WO1999035580A1 - Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support - Google Patents

Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support Download PDF

Info

Publication number
WO1999035580A1
WO1999035580A1 PCT/US1998/027494 US9827494W WO9935580A1 WO 1999035580 A1 WO1999035580 A1 WO 1999035580A1 US 9827494 W US9827494 W US 9827494W WO 9935580 A1 WO9935580 A1 WO 9935580A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
access
key
processor node
lock
Prior art date
Application number
PCT/US1998/027494
Other languages
French (fr)
Inventor
Wolf-Dietrich Weber
Jaspal Kohli
Original Assignee
Fujitsu Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/003,771 external-priority patent/US6212610B1/en
Priority claimed from US09/003,721 external-priority patent/US6209064B1/en
Application filed by Fujitsu Limited filed Critical Fujitsu Limited
Priority to JP53615399A priority Critical patent/JP3983820B2/en
Publication of WO1999035580A1 publication Critical patent/WO1999035580A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1466Key-lock mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0813Multiuser, multiprocessor or multiprocessing cache systems with a network or matrix configuration

Definitions

  • the present invention relates generally to computer communication protocols, and more specifically to a message passing protocol which is integrated with a cache coherence protocol in a multiprocessing computer system.
  • Multiprocessor data computer systems consist of a plurality of processor nodes communicating over a high-speed interconnection network.
  • Each processor node typically includes a processor and local Random Access Memory (RAM).
  • RAM Random Access Memory
  • a computational problem is divided among processor nodes so that the utilization of particular resources available at different processor nodes is maximized. Dividing the problem among processor nodes also reduces the time needed to produce a result and thereby expedites the computation.
  • this division of labor necessarily implies that a process running on one processor node may depend on the results of computations being performed at another processor node.
  • the various processes then must communicate over the interconnection network to exchange information relevant to their particular problems, and must also synchronize the processes.
  • the performance level of a multiprocessor system depends on the speed with which processors can communicate with one another.
  • the present invention resides in a computer system having a plurality of processor nodes and an interconnection. Each processor node is connected to the interconnection and has a memory and a memory bus connected to the memory. Each processor node has a plurality of processors and each processor has a cache.
  • the computer system has a mesh coherence unit for controlling messages and memory access requests between the memory bus and the interconnection.
  • the computer system has a lock and key mechanism wherein a processor node having its memory accessed retains a lock value to compute, by a function from a memory address, a key value and a temp value, and a processor node requesting a memory access is permitted memory access when the temp value matches the key value.
  • One object of the present invention is to provide a message passing system where operating system calls are not required on the target side.
  • FIG. 1 is a functional block diagram of a computer system of the present invention having multiple processor nodes;
  • FIG. 2 is a functional block diagram of a processor node of FIG.
  • FIG. 3A and FIG. 3B show one embodiment for setting up a lock
  • FIG. 4 A and FIG. 4B show one embodiment for granting access rights to page x for an initiator node by the target node making key x;
  • FIG. 5A and 5B show one embodiment of how access from a remote node can be made between a target and initiator node.
  • a scalable shared-memory multiprocessing computer system has a plurality of processors connected to an interconnection over which the processors communicate with each other.
  • the conventional mechanism by which a message is passed is via an input/output channel and an interconnection.
  • the same communication channel is used for both cache coherence and message passing, which significantly increases the rate at which messages are exchanged.
  • Each processor communicates with processors in other processor nodes by sending and receiving messages using a message-passing protocol that is tightly integrated with the inter-processor node cache coherence protocol.
  • a lock and key mechanism raises protection barriers between processor nodes that communicate only via message passing.
  • the present invention requires very little hardware storage and can cover an unlimited number of memory areas.
  • FIG. 1 is a functional block diagram of a computer system 100 according to the invention, including multiple processor nodes 102a-t and a processor node interconnection 104 which provides point-to- point communication between the nodes 102a-t.
  • Each of the processor nodes 102a-t may be configured as a stand-alone computer system or associated with other processor nodes to share memory.
  • the term "site” is used to designate a group of processor nodes sharing a physical address space in memory.
  • Selected processor nodes 102a-d, 102f-i, 1021-O, and 102q-t are respectively configured as sites 106a, 106b, 106c and 106d.
  • processor nodes 102e, 102j, 102k, and 102p are also connected via interconnection 104, but do not share memory and thus are not common sites. Such processor nodes in different sites communicate via message passing. For example, processor nodes in site 106a communicate with processor nodes in other sites, e.g., processor node 102n in site 106c, by sending messages via interconnection 104.
