公开(公告)号：US11816227B2

公开(公告)日：2023-11-14

申请号：US16624474

申请日：2018-06-11

Applicant: ARM LIMITED

Inventor： Gareth Rhys Stockwell ,  Jason Parker ,  Djordje Kovacevic ,  Matthew Lucien Evans

IPC: G06F21/60 ,  G06F9/455 ,  G06F9/48 ,  G06F12/14 ,  G06F21/79

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F9/4812 ,  G06F12/1491 ,  G06F21/79 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: An apparatus for processing data comprises memory access circuitry to enforce ownership rights of a plurality of memory regions within a first memory. The memory access circuitry is responsive to a first export command received from a first export command source to perform a first export operation to encrypt the given owned data to form given encrypted data and to store the given encrypted data in a second memory. The memory access circuitry is responsive to a second export command for the given memory region received from a second export command source while the first export operation is being performed to determine whether said second export command source has higher priority than the first export command source and, when the second export command source has a higher priority, to interrupt the first export operation and to perform a second export operation specified by the second export command.

公开(公告)号：US11449437B2

公开(公告)日：2022-09-20

申请号：US16624494

申请日：2018-06-08

Applicant: ARM LIMITED

Inventor： Jason Parker ,  Matthew Lucien Evans ,  Gareth Rhys Stockwell ,  Djordje Kovacevic

IPC: G06F12/14 ,  G06F21/60 ,  G06F12/1036 ,  G06F9/455

Abstract: An apparatus has processing circuitry for performing data processing in response to software processes and memory access circuitry for enforcing ownership rights for memory regions. A given memory region is associated with an owner realm specified from a multiple realms with each realm corresponding to a portion of at least one software process. The owner realm has a right to exclude other realms from accessing data stored in the given memory region (including realms executed at a higher privilege level). The realms are managed according to a realm hierarchy in which each realm other than a root realm is a child realm initialised in response to a command triggered by its parent realm. In response to an invalidation command, a realm management unit makes the target realm and any descendant realm of the target realm inaccessible to the processing circuitry.

公开(公告)号：US11314658B2

公开(公告)日：2022-04-26

申请号：US15574596

申请日：2016-04-28

Applicant: ARM LIMITED

Inventor： Jason Parker ,  Richard Roy Grisenthwaite ,  Andrew Christopher Rose

IPC: G06F12/1036 ,  G06F12/02 ,  G06F12/14 ,  G06F12/10 ,  G06F9/455 ,  G06F12/1009

Abstract: A data processing apparatus comprises processing circuitry to execute a plurality of processes. An ownership table comprises one or more entries each indicating, for a corresponding block of physical addresses, which of the processes is an owner process that has exclusive control of access to the corresponding block of physical addresses. A new process may be prevented from becoming an owner process until after successful completion of destructive overwriting. Ownership protection circuitry may detect a mismatch between an expected attribute, which is dependent on information in a page table entry, and an attribute specified in the ownership table. Each entry in the ownership table, for example, may indicate a level of encryption to be applied. Access control circuitry such as a memory management unit (MMU) may also determine whether an access request satisfies access permissions. The ownership table may also specify whether a higher privilege level process is allowed to access a block of physical addresses. A descriptor table may be used to store process state identifiers, where the process states may include invalid, prepare and execute states. The processes may comprise a hypervisor and/or a virtual machine (VM).

公开(公告)号：US11263155B2

公开(公告)日：2022-03-01

申请号：US16647642

申请日：2018-12-10

Applicant: ARM Limited

Inventor： Jason Parker ,  Martin Weidmann

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027

Abstract: A realm management unit (RMU) maintains an ownership table specifying ownership entries for corresponding memory regions defining ownership attributes specifying, from among a plurality of realms, an owner realm of the corresponding region. Each realm corresponds to at least a portion of at least one software process. The owner realm has a right to exclude other realms from accessing data stored in the corresponding region. Memory access is controlled based on the ownership table. In response to a region fuse command specifying a fuse target address indicative contiguous regions of memory to be fused into a fused group of regions, a region fuse operation updates the ownership table to indicate that the ownership attributes for the fused group of regions are represented by a single ownership entry. This provides architectural support for enabling improvement of TLB performance.

公开(公告)号：US11237957B2

公开(公告)日：2022-02-01

申请号：US16647659

申请日：2018-10-11

Applicant: ARM Limited

Inventor： Jason Parker ,  Djordje Kovacevic ,  Gareth Rhys Stockwell ,  Matthew Lucien Evans

IPC: G06F12/02 ,  G06F12/14

Abstract: A realm management unit (RMU) 20 manages ownership of memory regions by realms, each realm corresponding to at least a portion of a software process executed by processing circuitry. Memory access circuitry 26 enforces ownership rights for the regions, with the owner realm having a right to exclude other realms from accessing data stored within its owned region. The RMU 20 controls transitions of memory regions between region states, including an invalid state 220, a valid state 222, and a scrub-commit state 800 in which the memory region is allocated to an owner realm, inaccessible to that owner realm until a scrubbing process has been performed for the memory region to set each storage location of the region to a value uncorrelated with a previous value stored in the storage location, and prevented from being reallocated to a different owner realm.

公开(公告)号：US11182294B2

公开(公告)日：2021-11-23

申请号：US16334095

申请日：2017-08-18

Applicant: ARM LIMITED

Inventor： Jason Parker ,  Graeme Peter Barnes

IPC: G06F12/10 ,  G06F12/0815 ,  G06F12/14

Abstract: A data processing apparatus 2 includes a cache memory 8 for storing data items to be accessed. Coherency control circuitry 20 controls coherency between data items stored within the cache memory and one or more other copies of the data items stored outside the cache memory. A data access buffer 6 buffers a plurality of data access to respective data items stored within the cache memory. Access control circuitry 20 is responsive to coherency statuses managed by the coherency control circuitry for the plurality of data items to be subject to data access operations to be performed together atomically as an atomic set of data accesses to ensure that the coherency statuses for all of these data items permit all of the atomic set of data accesses to be performed within the cache memory before the set of atomic data accesses are commenced.

公开(公告)号：US11113209B2

公开(公告)日：2021-09-07

申请号：US16625924

申请日：2018-06-08

Applicant: ARM LIMITED

Inventor： Matthew Lucien Evans ,  Jason Parker ,  Gareth Rhys Stockwell ,  Martin Weidmann

IPC: G06F12/14 ,  G06F12/08 ,  G06F12/0802 ,  G06F12/0891 ,  G06F12/1027

Abstract: An apparatus has a translation cache (100) comprising a number of entries for specifying address translation data. Each entry (260) also specifies a translation context identifier (254) associated with the address translation data and a realm identifier (270) identifying one of a number of realms. Each realm corresponds to at least a portion of at least one software process executed by processing circuitry (8). In response to a memory access a lookup of the translation cache (100) is triggered. When the lookup misses in the cache (100), control circuitry (280) prevents allocation of address translation data to the cache when the current realm is excluded from accessing the target memory region by an owner realm specified for the target memory region. In the lookup, whether a given entry (260) matches the memory access depends on both a translation context identifier comparison and a realm identifier comparison.

公开(公告)号：US10733111B2

公开(公告)日：2020-08-04

申请号：US15831635

申请日：2017-12-05

Applicant: ARM LIMITED

Inventor： Jason Parker ,  Andrew Brookfield Swaine

IPC: G06F12/1027 ,  G06F12/0817 ,  G06F12/14 ,  G06F12/1009

Abstract: Apparatus comprises input circuitry to receive a translation request defining an input memory address within an input memory address space; and address translation circuitry comprising: permission circuitry to detect whether memory access is permitted for the input memory address with reference to permission data populated from address translation tables and stored in a permission data store for each of a set of respective regions of the input memory address space, there being a dedicated entry in the permission data store for each of the regions so that the input memory address maps to a single respective entry; and output circuitry to provide an output memory address in response to the translation request, in which when the permission circuitry indicates that access is permitted to a region of the input memory address space including the input memory address, the output circuitry is configured to provide the output memory address as a predetermined function of the input memory address.

公开(公告)号：US20180165218A1

公开(公告)日：2018-06-14

申请号：US15831635

申请日：2017-12-05

Applicant: ARM LIMITED

Inventor： Jason Parker ,  Andrew Brookfield Swaine

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0817

Abstract: Apparatus comprises input circuitry to receive a translation request defining an input memory address within an input memory address space; and address translation circuitry comprising: permission circuitry to detect whether memory access is permitted for the input memory address with reference to permission data populated from address translation tables and stored in a permission data store for each of a set of respective regions of the input memory address space, there being a dedicated entry in the permission data store for each of the regions so that the input memory address maps to a single respective entry; and output circuitry to provide an output memory address in response to the translation request, in which when the permission circuitry indicates that access is permitted to a region of the input memory address space including the input memory address, the output circuitry is configured to provide the output memory address as a predetermined function of the input memory address.

公开(公告)号：US09678781B2

公开(公告)日：2017-06-13

申请号：US14682310

申请日：2015-04-09

Applicant: ARM Limited

Inventor： Hakan Persson ,  Matt Evans ,  Jason Parker ,  Marc Zyngier

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583

Abstract: A data processing system comprises one or more processors that each execute one or more operating systems. Each operating system includes one or more applications. The system also comprises an accelerator that provides a shared resource for a plurality of the applications, an input/output module comprising one or more input/output interfaces for the submission of tasks to the accelerator, a hypervisor that manages the allocation of the input/output interfaces to the one or more operating systems and a storage area accessible by the hypervisor and the accelerator. The accelerator is capable of writing one or more selected pieces of information representative of one or more scheduling statistics of the accelerator periodically to the storage area without having received a request for the one or more selected pieces of information from the hypervisor.