Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2019002817) REALM IDENTIFIERS FOR REALMS FOR MEMORY ACCESS CONTROL
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

1 . An apparatus comprising:

processing circuitry to perform data processing in response to one or more software processes;

memory access circuitry to enforce ownership rights for a plurality of memory regions, wherein a given memory region is associated with an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and

realm management circuitry to access a realm management tree storing realm management data for at least two realms in a tree structure comprising a variable number of levels;

wherein the realm management circuitry is configured to index the realm management tree using a realm identifier of a given realm, the realm identifier comprising a variable number of variable length bit portions, wherein the realm management circuitry is configured to index into a given level of the realm management tree using a corresponding one of the variable length bit portions of the realm identifier.

2. The apparatus according to claim 1 , wherein the realm management circuitry is configured to determine how many bits are comprised by the variable length bit portion to be used for indexing into a given level of the realm management tree, in dependence on an order value specified by an entry indexed at a previous level of the realm management tree.

3. The apparatus according to any of claims 1 and 2, wherein the realm management circuitry is configured to permit the variable length bit portions for indexing into different branches at the same level of the realm management tree to have different numbers of bits.

4. The apparatus according to any preceding claim, wherein the realm identifier for the given realm comprises a concatenation of the indices to be used at respective levels of the realm management tree to access the realm management data for the given realm.

5. The apparatus according to claim 4, wherein the realm identifier for the given realm comprises the concatenation of the indices followed by a predetermined termination pattern.

6. The apparatus according to any preceding claim, wherein the realm management tree comprises a local realm management tree associated with a given parent realm for storing the realm management data of child realms initialised by the given parent realm.

7. The apparatus according to any preceding claim, wherein the realm identifier comprises a local realm identifier identifying a particular child realm initialised by a given parent realm, and child realms initialised by different parent realms are permitted to have the same value of the local realm identifier.

8. The apparatus according to claim 7, comprising at least one hardware structure to identify a given realm using a global realm identifier unique to the given realm.

9. The apparatus according to claim 8, wherein realms sharing a common ancestor realm share a common prefix or suffix portion of the global realm identifier.

10. The apparatus according to any of claims 8 and 9, wherein the global realm identifier for a child realm comprises a concatenation of the local realm identifiers of one or more ancestor realms of the child realm and the local realm identifier of the child realm.

1 1 . The apparatus according to claim 10, wherein a number of bits of the global realm identifier allocated to the local realm identifier of a given generation of realm is variable.

12. The apparatus according to any of claims 9 to 1 1 , comprising circuitry to determine whether a first realm is an ancestor or descendant of a second realm by determining whether the global realm identifier of one of the first realm and the second realm matches a prefix or suffix portion of the global realm identifier of the other of the first realm and the second realm.

13. The apparatus according to any of claims 6 to 12, wherein a predetermined realm identifier value is reserved for referring to the parent realm of the current realm executed by the processing circuitry.

14. The apparatus according to any preceding claim, wherein a predetermined realm identifier value is reserved for referring to the current realm executed by the processing circuitry.

15. The apparatus according to any preceding claim, wherein in response to a query command triggered by a given realm, the realm management circuitry or the processing circuitry is configured to return a constraint value indicative of at least one of:

a maximum number of levels of the realm management tree permitted for the given realm;

a maximum number of tree entries permitted at a given level of the tree structure for the given realm; and

a maximum number of child realms that may be initialised by the given realm.

16. The apparatus according to any preceding claim, wherein the realm management data for a given realm specifies at least one of:

a type of the given realm;

a lifecycle state of the given realm for use by the realm management unit in determining whether to accept a given command triggered for the given realm;

a maximum privilege level at which the realm is permitted to execute;

a pointer to at least one memory region for saving or restoring architectural state associated with execution of the given realm; and

at least one encryption key for encrypting data associated with the given realm.

17. The apparatus according to any preceding claim, wherein the realm management circuitry comprises a hardware unit.

18. The apparatus according to any preceding claim, wherein the realm management circuitry comprises the processing circuitry executing realm management software.

19. The apparatus according to any preceding claim, wherein the owner realm has a right to prevent access to the given memory region by a process executed at a greater privilege level than the owner realm.

20. The apparatus according to any preceding claim, wherein the realm management circuitry is configured to determine whether entry to a given realm is permitted based on a realm descriptor specified by the realm management data for the given realm.

21 . An apparatus comprising:

means for performing data processing in response to one or more software processes;

means for enforcing ownership rights for a plurality of memory regions, wherein a given memory region is associated with an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and

means for accessing a realm management tree storing realm management data for at least two realms in a tree structure comprising a variable number of levels;

wherein the means for accessing is configured to index the realm management tree using a realm identifier of a given realm, the realm identifier comprising a variable number of variable length bit portions, wherein the means for accessing is configured to index into a given level of the realm management tree using a corresponding one of the variable length bit portions of the realm identifier.

22. A data processing method comprising:

performing data processing in response to one or more software processes;

enforcing ownership rights for a plurality of memory regions, wherein a given memory region is associated with an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and

accessing a realm management tree storing realm management data for at least two realms in a tree structure comprising a variable number of levels;

wherein the realm management tree is indexed using a realm identifier of a given realm, the realm identifier comprising a variable number of variable length bit portions, wherein a given level of the realm management tree is indexed using a corresponding one of the variable length bit portions of the realm identifier.

23. A computer program for controlling a host data processing apparatus to provide an instruction execution environment comprising:

processing program logic to perform data processing in response to one or more software processes;

memory access program logic to enforce ownership rights for a plurality of memory regions, wherein a given memory region is associated with an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and

realm management program logic to access a realm management tree storing realm management data for at least two realms in a tree structure comprising a variable number of levels;

wherein the realm management program logic is configured to index the realm management tree using a realm identifier of a given realm, the realm identifier comprising a variable number of variable length bit portions, wherein the realm management program logic is configured to index into a given level of the realm management tree using a corresponding one of the variable length bit portions of the realm identifier.

24. A storage medium storing the computer program according to claim 23.