  • the present invention achieves cache coherence with integrated message passing between processor nodes 102a-t, as shown in exemplary system 100 (FIG. 1).
  • the processor nodes in a site e.g., processor nodes 102a-d in site 106a, share a physical address memory space.
  • each of the processor nodes has multiple processors 202a-d (FIG. 2) with a respective cache memory 204a-d (FIG. 2).
  • cache coherence needs be maintained between caches 204a-d of processors 202a-d not only within a node 102, but also in different processor nodes 102a-t.
  • caches in node 102a must be coherent with caches in nodes 102b-d.
  • the invention further includes a memory protection mechanism.
  • the memory protection mechanism permits access to a shared physical address space for processor nodes within a site 106a-d and denies access to the shared physical address space for processor nodes 102a-t outside the site 106a-d.
  • processor node 102e may pass messages to processor node 102a.
  • FIG. 2 is a functional block diagram of a processor node 102.
  • Processor node 102 is exemplary of FIG.
  • processor nodes 102a-t includes processors 202a-d each having a respective cache 204a-d, a memory subsystem 206, an input /output subsystem 208, and a mesh coherence unit (MCU) 210.
  • processors 202a-d each having a respective cache 204a-d, a memory subsystem 206, an input /output subsystem 208, and a mesh coherence unit (MCU) 210.
  • MCU mesh coherence unit
  • Each of the functional units 202a-d, 206, 208, and 210 are connected to bus 212 for transmitting control, address, and data signals between the units.
  • the mesh coherence unit 210 is connected to interconnection 104.
  • Processors 202a-d, memory subsystem 206, input/output subsystem 208, and bus 212 are commercially available, with one or more processors per node.
  • the mesh coherence unit 210 coordinates inter-processor node cache coherence, inter-processor node message passing, and inter-processor node memory protection.
  • processors In a multiprocessor system, different processors typically must communicate with one another to co-ordinate their work. In order to limit the possibility of faulty software or hardware of one processor from corrupting another processor, and /or in order to enforce access security between different processors, some multiprocessors do not permit one processor to read directly from or to write directly to the memory of another processor. Instead, these multiprocessors only allow processors to exchange messages. Unlike a direct memory access, a message has to be processed and screened by the receiving processor, and hence this type of communication is typically less efficient.
  • the mechanism of the present invention permits processors to access each other's memory directly while permitting processors to retain protection against faulty software or hardware.
  • this mechanism does not offer security against malicious intent of the communicating software.
  • the mechanism provides protection against malicious software, but requires slightly more complex hardware.
  • the mechanism relies on a lock and key scenario.
  • the processor node that is performing an access uses the key, while the processor node being accessed (the “target” node) keeps the lock.
  • Each target generates a large number serving as the lock. This number is stored in hardware that does not accept memory access requests from other processor nodes.
  • FIG. 3A and FIG. 3B show one embodiment for setting up a lock.
  • FIG. 3A is a block diagram of the software step 310 to generate the lock and the hardware step 320 for storing the lock in access protection hardware.
  • FIG. 3B shows that the lock 350 resides within the protection check mechanism 330 and that the protection check mechanism 330 resides within the mesh coherence unit (MCU) 340.
  • MCU mesh coherence unit
  • Access protection is maintained on a per memory page basis, where a page typically represents about 4 kilobytes of memory. If a target wishes to grant access rights of a particular page to some initiator, it manufactures a key by using the equation:
  • lock is the lock number
  • addr is the address of the page for which the key is manufactured
  • f is a simple function
  • FIG. 4 A and FIG. 4B show one embodiment for granting access rights to page x for an initiator node by the target node making key x.
  • FIG. 4A is a block diagram showing the software step 410 to manufacture the key from the lock and address and the software step 420 for sending the key to the node that is being granted access rights to page x.
  • FIG. 4B shows how the key 430 is passed through the interconnect 450 between the mesh coherence units (MCU) 440 and 460.
  • MCU mesh coherence units
  • FIG. 5A and 5B show one embodiment of how access from a remote node can be made between a target and initiator node.
  • FIG. 5A is a block diagram showing the access request to page x arrives with the key in step 510.
  • the temp value is computed as a function of the lock and address in step 520.
  • the temp value is compared to the key value in step 530 and if they are equal then the access request is accepted in step 540, otherwise the access request is rejected in step 550.
  • FIG. 5B shows how the access request 590 is accepted or rejected through the interconnect 570 between the mesh coherence units (MCU) 560 and 580.
  • MCU mesh coherence units
  • function f is simply an EXCLUSIVE-OR operation.
  • the mechanism then offers protection against accidental access to an area of memory to which access has not been granted as long as the software of the initiator only uses keys that are given to it by the target.
  • function f is easily inverted, it is relatively easy for malicious software to generate a key that deduces the target's lock value:
  • f2 is the inverse of f, such that:

