Browse Prior Art Database

Memory Protection Software Facility for OS/2 Shared Data Applications

IP.com Disclosure Number: IPCOM000121456D
Original Publication Date: 1991-Sep-01
Included in the Prior Art Database: 2005-Apr-03
Document File: 9 page(s) / 369K

Publishing Venue

IBM

Related People

Giangarra, PP: AUTHOR [+2]

Abstract

Described is a memory protection software facility for personal computer systems which operates in OS/2* shared data applications. The facility provides an application interface for identification of protected data and the use of a limit-checking feature for segmentation hardware. In addition, two alternative methods are explored.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 21% of the total text.

Memory Protection Software Facility for OS/2 Shared Data Applications

      Described is a memory protection software facility for
personal computer systems which operates in OS/2* shared data
applications.  The facility provides an application interface for
identification of protected data and the use of a limit-checking
feature for segmentation hardware.  In addition, two alternative
methods are explored.

      Typically, the 32-bit OS/2 provides shared library support in
the form of 32-bit dynamic link (dynalink) libraries (DLLs).  The
DLLs execute in the context of the requester and are mapped into the
appropriate shared regional area of the requesting processes at load
time and will execute at ring 3 without input/output program load
(IOPL).  The protection characteristics correspond closest to the
ring 3 dynamic linking model in 16-bit OS/2.  Fig. 1 shows how 32-bit
DLLs' are implemented.

      Since 32-bit execution (EXE) programs can address the entire
address space with a 32-bit offset, it is easier for a 32-bit
application programmer to potentially cast a bad pointer to data in
the shared region than in 16-bit segmented addressing methods.  Also,
since many subsystems have semaphores and other shared data
structures in the shared region, the potential for an inadvertent
errant application affecting another process sharing a subsystem
becomes an issue in the protection of data in memory.

      Therefore, the concept described herein provides a facility for
DLLs to protect their critical shared global data regions from 32-bit
EXEs. This facility prevents a thread in one process from potentially
affecting other processes using the same resources, or subsystems, or
potentially taking down an entire work station if the subsystem that
is compromised is critical, such as a communications manager.  Fig. 2
shows the linear address space layout for this process.  In essence,
the concept provides a 32-bit OS/2 the capability for existing 16-bit
DLLs and new 32-bit DLLs to obtain their shared global data allocated
into a single protected region that is not accessible by 32-bit EXEs,
thereby achieving a distinct level of protection.  The concept does
not provide protection of DLLs from each other or from threads
executing 16-bit EXE modules.

      Described first are two alternative solutions which were
considered in providing the required memory protection. This is
followed by a description of the solution chosen:

      Alternative #1 provides memory protection in the user's address
space using page mapping operations to dynamically map protected data
in and out of the address space on a per thread basis.  Implementing
this function requires the following:
      1)   Altering the process address space on each thread switch.
      2)   Providing a mechanism that allows threads to indicate when
to map the protected object(s) in or out of the address space.  The
term protected object(s) means...