described herein for brevity.
The embodiment of the application also provides a computer program.
In some embodiments of the present application, the computer program may be applied to a server in the embodiments of the present application, where the computer program when run on a computer causes the computer to execute corresponding processes implemented by the server in the methods in the embodiments of the present application, and for brevity, will not be described in detail herein.
In some embodiments of the present application, the computer program may be applied to the graphics processor in the embodiments of the present application, and when the computer program runs on a computer, the computer is caused to execute the corresponding flow implemented by the graphics processor in each method in the embodiments of the present application, which is not described herein for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and units described above may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It should be noted that, in this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
The methods disclosed in the several method embodiments provided in the present application may be arbitrarily combined without collision to obtain a new method embodiment.
The features disclosed in the several product embodiments provided in the present application may be combined arbitrarily without conflict to obtain new product embodiments.
The features disclosed in the several method or apparatus embodiments provided in the present application may be arbitrarily combined without conflict to obtain new method embodiments or apparatus embodiments.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application.

Claims (31)

1.一种页表的更新方法,其特征在于,应用于服务器,所述服务器运行第一驱动和第二驱动,所述第一驱动运行在虚拟机操作系统,所述第二驱动运行在虚拟化管理器;所述方法包括:1. A page table updating method, characterized in that it is applied to a server, the server runs a first driver and a second driver, the first driver runs in a virtual machine operating system, and the second driver runs in a virtual machine operating system. ization manager; the method includes: 在通过所述第一驱动触发跳转机制的情况下,所述第一驱动的任务进程处于挂起状态,通过所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种,得到校验结果;所述校验结果用于指示所述待更新页表内容是否可信;所述任务进程与更新页表内容相关;When the jump mechanism is triggered by the first driver, the task process of the first driver is in a suspended state, and the first driver writes the data to be stored in the first storage space through the second driver. Update the page table content and perform at least one of basic verification, full link verification and supplementary verification to obtain a verification result; the verification result is used to indicate whether the page table content to be updated is trustworthy; the The task process is related to updating the page table content; 根据所述校验结果,通过所述第二驱动对其当前维护的信息表进行更新,得到可信的信息表;所述可信的信息表用于存储可信页表的相关信息;其中,According to the verification result, the information table currently maintained by the second driver is updated to obtain a trusted information table; the trusted information table is used to store relevant information of the trusted page table; wherein, 所述待更新页表内容包括:待更新页表和/或待更新页表根;所述基本校验用于确定所述待更新页表的页面地址和指向地址是否在允许的范围之内;所述全链路校验用于确定所述待更新页表根所关联的所有的页表的指向关系是否正确;所述增补校验用于确定所述待更新页表的指向关系是否正确。The content of the page table to be updated includes: the page table to be updated and/or the page table root to be updated; the basic verification is used to determine whether the page address and pointing address of the page table to be updated are within the allowed range; The full link verification is used to determine whether the pointing relationships of all page tables associated with the root of the page table to be updated are correct; the supplementary verification is used to determine whether the pointing relationships of the page table to be updated are correct. 2.根据权利要求1所述的方法,其特征在于,所述通过所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种,得到校验结果之前,所述方法还包括:2. The method according to claim 1, characterized in that the second driver performs basic verification and full linkage of the page table content to be updated written in the first storage space by the first driver. At least one of road verification and supplementary verification is used. Before obtaining the verification result, the method further includes: 通过所述第一驱动将所述待更新页表内容写入至所述第一存储空间;所述第一存储空间用于所述第一驱动和所述第二驱动实现通信;The first driver writes the content of the page table to be updated to the first storage space; the first storage space is used for communication between the first driver and the second driver; 在通过所述第一驱动确定满足页表内容更新条件的情况下,则通过所述第一驱动触发所述跳转机制。