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Multi Processors (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates generally to efficient message passing support and memory access protections in scalable shared memory multiprocessing computer systems. In a multiprocessor system, processors need to communicate with one another to coordinate their work. Prior art multiprocessors only permit message passing or unprotected direct memory access. The present invention allows direct memory access with protection. The mechanism of the present invention permits processors to directly access each other's memory while retaining protection against faulty software or hardware. Security in the face of malicious intent of the communicating software is not maintained in the preferred embodiment, although a variation of the mechanism provides additional protection against malicious software albeit at the expense of slightly more complex hardware.

Description

MEMORY PROTECTION MECHANISM FOR A DISTRIBUTED
SHARED MEMORY MULTIPROCESSOR WITH INTEGRATED
MESSAGE PASSING SUPPORT
CROSS-REFERENCE TO CO-PENDING APPLICATION
This application is related to co-pending Application Serial No.
9/003,721, filed January 7, 1998, entitled, "Cache Coherence Unit With
Integrated Message Passing and Memory Protection for a Distributed, Shared Memory Multiprocessor System," by inventor Wolf-Dietrich
Weber, to common assignee.
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates generally to computer communication protocols, and more specifically to a message passing protocol which is integrated with a cache coherence protocol in a multiprocessing computer system.
2. Discussion of Background Art
Multiprocessor data computer systems consist of a plurality of processor nodes communicating over a high-speed interconnection network. Each processor node typically includes a processor and local Random Access Memory (RAM). A computational problem is divided among processor nodes so that the utilization of particular resources available at different processor nodes is maximized. Dividing the problem among processor nodes also reduces the time needed to produce a result and thereby expedites the computation. However, this division of labor necessarily implies that a process running on one processor node may depend on the results of computations being performed at another processor node. The various processes then must communicate over the interconnection network to exchange information relevant to their particular problems, and must also synchronize the processes. The performance level of a multiprocessor system depends on the speed with which processors can communicate with one another. In the shared-memory paradigm, communication is very fast because each processor can simply read what the other processors have written. However, this model does not offer communicating processes any protection from interfering with one another by inadvertently overwriting each other's critical memory areas. In the message-passing model, on the other hand, each processor can only access its own memory and can only communicate with other processors by explicitly building up a message and sending it to the other processor. This model offers the communicating processors protection from one another, because they cannot write to each other's memory. However, this model is also inefficient because typically the operating system must be invoked on both sides of the transfer (sender and receiver). These operating system calls slow communication between the processors. It is thus desirable to allow communicating processes access to designated areas in each other's memory directly but at the same time protecting against inadvertent accesses to other areas of memory, all without the need for operating system intervention on the receiving side. A mechanism that allows one processor to protect itself from having another processor corrupt its memory inadvertently due to a hardware or software fault is disclosed in U. S. Patent No. 5,448,698, issued September 5, 1995 to Wilkes. The Wilkes protection-check mechanism uses a protection table at the target that specifies a key for a number of memory areas. The mechanism disclosed in the Wilkes patent has the disadvantage that a table must be built into the hardware and requires storage space that inherently contains only a limited number of entries.
SUMMARY OF THE INVENTION
The present invention resides in a computer system having a plurality of processor nodes and an interconnection. Each processor node is connected to the interconnection and has a memory and a memory bus connected to the memory. Each processor node has a plurality of processors and each processor has a cache. The computer system has a mesh coherence unit for controlling messages and memory access requests between the memory bus and the interconnection. The computer system has a lock and key mechanism wherein a processor node having its memory accessed retains a lock value to compute, by a function from a memory address, a key value and a temp value, and a processor node requesting a memory access is permitted memory access when the temp value matches the key value. One object of the present invention is to provide a message passing system where operating system calls are not required on the target side.
