Protection domains for a computer operating system
First Claim
Patent Images
1. A method, comprising the steps of:
- loading a code module into a memory space of a first domain, wherein the first domain owns one of a kernel space and a portion of a user space, the code module including an instruction having a symbol reference;
determining if the symbol reference is to an external location outside of the memory space;
generating a link stub for the symbol reference when the symbol reference is to an external location to access the external location;
redirecting the instruction to the link stub; and
determining if the external location is within a second domain that is within a protection view of the first domain, wherein the second domain owns the other one of the kernel space and a portion of the user space;
requesting attachment of the second domain to the first domain when the second domain is determined not to be within the protection view of the first domain; and
attaching the second domain to the first domain using an attachment mechanism.
3 Assignments
0 Petitions
Accused Products
Abstract
A protection domain system is implemented to provide protection for applications executing in a computing environment. Protection domains are allocated system resources and may contain executing tasks. The protection domain system may allow tasks to access resources in other protection domains to which attachments have been made. Attachment is transparent to the software developer. The protection domain system provides flexibility in implementing operating system services and defining protection hierarchies.
-
Citations
9 Claims
-
1. A method, comprising the steps of:
-
loading a code module into a memory space of a first domain, wherein the first domain owns one of a kernel space and a portion of a user space, the code module including an instruction having a symbol reference; determining if the symbol reference is to an external location outside of the memory space; generating a link stub for the symbol reference when the symbol reference is to an external location to access the external location; redirecting the instruction to the link stub; and determining if the external location is within a second domain that is within a protection view of the first domain, wherein the second domain owns the other one of the kernel space and a portion of the user space; requesting attachment of the second domain to the first domain when the second domain is determined not to be within the protection view of the first domain; and attaching the second domain to the first domain using an attachment mechanism. - View Dependent Claims (2, 3, 4)
-
-
5. A method, comprising:
-
creating a task in a first domain, wherein the first domain owns one of a kernel space and a portion of a user space, the task executing a number of instructions; executing a first jump instruction in the number of instructions that refers to a link stub corresponding to an external location in a second domain, wherein the second domain owns the other one of the kernel space and a portion of the user space; executing the link stub; comparing the external location to a task protection view; generating a processing exception when the external location is outside the task protection view; and executing an exception handling routine in response to the generation of the processing exception, the exception handling routine including, saving a pre-exception setting of the task protection view, altering the task protection view to include a protection view of the second domain, and jumping to the external location. - View Dependent Claims (6, 7, 8, 9)
-
Specification