If it is determined through the first driver that the page table content update condition is met, the jump mechanism is triggered through the first driver. 3.根据权利要求2所述的方法,其特征在于,所述方法还包括:3. The method according to claim 2, characterized in that, the method further comprises: 在所述第一存储空间中的所述待更新页表的数量满足预设数量阈值,和/或,所述第一存储空间存在所述待更新页表根的情况下,通过所述第一驱动确定满足所述页表内容更新条件。When the number of page tables to be updated in the first storage space meets a preset quantity threshold, and/or the root of the page table to be updated exists in the first storage space, through the first The driver determines that the page table content update condition is met. 4.根据权利要求2所述的方法,其特征在于,所述通过所述第一驱动触发所述跳转机制,包括:4. The method according to claim 2, wherein triggering the jump mechanism through the first driver includes: 通过所述第一驱动访问第二存储空间,实现触发所述跳转机制;所述第一驱动对于所述第二存储空间的权限为可读可写。By accessing the second storage space through the first driver, the jump mechanism is triggered; the permissions of the first driver on the second storage space are readable and writable. 5.根据权利要求4所述的方法,其特征在于,所述通过所述第一驱动访问第二存储空间,实现触发所述跳转机制,包括:5. The method according to claim 4, wherein the step of accessing the second storage space through the first driver to trigger the jump mechanism includes: 通过所述第一驱动读取所述第二存储空间中的特定字节的数据,和/或,通过所述第一驱动将数据写入所述第二存储空间中的特定字节,实现触发所述跳转机制。The first driver reads specific bytes of data in the second storage space, and/or uses the first driver to write data to specific bytes in the second storage space to achieve triggering. The jump mechanism. 6.根据权利要求1所述的方法,其特征在于,所述通过所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种,得到校验结果,包括:6. The method according to claim 1, characterized in that the second driver performs basic verification and full linkage of the page table content to be updated written in the first storage space by the first driver. At least one of road verification and supplementary verification is used to obtain verification results, including: 在所述待更新页表内容包括待更新页表的情况下,通过所述第二驱动对所述待更新页表进行地址校验;其中,所述地址校验用于确定所述待更新页表的页表地址和指向地址是否可信;所述地址校验包括:基本校验和/或增补校验;When the content of the page table to be updated includes the page table to be updated, address verification is performed on the page table to be updated through the second driver; wherein the address verification is used to determine the page to be updated. Whether the page table address and pointing address of the table are trustworthy; the address verification includes: basic verification and/or supplementary verification; 在所述待更新页表通过所述地址校验的情况下,通过所述第二驱动确定所述待更新页表的校验结果为可信。When the page table to be updated passes the address verification, the second driver determines that the verification result of the page table to be updated is credible. 7.根据权利要求6所述的方法,其特征在于,所述待更新页表属于第一级页表、第二级页表和第三级页表中的任意一种;其中,所述第一级页表中的页表项的指向为所述第二级页表,所述第二级页表中的页表项的指向为所述第三级页表,所述第三级页表中的页表项的指向为用于存放真实数据的物理内存空间;7. The method according to claim 6, wherein the page table to be updated belongs to any one of a first-level page table, a second-level page table and a third-level page table; wherein, the third-level page table The page table entries in the first-level page table point to the second-level page table, and the page table entries in the second-level page table point to the third-level page table. The third-level page table The page table entries in point to the physical memory space used to store real data; 所述通过所述第二驱动对所述待更新页表进行地址校验,包括:The step of performing address verification on the page table to be updated through the second driver includes: 通过所述第二驱动对所述待更新页表进行基本校验;Perform basic verification on the page table to be updated through the second driver; 所述通过所述第二驱动对所述待更新页表进行基本校验,包括:The basic verification of the page table to be updated by the second driver includes: 若所述待更新页表属于第一级页表或第二级页表,则在所述待更新页表的页面地址和指向地址位于第三存储空间的地址范围内的情况下,通过所述第二驱动确定所述待更新页表通过所述基本校验;其中,所述第三存储空间为通过所述第二驱动申请的用于存储页表的存储空间;或者,If the page table to be updated belongs to the first-level page table or the second-level page table, when the page address and pointing address of the page table to be updated are located in the address range of the third storage space, through the The second driver determines that the page table to be updated passes the basic verification; wherein the third storage space is the storage space applied by the second driver for storing the page table; or, 若所述待更新页表属于第三级页表,则在所述待更新页表的页面地址位于所述第三存储空间的地址范围内,以及所述待更新页表的指向地址位于第四存储空间的地址范围内的情况下,通过所述第二驱动确定所述待更新页表通过所述基本校验;其中,所述第四存储空间为用于存放真实数据的物理内存空间。