METHODS, SYSTEMS, AND APPARATUS FOR OBJECT INVOCATION ACROSS PROTECTION DOMAIN BOUNDARIES

US 20080126762A1
Filed: 11/28/2007
Published: 05/29/2008
Est. Priority Date: 11/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:

executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;

identifying in the kernel the second memory domain as a location of the object;

notifying a server process in the second memory domain of the invocation request;

executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;

copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;

executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and

copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, systems, and computer program products for invoking remote process calls and facilitating inter-process communications in a protected memory system employ a kernel that supports remote invocation of objects by a system call. The system call may include an object identifier and a set of pointers to input and output buffers. The kernel locates the specified object in a separate server process domain and awakens a server thread within the server domain to invoke the object. Using provided memory pointers, the kernel can copy input and output data across the protection domains in a single step without the need for copying data into an intermediate buffer. This eliminates the overhead of multiple data copy steps that are required in conventional protected memory systems.

45 Citations

View as Search Results

37 Claims

1. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:
- executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  identifying in the kernel the second memory domain as a location of the object;
  
  notifying a server process in the second memory domain of the invocation request;
  
  executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the system call is generated by a client proxy within the first memory location, and the input request and the output request are generated by a server proxy within the second memory location.
  - 3. The method of claim 1, further comprising copying at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 4. The method of claim 1, wherein the system call includes an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 5. The method of claim 1, further comprising:
    - executing, in the kernel, a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      executing in the kernel a request to provide the server process with a writable memory address for direct access to an output buffer, wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

6. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:
- executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  notifying the server process of the invocation request;
  
  informing the server process of the identified memory locations;
  
  receiving, at the kernel, from the server process an indication that the object has been invoked;
  
  directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  returning control of execution to the client process.

7. A computer system operating with a memory protection architecture, the computer system comprising:
- a memory;
  
  a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain,wherein the processor is configured with software instructions to perform steps comprising;
  
  executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  identifying in the kernel the second memory domain as a location of the object;
  
  notifying a server process in the second memory domain of the invocation request;
  
  executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer system of claim 7, wherein the processor is configured with software instructions so the system call is generated by a client proxy within the first memory location, and the input request and the output request are generated by a server proxy within the second memory location.
  - 9. The computer system of claim 7, wherein the processor is configured with software instructions to further perform steps comprising copying at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 10. The computer system of claim 7, wherein the processor is configured with software instructions so the system call includes an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 11. The computer system of claim 7, wherein the processor is further configured with software instructions to perform steps comprising:
    - executing, in the kernel, a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      executing, in the kernel, a request to provide the server process with a writable memory address for direct access to an output buffer,wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

12. A computer system operating with a memory protection architecture, the computer system comprising:
- a memory;
  
  a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain,wherein the processor is configured with software instructions to perform steps comprising;
  
  executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  notifying the server process of the invocation request;
  
  informing the server process of the identified memory locations;
  
  receiving, at the kernel, from the server process an indication that the object has been invoked;
  
  directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  returning control of execution to the client process.

13. A mobile handset operating with a memory protection architecture, the computer system comprising:
- a memory;
  
  a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain,wherein the processor is configured with software instructions to perform steps comprising;
  
  executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  identifying, in the kernel, the second memory domain as a location of the object;
  
  notifying a server process in the second memory domain of the invocation request;
  
  executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The mobile handset of claim 13, wherein the processor is configured with software instructions so the system call is generated by a client proxy within the first memory location, and the input request and the output request are generated by a server proxy within the second memory location.
  - 15. The mobile handset of claim 13, wherein the processor is configured with software instructions to further perform steps comprising copying at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 16. The mobile handset of claim 13, wherein the processor is configured with software instructions so the system call includes an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 17. The mobile handset of claim 13, wherein the processor is configured with software instructions to perform steps comprising:
    - executing, in the kernel, a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      executing, in the kernel, a request to provide the server process with a writable memory address for direct access to an output buffer,wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

18. A mobile handset operating with a memory protection architecture, the computer system comprising:
- a memory;
  
  a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain,wherein the processor is configured with software instructions to perform steps comprising;
  
  executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  notifying the server process of the invocation request;
  
  informing the server process of the identified memory locations;
  
  receiving, at the kernel, from the server process an indication that the object has been invoked;
  
  directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  returning control of execution to the client process.

19. A tangible processor-readable memory having stored thereon processor executable instructions configured to cause a processor coupled to a memory to perform steps comprising:
- executing, in a kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  identifying, in the kernel, the second memory domain as a location of the object;
  
  notifying a server process in the second memory domain of the invocation request;
  
  executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The tangible processor-readable memory of claim 19, wherein the stored processor executable instructions are further configured so that the system call is generated by a client proxy within the first memory location, and the input request and the output request are generated by a server proxy within the second memory location.
  - 21. The tangible processor-readable memory of claim 19, wherein the stored processor executable instructions are further configured to cause the processor to perform steps further comprising copying at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 22. The tangible processor-readable memory of claim 19, wherein the stored processor executable instructions are configured so that the system call includes an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 23. The tangible processor-readable memory of claim 19, wherein the stored processor executable instructions are further configured to cause the processor to perform steps further comprising:
    - executing, in the kernel, a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      executing, in the kernel, a request to provide the server process with a writable memory address for direct access to an output buffer,wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

24. A tangible processor-readable memory having stored thereon processor executable instructions configured to cause a processor coupled to a memory to perform steps comprising:
- executing, in a kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  notifying the server process of the invocation request;
  
  informing the server process of the identified memory locations;
  
  receiving, at the kernel, from the server process an indication that the object has been invoked;
  
  directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  returning control of execution to the client process.

