Protection domain groups to isolate access to memory windows

US 8,291,176 B2
Filed: 03/27/2003
Issued: 10/16/2012
Est. Priority Date: 03/27/2003
Status: Active Grant

First Claim

Patent Images

1. A protection domain group, comprising:

a memory region associated with a process;

a plurality of memory windows associated with the memory region;

a plurality of protection domains, each of the protection domains corresponding to one of the plurality of memory windows, each of the plurality of protection domains being adapted to allow access to the memory region only via the corresponding one of the plurality of memory windows to provide isolation between clients or processes seeking to access each one of the plurality of memory windows; and

an identifier assigned to the protection domain group and used to verify access to each one of the plurality protection domains within the protection domain group.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments may relate to protection domain group, which may include a memory region associated with a process. The protection domain group may also include a plurality of memory windows associated with the memory region. Also included may be a plurality of protection domains, each of which may correspond to a memory window. The protection domains may allow access to the memory region via a corresponding memory window.

Citations

30 Claims

1. A protection domain group, comprising:
- a memory region associated with a process;
  
  a plurality of memory windows associated with the memory region;
  
  a plurality of protection domains, each of the protection domains corresponding to one of the plurality of memory windows, each of the plurality of protection domains being adapted to allow access to the memory region only via the corresponding one of the plurality of memory windows to provide isolation between clients or processes seeking to access each one of the plurality of memory windows; and
  
  an identifier assigned to the protection domain group and used to verify access to each one of the plurality protection domains within the protection domain group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The protection domain group set forth in claim 1, wherein a queue pair is associated with each of the plurality of protection domains.
  - 3. The protection domain group set forth in claim 1 wherein attributes of the protection domain group are defined in a translation and protection table (“
    - TPT”
      
      ).
  - 4. The protection domain group set forth in claim 3, wherein the identifier is a mask stored to the translation and protection table (TPT).
  - 5. The protection domain group set forth in claim 1, wherein the identifier is a mask.
  - 6. The protection domain group set forth in claim 1, wherein the identifier is a link list.
  - 7. The protection domain group set forth in claim 1 wherein access to the memory region is permitted if a requesting device corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 8. The protection domain group set forth in claim 1 wherein access to the memory region is permitted if a requesting queue pair corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 9. The protection domain group of claim 1, wherein access to a particular memory window of the plurality of memory windows is authorized based, at least in part, on comparing protection domain information associated with a queue pair attempting to access the particular memory window with the identifier that is assigned to the protection domain group associated with the particular memory window.

10. A computer system, comprising:
- a processor;
  
  a storage device that is adapted to store data for use by the processor;
  
  a user input device that is adapted to receive input from a user; and
  
  a system memory that is adapted to store data retrieved from the storage device for access by the processor, the system memory being organized into a protection domain group, the protection domain group comprising;
  
  a memory region associated with a process;
  
  a plurality of memory windows associated with the memory region;
  
  a plurality of protection domains, each of the protection domains corresponding to one of the plurality of memory windows, each of the plurality of protection domains being adapted to allow access to the memory region only via the corresponding one of the plurality of memory windows to provide isolation between clients or processes seeking to access each one of the plurality of memory windows; and
  
  an identifier assigned to the protection domain group and used to verify access to each one of the plurality protection domains within the protection domain group.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system set forth in claim 10, wherein a queue pair is associated with each of the plurality of protection domains.
  - 12. The computer system set forth in claim 10, wherein attributes of the protection domain group are defined in a translation and protection table (“
    - TPT”
      
      ).
  - 13. The computer system set forth in claim 12, wherein the identifier is a mask stored to the translation and protection table (“
    - TPT”
      
      ).
  - 14. The computer system set forth in claim 10, wherein the identifier is a mask.
  - 15. The protection domain group set forth in claim 10, wherein a link list defines the plurality of protection domains.
  - 16. The computer system set forth in claim 10, wherein access to the memory region is permitted if a requesting device corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 17. The computer system set forth in claim 10, wherein access to the memory region is permitted if a requesting queue pair corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 18. The computer system of claim 10, wherein access to a particular memory window of the plurality of memory windows is authorized based, at least in part, on comparing protection domain information associated with a queue pair attempting to access the particular memory window with the identifier that is assigned to the protection domain group associated with the particular memory window.