Another object is to provide protection for processes running at different processor nodes to protect each process from damage. Still another object is to avoid the use of a table that requires additional hardware and storage space, and which inherently can contain only a limited number of tabular entries.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a functional block diagram of a computer system of the present invention having multiple processor nodes; FIG. 2 is a functional block diagram of a processor node of FIG.
1;
FIG. 3A and FIG. 3B show one embodiment for setting up a lock;
FIG. 4 A and FIG. 4B show one embodiment for granting access rights to page x for an initiator node by the target node making key x; and
FIG. 5A and 5B show one embodiment of how access from a remote node can be made between a target and initiator node.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT The present invention resides in a system and method for a communication protocol in scalable shared-memory multiprocessing computer systems. A scalable shared-memory multiprocessing computer system has a plurality of processors connected to an interconnection over which the processors communicate with each other. The conventional mechanism by which a message is passed is via an input/output channel and an interconnection.
In a system with the present invention, the same communication channel is used for both cache coherence and message passing, which significantly increases the rate at which messages are exchanged. Each processor communicates with processors in other processor nodes by sending and receiving messages using a message-passing protocol that is tightly integrated with the inter-processor node cache coherence protocol. At the same time, a lock and key mechanism raises protection barriers between processor nodes that communicate only via message passing. In contrast to the prior art Wilkes device, supra, the present invention requires very little hardware storage and can cover an unlimited number of memory areas. FIG. 1 is a functional block diagram of a computer system 100 according to the invention, including multiple processor nodes 102a-t and a processor node interconnection 104 which provides point-to- point communication between the nodes 102a-t. Each of the processor nodes 102a-t may be configured as a stand-alone computer system or associated with other processor nodes to share memory. The term "site" is used to designate a group of processor nodes sharing a physical address space in memory. Selected processor nodes 102a-d, 102f-i, 1021-O, and 102q-t are respectively configured as sites 106a, 106b, 106c and 106d. Other processor nodes 102e, 102j, 102k, and 102p are also connected via interconnection 104, but do not share memory and thus are not common sites. Such processor nodes in different sites communicate via message passing. For example, processor nodes in site 106a communicate with processor nodes in other sites, e.g., processor node 102n in site 106c, by sending messages via interconnection 104.
The present invention achieves cache coherence with integrated message passing between processor nodes 102a-t, as shown in exemplary system 100 (FIG. 1). The processor nodes in a site, e.g., processor nodes 102a-d in site 106a, share a physical address memory space. In addition, each of the processor nodes has multiple processors 202a-d (FIG. 2) with a respective cache memory 204a-d (FIG. 2). Thus, cache coherence needs be maintained between caches 204a-d of processors 202a-d not only within a node 102, but also in different processor nodes 102a-t. For example, caches in node 102a must be coherent with caches in nodes 102b-d.
The invention further includes a memory protection mechanism. The memory protection mechanism permits access to a shared physical address space for processor nodes within a site 106a-d and denies access to the shared physical address space for processor nodes 102a-t outside the site 106a-d. For example, processor node 102e may pass messages to processor node 102a. However, because processor node 102e is not within site 106a, processor node 102e may not perform memory access operations on the physical address space of site 106a. FIG. 2 is a functional block diagram of a processor node 102. Processor node 102 is exemplary of FIG. 1 processor nodes 102a-t and includes processors 202a-d each having a respective cache 204a-d, a memory subsystem 206, an input /output subsystem 208, and a mesh coherence unit (MCU) 210. Each of the functional units 202a-d, 206, 208, and 210 are connected to bus 212 for transmitting control, address, and data signals between the units. The mesh coherence unit 210 is connected to interconnection 104.
Processors 202a-d, memory subsystem 206, input/output subsystem 208, and bus 212 are commercially available, with one or more processors per node. The mesh coherence unit 210 coordinates inter-processor node cache coherence, inter-processor node message passing, and inter-processor node memory protection.
In a multiprocessor system, different processors typically must communicate with one another to co-ordinate their work. In order to limit the possibility of faulty software or hardware of one processor from corrupting another processor, and /or in order to enforce access security between different processors, some multiprocessors do not permit one processor to read directly from or to write directly to the memory of another processor. Instead, these multiprocessors only allow processors to exchange messages. Unlike a direct memory access, a message has to be processed and screened by the receiving processor, and hence this type of communication is typically less efficient.
The mechanism of the present invention permits processors to access each other's memory directly while permitting processors to retain protection against faulty software or hardware. However, this mechanism does not offer security against malicious intent of the communicating software. In another embodiment, the mechanism provides protection against malicious software, but requires slightly more complex hardware.
The mechanism relies on a lock and key scenario. The processor node that is performing an access (the "initiator" node) uses the key, while the processor node being accessed (the "target" node) keeps the lock. Each target generates a large number serving as the lock. This number is stored in hardware that does not accept memory access requests from other processor nodes.
FIG. 3A and FIG. 3B show one embodiment for setting up a lock. FIG. 3A is a block diagram of the software step 310 to generate the lock and the hardware step 320 for storing the lock in access protection hardware. FIG. 3B shows that the lock 350 resides within the protection check mechanism 330 and that the protection check mechanism 330 resides within the mesh coherence unit (MCU) 340.
Access protection is maintained on a per memory page basis, where a page typically represents about 4 kilobytes of memory. If a target wishes to grant access rights of a particular page to some initiator, it manufactures a key by using the equation:
key = f(lock, addr) (1)
where lock is the lock number, addr is the address of the page for which the key is manufactured, and f is a simple function. The key and address are then passed to the initiator.
FIG. 4 A and FIG. 4B show one embodiment for granting access rights to page x for an initiator node by the target node making key x. FIG. 4A is a block diagram showing the software step 410 to manufacture the key from the lock and address and the software step 420 for sending the key to the node that is being granted access rights to page x. FIG. 4B shows how the key 430 is passed through the interconnect 450 between the mesh coherence units (MCU) 440 and 460.
When the initiator wishes to access the page, it sends the key along with the address to the target. At the target, hardware checks the access by computing a "temp" value from the incoming address and lock: temp = f(lock, addr) (2)
If the temp value matches the key passed with the access, then the access is allowed to proceed. Otherwise, the access is rejected.
FIG. 5A and 5B show one embodiment of how access from a remote node can be made between a target and initiator node. FIG. 5A is a block diagram showing the access request to page x arrives with the key in step 510. The temp value is computed as a function of the lock and address in step 520. The temp value is compared to the key value in step 530 and if they are equal then the access request is accepted in step 540, otherwise the access request is rejected in step 550. FIG. 5B shows how the access request 590 is accepted or rejected through the interconnect 570 between the mesh coherence units (MCU) 560 and 580.
In its simplest form, function f is simply an EXCLUSIVE-OR operation. The mechanism then offers protection against accidental access to an area of memory to which access has not been granted as long as the software of the initiator only uses keys that are given to it by the target. In the case where function f is easily inverted, it is relatively easy for malicious software to generate a key that deduces the target's lock value:
lock = f2 (key, addr) (3)
Where f2 is the inverse of f, such that:
x = f2 (f(x,y),y) (4) Thus, there exists the potential for malicious software to manufacture keys for other areas of the target's memory, and in this case, the mechanism does not provide protection.
However, by using a function f that is not easily inverted, protection against malicious software also can be achieved. For example, if
key = mod (addr, lock) (5)
and addr is chosen to have a sufficient quantity of bits, then it becomes very time-consuming for malicious software to calculate the lock value from a given address /key combination. Security can be maintained so long as the lock value is changed more frequently than the reverse calculation can be performed by the malicious software.
The exemplary embodiments described herein are for purposes of illustration and are not intended to be limiting. Therefore, those skilled in the art will recognize that other embodiments could be practiced without departing from the scope and spirit of the claims set forth below.

