HARDWARE ASSIST FOR PRIVILEGE ACCESS VIOLATION CHECKS
First Claim
1. A device, comprising:
- a kernel-mode driver (KMD) configured to receive a command buffer having one or more buffer sections, each command buffer section having a command and designating whether that command is privileged or non-privileged, and the KMD is further configured to selectively parse and validate one or more of the command buffer sections; and
a graphics processing unit (GPU) configured to receive batch buffers from the KMD, each batch buffer having a command from the command buffer and designating whether that command is privileged or non-privileged, and the GPU is further configured to disallow execution of any privileged command from a non-privileged batch buffer.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for processing rendering engine workload of a graphics system in a secure fashion, wherein at least some security processing of the workload is offloaded from software-based security parsing to hardware-based security parsing. In some embodiments, commands from a given application are received by a user mode driver (UMD), which is configured to generate a command buffer delineated into privileged and/or non-privileged command sections. The delineated command buffer can then be passed by the UMD to a kernel-mode driver (KMD), which is configured to parse and validate only privileged buffer sections, but to issue all other batch buffers with a privilege indicator set to non-privileged. A graphics processing unit (GPU) can receive the privilege-designated batch buffers from the KMD, and is configured to disallow execution of any privileged command from a non-privileged batch buffer, while any privileged commands from privileged batch buffers are unrestricted by the GPU
65 Citations
23 Claims
-
1. A device, comprising:
-
a kernel-mode driver (KMD) configured to receive a command buffer having one or more buffer sections, each command buffer section having a command and designating whether that command is privileged or non-privileged, and the KMD is further configured to selectively parse and validate one or more of the command buffer sections; and a graphics processing unit (GPU) configured to receive batch buffers from the KMD, each batch buffer having a command from the command buffer and designating whether that command is privileged or non-privileged, and the GPU is further configured to disallow execution of any privileged command from a non-privileged batch buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A media processing system, comprising:
-
a user mode driver (UMD) configured to generate a command buffer having one or more buffer sections, each command buffer section having a command and designating whether that command is privileged or non-privileged; a kernel-mode driver (KMD) configured to receive the command buffer from the UMD, and to parse and validate only commands of command buffer sections designated as privileged; and a graphics processing unit (GPU) configured to receive batch buffers from the KMD, each batch buffer having a command from the command buffer and designating whether that command is privileged or non-privileged, and the GPU is further configured to disallow execution of any privileged command from a non-privileged batch buffer. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method, comprising:
-
receiving rendering engine workload including one or more commands; and off-loading at least some security processing of the workload from software-based security parsing to hardware-based security parsing. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification