1. Field of the Invention
This invention relates generally to memory management systems and methods, and, more particularly, to memory management systems and methods that provide protection for data stored within a memory.
2. Description of the Related Art
The 80x86 (i.e., “x86”) processor architecture allows for an input/output (I/O) address space separate from a memory address space. The x86 I/O address space is a continuous block of 64 k 8-bit data units located at addresses ranging from 0 to 65,535 (0000h to FFFFh, where ‘h’ indicates a hexadecimal number), and is typically used for communication with peripheral devices (e.g., a keyboard, disk drives, etc.). Peripheral devices typically include special access registers called “I/O ports,” or simply “ports.” The I/O ports may be 8-bit ports, 16-bit ports, or 32-bit ports. The 8-bit ports are accessed using their unique byte addresses. The 16-bit I/O ports include two adjacent bytes, and 32-bit I/O ports include four adjacent bytes. The 16- and 32-bit I/O ports are accessed using the lowest address of all of their adjacent bytes.
Addresses in the I/O address space of an x86 processor may correspond to different ports of peripheral devices coupled to the x86 processor. The x86 processor drives an M/IO (memory-I/O) signal line with an M/IO signal that indicates whether an address, conveyed via address signals driven on address signal lines, is in the memory address space or the I/O address space.
The x86 instruction set includes special I/O instructions to access the I/O address space. The x86 I/O instructions provide methods for exchanging data between internal registers of an x86 processor and I/O ports mapped to the I/O address space, and between a memory coupled to the x86 processor and the I/O ports. The x86 I/O instructions include the “IN” (input from port) and “OUT” (output to port) register I/O instructions, and the “INS” (input string from port) and “OUTS” (output string to port) block or string I/O instructions. The block x86 instructions transfer data directly from an I/O port to the memory, and from the memory to the I/O port.
A “task” is a single, sequential thread of execution. The 80286 and later x86 processors support multitasking, the ability to run multiple tasks concurrently. Only one task is actually executing at any given time; the x86 processor simply switches between multiple tasks as directed.
Modern x86 processors are able to operate in any one of several different modes, including the real address or “real” mode, the protected virtual address or “protected” mode, and the virtual 8086 or “virtual” mode. In the protected mode, use of the I/O instructions is controlled by the setting of the IOPL (I/O privilege level) field in the FLAGS register. In 80386 and later x86 processors, access to individual ports mapped to the I/O address space is controlled by an I/O permission bit map within the task's task state segment (TSS). Most protected mode operating systems restrict access to I/O ports to themselves (privilege level 0), and to a small number of “trusted” device drivers (privilege level 1).
When an 80386 or later x86 processor is operating in protected mode, two mechanisms may be employed to limit access by tasks to the I/O address space. First, use of the I/O instructions is controlled by the setting of the I/O privilege level (IOPL) field in the flags (EFLAGS) register. Second, access to individual I/O ports in the I/O space may be controlled via an I/O permission bitmap in a task state segment (TSS) of each of the tasks. It is noted that the I/O permission bitmap mechanism is implemented only on 80386 and later x86 processors.
Most protected mode operating systems attempt to restrict the use of I/O instructions to itself and a small number of “trusted” device drivers. In the concentric ring privilege model of the x86 processor architecture, protected mode operating system software typically executes in the inner ring at privilege level 0, and trusted device driver software typically executes in a ring surrounding the inner ring at privilege level 1 or at privilege level 0. Application programs typically execute in an outer ring at privilege level 3.
When an x86 processor operating in protected mode executes an I/O instruction of a task, the x86 processor first compares the current privilege level (CPL) of the task to the I/O privilege level (IOPL). If the current privilege level (CPL) of the task is at least as privileged as (i.e., is numerically less than or equal to) the I/O privilege level (IOPL), the x86 processor executes the I/O instruction. If, on the other hand, the current privilege level (CPL) of the task is not as privileged as (i.e., is numerically greater than) the I/O privilege level (IOPL), the x86 processor checks the I/O permission bitmap in the task state segment (TSS) of the task.
FIG. 1 will now be used to illustrate the well known I/O permission bitmap protection mechanism of the x86 architecture. FIG. 1 is a diagram illustrating a task state segment (TSS) 102, and a corresponding I/O permission bitmap 104, stored in a memory 100. The task state segment (TSS) 103 starts at a beginning (i.e., a base) of a memory segment, and the I/O permission bitmap 104 ends at an end (i.e., a limit) of the memory segment. The task state segment (TSS) 102 includes a 16-bit “I/O map base” at relative address 66h within the memory segment. The I/O map base contains an offset, in bytes, of a first byte of the corresponding I/O permission bitmap 104.
Each bit of the I/O permission bitmap 104 corresponds to a byte in the I/O space. For example, the first bit of the I/O permission bitmap 104 represents the 8-bit port at address ‘0’ in the I/O space, the second bit represents the 8-bit port at address ‘1’ in the I/O space, and so on. The number of the I/O port being accessed is used as a bit offset into the I/O permission bitmap 104. If the bit in the I/O permission bitmap 104 corresponding to the I/O port being accessed is cleared to ‘0’, the x86 processor (coupled to the memory 100 and accessing the I/O protection bitmap 104) executes the I/O instruction. If the bit is set to ‘1’, the x86 processor does not execute the I/O instruction, and generates a general protection fault. When 16-bit word, or 32-bit double word, I/O ports are being accessed, all of the bits representing adjacent bytes of the ports must be cleared to ‘0’ for the x86 processor to execute the I/O instruction.
As I/O spaces tends to be sparsely populated, and 8 k bytes would be needed to represent all 64 k ports of the I/O spaces, the I/O permission bitmap protection mechanism includes a way to abbreviate I/O permission bitmaps. I/O ports with addresses extending beyond the end of an I/O permission bitmap are treated as if the corresponding bits in the I/O permission bitmap are set to ‘1’.
A problem occurs in that the I/O protection bitmap mechanism of the x86 processor architecture is not sufficient to adequately protect the I/O address space. For example, any task executing at the supervisor level (e.g., having a CPL of 0) can access any port of the I/O address space at any time. In addition, a first task executing at the supervisor level can modify the bits in an I/O permission bitmap of a second task to allow the second task access to any or all of the ports in the I/O address space. The second task may then proceed to access one or more of those ports. The present invention is directed to systems and/or methods that may solve, or at least reduce, the above described inadequate I/O space protection problem of the x86 architecture.