CN110362991A - A kind of method of the thread stack space protection of real time operating system - Google Patents
A kind of method of the thread stack space protection of real time operating system Download PDFInfo
- Publication number
- CN110362991A CN110362991A CN201910656899.5A CN201910656899A CN110362991A CN 110362991 A CN110362991 A CN 110362991A CN 201910656899 A CN201910656899 A CN 201910656899A CN 110362991 A CN110362991 A CN 110362991A
- Authority
- CN
- China
- Prior art keywords
- thread
- stack
- unit
- internal storage
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of method of the thread stack space protection of real time operating system, for solving the problems, such as to run the chip of real time operating system in built-in field due to causing system abnormal in the case where thread stack space unreasonable distribution or even collapsing.Specifically include that internal storage access limiting unit;Internal storage access notification unit;Thread stack overflow protection unit;Application layer process unit.Using the method for the thread stack space protection of real time operating system provided by the invention; can in the case where thread has the risk of spilling prior notice to application layer carry out emergent management; ensure the problem of system is not in abnormal caused by thread stack space overflows and collapse simultaneously, the reliability, stability and robustness of embedded software system can be improved.
Description
Technical field
This disclosure relates to which built-in field and real time operating system field, specifically refer to a kind of real-time oss
The method of the thread stack space protection of system.
Background technique
On traditional embedded real-time operating system, operating system nucleus and application program are all to operate in same privilege
Grade, the design defect of any one part can all lead to whole defect in whole system.Guarantee the reliability of system, it is necessary to
Each part is reliable in guarantee system, and this requires application software and operating system to need to have similarly reliably
Property, more stringent requirements are proposed to developer for this design philosophy.
Simultaneously built-in field operation real time operating system SCM system be typically all be not present thread memory every
From technical support, then thread where application program can unconfined access when the arbitrary address space in whole system,
When the distribution of some user thread stack space is too small in whole system, thread stack space spilling may will lead to system can not be just
Often operation, or even system crash can be caused to crash.And the major part of built-in field contributes to national defence aerospace field, doctor
Treatment field, important engineering survey and system control field, such case all can not put up with appearance.
Summary of the invention
Technical problem to be solved by the present invention lies in providing a kind of method of real time operating system thread stack space protection,
To solve the problems, such as that thread stack space spilling causes system irregular operating either to be collapsed under existing real time operating system.
A kind of method of real time operating system thread stack space protection of realization provided by the invention, comprising:
Internal storage access limiting unit is used to limit access authority, initial address and the region in the end region of stack space
Size;
Internal storage access notification unit is used to lead to after the stack space that internal storage access limiting unit is protected is by unauthorized access
Know application layer process unit and thread stack overflow protection unit;
Thread stack overflow protection unit is used for Safety Sweep i.e. for the thread of stack overflow;
Application layer process unit, for after the stack space that internal storage access limiting unit is protected is by unauthorized access or thread
After Safety Sweep, the user logic part of execution.
Further, the read-only or inaccessible power of region of memory can be set in the internal storage access limiting unit
Limit.
Further, the internal storage access limiting unit can set thread stack end region when thread stack is arranged and protects
It is set to read-only or inaccessible permission, when thread uses the protected field of stack, internal storage access limiting unit can be triggered
Internal storage access notification unit work, while internal storage access limiting unit can reset protection zone initial address and region it is big
It is small, the stack space area reduction of protection is continued to protect stack space;When final thread stack space access is to Minimal Protective region,
Internal storage access limiting unit will not continue to reduce region.
Further, the internal storage access notification unit can be when thread uses the protected field of stack, and notice arrives
Application layer process unit.When protected field has been Minimal Protective area size, internal storage access notification unit is also notified that
To thread stack overflow protection unit.
Further, the thread stack overflow protection unit is protected the minimum stack from internal storage access notification unit is monitored
Region unauthorized access event is protected, and closes thread and its occupied resource of thread in the case where thread stack will overflow.
A kind of method of the thread stack space protection of real time operating system provided by the invention is limited single using internal storage access
Member;Internal storage access notification unit;Thread stack overflow protection unit;Application layer process unit can have the risk of spilling in thread
In the case where prior notice to application layer carry out emergent management, while ensure system be not in thread stack space overflow caused by
The problem of abnormal and collapse, the reliability, stability and robustness of embedded software system can be improved.
