Memory protection

From Wikipedia, the free encyclopedia

This does not cite its references or sources.
You can help Wikipedia by introducing appropriate citations. This article has been tagged since June 2006.

Memory protection is a system that prevents one process from corrupting the memory of another process running on the same computer at the same time. It usually employs hardware (i.e. a memory management unit) and system software to allocate distinct memory to different processes and to handle exceptions arising when a process tries to access memory outside its bounds.

1 Methods
2 See also

[edit] Methods

There are different ways to achieve memory protection. These include:

[edit] Segmentation

Segmentation means that the currently running process is restricted to using only certain parts of memory called segments. A segment is defined by a pair of hardware registers which give the limits of allowed memory addresses. If the data that is about to be read, or written to, is outside the permitted address space of that process, a general protection fault will occur. (This should not be confused with the x86-processors realmode segmentation.)

[edit] Paging

Paging is the method mostly used for memory protection. In paging, the memory address space is divided into small pieces, called pages. Using a virtual memory mechanism, each page can be made to reside in any location of the physical memory, or be flagged as being protected. Paging makes it possible to have a linear virtual memory address space access pieces out of a fragmented physical memory space.

Each process is given a page table to define the valid addresses and map them to physical memory. The page table is usually invisible to the process. Page tables make it easy to allocate new memory for a process, as each new page can be allocated from anywhere in physical memory.

Parts of an application's memory can be "swapped out" to other forms of storage. This happens to memory that is seldom used, and it allows the application to act as if it has a much larger working memory than actually exists. By swapping out memory, the virtual memory layout will not change, but it frees a lot of physical memory (i.e. RAM) for other uses.

If the process is accessing a virtual memory location that is not mapped by the page table, a page fault will occur. Page faults could mean either that the process has tried to access memory that it should not have access to, or that part of the application's memory has been swapped out. In the last case, the page will be swapped back in and execution will proceed where it was interrupted.

[edit] Protection keys

A protection key mechanism divides physical memory up into blocks of a particular size (e.g. 2KB), each of which has an associated numerical value called a protection key. Each process also has a protection key value associated with it. On a memory access the hardware checks that the current process's protection key matches the value associated with the memory block being accessed; if not, an exception occurs. This mechanism was used in the System/360 architecture.

If both paging and segmentation are used at the same time, as in the IA-32 architecture, paging does not map into physical memory at once, but goes through a linear memory stage first. Linear memory is the memory as seen solely by the processors segmentation circuitry, or as if the pages were turned off but the segmentation was still active.

It is important to note that virtual memory is not the same as RAM, that linear memory is a hardware register-defined part of the RAM and that physical memory more or less is the equivalent of RAM. Physical memory is actually both RAM and memory mapped I/O-ports.

[edit] Simulated segmentation

Simulation is use of a monitoring program to simulate the machine code instructions of some computer. Such a simulator can provide memory protection by using a segmentation-like scheme and validating the target address and length of each instruction in real time before actually executing them. The simulator must calculate the target address and length and compare this against a list of valid address ranges that it holds concerning the thread's environment, such as any dynamic memory blocks acquired since the thread's inception plus any ("valid") shared static memory slots. The meaning of valid may change throughout the thread's life depending upon context. In other words, it may sometimes be allowed to alter a static block of storage, and sometimes not, depending upon the current mode of execution which may or may not depend on a storage key or supervisor state.