If the page table to be updated belongs to the third-level page table, the page address of the page table to be updated is located in the address range of the third storage space, and the pointing address of the page table to be updated is located in the fourth level. If the page table to be updated is within the address range of the storage space, the second driver determines that the page table to be updated passes the basic verification; wherein the fourth storage space is a physical memory space used to store real data. 8.根据权利要求7所述的方法,其特征在于,所述第四存储空间包括帧缓冲空间和/或系统内存空间。8. The method according to claim 7, wherein the fourth storage space includes frame buffer space and/or system memory space. 9.根据权利要求1所述的方法,其特征在于,所述通过所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种,得到校验结果,包括:9. The method according to claim 1, characterized in that the second driver performs basic verification and full linkage of the page table content to be updated written in the first storage space by the first driver. At least one of road verification and supplementary verification is used to obtain verification results, including: 在所述待更新页表内容包括待更新页表根的情况下,通过所述第二驱动对所述待更新页表根进行全链路校验;When the content of the page table to be updated includes the root of the page table to be updated, performing a full link verification on the root of the page table to be updated through the second driver; 在所述待更新页表根通过所述全链路校验的情况下,通过所述第二驱动确定所述待更新页表根的校验结果为可信。When the page table root to be updated passes the full link verification, the second driver determines that the verification result of the page table root to be updated is credible. 10.根据权利要求9所述的方法,其特征在于,所述待更新页表根所关联的页表包括:第一页表、第二页表和第三页表;10. The method according to claim 9, characterized in that the page table associated with the page table root to be updated includes: a first page table, a second page table and a third page table; 所述通过所述第二驱动对所述待更新页表根进行全链路校验,包括:The full-link verification of the page table root to be updated by the second driver includes: 在所述待更新页表根所指向的所述第一页表属于第一级页表、所述第一页表中的页表项的所指向的所述第二页表属于第二级页表、所述第二页表中的页表项的所指向的所述第三页表属于第三级页表,以及所述第三页表中的页表项的所指向的地址属于第四存储空间的情况下,通过所述第二驱动确定所述待更新页表根通过所述全链路校验。The first page table pointed to by the root of the page table to be updated belongs to the first-level page table, and the second page table pointed to by the page table entry in the first page table belongs to the second-level page. The third page table pointed to by the page table entry in the second page table belongs to the third-level page table, and the address pointed to by the page table entry in the third page table belongs to the fourth-level page table. In the case of storage space, the second driver determines that the page table root to be updated passes the full link check. 11.根据权利要求6至10任一项所述的方法,其特征在于,所述通过所述第二驱动对所述待更新页表进行地址校验,包括:11. The method according to any one of claims 6 to 10, characterized in that, performing address verification on the page table to be updated through the second driver includes: 在所述待更新页表内容包括所述待更新页表,且所述待更新页表内容通过所述基本校验或所述全链路校验的情况下,通过所述第二驱动对所述待更新页表进行增补校验。In the case that the content of the page table to be updated includes the page table to be updated, and the content of the page table to be updated passes the basic verification or the full link verification, the second driver is used to The page table to be updated is supplemented and verified. 12.根据权利要求11所述的方法,其特征在于,所述通过所述第二驱动对所述待更新页表进行增补校验,包括:12. The method according to claim 11, wherein the supplementary verification of the page table to be updated by the second driver includes: 根据所述第二驱动当前维护的信息表,通过所述第二驱动对所述待更新页表的页面地址进行校验。According to the information table currently maintained by the second driver, the page address of the page table to be updated is verified by the second driver. 13.根据权利要求12所述的方法,其特征在于,所述待更新页表属于第一级页表、第二级页表和第三级页表中的任意一种;13. The method according to claim 12, wherein the page table to be updated belongs to any one of a first-level page table, a second-level page table, and a third-level page table; 所述根据所述第二驱动当前维护的信息表,通过所述第二驱动对所述待更新页表的页面地址进行校验,包括:Verifying the page address of the page table to be updated through the second driver according to the information table currently maintained by the second driver includes: 若所述待更新页表属于第一级页表,则在所述待更新页表的页表地址位于所述信息表中的任意一个第二级页表和/或第三级页表的页表地址的情况下,则通过所述第二驱动确定所述待更新页表未通过所述增补校验;或者,If the page table to be updated belongs to the first-level page table, then the page table address of the page table to be updated is located in any page of the second-level page table and/or the third-level page table in the information table. In the case of table address, it is determined through the second driver that the page table to be updated does not pass the supplementary check; or, 若所述待更新页表属于第二级页表,则在所述待更新页表的页表地址位于所述信息表中的任意一个第一级页表和/或第三级页表的页表地址的情况下,则通过所述第二驱动确定所述待更新页表未通过所述增补校验;或者,If the page table to be updated belongs to the second-level page table, then the page table address of the page table to be updated is located on any page of the first-level page table and/or the third-level page table in the information table. In the case of table address, it is determined through the second driver that the page table to be updated does not pass the supplementary check; or, 若所述待更新页表属于第三级页表,则在所述待更新页表的页表地址位于所述信息表中的任意一个第一级页表和/或第二级页表的页表地址的情况下,则通过所述第二驱动确定所述待更新页表未通过所述增补校验。