Memory protection
让我们再次回忆在Architecture-of-computing-system
的“通过architecture来分析OS的作用”段中总结的OS的两大作用,简而言之就是管理hardware和为process提供 execution environment ,对于运行于它之中的process,OS kernel需要对process的所有行为(包括memory access)都了如指掌,它能够发现process是否进行了错误的操作,一旦发现它就会“提醒”这个process,本文所描述的memory protection就属于此,即OS kernel对process的memory access行为进行管控。
wikipedia Memory protection
Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware(恶意软件) within a process from affecting other processes, or the operating system itself. Protection may encompass(环绕) all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unowned memory results in a hardware fault, called a segmentation fault or storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.
Methods
Segmentation
NOTE: 这种方式现代OS以及很少采用了。
Paged virtual memory
Main article: Paged virtual memory
NOTE: 这种方式是目前采用最多的。
SUMMARY
本文仅仅讨论的是memory protection的概念,OS kernel实际的实现远比这要复杂。关于具体的实现细节,参见Book-Understanding-the-Linux-Kernel的2.4-Paging-in-Hardware。由于OS kernel所采用的memory protection,则一旦process的memory access违法,则它能够立即发现并予以通知。与此相关的是一类programming error,叫做memory access error,在Memory-access-error
中进行了详细描述。