Implementation of memory access control using optimizations

US 7,139,892 B2
Filed: 06/30/2003
Issued: 11/21/2006
Est. Priority Date: 05/02/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium encoded with computer-executable instructions to perform a method of processing a memory access request, the method comprising:

receiving a request to access a portion of a memory, said request identifying the portion of memory to be accessed through an identifier that is translatable through an address translation map;

determining, based on cached information about said address translation map, whether execution of said request will violate a policy that limits access to said memory, wherein said cached information includes data identifying a set of pages of said address translation map that have a predetermined property;

if execution of said request will not violate said policy, then allowing access to said memory in accordance with said request; and

if execution of said request will violate said policy, then either;

blocking said request;

ormodifying said request such that said request does not violate the policy, and carrying out the modifying request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms are disclosed that may allow certain memory access control algorithms to be implemented efficiently. When memory access control is based on controlling changes to an address translation map (or set of maps), it may be necessary to determine whether a particular map change would allow memory to be accessed in an impermissible way. Certain data about the map may be cached in order to allow the determination to be made more efficiently than performing an evaluation of the entire map.

Citations

31 Claims

1. A computer-readable storage medium encoded with computer-executable instructions to perform a method of processing a memory access request, the method comprising:
- receiving a request to access a portion of a memory, said request identifying the portion of memory to be accessed through an identifier that is translatable through an address translation map;
  
  determining, based on cached information about said address translation map, whether execution of said request will violate a policy that limits access to said memory, wherein said cached information includes data identifying a set of pages of said address translation map that have a predetermined property;
  
  if execution of said request will not violate said policy, then allowing access to said memory in accordance with said request; and
  
  if execution of said request will violate said policy, then either;
  
  blocking said request;
  
  ormodifying said request such that said request does not violate the policy, and carrying out the modifying request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-readable storage medium of claim 1, wherein said request comprises a request to wrute said portion of said memory.
  - 3. The computer-readable storage medium of claim 1, wherein said address translation map is stored in said memory, and wherein said request comprises a request to write a portion of memory in which said address translation map is stored.
  - 4. The computer-readable storage medium of claim 1, wherein said cached information includes data identifying a set of pages in said address translation map that are located at a predetermined distance from a root said address translation map.
  - 5. The computer-readable storage medium of claim 1, wherein said cached information includes data indicative of a number of references to a specified page.
  - 6. The computer-readable storage medium of claim 1, wherein said cached information includes data indicative of a number of references to a specified page, wherein said references have a specified attribute.
  - 7. The computer-readable storage medium of claim 1, wherein said cached information includes data indicative of a number of pages to which a specified page in said address translation map refers.
  - 8. The computer-readable storage medium of claim 1, wherein said cached information includes data indicative of a number of pages to which a specified page in said address translation map refers, and to which the specified page assigns a specified atttibute.
  - 9. The computer-readable storage medium of claim 1, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein said cached information includes a proper superset of said set, and wherein said act of determining whether execution of said request will violate said policy comprises evaluating whether said page is a member of said superset.
  - 10. The computer-readable storage medium of claim 1, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein said cached information includes a proper subset of said set, and wherein said act of determining whether execution of said request will violate said policy comprises evaluating whether said page is a member of said subset.

11. A method of managing a computer memory to which access is provided through an address translation map, the method comprising:
- storing information about at least one aspect of the state of the address translation map, wherein the stored information includes data identifying a set of pages of the address translation map that have a predetermined property;
  
  receiving a request to access the computer memory;
  
  determining, based at least in part on the stored information, that carrying out of the request will not violate a policy that limits access to the computer memory;
  
  allowing the request to be carried out; and
  
  updating the stored information to reflect the state of the address translation map resulting from carring out the request.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein said request comprises a request to write a portion of the computer memory.
  - 13. The method of claim 11, wherein the address translation map is stored in said computer memory, and wherein said request comprises a request to write a portion of memory in which said address translation map is stored.
  - 14. The method of claim 11, wherein the stored information includes data identifying a set of pages in the address translation map that are located at a predetermined distance from a root of the address translation map.
  - 15. The method of claim 11, wherein the stored information includes data indicative of a number of references to a specified page.
  - 16. The method of claim 11, wherein the stored information includes data indicative of a number of references to a specified page, wherein said references have a specified attribute.
  - 17. The method of claim 11, wherein the stored information includes data indicative of a number of pages to which a specified page in the address translation map refers.
  - 18. The method of claim 11, wherein the stored information includes data indicative of a number of pages to which a specified page in the address translation map refers, and to which the specified page assigns a specified attribute.
  - 19. The method of claim 11, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein the stored information includes a proper superset of said set, and wherein said act of determining that carrying out the request will not violate said policy comprises evaluating whether said page is a member of said superset.
  - 20. The method of claim 11, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein the stored information includes a proper subset of said set, and wherein said act of determining that carrying out the request will not violate said policy comprises evaluating whether said page is a member of said subset.

21. A system for controlling access to a memory that is addressed by way of an address translation map, the system comprising:
- one or more storage locations that store a policy that limits access to the memory;
  
  a cache that stores information about the address translation map, wherein the information stored in said cache comprises data identifying a set of pages of said address translation map that have a predetermined property; and
  
  logic that receives a request to access the memory, and that determines, based at least in part on the information stored in the cache, whether the request is allowable under said policy, said logic allowing the request to proceed if said request is determined to be allowable under the policy, said logic either (1) blocking said request, or (2) modifying said request into a form that is allowable under the policy and allowing the modified request to proceed, if said request is determined not to be allowable under the policy.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The system of claim 21, wherein said request comprises a request to write a portion of said memory.
  - 23. The system of claim 21, wherein said address translation map is stored in said memory, and wherein said request comprises a request to write a portion of memory in which said address translation map is stored.
  - 24. The system of claim 21, wherein the information stored in said cache comprises data identifying a set of pages in said address translation map that are located at a predetermined distance from a root of said address translation map.
  - 25. The system of claim 21, wherein the information stored in said cache includes data indicative of a number of references to a specified page.
  - 26. The system of claim 21, wherein the information stored in said cache includes data indicative of a number of references to a specified page, wherein said references have a specified attribute.
  - 27. The system of claim 21, wherein the information stored in said cache includes data indicative of a number of pages to which a specified page in said address translation map refers.
  - 28. The system of claim 21, wherein the information stored in said cache includes data indicative of a number of pages to which a specified page in said address translation map refers, and to which the specified page assigns a specified attribute.
  - 29. The system of claim 21, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein the information stored in said cache includes a proper superset of said set, and wherein said logic determines whether allowing said request will violate said policy by evaluating whether said page is a member of said superset.
  - 30. The system of claim 21, wherein compliance with said policy is determined based on a page'"'"'s membership in a set, wherein the information stored in said cache includes a proper subset of said set, and wherein said logic determines whether allowing said request will violate said policy by evaluating whether said page is a member of said subset.
  - 31. The system of claim 21, wherein said logic is implemented in at least one of hardware or software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus
Primary Examiner(s)
Sparks, Donald
Assistant Examiner(s)
Bradley, Matthew

Application Number

US10/610,666
Publication Number

US 20040221126A1
Time in Patent Office

1,240 Days
Field of Search

711/163
US Class Current

711/163
CPC Class Codes

G06F 12/145 the protection being virtua...

G06F 21/79 in semiconductor storage me...

Implementation of memory access control using optimizations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Implementation of memory access control using optimizations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links