1. Field of the Invention
The present invention relates to the field of computer systems. More specifically, the present invention relates to memory protection on these computer systems.
2. Background Information
Various techniques for protecting memory of computer systems from "unauthorized" usage by executing programs are known in the art. These protection techniques include restricting access to and/or operations that can be performed against certain parts of memory. For examples, executing programs may be denied access unless the executing programs are trustworthy such as supervisory programs, or executing programs may be prevented from performing write operations unless the targeted memory locations are "writeable". These access and operational controls may be implemented at the memory segment as well as memory page level.
Today, most modern computer systems including Intel Architecture based computer systems employ multiple memory protection schemes. One of the key element employed in Intel Architecture based computer system for providing memory protection is the Segment Descriptor Table, wherein segment protection attributes are stored in the segments' corresponding descriptors. Each Intel Architecture based computer system may include one global Segment Descriptor Table, known as GDT, and/or one or more local Segment Descriptor Tables, known as LDTs. The GDT is applicable to/shared by all tasks, whereas a LDT may be applicable to/used by only one task or applicable to/shared by multiple tasks also.
One particular problem of memory protection that is of particular interest is to shield certain segments of system memory from selected executing tasks or functions at selected times. For example, an operating system may want to make available certain memory segments having extra sensitive data to only selected trustworthy tasks at selected times. As a further example, an operating system may want to reserve certain memory segments for special usage under certain execution condition such as executing application in place, as described in the copending U.S. patent application, Ser. No. 08/394,619, filed contemporaneously, entitled Method and Apparatus for Executing Application In Place from ROM, Flash Memory and the like, or executing certain "highly sensitive" functions.
The typical prior art approach is to have the operating system zeroes out the corresponding descriptors of these memory segments in the applicable GDT/LDT(s) (and "set them aside" if they are to be reserved for special use). In the case of "exclusive" LDTs (i.e. one LDT per task), the same segment selector may be included in multiple LDTs, therefore multiple zeroed out operations would have to be performed. In the case of the GDT and a LDT shared by multiple tasks, the zeroing out of the segment descriptors has to be performed each time an "untrusted" task is switched in, and the zeroed out segment descriptors have to be restored either when the "untrusted" task is switched out or when the next "trusted" task is switched in. In either case, if visibility is to be different for functions of different trustworthiness, similar zeroing out and restoration operations would have to be performed each time the trustworthiness of the "current" function changes.
Typically, a fixed overhead cost of 12 clock cycles and a variable cost of 3 clock cycles per segment descriptor are required each time a block of segment descriptors in the GDT or a LDT have to be zeroed out. Since, zeroing out of segment descriptors have to be performed multiple times or repetitively, this prior art approach of selectively shielding certain segments of system memory from executing tasks/functions is costly and inefficient. Thus, a less costly or more efficient approach is desirable. As will be disclosed in more detail below, the method and apparatus of the present invention achieves these and other desired results.