Detailed description of the invention
In order to clearly illustrate technical solution of the present invention, attached drawing needed in the embodiment will be made below
It is simple to introduce, it should be understood that the following drawings illustrate only some embodiments of the disclosure, therefore be not construed as to this hair
Bright restriction for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain the relevant attached drawing of premise.
Fig. 1 is a kind of frame of the method for real time operating system thread stack space protection of the specific embodiment of the invention
Figure.
Fig. 2 is the schematic diagram of the single limitation stack space access authority of internal storage access limitation of the specific embodiment of the invention.
Fig. 3 is the execution flow chart of the internal storage access limiting unit of the specific embodiment of the invention.
Fig. 4 is the execution flow chart of the internal storage access notification unit of the specific embodiment of the invention.
Fig. 5 is the execution flow chart of the thread stack overflow protection unit of the specific embodiment of the invention.
Fig. 6 is the execution flow chart of the application layer process unit of the specific embodiment of the invention.
Specific embodiment
Below in conjunction with the attached drawing in the present invention, clear, complete description is carried out to the technical solution in the present invention, it is clear that
Described embodiment is only section Example of the invention, instead of all the embodiments.The embodiment of offer be in order to
The present invention at large and is fully disclosed, and sufficiently conveys the scope of the present invention to person of ordinary skill in the field.Cause
This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below
Range, and it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not having
There is the premise embodiment of all acquisitions under the premise of making creative work, shall fall within the protection scope of the present invention.
Fig. 1 is the frame diagram for a kind of method that the embodiment of the present invention provides real time operating system thread stack space protection, such as
Shown in Fig. 1, the composition is by internal storage access limiting unit 101, internal storage access notification unit 102, thread stack overflow protection unit
103, application layer process unit 104 forms.
Internal storage access limiting unit 101 is used to limit access authority, initial address and the area in the end region of stack space
Domain size;
Internal storage access notification unit 102 is used for after the stack space that internal storage access limiting unit is protected is by unauthorized access,
Notify application layer process unit and thread stack overflow protection unit;
Thread stack overflow protection unit 103 is used for Safety Sweep i.e. for the thread of stack overflow;
Application layer process unit 104, for after the stack space that internal storage access limiting unit is protected is by unauthorized access or
Thread is by after Safety Sweep, the user logic part of execution.
Preferably, the read-only or inaccessible permission of region of memory can be set in the internal storage access limiting unit.
Preferably, thread stack end region can be arranged when thread stack is arranged and protects for the internal storage access limiting unit
For read-only or inaccessible permission, when thread uses the protected field of stack, internal storage access limiting unit can trigger interior
Deposit access notifications cell operation, at the same internal storage access limiting unit can reset protection zone initial address and region it is big
It is small, the stack space area reduction of protection is continued to protect stack space;When final thread stack space access is to Minimal Protective region,
Internal storage access limiting unit will not continue to reduce region, while limit thread stack and carrying out write operation to the protection zone, prevent
Stack space is destroyed.
Preferably, the internal storage access notification unit can be notified when thread uses the protected field of stack to answering
With layer processing unit.When protected field has been Minimal Protective area size, internal storage access notification unit is also notified that
Thread stack overflow protection unit.
Preferably, the thread stack overflow protection unit is protected the minimum stack from internal storage access notification unit is monitored
Region unauthorized access event, and thread and its occupied resource of thread are closed in the case where thread stack will overflow.
Fig. 2 is the schematic diagram of the single limitation stack space access authority of internal storage access limitation of specific implementation method of the present invention.Such as
Shown in Fig. 2, per thread has the stack space 203 of oneself, which belongs to a piece of memory headroom, the starting of this piece memory headroom
Address is stack top 201, the end address of this piece memory headroom is stack bottom 202, in the present invention will bottom to stack space it is upward
Offset address region is protected, that is, protection zone 204, when protection zone 204 is accessed in thread stack, internal storage access limit
Unit processed will reduce the protection zone, when protection zone 204 can not reduce again, just stop reducing protection zone, simultaneously
Thread stack also will be unable to modify 204 content of protection zone again.
Fig. 3 is the execution flow chart of the internal storage access limiting unit of the specific embodiment of the invention.The process is from step
S301 starts.