25. A system, comprising:
- a kernel means for controlling a central operation of the system;
  
  a client process within a first memory domain;
  
  a server process within a second memory domain;
  
  means for executing a system call by the client process means, the system call requesting invocation of the object in the server process and identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  means for identifying in the kernel the second memory domain as a location of the object;
  
  means for notifying the server process in the second memory domain of the invocation request;
  
  means for executing in the kernel an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  means for copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  means for receiving an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  means for copying the output data directly from the server output buffer in second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The system of claim 25, wherein the system call generated by a client proxy within the first memory location, and the input request and the output request are generated by a server proxy within the second memory location.
  - 27. The system of claim 25, further comprising copying at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 28. The system of claim 25, wherein the system call includes an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 29. The system of claim 25, further comprising:
    - means for executing in the kernel a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      means for executing in the kernel a request to provide the server process with a writable memory address for direct access to an output buffer,wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

30. A system, comprising:
- a kernel means for controlling a central operation of the system;
  
  a client process within a first memory domain;
  
  a server process within a second memory domain;
  
  means for executing in the kernel a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  means for directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  means for notifying the server process of the invocation request;
  
  means for informing the server process of the identified memory locations;
  
  means for receiving at the kernel from the server process an indication that the object has been invoked;
  
  means for directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  means for returning control of execution to the client process.

31. A computer program product, comprising:
- computer-readable medium comprising;
  
  at least one instruction for causing a computer to execute in a kernel a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
  
  at least one instruction for causing a computer to identify in the kernel the second memory domain as a location of the object;
  
  at least one instruction for causing a computer to notifying a server process in the second memory domain of the invocation request;
  
  at least one instruction for causing a computer to executing in the kernel an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
  
  at least one instruction for causing a computer to copy input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
  
  at least one instruction for causing a computer to execute in the kernel an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
  
  at least one instruction for causing a computer to copy the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The computer program product according to claim 31, wherein the computer-readable medium further comprises:
    - at least one instruction for causing a computer to generate the system call in a client proxy within the first memory location; and
      
      at least one instruction for causing a computer to generate the input request and the output request by a server proxy within the second memory location.
  - 33. The computer program product according to claim 31, wherein the computer-readable medium further comprises:
    - at least one instruction for causing a computer to copy at least a portion of the input data into the second memory domain prior to notifying the server process of the invocation request.
  - 34. The computer program product according to claim 31, wherein the computer-readable medium further comprises:
    - at least one instruction for causing a computer to generate the system call including an input parameter authorizing the object to invoke another object, or an output parameter that returns to the client process authority to invoke another object.
  - 35. The computer program product according to claim 31, wherein the computer-readable medium further comprises:
    - at least one instruction for causing a computer to execute in the kernel a request to provide the server process with a readable memory address for direct access to an input buffer; and
      
      at least one instruction for causing a computer to executing in the kernel a request to provide the server process with a writable memory address for direct access to an output buffer,wherein the kernel satisfies the requests upon verifying that the server process has the appropriate kind of access to the memory specified by the client process.

36. A computer program product, comprising:
- computer-readable medium comprising;
  
  at least one instruction for causing a computer to execute in a kernel a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied;
  
  at least one instruction for causing a computer to direct a memory management unit to grant the server process rights to read the input buffer and write to the output buffer;
  
  at least one instruction for causing a computer to notify the server process of the invocation request;
  
  at least one instruction for causing a computer to inform the server process of the identified memory locations;
  
  at least one instruction for causing a computer to receive at the kernel from the server process an indication that the object has been invoked;
  
  at least one instruction for causing a computer to direct the memory management unit to rescind server process rights to read and write data to the identified memory locations; and
  
  at least one instruction for causing a computer to return control of execution to the client process.

37. A computer system, comprising:
- a kernel interface; and
  
  a kernel process in communication with the kernel interface, wherein the kernel process is operable to directly copy data between a first protection domain and a second protection domain without making an intermediate copy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
URQUHART, Kristopher Scott, CHANDRASEKHAR, Ramesh, WALKER, Robert Garrett, KELLEY, Brian H.

Granted Patent

US 8,332,866 B2
Time in Patent Office

Days
Field of Search
US Class Current

712/225
CPC Class Codes

G06F 9/547 Remote procedure calls [RPC...

METHODS, SYSTEMS, AND APPARATUS FOR OBJECT INVOCATION ACROSS PROTECTION DOMAIN BOUNDARIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, SYSTEMS, AND APPARATUS FOR OBJECT INVOCATION ACROSS PROTECTION DOMAIN BOUNDARIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links