The present invention relates to a memory protection circuit, a processing unit, and a memory protection method, and for example, to a memory protection circuit, a processing unit, and a memory protection method that control access to memory by each of a plurality of virtual machines.
In general, a processing unit such as a central processing unit (CPU) includes a memory protection mechanism that controls access to memory in order to protect the memory from unauthorized access. The memory protection mechanism is able to set permission/prohibition of writing or reading to or from a predetermined address in a memory space. The memory protection mechanism includes, for example, a memory management unit (MMU) and a memory protection unit (MPU).
Further, there is a virtualization technique which makes a single physical resource (hardware resource) appear as a plurality of resources. By using this virtualization technique, for example, it is possible to operate a plurality of virtual machines (VMs) on one CPU, thereby being able to operate different operating systems (OSs) on the respective virtual machines.
Japanese Unexamined Patent Application Publication No. 2011-146030 discloses a memory protection technique that reduces a decrease in execution efficiency by enabling a direct access to a protection region determined to have high reliability, and suppresses, as an unauthorized access, a direct access to a protection region determined to have low reliability. Japanese Unexamined Patent Application Publication No. 2009-009232 discloses a technique that provides a computer system with high reliability, and in particular, a technique that protects a kernel of an operating system.