Browse Prior Art Database

An Efficient and Binary Compatible Means of Migrating an Unprotected, Single Mode Processor Architecture to a Protected, Dual Mode Processor Architecture

IP.com Disclosure Number: IPCOM000032849D
Original Publication Date: 2004-Nov-15
Included in the Prior Art Database: 2004-Nov-15
Document File: 4 page(s) / 101K

Publishing Venue

Motorola

Related People

Kim Alexander Bettesworth Phillips: AUTHOR

Abstract

A method is disclosed that allows an unprotected processor architecture to be migrated to a protected (dual-mode) processor architecture. Protected architectures are essential in modern embedded processor applications. Some processors do not implement a protected programming model; all user applications run in supervisor mode. If a user application disables interrupts and enters an infinite loop, the system is compromised. This disclosure addresses the need for protecting privileged processor resources in an unprotected processor architecture, while making minimal architectural changes appropriate for cost sensitive applications. The proposed method takes advantage of the fact that the processor is in one of user or supervisor modes at one point in time. A mode bit is added to the local state, which hardware uses to determine which of the two states ("modes") to use. When code accesses a register, the value used is stripped ("muxed") of its privileged content before performing the operation on the physical register. Instead of requiring new physical registers to dedicate to protection, it utilizes register read/write masks to implement protection. In supervisor mode, the task reads and writes all the bits in the control register. In user mode, the privileged bits of the control register are masked. A user mode read from a control register to a general purpose register (or memory), consequently has the privileged bits substituted with zeros (or ones) in the destination register. A user mode write to a control register has no effect to the privileged bits – only the user accessible bits will be changed to the new value. When migrating from single mode architecture to a dual mode architecture, the cost of changes to the user level ISA (Instruction Set Architecture) and extraneous hardware (physical registers) is not required. A simple migration of single-mode core architecture to dual-mode architecture features the necessary user mode for core and memory protection.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 34% of the total text.

An Efficient and Binary Compatible Means of Migrating an Unprotected, Single Mode Processor Architecture to a Protected, Dual Mode Processor Architecture

Kim Alexander Bettesworth Phillips

Abstract

A method is disclosed that allows an unprotected processor architecture to be migrated to a pro­tected (dual-mode) processor architecture.  Protected architectures are essential in modern embed­ded processor applications.  Some processors do not implement a protected programming model; all user applications run in supervisor mode.  If a user application disables interrupts and enters an infinite loop, the system is compromised.  This disclosure addresses the need for protecting privileged processor resources in an unprotected processor architecture, while making minimal architectural changes appropriate for cost sensitive applica­tions.

The proposed method takes advantage of the fact that the processor is in one of user or supervisor modes at one point in time.  A mode bit is added to the local state,  which hardware uses to determine which of the two states (“modes”) to use.  When code accesses a register, the value used is stripped (“muxed”) of its privileged content before performing the operation on the physical register.  Instead of requiring new physical registers to dedicate to protection, it utilizes register read/write masks to implement protection.  In supervisor mode, the task reads and writes all the bits in the control register.  In user mode, the privileged bits of the control register are masked.  A user mode read from a control register to a general purpose register (or memory), consequently has the privileged bits substituted with zeros (or ones) in the destination register.  A user mode write to a control register has no effect to the privileged bits – only the user accessible bits will be changed to the new value.

When migrating from single mode architecture to a dual mode architecture, the cost of changes to the user level ISA (Instruction Set Architecture) and extraneous hardware (physical registers) is not required.  A simple migration of single-mode core architecture to dual-mode architecture features the necessary user mode for core and memory protection. 

The minimal memory protection mechanism compares every referenced address with base and bound registers, thereby ensuring that addresses generated by a task fall between two limits.  Task protection cannot be achieved if user tasks are permitted to modify base and bounds registers.  Exclusive modification rights must be given to the operating system, which assigns the limits per user task.  This forms the basis for a core protection architecture and presents the following requirements.

·        It provides at least two execution modes (user and supervisor).

·        It limits control register visibility for user mode.

·        It enables mode transitions for user to supervisor and vice versa.

Execution Mode

A dual execution mode implementation is achieved with...