19. A method comprising:
- defining a memory region, the memory region being associated with a process;
  
  defining a plurality of memory windows associated with the memory region;
  
  creating a plurality of protection domains corresponding to a protection domain group, each of the protection domains corresponding to one of the plurality of memory windows, each of the plurality of protection domains being adapted to allow access to the memory region only via the corresponding one of the plurality of memory windows to provide isolation between clients or processes seeking to access each one of the plurality of memory windows; and
  
  assigning an identifier to the protection domain group, the identifier used to verify access to each one of the plurality protection domains within the protection domain group.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 30)
- - 20. The method set forth in claim 19, comprising associating a queue pair with each of the plurality of protection domains.
  - 21. The method set forth in claim 19, comprising defining attributes of the protection domain group in a translation and protection table (“
    - TPT”
      
      ).
  - 22. The method set forth in claim 21, wherein assigning an identifier to the protection domain group comprises defining a mask that corresponds to the plurality of protection domains in the translation and protection table (“
    - TPT”
      
      ).
  - 23. The method set forth in claim 19, wherein assigning an identifier to the protection domain group comprises defining a mask that corresponds to the plurality of protection domains.
  - 24. The method set forth in claim 19, comprising defining a link list that corresponds to the plurality of protection domains.
  - 25. The method set forth in claim 19, comprising allowing access to the memory region if a requesting device corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 26. The method set forth in claim 19, comprising allowing access to the memory region if a requesting queue pair corresponding to one of the plurality of protection domains issues a request to access the memory region.
  - 30. The method of claim 19, comprising allowing access to a particular memory window of the plurality of memory windows based, at least in part, on comparing protection domain information associated with a queue pair attempting to access the particular memory window with the identifier that is assigned to the protection domain group associated with the particular memory window.

27. A method of managing a memory access in a computer system, the computer system having a protection domain group comprising a plurality of protection domains, each of the protection domains corresponding to one of a plurality of memory windows to provide isolation between clients or processes seeking to access the memory windows, the method comprising the acts of:
- receiving a request for memory access from a queue pair, the queue pair having a queue pair context that includes data that specifies an associated protection domain;
  
  comparing the data that specifies an associated protection domain to an identifier that is assigned to the protection domain group to determine if the associated protection domain is one of the plurality of protection domains in the protection domain group, wherein the identifier used to verify access to each one of the plurality protection domains within the protection domain group; and
  
  performing the request for memory access if the associated protection domain is one of the plurality of protection domains in the protection domain group.
- View Dependent Claims (28, 29)
- - 28. The method set forth in claim 27, wherein comparing the data that specifies an associated protection domain to an identifier that is assigned to the protection domain group comprises comparing a mask that specifies the protection domain group to the identifier to determine if the associated protection domain is one of the plurality of protection domains in the protection domain group.
  - 29. The method set forth in claim 27, comprising terminating a connection if the associated protection domain is not one of the plurality of protection domains in the protection domain group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Hilland, Jeffrey, Garcia, David J.
Primary Examiner(s)
BATAILLE, PIERRE MICHE

Application Number

US10/400,313
Publication Number

US 20040205379A1
Time in Patent Office

3,491 Days
Field of Search

711/147, 711/153, 711/163, 711/173, 711/52, 711/E12.046, 711/145, 711/152, 715/700
US Class Current

711/152
CPC Class Codes

H04L 63/104 Grouping of entities

Protection domain groups to isolate access to memory windows

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Protection domain groups to isolate access to memory windows

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links