In step S301, the end region that current thread is arranged is protection zone by the internal storage access limiting unit
Domain, the region can not be written into or be accessed;
In step s 302, whether the internal storage access limiting unit begins listening for protection zone by unauthorized access;
In step S303, after the internal storage access limiting unit listens to thread accesses to protection zone, contracting is attempted
The protection zone of small stack space executes step S302 after successfully reducing region again, if current protection zone has been most
In the case where small, protection zone is no longer reduced.
Fig. 4 is the execution flow chart of the internal storage access notification unit of the specific embodiment of the invention.The process is from step
S401 starts.
In step S401, when thread opens progress stack space protection, the internal storage access notification unit will be supervised
The case where listening protection zone.After protection zone is accessed in thread stack and in the case that protection zone can also reduce, step is executed
Rapid S402 after protection zone is accessed in thread stack and in the case that protection zone can not reduce, executes step S403;
In step S402, the internal storage access notification unit will be notified that using processing unit, be sent thread stack and be
Event will be overflowed;
In step S403, the internal storage access notification unit will be notified that using processing unit, be sent thread and be closed
Event;Simultaneously
In step s 404, the internal storage access notification unit will be notified that thread stack overflow protection unit, closed line
Journey.
Fig. 5 is the execution flow chart of the thread stack overflow protection unit of the specific embodiment of the invention.The process is from step
Rapid S501 starts.
In step S501, the thread stack overflow protection unit will receive the closing from internal storage access notification unit
Thread events;
In step S502, the IPC wake-up that the thread stack overflow protection unit holds current thread is handled;
In step S503, the thread stack overflow protection unit will delete the dynamic memory held of thread;
In step S504, closing is exited the thread currently protected by the thread stack overflow protection unit.
Fig. 6 is the execution flow chart of the application layer process unit of the specific embodiment of the invention.The process is from step
S601 starts.
In step s 601, the application layer process unit by receive the event from internal storage access notification unit;
In step S602, the event received is notified personal code work by the application layer process unit, meets at user
The case where handling subsequent abnormal conditions.
Claims (5)
1. a kind of method of the thread stack space protection of real time operating system, which is characterized in that the described method includes:
Internal storage access limiting unit is used to limit access authority, initial address and the area size in the end region of stack space;
Internal storage access notification unit is used for after the stack space that internal storage access limiting unit is protected is by unauthorized access, and notice is answered
With layer processing unit and thread stack overflow protection unit;
Thread stack overflow protection unit is used for Safety Sweep i.e. for the thread of stack overflow;
Application layer process unit, for after the stack space that internal storage access limiting unit is protected is by unauthorized access or thread is pacified
After clear all, the user logic part of execution.
2. the method for the thread stack space protection of real time operating system according to claim 1, which is characterized in that described is interior
Depositing access limiting unit can be set the read-only or inaccessible permission of region of memory.
3. the method for the thread stack space protection of real time operating system according to claim 2, which is characterized in that described is interior
Thread stack end region can be set to read-only or inaccessible permission when thread stack is arranged and protects by depositing access limiting unit,
When thread uses the protected field of stack, internal storage access limiting unit can trigger the work of internal storage access notification unit, simultaneously
Internal storage access limiting unit can reset the initial address and area size of protection zone, by the stack space area reduction of protection
Continue to protect stack space;When final thread stack space access is to Minimal Protective region, internal storage access limiting unit will not be followed by
It is continuous to reduce region, while limiting thread stack and write operation is carried out to the protection zone, prevent stack space to be destroyed;
4. the method for the thread stack space protection of real time operating system according to claim 1, which is characterized in that described is interior
Application layer process unit can be notified when thread uses the protected field of stack by depositing access notifications unit.Work as protected district
When domain has been Minimal Protective area size, internal storage access notification unit is also notified that thread stack overflow protection unit.