If the page table to be updated belongs to the third-level page table, then the page table address of the page table to be updated is located in any page of the first-level page table and/or the second-level page table in the information table. In the case of a table address, it is determined through the second driver that the page table to be updated does not pass the supplementary check. 14.根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:14. The method according to any one of claims 1 to 5, characterized in that the method further comprises: 通过所述第二驱动申请第二存储空间,并通过所述第二驱动将所述第二存储空间对于所述第一驱动的权限设置为可读可写;Apply for a second storage space through the second driver, and set the permissions of the second storage space on the first driver to be readable and writable through the second driver; 通过所述第二驱动申请第三存储空间,并通过所述第二驱动将所述第三存储空间对于所述第一驱动的权限设置为不可读不可写,以使所述第一驱动将所述待更新页表内容写入至第一存储空间;其中,所述待更新页表内容为操作系统要求所述第一驱动分配至所述第三存储空间中的需要更新的页表内容。Apply for a third storage space through the second driver, and set the permissions of the third storage space for the first driver to be unreadable and unwritable through the second driver, so that the first driver can The page table content to be updated is written into the first storage space; wherein the page table content to be updated is the page table content that needs to be updated in the third storage space that the operating system requires the first driver to allocate. 15.根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:15. The method according to any one of claims 1 to 5, characterized in that the method further comprises: 通过所述第一驱动申请所述第一存储空间;所述第一存储空间用于所述第一驱动和所述第二驱动实现通信。The first driver applies for the first storage space; the first storage space is used for communication between the first driver and the second driver. 16.根据权利要求1至5任一项所述的方法,其特征在于,所述可信的信息表至少包括:可信页表的页表根信息;16. The method according to any one of claims 1 to 5, characterized in that the trusted information table at least includes: page table root information of the trusted page table; 所述根据所述校验结果,通过所述第二驱动对其当前维护的信息表进行更新,得到可信的信息表,包括:According to the verification result, the information table currently maintained by the second driver is updated to obtain a trusted information table, including: 在所述校验结果指示所述待更新页表内容是可信的情况下,通过所述第二驱动将所述待更新页表内容对应的页表根信息添加至所述第二驱动当前维护的信息表中,从而得到所述可信的信息表;或者,When the verification result indicates that the content of the page table to be updated is credible, the page table root information corresponding to the content of the page table to be updated is added to the current maintenance of the second driver through the second driver. information table, thereby obtaining the trusted information table; or, 在所述校验结果指示所述待更新页表内容是不可信的情况下,通过所述第二驱动将其当前维护的信息表中的所述待更新页表内容对应的页表根信息进行删除,从而得到所述可信的信息表。When the verification result indicates that the content of the page table to be updated is not trustworthy, the second driver uses the page table root information corresponding to the content of the page table to be updated in the information table currently maintained by it. Delete to obtain the trusted information table. 17.根据权利要求1至5任一项所述的方法,其特征在于,所述根据所述校验结果,通过所述第二驱动对其当前维护的信息表进行更新,得到可信的信息表之后,所述方法还包括:17. The method according to any one of claims 1 to 5, characterized in that, according to the verification result, the information table currently maintained by the second driver is updated to obtain credible information. After the table, the method also includes: 以下发任务的方式,通过所述第二驱动将所述校验结果告知运行在图形处理器上的第三驱动,以使所述第三驱动根据所述校验结果对其当前维护的信息表进行同步更新,使得所述第三驱动得到所述可信的信息表。In the manner of issuing a task, the second driver notifies the third driver running on the graphics processor of the verification result, so that the third driver can make its currently maintained information table based on the verification result. Perform synchronous updates so that the third driver obtains the trusted information table. 18.