This application claims priority to GB Patent Application No. 1304518.2 filed Mar. 13, 2013, the entire content of which is hereby incorporated by reference.
The present invention relates to a data processing apparatus having plural processing units configured to execute plural processes and a storage unit configured to store data for those plural processes. More particularly the present invention relates to a protection unit configured to control access by those plural processes to the storage unit.
It is known to provide a data processing apparatus having multiple processing units which are configured to execute the data processing tasks of the data processing apparatus. The advantages brought by this kind of parallelism are well recognised. Furthermore, it is known to provide storage unit which is configured to store data required for the data processing tasks carried out by the processing units, for example being provided in the format of a local buffer because of the rapid access associated therewith. Accordingly, when a process being executed by the data processing apparatus is shared between more than one processing unit, the need for those processing units to have access to the same data (as part of executing the same process) is facilitated by the shared access to the storage unit.
However, whilst the sharing of data between multiple processing units executing the same process is of general benefit, in the situation where the data processing apparatus is executing multiple processes, it may be necessary to ensure that data stored in the storage unit for one process is not accessible to another process being executed by the data processing apparatus. More specifically, in the context of the data processing apparatus having multiple processing units configured to execute multiple processes, it may be necessary to ensure that a given processing unit is only able to access data stored in the storage unit which is associated with the process which that processing unit is executing (possibly shared with other processing units that are also executing that process).
Hence, in order to ensure the isolation of data between multiple processes being executed on the data processing apparatus, one approach would be to ensure that different processes are not allowed to run concurrently, however this would remove the well known parallelism advantages mentioned above. Alternatively, a storage unit could be provided for each process being executed in the data processing apparatus, but this is typically expensive both in terms of the needs to provide multiple storage units and the increased bandwidth requirement to support them. Aside from such physical constraints, a further approach could be to rely on the multiple processes themselves to be well behaved in their access to stored data, but such an approach typically represents a significant security vulnerability and is generally not desirable.
Accordingly, it would be desirable to provide a technique which enabled multiple processing units executing multiple processes in a data processing apparatus to share access to a storage unit, wherein the isolation of data between different processes being executed is assured.