5. the method for the thread stack space protection of real time operating system according to claim 1, which is characterized in that the line
Journey stack overflow protection location by monitor the minimum stack protection zone unauthorized access event from internal storage access notification unit, and
Thread stack closes thread and its occupied resource of thread in the case where will overflowing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910656899.5A CN110362991A (en) | 2019-07-19 | 2019-07-19 | A kind of method of the thread stack space protection of real time operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910656899.5A CN110362991A (en) | 2019-07-19 | 2019-07-19 | A kind of method of the thread stack space protection of real time operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110362991A true CN110362991A (en) | 2019-10-22 |
Family
ID=68221329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910656899.5A Pending CN110362991A (en) | 2019-07-19 | 2019-07-19 | A kind of method of the thread stack space protection of real time operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110362991A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103246591A (en) * | 2013-04-26 | 2013-08-14 | 华为技术有限公司 | Signal processing method and device |
| CN103839007A (en) * | 2014-03-03 | 2014-06-04 | 珠海市君天电子科技有限公司 | Method and system for detecting abnormal threading |
| CN104572448A (en) * | 2014-12-23 | 2015-04-29 | 大唐移动通信设备有限公司 | Method and device for realizing use condition of thread stack |
| CN106648549A (en) * | 2017-01-03 | 2017-05-10 | 北京华胜信泰数据技术有限公司 | Processing method and system for thread stack |
| US9804975B2 (en) * | 2014-06-23 | 2017-10-31 | The Johns Hopkins University | Hardware-enforced prevention of buffer overflow |
| CN107632936A (en) * | 2017-09-22 | 2018-01-26 | 迈普通信技术股份有限公司 | Stack protection method and device |
| CN109144756A (en) * | 2017-06-27 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of method and device of stack overflow processing |
-
2019
- 2019-07-19 CN CN201910656899.5A patent/CN110362991A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103246591A (en) * | 2013-04-26 | 2013-08-14 | 华为技术有限公司 | Signal processing method and device |
| CN103839007A (en) * | 2014-03-03 | 2014-06-04 | 珠海市君天电子科技有限公司 | Method and system for detecting abnormal threading |
| US9804975B2 (en) * | 2014-06-23 | 2017-10-31 | The Johns Hopkins University | Hardware-enforced prevention of buffer overflow |
| CN104572448A (en) * | 2014-12-23 | 2015-04-29 | 大唐移动通信设备有限公司 | Method and device for realizing use condition of thread stack |
| CN106648549A (en) * | 2017-01-03 | 2017-05-10 | 北京华胜信泰数据技术有限公司 | Processing method and system for thread stack |
| CN109144756A (en) * | 2017-06-27 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of method and device of stack overflow processing |
| CN107632936A (en) * | 2017-09-22 | 2018-01-26 | 迈普通信技术股份有限公司 | Stack protection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 昵称:浅墨浓香: "Windows线程栈", 《博客园》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022089452A1 (en) | Memory management method and apparatus, and electronic device and computer-readable storage medium | |
| EP1563376B1 (en) | Exception types within a secure processing system | |
| CN104221445B (en) | A kind of method and terminal waking up terminal system | |
| CN106055073B (en) | A kind for the treatment of method and apparatus based on bright screen lock | |
| KR101835250B1 (en) | Detection of unauthorized memory modification and access using transactional memory | |
| JP2012195016A (en) | System and method for identifying and preventing security violation within computer system | |
| US9037823B2 (en) | Protecting IAT/EAT hooks from rootkit attacks using new CPU assists | |
| CN105809055B (en) | Access control method, device and relevant device | |
| CN106681811A (en) | Multi-thread scheduling method and device based on thread pool | |
| CN106055077A (en) | Wake-up lock-based processing method and device | |
| US8255912B2 (en) | Techniques for setting events in a multi-threaded system | |
| CN106295355A (en) | A kind of active safety support method towards Linux server | |
| CN104794395A (en) | Architecture characteristic based lightweight multi-system safety management structure | |
| CN104268470A (en) | Security control method and security control device | |
| EP2996043B1 (en) | Debugging in a data processing apparatus | |
| CN109144682A (en) | The priority processing method and processing unit of task | |
| CN105844152B (en) | A kind of linux kernel reinforcement means and hardware platform based on SELinux systems | |
| CN103778099A (en) | Information processing apparatus | |
| WO2017133442A1 (en) | Real-time measurement method and device | |
| CN110362991A (en) | A kind of method of the thread stack space protection of real time operating system | |
| CN101667211A (en) | Transaction conflict decision method of dynamic multi-granularity lock in database | |
| CN107193590A (en) | A kind of anti-root methods based on android | |
| CN105740170B (en) | Cache dirty page flashing method and device | |
| CN109063516B (en) | Data processor | |
| CN110138780A (en) | A method of internet-of-things terminal threat detection is realized based on probe technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191022 |