Storage access validation to data messages using partial storage address data indexed entries containing permissible address range validation for message source

US 5,964,835 A
Filed: 06/07/1995
Issued: 10/12/1999
Est. Priority Date: 12/17/1992
Status: Expired due to Fees

First Claim

Patent Images

1. In a processing system of the type including a first processing element having a storage device storing data, a second processing element operably coupled to the first processing element for communicating messages containing either data to be written to the storage device or a request that data be read from the storage device, a source address indicative of an identification of the second processing element, a destination address identifying the first processing element as the destination of the message, first address data indicative of the first storage locations of the storage device at which data is to be written or from which data is to be read a method of validating access to the storage device in response to receipt of the message by the first processing element, comprising the steps of:

providing the first processing element with a processor address;

maintaining a plurality of entries, each of the entries including a source identification and access data identifying a grant or a denial of access to at least a portion of the storage device to the second processing device, the access data including second address data indicative of second storage locations whereat the data is to read from, or written to, the storage device;

comparing the destination address with the processor address to deny access if there is a mis-compare;

selecting a one of the plurality of entries using at least a portion of the first address data to form an address to identify the one of the plurality of entries; and

determining from the one of the plurality of entries if the source address and the source identification match and from comparing the first and second address data that the data to be written will reside, or the data to be read resides, within the second storage locations, and if so whether permitting access to the memory device is to be granted.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multiprocessor system includes a number of central processing unit (CPUs) and at least one input/output (I/O) device interconnected by routing apparatus for communicating packetized messages therebetween. The messages contain address information identifying the source and destination of the message, and may also contain requests to write to, or read from, storage of a CPU. Protection against errant reads or writes is provided by an access validation method that utilizes access validation information contained in plural entries maintained by each CPU. Each entry provides validation by identifying what elements of the system has read and/or write wccss to the memory of that CPU, without which memory access is denied.

134 Citations

12 Claims

1. In a processing system of the type including a first processing element having a storage device storing data, a second processing element operably coupled to the first processing element for communicating messages containing either data to be written to the storage device or a request that data be read from the storage device, a source address indicative of an identification of the second processing element, a destination address identifying the first processing element as the destination of the message, first address data indicative of the first storage locations of the storage device at which data is to be written or from which data is to be read a method of validating access to the storage device in response to receipt of the message by the first processing element, comprising the steps of:
- providing the first processing element with a processor address;
  
  maintaining a plurality of entries, each of the entries including a source identification and access data identifying a grant or a denial of access to at least a portion of the storage device to the second processing device, the access data including second address data indicative of second storage locations whereat the data is to read from, or written to, the storage device;
  
  comparing the destination address with the processor address to deny access if there is a mis-compare;
  
  selecting a one of the plurality of entries using at least a portion of the first address data to form an address to identify the one of the plurality of entries; and
  
  determining from the one of the plurality of entries if the source address and the source identification match and from comparing the first and second address data that the data to be written will reside, or the data to be read resides, within the second storage locations, and if so whether permitting access to the memory device is to be granted.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the maintaining step includes the step of maintaining the plurality of entries in the storage device.

3. In a data processing system having a plurality of data communicating elements interconnected by a communication medium for communicating message data therebetween, the plurality of data communicating elements including a processor element having a memory unit storing data, the message data including either a request to write data to the memory unit or to read data from the memory unit, a source address identifying a sender data communicating element of the message data, length data indicative of the amount of data to be written or read, and a memory address indicative of a location in the memory unit whereat the data is to be written or from which the data is read, a method of validating access to the memory unit comprising the steps of:
- maintaining in the processor element a table containing, for each of the plurality of data communicating elements sending to the processor element message data with the request, at least one corresponding entry having a source identification indicative of such data communicating element, and access information indicative of access to the memory unit granted such data communicating element, the access information including a memory storage identification indicative of a predetermined memory area of the memory unit available for storage of the message data;
  
  receiving the message data and using at least a first portion of the memory address to identify and access the corresponding entry from the table;
  
  denying access to the memory unit if the source address does not match the source identification or if comparing the memory storage identification to the length data indicates the message data to be read or written is not wholly within the predetermined memory area; and
  
  using at least a second portion of the memory address to identify the location if the source address and source information match, and the access information permits the request.
- View Dependent Claims (4, 5, 6, 7)
- - 4. The method of claim 3, including the steps of providing wherein the processor element with a processor address, providing the message data with a destination address indicative of the intended receiver of the message data, and denying access to the memory element if the processor address does not match the destination address of received message data.
  - 5. The method of claim 3, including the steps of providing the message data with a first value indicative of the amount of data to be written to or read from the memory unit, providing the access information of each of the entries with a second value indicative of the amount of data permitted to be written to or read from the memory unit, and denying access to the memory unit if the first and second values do not agree.
  - 6. The method of claim 3, including the steps of providing each of the plurality of entries with a base memory address, and combining the base memory address with the memory address to identify the location in memory to write data if the message data includes a request to write data.
  - 7. The method of claim 3, including the steps of providing each of the plurality of entries with a base memory address, and combining the base memory address with the memory address to identify the location in memory to read data from if the message data includes a request to read data.

