The present invention relates generally to computer architectures. More particularly, the present invention is directed to systems and methods for protecting address space through controlled mapping and the address protection resources in a processor.
Conventionally available personal computers do not provide resources by which an operating system can protect designated address space. This lack of selective protection exposes systems having directly mapped input/output (I/O) devices to unintended or malicious code initiated read or write operations. As the number of I/O devices increases, and with multitasking systems and network environments, the importance of protecting address space becomes a subject of greater concern.
Some advanced workstations and computer systems employ RAM based techniques to control access into I/O address space. The prevailing approach involves the use of a table in memory which is consulted to determine whether the code seeking access to the specified address space has the requisite authority. This approach provides protection to the I/O address space, but is costly in terms of memory and is slow in speed as a consequence of the comparisons that must be performed.
Advanced processors, such as the PowerPC 601 (trademark of IBM Corporation) RISC processor available from IBM Corporation provide inherent memory protection resources. For example, in the case of the PowerPC 601 processor, the memory management unit provides selectively enabled protection to the processor address space enforceable at a block or page level. The access protection is selectable in varying options including read/write operation or user/supervisor levels. The details of the capabilities are described in the PowerPC 601 RISC Microprocessor Users Manual MPC 601UM/AD. However, as noted above, the protection is invocable at the aforementioned block or page level.
The distribution of address space for computer system level functions such as I/O are in most cases contiguous. Given the high speed of contemporary processors, the I/O devices, memory and other peripherals within the processor address space are physically attached to buses which are distinct from, but coupled by interface to, the bus upon which the processor itself resides. Of those system type buses conventionally in use, the Industry Standard Architecture (ISA) or Extended Industry Standard Architecture (EISA) are the best known. Another well known system level bus for connecting I/O devices is the Microchannel bus (trademark of IBM Corporation). A relatively new bus architecture which has drawn significant attention is known as the Peripheral Component Interconnect (PCI) bus, with the design details being defined in the PCI Local Bus Specification as distributed by the PCI Special Interest Group. Given the tremendous span in performance difference between the processor bus and the ISA or EISA buses used for I/O devices, the PCI bus has proven to be a valuable intermediate performance level bus for contemporary computer architectures.
Irrespective of the bus architecture selected for the I/O devices, there remains a need for selectively controlling access to segments from within the band of contiguous PCI, ISA or EISA address space assigned to I/O devices. The protection should provide operating system selectivity by I/O segments while minimizing comparison delays of the like previously used to protect I/O address space.