发明名称 |
Secure pool memory management |
摘要 |
In general, the invention is directed to techniques for identifying memory overruns. For example, as described herein, a device includes a main memory that enables an addressable memory space for the device. A plurality of memory pages each comprises a separate, contiguous block of addressable memory locations within the addressable memory space. The device also includes a memory manager comprising a secure pool allocator that assigns a secure pool size value to a first one of the plurality of memory pages. The secure pool size value defines a plurality of protected memory spaces in the first memory page that partition the first memory page into a plurality of secure objects. The device also includes a memory management unit comprising secure pool logic that determines, based on the secure pool size value, whether a memory address is an address of one of the protected memory spaces in the first memory page. |
申请公布号 |
US8954695(B1) |
申请公布日期 |
2015.02.10 |
申请号 |
US201213495969 |
申请日期 |
2012.06.13 |
申请人 |
Juniper Networks, Inc. |
发明人 |
Thathapudi Timothy Noel;Satyanarayana Srinivasa Dharwad;Tuli Siddharth Arun |
分类号 |
G06F12/14;G06F21/60 |
主分类号 |
G06F12/14 |
代理机构 |
Shumaker & Sieffert, P.A. |
代理人 |
Shumaker & Sieffert, P.A. |
主权项 |
1. A method comprising:
partitioning an addressable memory space for a device into a plurality of memory pages; requesting, with a daemon executing on the device, a secure object by invoking a system call using a secure pool size value for a secure pool size parameter of the system call; assigning the secure pool size value to a first one of the plurality of memory pages, wherein the secure pool size value defines a plurality of protected memory spaces that partition the first memory page into a plurality of secure objects; returning a reference to a first one of the plurality of secure objects of the first memory page to the daemon in response to the request for the secure object; receiving a command that references a memory address; and determining, based at least on the secure pool size value, whether a memory address is an address of one of the plurality of protected memory spaces of the first memory page, wherein the memory address corresponds to a physical address of the first memory page. |
地址 |
Sunnyvale CA US |