8. A processing system, including a plurality of processing elements interconnected by a communication medium for communicating message data therebetween, at least one of the plurality of processing elements including a storage memory, the message data including address information and a request to (1) read data from, or (2) write data to, the storage memory at memory locations identified by the address information, a method for verifying access to the storage memory that includes the steps of:
- maintaining a table associated with the processor element, the table including a plurality of addressable entries, there being at least one entry for each of the other of the plurality of processing elements, each of the plurality of addressable entries containing memory data defining a plurality of memory locations of the storage memory whereat data resides to be read or whereat data is to be written;
  
  receiving at the processor element message data from a one of the plurality of processing elements;
  
  using at least a portion of the address information to form an address to select a one of the addressable entries corresponding to the one of the plurality of processing elements;
  
  comparing the memory data and the address information to deny access to the storage memory if any portion of the data requested to be read from or written to the storage memory is not within the plurality of memory locations of the storage memory.

9. A processing system having at least first and second processing elements interconnected for communicating messages therebetween, the first processing element including a storage for data, a method of validating access to the storage that includes the steps of:
- the second processing element sending a request message to the first processing element requesting to write data to, or read data from, the storage, and address data indicative of a predetermined number of storage locations of the storage whereat the data will be written or from which the data will be read;
  
  maintaining at the first processing element a table having a plurality of entries, each of the entries containing information describing a second number of storage locations of the storage whereat data to be read resides or whereat data can be written;
  
  selecting a one of the plurality of entries using as an entry address at least a portion of the address data; and
  
  denying access to the storage if comparison of the address data and information indicates the data to be read or to be written is not within the second number of storage locations.
- View Dependent Claims (10, 11, 12)
- - 10. The processing system of claim 9, wherein the request message includes a source identification indicative of the second processing element, and the one entry includes a processing element identification indicative of the second processing element, and the denying step including the step of refusing access to the storage if the source identification and the processing element identification do not match.
  - 11. The processing system of claim 10, wherein the storage is a memory element.
  - 12. The processing system of claim 11, wherein the maintaining step includes maintaining the table in the memory element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Tandem Computers Incorporated (HP Inc.)
Inventors
Hintikka, Paul N., Garcia, David J., Sonnier, David P., Horst, Robert W., Baker, William Edward, Cutts, Richard W. Jr., Williams, Frank A., Watson, William Joel, Fowler, Daniel L., Bunton, William Patterson, Iswandhi, Geoffrey I., Campbell, Gary F.
Primary Examiner(s)
Kim, Kenneth S.

Application Number

US08/482,618
Time in Patent Office

1,588 Days
Field of Search

395/200.06, 395/187.01, 395/490, 395/200.09, 395/200.47, 395/800.28, 395/200.46, 711/164, 711/163, 711/152, 709/216
US Class Current

709/216
CPC Class Codes

G01R 31/31727   Clock circuits aspects, e.g...

G01R 31/318533   using scanning techniques, ...

G06F 1/12   Synchronisation of differen...

G06F 11/004   Error avoidance G06F11/07 a...

G06F 11/10   Adding special bits or symb...

G06F 11/1044   with specific ECC/EDC distr...

G06F 11/1604   where the fault affects the...

G06F 11/1633   using mutual exchange of th...

G06F 11/1645   and the comparison itself u...

G06F 11/165   with continued operation af...

G06F 11/1658   Data re-synchronization of ...

G06F 11/167   Error detection by comparin...

G06F 11/1679   at clock signal level

G06F 11/1683   at instruction level

G06F 11/1687   at event level, e.g. by int...

G06F 11/1695   which are operating with ti...

G06F 11/20   using active fault-masking,...

G06F 11/2043   where the redundant compone...

G06F 11/2097   maintaining the standby con...

G06F 11/2736   using a dedicated service p...

G06F 12/0815 : Cache consistency protocols

G06F 12/1036 : for multiple virtual addres...

G06F 12/14 : Protection against unauthor...

G06F 12/1475 : in a virtual system, e.g. w...

G06F 12/1483 : using an access-table, e.g....

G06F 2201/845 : Systems in which the redund...

G06F 2212/1024 : Latency reduction

H04L 12/56 : Packet switching systems

H04L 47/10 : Flow control; Congestion co...

H04L 49/90 : Buffering arrangements

H04L 49/901 : using storage descriptor, e...

H04L 49/9057 : Arrangements for supporting...

H04L 69/40 : for recovering from a failu...

View All

Storage access validation to data messages using partial storage address data indexed entries containing permissible address range validation for message source

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

134 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Storage access validation to data messages using partial storage address data indexed entries containing permissible address range validation for message source

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links