Storage access validation to data messages using partial storage address data indexed entries containing permissible address range validation for message source
First Claim
1. In a processing system of the type including a first processing element having a storage device storing data, a second processing element operably coupled to the first processing element for communicating messages containing either data to be written to the storage device or a request that data be read from the storage device, a source address indicative of an identification of the second processing element, a destination address identifying the first processing element as the destination of the message, first address data indicative of the first storage locations of the storage device at which data is to be written or from which data is to be read a method of validating access to the storage device in response to receipt of the message by the first processing element, comprising the steps of:
- providing the first processing element with a processor address;
maintaining a plurality of entries, each of the entries including a source identification and access data identifying a grant or a denial of access to at least a portion of the storage device to the second processing device, the access data including second address data indicative of second storage locations whereat the data is to read from, or written to, the storage device;
comparing the destination address with the processor address to deny access if there is a mis-compare;
selecting a one of the plurality of entries using at least a portion of the first address data to form an address to identify the one of the plurality of entries; and
determining from the one of the plurality of entries if the source address and the source identification match and from comparing the first and second address data that the data to be written will reside, or the data to be read resides, within the second storage locations, and if so whether permitting access to the memory device is to be granted.
4 Assignments
0 Petitions
Accused Products
Abstract
A multiprocessor system includes a number of central processing unit (CPUs) and at least one input/output (I/O) device interconnected by routing apparatus for communicating packetized messages therebetween. The messages contain address information identifying the source and destination of the message, and may also contain requests to write to, or read from, storage of a CPU. Protection against errant reads or writes is provided by an access validation method that utilizes access validation information contained in plural entries maintained by each CPU. Each entry provides validation by identifying what elements of the system has read and/or write wccss to the memory of that CPU, without which memory access is denied.
134 Citations
12 Claims
-
1. In a processing system of the type including a first processing element having a storage device storing data, a second processing element operably coupled to the first processing element for communicating messages containing either data to be written to the storage device or a request that data be read from the storage device, a source address indicative of an identification of the second processing element, a destination address identifying the first processing element as the destination of the message, first address data indicative of the first storage locations of the storage device at which data is to be written or from which data is to be read a method of validating access to the storage device in response to receipt of the message by the first processing element, comprising the steps of:
-
providing the first processing element with a processor address; maintaining a plurality of entries, each of the entries including a source identification and access data identifying a grant or a denial of access to at least a portion of the storage device to the second processing device, the access data including second address data indicative of second storage locations whereat the data is to read from, or written to, the storage device; comparing the destination address with the processor address to deny access if there is a mis-compare; selecting a one of the plurality of entries using at least a portion of the first address data to form an address to identify the one of the plurality of entries; and determining from the one of the plurality of entries if the source address and the source identification match and from comparing the first and second address data that the data to be written will reside, or the data to be read resides, within the second storage locations, and if so whether permitting access to the memory device is to be granted. - View Dependent Claims (2)
-
-
3. In a data processing system having a plurality of data communicating elements interconnected by a communication medium for communicating message data therebetween, the plurality of data communicating elements including a processor element having a memory unit storing data, the message data including either a request to write data to the memory unit or to read data from the memory unit, a source address identifying a sender data communicating element of the message data, length data indicative of the amount of data to be written or read, and a memory address indicative of a location in the memory unit whereat the data is to be written or from which the data is read, a method of validating access to the memory unit comprising the steps of:
-
maintaining in the processor element a table containing, for each of the plurality of data communicating elements sending to the processor element message data with the request, at least one corresponding entry having a source identification indicative of such data communicating element, and access information indicative of access to the memory unit granted such data communicating element, the access information including a memory storage identification indicative of a predetermined memory area of the memory unit available for storage of the message data; receiving the message data and using at least a first portion of the memory address to identify and access the corresponding entry from the table; denying access to the memory unit if the source address does not match the source identification or if comparing the memory storage identification to the length data indicates the message data to be read or written is not wholly within the predetermined memory area; and using at least a second portion of the memory address to identify the location if the source address and source information match, and the access information permits the request. - View Dependent Claims (4, 5, 6, 7)
-
-
8. A processing system, including a plurality of processing elements interconnected by a communication medium for communicating message data therebetween, at least one of the plurality of processing elements including a storage memory, the message data including address information and a request to (1) read data from, or (2) write data to, the storage memory at memory locations identified by the address information, a method for verifying access to the storage memory that includes the steps of:
-
maintaining a table associated with the processor element, the table including a plurality of addressable entries, there being at least one entry for each of the other of the plurality of processing elements, each of the plurality of addressable entries containing memory data defining a plurality of memory locations of the storage memory whereat data resides to be read or whereat data is to be written; receiving at the processor element message data from a one of the plurality of processing elements; using at least a portion of the address information to form an address to select a one of the addressable entries corresponding to the one of the plurality of processing elements; comparing the memory data and the address information to deny access to the storage memory if any portion of the data requested to be read from or written to the storage memory is not within the plurality of memory locations of the storage memory.
-
-
9. A processing system having at least first and second processing elements interconnected for communicating messages therebetween, the first processing element including a storage for data, a method of validating access to the storage that includes the steps of:
-
the second processing element sending a request message to the first processing element requesting to write data to, or read data from, the storage, and address data indicative of a predetermined number of storage locations of the storage whereat the data will be written or from which the data will be read; maintaining at the first processing element a table having a plurality of entries, each of the entries containing information describing a second number of storage locations of the storage whereat data to be read resides or whereat data can be written; selecting a one of the plurality of entries using as an entry address at least a portion of the address data; and denying access to the storage if comparison of the address data and information indicates the data to be read or to be written is not within the second number of storage locations. - View Dependent Claims (10, 11, 12)
-
Specification