Microprocessor memory management and protection mechanism
First Claim
1. For use in a data processing system having a memory for storing information which is classified into various categories called objects of said system, and a central processing unit connected to said memory,said central processing unit including a protection mechanism having levels of privilege, wherein said central processing unit has access to tables stored in said memory, said tables containing object descriptors, said object descriptors providing controlled access to real memory space in said memory by a task (processing path) executing on said central processing unit,each of said object descriptors being typed and assigned a descriptor privilege level (DPL), such that access is allowed to some of said objects within said memory and access is denied to others of said objects within said memory, depending upon the descriptor privilege level assigned to said objects, the type assigned in the object descriptor, the type of operation requested in said executing task, and the current privilege level (CPL) of execution of said executing task,said central processing unit comprising:
- memory accessing means connected to said memory, said memory accessing means including memory address registering means for registering memory addresses for use by said memory in accessing said objects stored in said memory,first means connected to said memory accessing means for registering first access information, said first access information providing first memory address information for locating said tables of object descriptors stored in said memory;
second means for registering a plurality of privilege levels, said privilege levels being assigned to a linearly ordered set of more privileged and lesser privileged levels;
third means for registering a task state segment, said task state segment including indicators which associated one or more of said tables of object descriptors with a task (processing path), said associated tables of object descriptors, in the aggregate, representing the entire set of objects in the address space of the task;
fourth means, connected to said second means, for registering a current privilege level (CPL) at any instant for a currently executing task, said current privilege level being a single unique member of said plurality of privilege levels registered in said second means, said CPL being based upon the progress of execution of said currently executing task;
fifth means for registering a segment selector, said segment selector including identifying means for uniquely identifying a particular object descriptor, said particular object descriptor being one of said object descriptors of said associated tables of object descriptors, within said address space of said task;
said fifth means including means for registering access rights information, said access rights information comprised of a number of bits of information, including descriptor privilege level bits (DPL) and type bits;
said type bits including bits for classification of said object descriptors into segment descriptors and control descriptors, said segment descriptors being permitted usage only for memory access and said control descriptors being permitted usage only for change of the operation path; and
,logic means connected to said third, fourth, and fifth means, said logic means including comparing means connected to said fourth means and to said fifth means for comparing said CPL and said DPL of said particular object descriptor,said logic means including output means, connected as an input to said first means, for permitting access to said particular object indicated by said selector (registered in said said fifth means), by use of said first memory address information, said access being permitted only upon the condition that said access is from a more privileged current privilege level (registered in said fourth means) to the same or a less privileged level as specified by the DPL (registered in said fifth means) of said particular object descriptor.
1 Assignment
0 Petitions
Accused Products
Abstract
A memory management and protection mechanism in which access to protected entitites is controlled. The protected entities are represented by descriptors. Each protected entity is accessed via a selector which comprises an index integer assigned to the descriptor at the time of its creation. Tasks are active entities which may perform accesses and therefore are subject to control. A task has certain access rights. Each protected entity is assigned a specific privilege level. Each task within the system operates at one and only one privilege level at any instant in time. Protected entities which reside at a privilege level which is equal or less privileged than the current privilege level (CPL) of the task are generally accessible. The effective privilege level (EPL) of an access to a protected entity is defined as the numeric maximum of the CPL and the requested privilege level (RPL) present in the selector pointing to the memory segment to be accessed. An access is permitted if and only if the EPL is numerically less than or equal to the descriptor privilege level (DPL), assigned to the protected entity.
231 Citations
13 Claims
-
1. For use in a data processing system having a memory for storing information which is classified into various categories called objects of said system, and a central processing unit connected to said memory,
said central processing unit including a protection mechanism having levels of privilege, wherein said central processing unit has access to tables stored in said memory, said tables containing object descriptors, said object descriptors providing controlled access to real memory space in said memory by a task (processing path) executing on said central processing unit, each of said object descriptors being typed and assigned a descriptor privilege level (DPL), such that access is allowed to some of said objects within said memory and access is denied to others of said objects within said memory, depending upon the descriptor privilege level assigned to said objects, the type assigned in the object descriptor, the type of operation requested in said executing task, and the current privilege level (CPL) of execution of said executing task, said central processing unit comprising: -
memory accessing means connected to said memory, said memory accessing means including memory address registering means for registering memory addresses for use by said memory in accessing said objects stored in said memory, first means connected to said memory accessing means for registering first access information, said first access information providing first memory address information for locating said tables of object descriptors stored in said memory; second means for registering a plurality of privilege levels, said privilege levels being assigned to a linearly ordered set of more privileged and lesser privileged levels; third means for registering a task state segment, said task state segment including indicators which associated one or more of said tables of object descriptors with a task (processing path), said associated tables of object descriptors, in the aggregate, representing the entire set of objects in the address space of the task; fourth means, connected to said second means, for registering a current privilege level (CPL) at any instant for a currently executing task, said current privilege level being a single unique member of said plurality of privilege levels registered in said second means, said CPL being based upon the progress of execution of said currently executing task; fifth means for registering a segment selector, said segment selector including identifying means for uniquely identifying a particular object descriptor, said particular object descriptor being one of said object descriptors of said associated tables of object descriptors, within said address space of said task; said fifth means including means for registering access rights information, said access rights information comprised of a number of bits of information, including descriptor privilege level bits (DPL) and type bits; said type bits including bits for classification of said object descriptors into segment descriptors and control descriptors, said segment descriptors being permitted usage only for memory access and said control descriptors being permitted usage only for change of the operation path; and
,logic means connected to said third, fourth, and fifth means, said logic means including comparing means connected to said fourth means and to said fifth means for comparing said CPL and said DPL of said particular object descriptor, said logic means including output means, connected as an input to said first means, for permitting access to said particular object indicated by said selector (registered in said said fifth means), by use of said first memory address information, said access being permitted only upon the condition that said access is from a more privileged current privilege level (registered in said fourth means) to the same or a less privileged level as specified by the DPL (registered in said fifth means) of said particular object descriptor. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13)
-
-
7. twelfth means connected to said ninth means and to said eleventh means, responsive to said procedure gate descriptor for copying said number of parameters from the lesser privileged stack to the greater privilege stack;
- and
thirteenth means for recording the previous location of the lesser privileged stack upon the greater privileged stack.
- and
Specification