公开(公告)号：US08943288B2

公开(公告)日：2015-01-27

申请号：US13736531

申请日：2013-01-08

Applicant: Samsung Electronics Co., Ltd.

Inventor： Sung-kwan Heo ,  Chan-ju Park ,  Sang-bum Suh ,  Joo-young Hwang ,  Jae-min Ryu

IPC: G06F12/14

CPC classification number: G06F12/1491 ,  G06F12/145

Abstract: Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.

Abstract translation: 提供了一种控制存储器访问的方法。 在包括以具有访问存储器的整个区域的权限的第一优先权的特权模式执行的第一层元素的系统中，以非权限模式执行的第二和第三层元素，其具有访问第 存储器，控制存储器访问的方法确定对于作为地址空间单元的每个页面，存储器是否可访问，基于哪种模式，当前访问存储器的层元素在特权模式和非特权模式之间执行; 并且基于所述第一，第二和第三层元素中的哪个元素对应于当前正在尝试从所述存储器的多个域中被访问的域来确定所述存储器是否可访问。 因此，分配给客户操作系统内核的存储器域被有效地保护在执行客户操作系统内核的非特权模式下执行的应用程序。