根据权利要求17所述的方法,其特征在于,所述以下发任务的方式,通过所述第二驱动将所述校验结果告知运行在图形处理器上的第三驱动,包括:18. The method according to claim 17, wherein the step of informing the third driver running on the graphics processor of the verification result through the second driver by issuing a task includes: 通过所述第二驱动将所述校验结果写入在第五存储空间中,以使所述第三驱动通过所述第五存储空间获取所述校验结果;其中,所述第五存储空间用于实现所述第二驱动与所述第三驱动进行通信。The verification result is written in the fifth storage space through the second driver, so that the third driver obtains the verification result through the fifth storage space; wherein, the fifth storage space Used to implement communication between the second driver and the third driver. 19.根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:19. The method according to any one of claims 1 to 5, characterized in that the method further comprises: 通过所述第一驱动将任务指令写入在第六存储空间中,以使第三驱动根据在所述第六存储空间获取的所述任务指令执行对应的任务处理;其中,The first driver writes the task instruction in the sixth storage space, so that the third driver performs the corresponding task processing according to the task instruction obtained in the sixth storage space; wherein, 所述任务指令携带有目标页表的页表根信息;所述第六存储空间用于实现所述第一驱动与所述第三驱动进行通信。The task instruction carries page table root information of the target page table; the sixth storage space is used to implement communication between the first driver and the third driver. 20.根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:20. The method according to any one of claims 1 to 5, characterized in that the method further comprises: 通过所述第一驱动将第三存储空间以内存段的形式上报至操作系统,以使所述操作系统要求所述第一驱动将所述待更新页表内容分配至所述第三存储空间。The third storage space is reported to the operating system in the form of a memory segment through the first driver, so that the operating system requires the first driver to allocate the content of the page table to be updated to the third storage space. 21.根据权利要求1至5任一项所述的方法,其特征在于,所述根据所述校验结果,通过所述第二驱动对其当前维护的信息表进行更新,得到可信的信息表之后,所述第一驱动的任务进程处于运行状态。21. The method according to any one of claims 1 to 5, characterized in that, according to the verification result, the information table currently maintained by the second driver is updated to obtain credible information. After the table, the task process of the first driver is in a running state. 22.一种页表的更新方法,其特征在于,应用于图形处理器,所述图形处理器运行第三驱动,所述方法包括:22. A page table updating method, characterized in that it is applied to a graphics processor, and the graphics processor runs a third driver, and the method includes: 通过所述第三驱动获取校验结果;其中,所述校验结果用于指示待更新页表内容是否可信;所述校验结果是第二驱动以下发任务的方式告知所述第三驱动的;第一驱动的任务进程处于挂起状态,所述任务进程与更新页表内容相关,所述第一驱动运行在虚拟机操作系统,所述第二驱动运行在虚拟化管理器;The verification result is obtained through the third driver; wherein the verification result is used to indicate whether the content of the page table to be updated is trustworthy; the verification result is the second driver informing the third driver by issuing a task ; the task process of the first driver is in a suspended state, the task process is related to updating the page table content, the first driver runs in the virtual machine operating system, and the second driver runs in the virtualization manager; 根据所述校验结果,通过所述第三驱动对其当前维护的信息表进行更新,得到可信的信息表;所述可信的信息表用于存储可信页表的相关信息;所述校验结果是所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种确定的;其中,According to the verification result, the information table currently maintained by the third driver is updated to obtain a trusted information table; the trusted information table is used to store relevant information of the trusted page table; The verification result is determined by the second driver performing at least one of basic verification, full link verification and supplementary verification on the page table content to be updated written in the first storage space by the first driver. ;in, 所述待更新页表内容包括:待更新页表和/或待更新页表根;所述基本校验用于确定所述待更新页表的页面地址和指向地址是否在允许的范围之内;所述全链路校验用于确定所述待更新页表根所关联的所有的页表的指向关系是否正确;所述增补校验用于确定所述待更新页表的指向关系是否正确。The content of the page table to be updated includes: the page table to be updated and/or the page table root to be updated; the basic verification is used to determine whether the page address and pointing address of the page table to be updated are within the allowed range; The full link verification is used to determine whether the pointing relationships of all page tables associated with the root of the page table to be updated are correct; the supplementary verification is used to determine whether the pointing relationships of the page table to be updated are correct. 23.根据权利要求22所述的方法,其特征在于,所述通过所述第三驱动获取校验结果,包括:23. The method according to claim 22, wherein obtaining the verification result through the third driver includes: 通过所述第三驱动获取所述第二驱动写入在第五存储空间中的所述校验结果;所述第五存储空间用于实现所述第二驱动与所述第三驱动进行通信。