METHODS, SYSTEMS, AND APPARATUS FOR OBJECT INVOCATION ACROSS PROTECTION DOMAIN BOUNDARIES
First Claim
1. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:
- executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied;
identifying in the kernel the second memory domain as a location of the object;
notifying a server process in the second memory domain of the invocation request;
executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain;
copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain;
executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and
copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatus, systems, and computer program products for invoking remote process calls and facilitating inter-process communications in a protected memory system employ a kernel that supports remote invocation of objects by a system call. The system call may include an object identifier and a set of pointers to input and output buffers. The kernel locates the specified object in a separate server process domain and awakens a server thread within the server domain to invoke the object. Using provided memory pointers, the kernel can copy input and output data across the protection domains in a single step without the need for copying data into an intermediate buffer. This eliminates the overhead of multiple data copy steps that are required in conventional protected memory systems.
45 Citations
37 Claims
-
1. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:
-
executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; identifying in the kernel the second memory domain as a location of the object; notifying a server process in the second memory domain of the invocation request; executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for accomplishing inter-process communication of data in a memory protection architecture having a kernel, comprising:
-
executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; notifying the server process of the invocation request; informing the server process of the identified memory locations; receiving, at the kernel, from the server process an indication that the object has been invoked; directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and returning control of execution to the client process.
-
-
7. A computer system operating with a memory protection architecture, the computer system comprising:
-
a memory; a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain, wherein the processor is configured with software instructions to perform steps comprising; executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; identifying in the kernel the second memory domain as a location of the object; notifying a server process in the second memory domain of the invocation request; executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer system operating with a memory protection architecture, the computer system comprising:
-
a memory; a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain, wherein the processor is configured with software instructions to perform steps comprising; executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; notifying the server process of the invocation request; informing the server process of the identified memory locations; receiving, at the kernel, from the server process an indication that the object has been invoked; directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and returning control of execution to the client process.
-
-
13. A mobile handset operating with a memory protection architecture, the computer system comprising:
-
a memory; a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain, wherein the processor is configured with software instructions to perform steps comprising; executing, in the kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; identifying, in the kernel, the second memory domain as a location of the object; notifying a server process in the second memory domain of the invocation request; executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A mobile handset operating with a memory protection architecture, the computer system comprising:
-
a memory; a processor coupled to the memory and implementing processor executable instructions including a kernel process, client process, and a server process, wherein the client process has memory read and write access limited to a first memory domain, the server process has memory read and write access limited to a second memory domain, and the kernel process has memory read write access to the first and second memory domains and a kernel domain, wherein the processor is configured with software instructions to perform steps comprising; executing, in the kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; notifying the server process of the invocation request; informing the server process of the identified memory locations; receiving, at the kernel, from the server process an indication that the object has been invoked; directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and returning control of execution to the client process.
-
-
19. A tangible processor-readable memory having stored thereon processor executable instructions configured to cause a processor coupled to a memory to perform steps comprising:
-
executing, in a kernel, a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; identifying, in the kernel, the second memory domain as a location of the object; notifying a server process in the second memory domain of the invocation request; executing, in the kernel, an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; executing, in the kernel, an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and copying the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A tangible processor-readable memory having stored thereon processor executable instructions configured to cause a processor coupled to a memory to perform steps comprising:
-
executing, in a kernel, a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; notifying the server process of the invocation request; informing the server process of the identified memory locations; receiving, at the kernel, from the server process an indication that the object has been invoked; directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and returning control of execution to the client process.
-
-
25. A system, comprising:
-
a kernel means for controlling a central operation of the system; a client process within a first memory domain; a server process within a second memory domain; means for executing a system call by the client process means, the system call requesting invocation of the object in the server process and identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; means for identifying in the kernel the second memory domain as a location of the object; means for notifying the server process in the second memory domain of the invocation request; means for executing in the kernel an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; means for copying input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; means for receiving an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and means for copying the output data directly from the server output buffer in second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A system, comprising:
-
a kernel means for controlling a central operation of the system; a client process within a first memory domain; a server process within a second memory domain; means for executing in the kernel a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; means for directing a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; means for notifying the server process of the invocation request; means for informing the server process of the identified memory locations; means for receiving at the kernel from the server process an indication that the object has been invoked; means for directing the memory management unit to rescind server process rights to read and write data to the identified memory locations; and means for returning control of execution to the client process.
-
-
31. A computer program product, comprising:
computer-readable medium comprising; at least one instruction for causing a computer to execute in a kernel a system call by a client process within a first memory domain requesting invocation of an object in a second memory domain, the system call identifying a client input buffer in the first memory domain containing the input data and a client output buffer in the first memory domain into which output data is to be copied; at least one instruction for causing a computer to identify in the kernel the second memory domain as a location of the object; at least one instruction for causing a computer to notifying a server process in the second memory domain of the invocation request; at least one instruction for causing a computer to executing in the kernel an input request for input data by the server process, the input request identifying a server input buffer for receiving the input data in the second memory domain; at least one instruction for causing a computer to copy input data directly from the client input buffer in the first memory domain into the server input buffer in the second memory domain; at least one instruction for causing a computer to execute in the kernel an output request to copy output data from the second memory domain, the output request identifying a server output buffer containing the output data; and at least one instruction for causing a computer to copy the output data directly from the server output buffer in the second memory domain into the client input buffer in the first memory domain. - View Dependent Claims (32, 33, 34, 35)
-
36. A computer program product, comprising:
computer-readable medium comprising; at least one instruction for causing a computer to execute in a kernel a system call by a client process, the system call requesting invocation of an object in a server process, and identifying memory locations of an input buffer containing input data and an output buffer into which output data is to be copied; at least one instruction for causing a computer to direct a memory management unit to grant the server process rights to read the input buffer and write to the output buffer; at least one instruction for causing a computer to notify the server process of the invocation request; at least one instruction for causing a computer to inform the server process of the identified memory locations; at least one instruction for causing a computer to receive at the kernel from the server process an indication that the object has been invoked; at least one instruction for causing a computer to direct the memory management unit to rescind server process rights to read and write data to the identified memory locations; and at least one instruction for causing a computer to return control of execution to the client process.
-
37. A computer system, comprising:
-
a kernel interface; and a kernel process in communication with the kernel interface, wherein the kernel process is operable to directly copy data between a first protection domain and a second protection domain without making an intermediate copy.
-
Specification