Claims

WHAT IS CLAIMED IS:
1. A computer system comprising: an interconnection; a plurality of processor nodes, each being connected to said interconnection and having a memory; a memory bus connected to the memory; a plurality of processors, each said processor having a cache; a mesh coherence unit for controlling messages and memory access requests between said memory bus and said interconnection; and a lock and key mechanism means wherein a processor node having its memory accessed retains a lock value to compute a key value and a temp value by a function from a memory address, and a processor node requesting a memory access is permitted memory access when said temp value matches said key value.
2. The computer system of claim 1 wherein: said processor node being accessed generates a number serving as said lock value, said number being stored in hardware that does not accept memory access requests from other processor nodes.
3. The computer system of claim 2 wherein: access protection is maintained on a per memory page basis with the processor node manufacturing said key value by using a functional equation, to grant access rights for a particular page of memory to another processor node.
4. The computer system of claim 3 wherein: said key value is calculated as a function of said lock value and the page address of memory for which said key value is manufactured; and said key value and said page address of memory are then passed to the processor node requesting access to the memory page corresponding to the page address of memory.
5. The computer system of claim 4 wherein: the processor node requesting access to the memory page sends said key value and said page address of memory to the processor node being accessed to thereby check said access request by computing said temp value from said page address of memory and the said lock value; and said access request is permitted to proceed when said temp value matches said key value.
6. The computer system of claim 1 wherein: said processor node requesting access to a memory page sends said key value along with a page address of said memory page to the processor node being accessed to thereby check said access request by computing said temp value from said page address and said lock value; and said processor node from which memory access is requested allows access to proceed when said temp value matches said key value passed with said access request.
7. A computer system comprising: an interconnection; a plurality of processor nodes, each being connected to said interconnection and having a memory; a memory bus connected to the memory; a plurality of processors, each said processor having a cache; a mesh coherence unit for controlling messages and memory access requests between said memory bus and said interconnection; a lock and key mechanism wherein a processor node that is performing the access uses a key, while a processor node being accessed retains a lock; a processor node being accessed invents a number that serves as said lock, which is stored in hardware that does not accept memory access requests from other processor nodes; and said processor node being accessed keeps said lock to compute a temp value from the incoming address and said lock, with memory access to the processor node being permitted when said temp value matches the value of said key.
8. The computer system of claim 7 wherein: access protection is maintained on a per memory page basis and a processor node manufactures said key with a functional equation to grant access for a particular page to another processor node.
9. The computer system of claim 8 wherein: said key is calculated as a function of said lock number and the page address of memory for which said key is being manufactured, and said key and said page address of memory are passed to the processor node requesting access to the memory page corresponding to said page address of memory.
10. The computer system of claim 8 wherein: the processor node requesting access to a page of memory sends said key and a page address of said page of memory to the processor node being accessed to verify the access request by computing said temp value from said lock and said page address of memory; and said access is permitted to proceed when said temp value matches said key passed with said access request.
11. The computer system of claim 7 wherein: the processor node requesting access to a memory page sends said key along with a page address of said memory page to the processor node being accessed, so that said processor node being accessed can check the access request by computing said temp value from said page address of memory and said lock; and said access to said memory page is permitted to proceed when said temp value matches said key passed with said access request.
