什么在操作系统中强制执行内存保护? [英] What enforces memory protection in an OS?

问题描述

一般来说，我知道一个进程无法写入具有不允许写入的保护的内存(在其地址空间中).但是什么检查进程是否可以做到这一点?是否有任何汇编指令通过操作系统?它是如何工作的?

In general, I know that a process can't write to a memory (in its addresses space) that has a protection that doesn't allow writing. But what checks whether the process can do this? Does any assembly instruction goes through the operating system? how does it work?

推荐答案

在大多数现代 CPU(Intel x86，大多数 ARM 版本)中，是 CPU 本身进行检查.CPU在寄存器之一中存储数据结构的地址，该地址指定存储器的布局(页表")——具体而言，哪些地址是可读的，哪些是可写的，哪些是可执行的.CPU 中的每个内存访问操作都会根据页表进行检查.

In most modern CPUs (Intel x86, most ARM flavors) it's the CPU itself that does the checking. The CPU stores, in one of the registers, an address of a data structure that specifies the layout of the memory ("page table") - specifically, which addresses are readable, which are writable, which are executable. Every memory accessing operation in the CPU is checked against the page table.

当程序尝试对相应页表条目不允许的内存位置执行某些操作时，CPU 会生成异常(中断)，并且操作系统会获得控制权.进一步的操作取决于操作系统.一种常见情况涉及操作系统显示错误消息并终止有故障的程序.不过，不一定.例如，页面交换(将内存写入磁盘上的页面文件并在需要时回读)通过相同的机制实现.

When a program tries to do something to a memory location that the respective page table entry does not allow, the CPU generates an exception (interrupt), and the OS gets control. Further actions depend on the OS. One common scenario involves the OS displaying an error message and terminating the faulty program. Not necessarily, though. For example, page swapping (writing memory out to a page file on a disk and reading back when needed) is implemented via the same mechanism.

页表由操作系统维护，并且(通常)对用户空间代码不可见.操作系统中的相关部分取决于硬件.

The page table is maintained by the OS and is not (typically) visible to userland code. The relevant portions in the OS are hardware dependent.

这篇关于什么在操作系统中强制执行内存保护?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！