Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
1999-09-27
2002-02-05
Kim, Matthew (Department: 2186)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
Reexamination Certificate
active
06345347
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to computer input/output adapters, and specifically to how such an adapter implements memory protection.
BACKGROUND OF THE INVENTION
FIG. 1
is a schematic diagram illustrating a method of communication in a computing system between a conventional software application
10
and a local network
11
, using an input/output (I/O) adapter
16
, as is known in the art. As is shown, one of the ways conventional software application
10
communicates with local network
11
, as well as with other system elements, is by using a part of an operating system (OS)
12
termed a kernel
14
. The kernel acts as an interface between application
10
and I/O adapter
16
. For each I/O operation, kernel
14
makes, inter alia, data copies and context switches as required to access the I/O adapter.
In the communication method illustrated by
FIG. 1
, application
10
uses a kernel call when interfacing with I/O adapter
16
. Operating system
12
acts as a trusted agent in translating the kernel call to a corresponding physical address used by the I/O adapter to access local network
11
. In other words, the operating system is responsible for ensuring that the specific application, and only the specific application, is able to access the correct physical address, so ensuring that conflicts are avoided.
As computing speeds have increased, the OS-based interface between application and I/O adapter has become a bottleneck, particularly for networked systems, and alternative, higher-speed architectures for interfacing between high-performance network hardware and a computing system have been suggested. One such alternative architecture is described in “Virtual Interface Architecture” (VIA) specification version 1.0, published by Compaq Computer Corporation et al., which is incorporated herein by reference.
FIG. 2
is a schematic illustration of such an alternative architecture. The architecture uses a more direct connection between software application
10
and I/O adapter
16
than that shown in
FIG. 1
, whereby the application interfaces with I/O adapter
16
without the mediation of the operating system. There is a dedicated address
24
, or window, assigned in a memory of I/O adapter
16
, termed a “doorbell,” through which application
10
communicates with the I/O adapter. Other applications are assigned their own corresponding doorbells. Doorbells are mapped into different pages (typically 4 KB segments) of memory space in order to allow the operating system to maintain protection. In this higher-speed architecture, I/O adapter
16
translates a virtual address
22
provided by the application when it communicates via the doorbell into a physical address which is used to access a system memory
18
. The I/O adapter handles the address protection that was previously performed by the operating system, by using a protection tag
20
, as described in more detail below.
Appendix C of the VIA specification describes an example of a hardware model of a Virtual Interface Network Interface Controller (VI NIC), which performs the general function of I/O adapter
16
shown in FIG.
2
. As explained in the appendix, the VI NIC copies data from system memory
18
, inter alia, to a network medium in a transmit phase, and from the medium to memory in a receive phase. In order to perform its tasks of addressing the memory non-contentiously, the VI NIC generates a configurable translation and protection table (TPT)
26
of a given size. The table is used as a look-up table when the NIC translates from a virtual address
22
generated by an application to a corresponding physical address
28
. The table comprises ordered pairs of physical memory addresses and a protection tag for each respective address. The tag is generated for each application by the operating system, and the tag is then used to ensure that the physical address is only accessible to a process using the protection tag of the address. Because the TPT has a fixed size, the tag generated may need to be truncated, depending on the number and size of the memory addresses, so that there is a finite chance that a second application will be able to access the physical address being protected.
SUMMARY OF THE INVENTION
It is an object of some aspects of the present invention to provide methods and apparatus for ensuring fully non-contentious addressing between a plurality of applications and a memory.
It is a further object of some aspects of the present invention to provide methods and apparatus for ensuring address protection using a hardware-defined key.
In some preferred embodiments of the present invention, a computer application running on a computer system communicates directly with an I/O hardware adapter in the system. During an initialization process for the application, operating system (OS) software which is running on the computer system assigns a register in the I/O adapter to the application. The register is dedicated to the application, and is protected by the operating system of the computer from access by other applications. Also during the initialization, a protection block, specific to the application, is constructed within a memory space of the I/O adapter used by the application. The protection block stores a number key corresponding to a physical address of the register. A data buffer in a memory of the computer system is allocated to the application, and at the end of the initialization process, a “handle” associated with the data buffer's address is created and returned by the OS to the application.
During operation of the application, the application writes commands via the dedicated register on the I/O adapter. Each such command includes a virtual address pointer to the data buffer, together with the handle. The handle is used by the I/O adapter as a pointer to the protection block specific to the application. The I/O adapter adds a key to the command, the key depending on the address of the register through which the command is written. The added key and the key in the protection block are compared, and if the keys match, the command is allowed to execute. If the keys do not match, command execution is denied. Further checks using parameters stored in the protection block are also made to ensure that the command is valid, and if all checks are passed, the I/O adapter translates the data pointer to the appropriate physical address, and the command executes.
The method of comparing two keys exactly, wherein the key corresponds uniquely to the appropriate hardware address, means that there is no possibility of conflicts occurring, unlike the system described in the Background of the Invention. Furthermore, since the key in the protection block is calculated directly from the physical address of the register in the I/O adapter, which is a hardware device, the method may be easily implemented in hardware with reduced processing overhead relative to alternative systems that have been suggested.
There is therefore provided, in accordance with a preferred embodiment of the present invention, a method for protecting addresses in a system memory from improper access in a computer system in which a software application accesses the system memory by communicating directly with a hardware device, including:
in an initialization stage:
assigning a register of the hardware device to the application;
generating in the hardware device a protection block, which block is used thereafter by the device to control access by the application to the system memory;
storing in the protection block a first key corresponding to a physical address of the register; and
assigning a handle to the application that refers to the protection block; and
in operation of the application:
conveying a command from the application via the register to access the system memory, the command including the handle;
responsive to the command, generating in the hardware device a second key corresponding to the physical address of the register;
responsive to the handle, comparing the first and second keys;
Chase Christian P.
Darby & Darby
Kim Matthew
LandOfFree
Address protection using a hardware-defined application key does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Address protection using a hardware-defined application key, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Address protection using a hardware-defined application key will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2939469