The verification result written by the second driver in the fifth storage space is obtained through the third driver; the fifth storage space is used to implement communication between the second driver and the third driver. 24.根据权利要求22所述的方法,其特征在于,所述可信的信息表至少包括:可信页表的页表根信息;24. The method according to claim 22, wherein the trusted information table at least includes: page table root information of the trusted page table; 所述根据所述校验结果,通过所述第三驱动对其当前维护的信息表进行更新,得到可信的信息表,包括:According to the verification result, the information table currently maintained by the third driver is updated to obtain a trusted information table, including: 在所述校验结果指示所述待更新页表内容是可信的情况下,通过所述第三驱动将所述待更新页表内容对应的页表根信息添加至所述第三驱动当前维护的信息表中,从而得到所述可信的信息表;或者,When the verification result indicates that the content of the page table to be updated is credible, the page table root information corresponding to the content of the page table to be updated is added to the current maintenance of the third driver through the third driver. information table, thereby obtaining the trusted information table; or, 在所述校验结果指示所述待更新页表内容是不可信的情况下,通过所述第三驱动将其当前维护的信息表中的所述待更新页表内容对应的页表根信息进行删除,从而得到所述可信的信息表。When the verification result indicates that the content of the page table to be updated is not trustworthy, the third driver uses the page table root information corresponding to the content of the page table to be updated in the information table currently maintained by it. Delete to obtain the trusted information table. 25.根据权利要求22至24任一项所述的方法,其特征在于,所述方法还包括:25. The method according to any one of claims 22 to 24, characterized in that the method further comprises: 通过所述第三驱动获取第一驱动写入在第六存储空间中的任务指令;所述第六存储空间用于实现所述第一驱动与所述第三驱动进行通信;所述任务指令携带有目标页表的页表根信息;The task instructions written by the first driver in the sixth storage space are obtained through the third driver; the sixth storage space is used to implement communication between the first driver and the third driver; the task instructions carry There is page table root information of the target page table; 在所述目标页表的页表根信息为所述可信的信息表中的任意一个可信页表的页表根信息的情况下,通过所述第三驱动执行所述任务指令对应的任务处理。When the page table root information of the target page table is the page table root information of any trusted page table in the trusted information table, the task corresponding to the task instruction is executed by the third driver. deal with. 26.一种服务器,其特征在于,所述服务器包括第一驱动单元和第二驱动单元;其中,26. A server, characterized in that the server includes a first driving unit and a second driving unit; wherein, 所述第一驱动单元,用于在通过所述第一驱动触发跳转机制的情况下,所述第一驱动的任务进程处于挂起状态,通过所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种,得到校验结果;所述校验结果用于指示所述待更新页表内容是否可信;所述任务进程与更新页表内容相关;所述第一驱动运行在虚拟机操作系统,所述第二驱动运行在虚拟化管理器;The first drive unit is configured to write to the first drive through the second drive when the jump mechanism is triggered by the first drive and the task process of the first drive is in a suspended state. Perform at least one of basic verification, full link verification and supplementary verification on the page table content to be updated in the first storage space to obtain a verification result; the verification result is used to indicate that the page table content to be updated is Whether the page table content is trustworthy; the task process is related to updating the page table content; the first driver runs in the virtual machine operating system, and the second driver runs in the virtualization manager; 所述第二驱动单元,用于根据所述校验结果,通过所述第二驱动对其当前维护的信息表进行更新,得到可信的信息表;所述可信的信息表用于存储可信页表的相关信息;其中,The second driving unit is configured to update its currently maintained information table through the second driver according to the verification result to obtain a trusted information table; the trusted information table is used to store a trustworthy information table. Information related to the letter page table; among them, 所述待更新页表内容包括:待更新页表和/或待更新页表根;所述基本校验用于确定所述待更新页表的页面地址和指向地址是否在允许的范围之内;所述全链路校验用于确定所述待更新页表根所关联的所有的页表的指向关系是否正确;所述增补校验用于确定所述待更新页表的指向关系是否正确。The content of the page table to be updated includes: the page table to be updated and/or the page table root to be updated; the basic verification is used to determine whether the page address and pointing address of the page table to be updated are within the allowed range; The full link verification is used to determine whether the pointing relationships of all page tables associated with the root of the page table to be updated are correct; the supplementary verification is used to determine whether the pointing relationships of the page table to be updated are correct. 27.