12. The computer system of claim 7 wherein: said key is calculated as a function of said lock number and the page address of memory for which said key is being manufactured, and said key and said address are passed to the processor node requesting access to said page address of memory; said function is not easily inverted so as to prevent malicious software from calculating said lock value from said address and said key; and said lock value is changed in less time than the reverse calculation can be performed by the processor node requesting access to said page address memory.
13. A method of using a computer communication system comprising the steps of: communicatively connecting a plurality of processor nodes by an interconnection, each processor node having a memory connected to a memory bus, a plurality of processors connected to said memory bus, each said processor having a respective cache; using a lock and key mechanism where a processor node having its memory accessed generates a lock value, computes a key value by use of a function operating on said lock value and a page address of memory, and computes a temp value by use of said function operating on said lock value and said page address of memory; permitting access to said page address of memory to a processor node requesting memory access when said temp value matches said key value.
14. The method of claim 13 further comprising the steps of: storing said lock value in hardware that does not accept memory access requests from other processor nodes; and maintaining access protection on a per memory page basis.
15. The computer system communication method of claim 13 further comprising the step of: granting access rights for a particular page to the processor node, by manufacturing said key with the equation key = f(lock, addr) where lock is said lock number, addr is said page address of memory for which said key is being manufactured, and f is said function that manufactures said key.
16. The computer system communication method of claim 13 further comprising the step of: passing said key and said page address of memory to said processor node requesting memory access by sending said key with said page address of memory from said processor node from which memory access is requested.
17. The computer system communication method of claim 13 further comprising the steps of: checking an access request by computing said temp value from said page address of memory and said lock: temp = f(lock, addr) permitting said access request to proceed when said temp value matches said key passed with said access request.
18. The computer system communication method of claim 13 further comprising the steps of: passing said key and said address to the processor node requesting memory access; sending said key along with said address from said processor node requesting memory to the processor node from which memory access is being requested; checking said memory access request at said processor node from which memory access is being requested by computing said temp value from said incoming page address of memory and said lock; and allowing said memory access request to proceed if said temp value matches said key passed with said access request.
19. The computer system communication method of claim 13 further comprising the steps of: passing said key and said page address of memory to the processor node requesting memory access, which sends said key and said page address of memory to the processor node from which memory access is being requested; checking the access request at said processor node from which memory access is requested by computing said temp value from said page address of memory and said lock: temp = f(lock, addr) allowing said access request to proceed if said temp value matches said key passed with said access request.
20. The computer system communication method of claim 13 further comprising the steps of: choosing said function f such that it requires more time for the processor node seeking memory access to invert said function f than the minimum time required for the processor node from which memory access is being sought to change said lock value; and changing said lock value more frequently than the inverting of said function f can be performed by said processor node seeking memory access.
PCT/US1998/027494 1998-01-07 1998-12-22 Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support WO1999035580A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP53615399A JP3983820B2 (en) 1998-01-07 1998-12-22 Computer system and memory protection method

