METHOD OF CONTROLLING MEMORY ACCESS

US 20080244206A1
Filed: 03/27/2008
Published: 10/02/2008
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising:

determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and

determining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.

76 Citations

View as Search Results

19 Claims

1. A method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising:
- determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and
  
  determining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first layer element is a virtual machine monitor (VMM) interfacing hardware of the system to at least one guest operating system kernel, the second layer element is the at least one guest operating system kernel, and the third layer element includes at least one application.
  - 3. The method of claim 2, wherein the determining whether the memory is accessible for each page comprises setting a page table that maps a virtual address to a physical address for each page to permit the VMM to access a first memory domain to which the VMM is allocated, a second memory domain to which the at least one guest operating system kernel is allocated, and a third memory domain to which the application is allocated if the VMM currently attempts to access the memory, and to disallow the at least one guest operating system kernel or the at least one application to access the first memory domain and allow the at least one guest operating system kernel or the at least one application to access the second and third memory domains if the at least one guest operating system kernel or the at least one application attempts to access the memory.
  - 4. The method of claim 3, wherein the determining whether the memory is accessible for each page comprises setting the page table such that the at least one guest operating system kernel is permitted to only read data from a specific domain of the first memory domain, which is shared by the VMM and the at least one guest operating system kernel.
  - 5. The method of claim 3, wherein the determining whether the memory is accessible for each page comprises setting the page table such that the at least one guest operating system kernel is permitted to only read data from a specific region of the second memory domain, in which the page table is stored.
  - 6. The method of claim 3, wherein the determining of whether the memory is accessible according to which one of the first, second and third layer elements corresponds to the domain currently to be accessed from among the plurality of domains of the memory comprises setting memory accessibility for each of the plurality of the domains of the memory to permit the VMM or the at least one guest operating system kernel to access the memory according to the set page table if the VMM or the at least one guest operating system kernel attempts to access the memory, to disallow the at least one application to access the first and second memory domains if the at least one application attempts to access the memory, and to allow the at least one application to access the third memory domain.
  - 7. The method of claim 6, further comprising:
    - updating, by the VMM, of the setting of memory accessibility for each of the plurality of the domains of the memory if a layer element that is currently attempting to access the memory is changed from the VMM to the application or is changed from the application to the VMM; and
      
      hypercalling, by the at least one guest operating system kernel, of the VMM and then the VMM updating the setting of memory accessibility for each memory domain if the layer element that is currently attempting to access the memory is changed from the at least one guest operating system kernel to the at least one application or is changed from the at least one application to the at least one guest operating system kernel.
  - 8. The method of claim 2, wherein the system comprises a translation lookaside buffer caching virtual addresses, and the method further comprises storing hot spots selected from codes of the VMM or the at least one guest operating system kernel in the translation lookaside buffer.
  - 9. The method of claim 8, wherein the storing the hot spots comprises storing the hot spots in the translation lookaside buffer such that virtual addresses of the hot spots are continuous.
  - 10. The method of claim 8, further comprising:
    - updating the hot spots stored in the translation lookaside buffer if a virtual machine is changed to another virtual machine.

11. A computer readable storage medium storing a program for executing a method of controlling memory access in a system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method comprising.determining whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode;
- anddetermining whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory.

12. A system including a first layer element executed in a privileged mode having a first priority of permission to access an entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the system comprising:
- the memory; and
  
  a processor which determines whether the memory is accessible for each page that is an address space unit based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode, and which determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain that is currently being accessed from among a plurality of domains of the memory.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the first layer element is a virtual machine monitor (VMM) interfacing hardware of the system to at least one guest operating system kernel, the second layer element is the at least one guest operating system kernel, and the third layer element includes at least one application.
  - 14. The system of claim 13, wherein the processor sets a page table that maps a virtual address to a physical address for each page to permit the VMM to access a first memory domain to which the VMM is allocated, a second memory domain to which the at least one guest operating system kernel is allocated, and a third memory domain to which the application is allocated if the VMM currently attempts to access the memory, and to disallow the at least one guest operating system kernel or the at least one application to access the first memory domain, and allow the at least one guest operating system kernel or the at least one application to access the second and third memory domains if the at least one guest operating system kernel or the at least one application currently attempts to access the memory.
  - 15. The system of claim 14, wherein the processor sets the page table such that the at least one guest operating system kernel is permitted to only read data from a specific region of the first memory domain, which is shared by the VMM and the at least one guest operating system kernel.
  - 16. The system of claim 14, wherein the processor sets the page table such that the at least one guest operating system kernel is permitted to only read data from a specific region of the second memory domain, in which the page table is stored.
  - 17. The system of claim 14, wherein the processor sets memory accessibility for each of the plurality of the domains of the memory to permit the VMM or the at least one guest operating system kernel to access the memory according to the set page table if the VMM or the at least one guest operating system kernel attempt to access the memory, to disallow the at least one application to access the first and second memory domains if the at least one application attempts to access the memory, and to allow the at least one application to access the third memory domain.
  - 18. The system of claim 17, wherein the VMM updates the setting of memory accessibility for each of the plurality of the domains of the memory if a layer element that is currently attempting to access the memory is changed from the VMM to the at least one application or is changed from the at least one application to the VMM, the VMM being hypercalled by the at least one guest operating system kernel which then updates the setting of memory accessibility for each memory domain if the layer element that is currently attempting to access the memory is changed from the at least one guest operating system kernel to the at least one application or is changed from the at least one application to the at least one guest operating system kernel.
  - 19. The system of claim 13, further comprising:
    - a translation lookaside buffer which caches virtual addresses and stores hot spots selected from codes of the VMM or the at least one guest operating system kernel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Suh, Sang-bum, Hwang, Joo-young, Park, Chan-ju, Ryu, Jae-min, HEO, Sung-kwan

Granted Patent

US 8,352,694 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/145 the protection being virtua...

G06F 12/1491 in a hierarchical protectio...

METHOD OF CONTROLLING MEMORY ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF CONTROLLING MEMORY ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links