一种图形处理器,其特征在于,所述图形处理器包括第三驱动单元;其中,27. A graphics processor, characterized in that the graphics processor includes a third driving unit; wherein, 所述第三驱动单元,用于通过所述第三驱动获取校验结果;其中,所述校验结果用于指示待更新页表内容是否可信;所述校验结果是第二驱动以下发任务的方式告知所述第三驱动的;第一驱动的任务进程处于挂起状态,所述任务进程与更新页表内容相关,所述第一驱动运行在虚拟机操作系统,所述第二驱动运行在虚拟化管理器;根据所述校验结果,通过所述第三驱动对其当前维护的信息表进行更新,得到可信的信息表;所述可信的信息表用于存储可信页表的相关信息;所述校验结果是所述第二驱动对所述第一驱动写入在第一存储空间中的待更新页表内容进行基本校验、全链路校验及增补校验中的至少一种确定的;其中,The third driving unit is used to obtain the verification result through the third driver; wherein the verification result is used to indicate whether the content of the page table to be updated is trustworthy; the verification result is issued by the second driver. The task mode informs the third driver; the task process of the first driver is in a suspended state, the task process is related to updating the page table content, the first driver runs in the virtual machine operating system, and the second driver Running in the virtualization manager; according to the verification result, the information table currently maintained by the third driver is updated to obtain a trusted information table; the trusted information table is used to store trusted pages The relevant information of the table; the verification result is that the second driver performs basic verification, full link verification and supplementary verification on the content of the page table to be updated written in the first storage space by the first driver. At least one of the definite ones; among them, 所述待更新页表内容包括:待更新页表和/或待更新页表根;所述基本校验用于确定所述待更新页表的页面地址和指向地址是否在允许的范围之内;所述全链路校验用于确定所述待更新页表根所关联的所有的页表的指向关系是否正确;所述增补校验用于确定所述待更新页表的指向关系是否正确。The content of the page table to be updated includes: the page table to be updated and/or the page table root to be updated; the basic verification is used to determine whether the page address and pointing address of the page table to be updated are within the allowed range; The full link verification is used to determine whether the pointing relationships of all page tables associated with the root of the page table to be updated are correct; the supplementary verification is used to determine whether the pointing relationships of the page table to be updated are correct. 28.一种服务器,其特征在于,包括:第一处理器和第一存储器,所述第一存储器用于存储计算机程序,所述第一处理器用于调用并运行所述第一存储器中存储的计算机程序,执行如权利要求1至21中任一项所述的页表的更新方法。28. A server, characterized in that it includes: a first processor and a first memory, the first memory is used to store a computer program, and the first processor is used to call and run the program stored in the first memory. A computer program that executes the page table updating method according to any one of claims 1 to 21. 29.一种图形处理器,其特征在于,包括:第二处理器和第二存储器,所述第二存储器用于存储计算机程序,所述第二处理器用于调用并运行所述第二存储器中存储的计算机程序,执行如权利要求22至25中任一项所述的页表的更新方法。29. A graphics processor, characterized in that it includes: a second processor and a second memory, the second memory is used to store computer programs, the second processor is used to call and run the second memory The stored computer program executes the page table updating method according to any one of claims 22 to 25. 30.一种芯片,其特征在于,包括:处理器,用于从存储器中调用并运行计算机程序,使得安装有所述芯片的设备执行如权利要求1至21中任一项所述的页表的更新方法;或者,执行如权利要求22至25中任一项所述的页表的更新方法。30. A chip, characterized in that it includes: a processor for calling and running a computer program from a memory, so that a device equipped with the chip executes the page table as claimed in any one of claims 1 to 21 The update method; or, perform the page table update method as described in any one of claims 22 to 25. 31.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被至少一个处理器执行时实现如权利要求1至21中任一项所述的页表的更新方法;或者,实现如权利要求22至25中任一项所述的页表的更新方法。31. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, and when the computer program is executed by at least one processor, the computer program implements any one of claims 1 to 21 The page table updating method; or, the page table updating method as described in any one of claims 22 to 25 is implemented.
CN202311159977.3A 2023-09-08 2023-09-08 Page table updating method, server, graphics processor, chip and storage medium Active CN116894275B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202311159977.3A CN116894275B (en) 2023-09-08 2023-09-08 Page table updating method, server, graphics processor, chip and storage medium
TW113134002A TW202511997A (en) 2023-09-08 2024-09-09 Page table updating method, server, graphics processor, chip and computer-readable storage medium
PCT/CN2024/117826 WO2025051279A1 (en) 2023-09-08 2024-09-09 Page table updating method, server, graphics processing unit, chip, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311159977.3A CN116894275B (en) 2023-09-08 2023-09-08 Page table updating method, server, graphics processor, chip and storage medium