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US09/003,771 1998-01-07
US09/003,771 US6212610B1 (en) 1998-01-07 1998-01-07 Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support
US09/003,721 US6209064B1 (en) 1998-01-07 1998-01-07 Cache coherence unit with integrated message passing and memory protection for a distributed, shared memory multiprocessor system
US09/003,721 1998-01-07

Publications (1)

Publication Number Publication Date
WO1999035580A1 true WO1999035580A1 (en) 1999-07-15

Family

ID=26672110

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US1998/027494 WO1999035580A1 (en) 1998-01-07 1998-12-22 Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support
PCT/US1998/027495 WO1999035581A1 (en) 1998-01-07 1998-12-22 Cache coherence unit with integrated message passing and memory protection for a distributed, shared memory multiprocessor system

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US1998/027495 WO1999035581A1 (en) 1998-01-07 1998-12-22 Cache coherence unit with integrated message passing and memory protection for a distributed, shared memory multiprocessor system

Country Status (2)

Country Link
JP (2) JP4306811B2 (en)
WO (2) WO1999035580A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5103823B2 (en) * 2006-08-18 2012-12-19 富士通株式会社 Information processing apparatus and input / output request control method
US7941499B2 (en) 2007-03-06 2011-05-10 Freescale Semiconductor, Inc. Interprocessor message transmission via coherency-based interconnect
JP5413001B2 (en) * 2009-07-09 2014-02-12 富士通株式会社 Cache memory
JP5541275B2 (en) * 2011-12-28 2014-07-09 富士通株式会社 Information processing apparatus and unauthorized access prevention method
CN105718242B (en) * 2016-01-15 2018-08-17 中国人民解放军国防科学技术大学 The processing method and system of software and hardware data consistency are supported in multi-core DSP
JP6668908B2 (en) * 2016-04-13 2020-03-18 富士通株式会社 Information processing system, transmitting apparatus, and control method for information processing system
JP2019053617A (en) 2017-09-15 2019-04-04 株式会社東芝 System lsi and system lsi failure detection method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0489583A2 (en) * 1990-12-05 1992-06-10 NCR International, Inc. Multiple processor cache control system
US5450563A (en) * 1992-10-30 1995-09-12 International Business Machines Corporation Storage protection keys in two level cache system
EP0801349A1 (en) * 1996-04-08 1997-10-15 Sun Microsystems, Inc. Deterministic distributed multicache coherence protocol

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0489583A2 (en) * 1990-12-05 1992-06-10 NCR International, Inc. Multiple processor cache control system
US5450563A (en) * 1992-10-30 1995-09-12 International Business Machines Corporation Storage protection keys in two level cache system
EP0801349A1 (en) * 1996-04-08 1997-10-15 Sun Microsystems, Inc. Deterministic distributed multicache coherence protocol

Also Published As

Publication number Publication date
WO1999035581A1 (en) 1999-07-15
JP2001515632A (en) 2001-09-18
JP2001515633A (en) 2001-09-18
JP3983820B2 (en) 2007-09-26
JP4306811B2 (en) 2009-08-05

Similar Documents

Publication Publication Date Title
US6212610B1 (en) Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support
US6209064B1 (en) Cache coherence unit with integrated message passing and memory protection for a distributed, shared memory multiprocessor system
US6295598B1 (en) Split directory-based cache coherency technique for a multi-processor computer system
US7103744B2 (en) Binding a memory window to a queue pair
US6910108B2 (en) Hardware support for partitioning a multiprocessor system to allow distinct operating systems
CN107408081B (en) Providing enhanced replay protection for memory
CA2271536C (en) Non-uniform memory access (numa) data processing system that buffers potential third node transactions to decrease communication latency
US6854032B2 (en) System for accessing a region of memory using remote address translation and using a memory window table and a memory region table
US5829052A (en) Method and apparatus for managing memory accesses in a multiple multiprocessor cluster system
US6654858B1 (en) Method for reducing directory writes and latency in a high performance, directory-based, coherency protocol
US6128677A (en) System and method for improved transfer of data between multiple processors and I/O bridges
US7571294B2 (en) NoDMA cache
US8533401B2 (en) Implementing direct access caches in coherent multiprocessors
CN103488588A (en) Memory protection method and system and network interface controller
US7500068B1 (en) Method and system for managing memory in a multiprocessor system
WO1999035580A1 (en) Memory protection mechanism for a distributed shared memory multiprocessor with integrated message passing support
EP0745940B1 (en) An apparatus and method for providing a cache indexing scheme less susceptible to cache collisions
CN109697127A (en) The method and apparatus that the access operation of a kind of pair of shared resource locks
US6085293A (en) Non-uniform memory access (NUMA) data processing system that decreases latency by expediting rerun requests
US7174437B2 (en) Memory access management in a shared memory multi-processor system
US5991895A (en) System and method for multiprocessor partitioning to support high availability
KR20140038075A (en) Apparatus and method for maintaining cache coherency, and multiprocessor apparatus using the method
US6148375A (en) Hierarchical bus simple COMA architecture for shared memory multiprocessors having a bus directly interconnecting caches between nodes
US7565504B2 (en) Memory window access mechanism
US20040193832A1 (en) Physical mode windows

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

ENP Entry into the national phase

Ref country code: JP

Ref document number: 1999 536153

Kind code of ref document: A

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase