Secure pool memory management

摘要

In general, the invention is directed to techniques for identifying memory overruns. For example, as described herein, a device includes a main memory that enables an addressable memory space for the device. A plurality of memory pages each comprises a separate, contiguous block of addressable memory locations within the addressable memory space. The device also includes a memory manager comprising a secure pool allocator that assigns a secure pool size value to a first one of the plurality of memory pages. The secure pool size value defines a plurality of protected memory spaces in the first memory page that partition the first memory page into a plurality of secure objects. The device also includes a memory management unit comprising secure pool logic that determines, based on the secure pool size value, whether a memory address is an address of one of the protected memory spaces in the first memory page.

主权项

1. A method comprising:
partitioning an addressable memory space for a device into a plurality of memory pages; requesting, with a daemon executing on the device, a secure object by invoking a system call using a secure pool size value for a secure pool size parameter of the system call; assigning the secure pool size value to a first one of the plurality of memory pages, wherein the secure pool size value defines a plurality of protected memory spaces that partition the first memory page into a plurality of secure objects; returning a reference to a first one of the plurality of secure objects of the first memory page to the daemon in response to the request for the secure object; receiving a command that references a memory address; and determining, based at least on the secure pool size value, whether a memory address is an address of one of the plurality of protected memory spaces of the first memory page, wherein the memory address corresponds to a physical address of the first memory page.