An accelerated graphics port (“AGP”) is a high-speed point-to-point channel for attaching a single device (generally a graphics card) to a computer's motherboard, primarily to assist in the acceleration of 3D computer graphics. The AGP allows system software to dynamically allocate disjoint pages of the PC's system RAM 110 for use by the graphics card to store a frame buffer and to support texture mapping, z-buffering and alpha blending, for example. As shown, system RAM 110 comprises memory pages 111-120.
The physical addresses employed by the graphics controller to access these textures is typically above the top of the system RAM 110 and is referred to as the GART Aperture 150. The top of the system RAM 110 is indicated at dotted line 170. However, these aperture addresses are remapped, meaning that the physical memory corresponding to this address space does not actually exist above the top of system RAM 110. These aperture addresses correspond to physical memory pages 151-154. In reality, accesses to each of these aperture addresses is remapped to a corresponding physical address in system RAM 110. The graphics controller sees this aperture address space as one contiguous block of memory, but the corresponding physical memory pages may be allocated from non-contiguous pages anywhere in system RAM 110. The mapping of aperture addresses to the corresponding system RAM 110 addresses is located in a graphics address remap table (“GART”) 180, stored at memory page 115, for example.
The system RAM 110 comprises a plurality of potentially non-contiguous memory pages. As described above, the AGP graphics card requires a contiguous block of memory to operate. Through normal system operation, the system RAM 110 can become very fragmented, making allocating a contiguous block of memory to the graphics card impossible. Accordingly, the GART 180 provides a remapping of aperture memory addresses to the available physical memory addresses in the system RAM 110. For example, as shown in the GART 180, aperture page 151 is mapped to system RAM 110 page 116, aperture page 152 is mapped to system RAM 110 page 119, and aperture page 153 is mapped to system RAM 110 page 113. When software or hardware attempts to access aperture memory page 152, for example, the GART 180 is typically referenced to determine the corresponding system RAM 110 address. Accordingly, the access is redirected to physical memory page 119.
While the use of the GART 180 allows non-contiguous system RAM 110 to appear to the graphics card as a block of contiguous address space, there are security risks associated with the GART 180. Trusted systems typically operate by partitioning the physical pages of system RAM 110 into trusted and non-trusted portions (not shown). Only trusted systems are allowed access to the trusted portions of memory, providing security against a malicious program or application from reading from or writing to the trusted portions of memory.
Because the GART 180 provides a mapping from aperture memory addresses to system RAM 110 memory addresses, and both exist within the same physical address space, a system RAM page can be accessed by more than one physical address. Thus, it can be difficult to determine if a particular aperture memory address refers to a trusted portion of memory. In addition, both trusted and non-trusted applications may have access to the GART 180. A malicious application could therefore alter, or overwrite, the GART 180 such that a particular untrusted aperture memory address points to a page of trusted memory. In this way, a malicious application could then read from and write to the trusted portions of memory by going through the GART 180
Therefore what is needed are systems and methods to prevent applications from adding trusted memory addresses to the GART.