Code and thread differential addressing via multiplex page maps
First Claim
1. In a computer-system, a method comprising:
- receiving a request via a process thread having a first memory map associated therewith;
changing a privilege level to a level that allows a memory map change;
performing the memory map change to associate a second memory map with the process thread, the second memory map providing different memory access with respect to the first memory map;
restoring the privilege level to a level that does not allow a memory map change; and
wherein the first and second memory maps each include a mapping that maps a virtual memory address to a physical memory address that is larger than the largest possible virtual memory address that an entity is allowed to address, wherein the first and second memory maps each include a mapping that maps a virtual memory address to a physical memory address that is the same, wherein the virtual memory address that maps to a physical memory address that is larger is in user mode addressable space, and wherein the physical memory address that is the same is in kernel mode addressable space.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a system and method whereby processes may have multiple memory maps associated therewith to provide curtained memory and overcome other memory-related problems. Multiple maps are used to restrict memory access of existing code such as drivers, without changing that code, and without changing existing microprocessors. A thread of a process is associated with one memory map at a time, which by mapping to different memory locations, provides memory isolation without requiring a process switch. Memory isolation may be combined with controlled, closed memory map switching performed only by trusted code, to ensure that some protected memory is inaccessible to all but the trusted code (curtained memory). Map switching among multiple maps eliminates the need to change a process in order to access different memory, thereby allowing expanded memory addressing in a single process and isolating untrusted code run in process from certain memory of that process.
-
Citations
77 Claims
-
1. In a computer-system, a method comprising:
-
receiving a request via a process thread having a first memory map associated therewith; changing a privilege level to a level that allows a memory map change; performing the memory map change to associate a second memory map with the process thread, the second memory map providing different memory access with respect to the first memory map; restoring the privilege level to a level that does not allow a memory map change; and wherein the first and second memory maps each include a mapping that maps a virtual memory address to a physical memory address that is larger than the largest possible virtual memory address that an entity is allowed to address, wherein the first and second memory maps each include a mapping that maps a virtual memory address to a physical memory address that is the same, wherein the virtual memory address that maps to a physical memory address that is larger is in user mode addressable space, and wherein the physical memory address that is the same is in kernel mode addressable space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. In a computing device, a system comprising:
-
a process having at least one thread; a first memory map associated with the at least one thread and having data therein that maps virtual memory addresses to physical memory; a second memory map having data therein that maps virtual memory addresses to physical memory, the second memory map providing different memory access with respect to the first memory map; a protection mechanism, the protection mechanism configured to allow changing of a map; and trusted code, the trusted code configured to invoke the protection mechanism to change the at least one thread from being associated with the first map to be being associated with the second map, and wherein the trusted code further includes a function that performs at least one trust-privileged operation from among a set of trust-privileged operations, the set including;
signaling a synchronization object, deleting a timer, and closing a handle. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
44. The system of clam 43 wherein the protection mechanism changes a privilege level to not allow map changing.
-
53. A computer-implemented method, comprising:
-
associating first, second and third address maps with a process, wherein at least the second address map includes a mapping that maps a virtual address to a physical address that is larger than the largest possible virtual memory address and the third map includes a mapping that maps a virtual address to a physical address that is larger than the largest physical address mapped to by the second map; receiving a request from a thread of the process to change from the first address map to the second address map; changing the first address map to the second address map; using the mapping to access data at a physical memory location having a physical address that is larger than the largest possible virtual memory address; and switching to the third map to access data at the physical address that is larger than the largest physical address mapped to by the second map. - View Dependent Claims (54, 55, 56)
-
-
57. In a computer-system, a method comprising:
-
receiving a request via a process thread having a first memory map associated therewith; changing a privilege level to a level that allows a memory map change; performing the memory map change to associate a second memory map with the process thread, the second memory map providing different memory access with respect to the first memory map and accessing protected memory; restoring the privilege level to a level that does not allow a memory map change; executing trusted code while the second memory map is associated with the process thread, including entering at a predefined entry point a function that performs at least one trust-privileged operation from among a set of trust-privileged operations, the set including;
signaling a synchronization object, deleting a timer, and closing a handle. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
-
Specification