Publications (2)

Publication Number Publication Date
CN116894275A CN116894275A (en) 2023-10-17
CN116894275B true CN116894275B (en) 2023-12-19

Family

ID=88315205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311159977.3A Active CN116894275B (en) 2023-09-08 2023-09-08 Page table updating method, server, graphics processor, chip and storage medium

Country Status (3)

Country Link
CN (1) CN116894275B (en)
TW (1) TW202511997A (en)
WO (1) WO2025051279A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116894275B (en) * 2023-09-08 2023-12-19 摩尔线程智能科技(北京)有限责任公司 Page table updating method, server, graphics processor, chip and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101071387A (en) * 2006-09-08 2007-11-14 华南理工大学 Driving program reinforcing method based on virtual server
TW201727576A (en) * 2015-12-21 2017-08-01 英特爾公司 Apparatus and method for pattern-driven page table shadowing for graphics virtualization
CN113342711A (en) * 2021-06-28 2021-09-03 海光信息技术股份有限公司 Page table updating method, device and related equipment
CN114661414A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Computing system, memory page fault processing method and storage medium
CN116680096A (en) * 2023-06-01 2023-09-01 支付宝(杭州)信息技术有限公司 Shared memory management method, virtual machine monitor and computing device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7757035B2 (en) * 2007-06-26 2010-07-13 Intel Corporation Method for optimizing virtualization technology and memory protections using processor-extensions for page table and page directory striping
US8443156B2 (en) * 2009-03-27 2013-05-14 Vmware, Inc. Virtualization system using hardware assistance for shadow page table coherence
EP2973175B1 (en) * 2013-03-13 2019-07-31 Intel Corporation Managing device driver cross ring accesses
US11748130B2 (en) * 2019-06-28 2023-09-05 Intel Corporation Virtualization and multi-tenancy support in graphics processors
CN116360916B (en) * 2022-12-14 2025-05-23 海光信息技术股份有限公司 Method, device and storage medium for protecting integrity of nested page table of virtual machine
CN116894275B (en) * 2023-09-08 2023-12-19 摩尔线程智能科技(北京)有限责任公司 Page table updating method, server, graphics processor, chip and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101071387A (en) * 2006-09-08 2007-11-14 华南理工大学 Driving program reinforcing method based on virtual server
TW201727576A (en) * 2015-12-21 2017-08-01 英特爾公司 Apparatus and method for pattern-driven page table shadowing for graphics virtualization
CN113342711A (en) * 2021-06-28 2021-09-03 海光信息技术股份有限公司 Page table updating method, device and related equipment
CN114661414A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Computing system, memory page fault processing method and storage medium
CN116680096A (en) * 2023-06-01 2023-09-01 支付宝(杭州)信息技术有限公司 Shared memory management method, virtual machine monitor and computing device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
update page table driver;《INTERNATIONAL STANDARD》(第2010期);1-418 *
一种操作系统的PowerPC440内存管理机制研究;颜纪迅;冉鹏;汤小明;;计算机工程与应用(第30期);66-71 *

Also Published As

Publication number Publication date
TW202511997A (en) 2025-03-16
WO2025051279A1 (en) 2025-03-13
CN116894275A (en) 2023-10-17

Similar Documents

Publication Publication Date Title
US10761996B2 (en) Apparatus and method for secure memory access using trust domains
US11074015B2 (en) Memory system and method for controlling nonvolatile memory by a host
US10552337B2 (en) Memory management and device
US10691482B2 (en) Systems, methods, and apparatus for securing virtual machine control structures
RU2602793C2 (en) Method of modifying memory access grants in secure processor environment
US11467977B2 (en) Method and apparatus for monitoring memory access behavior of sample process
EP3324296B1 (en) File data access method and computer system
JP6584823B2 (en) Memory management apparatus, program, and method
US7636800B2 (en) Method and system for memory address translation and pinning
US7975117B2 (en) Enforcing isolation among plural operating systems
US20110126265A1 (en) Security for codes running in non-trusted domains in a processor core
KR20170067740A (en) Protecting application secrets from operating system attacks
US9208088B2 (en) Shared virtual memory management apparatus for providing cache-coherence
KR101724590B1 (en) Apparatus and Method for Protecting Memory in a Multi Processor System
CN118210622B (en) A memory allocation method and computing device
EP3274896B1 (en) Configuration of a memory controller for copy-on-write with a resource controller
CN116894275B (en) Page table updating method, server, graphics processor, chip and storage medium
CN108491249A (en) A kind of kernel module partition method and system based on module powers and functions
EP3249540B1 (en) Method for writing multiple copies into storage device, and storage device
WO2025026327A1 (en) Data processing method and apparatus, and device and storage medium
US11960742B1 (en) High-performance, block-level fail atomicity on byte-level non-volatile media
CN114357399B (en) Access permission control method and device based on memory
CN119004489B (en) Trusted Execution Environment System
CN120020726A (en) Memory management method, device, equipment, storage medium and computer program
CN116775511A (en) Heterogeneous system and memory management method, chip, device and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: B655, 4th Floor, Building 14, Cuiwei Zhongli, Haidian District, Beijing, 100036

Patentee after: Mole Thread Intelligent Technology (Beijing) Co.,Ltd.

Country or region after: China

Address before: 209, 2nd Floor, No. 31 Haidian Street, Haidian District, Beijing

Patentee before: Moore Threads Technology Co., Ltd.

Country or region before: China