JP2541287B2 - System shared control block control method - Google Patents

Description

The present invention relates to a control system of a system shared control block of an operating system by a computer hardware mechanism.

〔Overview〕

The present invention relates to a system shared control block control method for a computer operating system, in which a system shared control block used in the operating system is accessed at another address, and the access mechanism is separated from general programs and data manipulation instructions. By checking whether the user's access is valid, it is possible to prevent the destruction of the system shared control block and the system runaway due to unauthorized access.

[Conventional technology]

Since the conventional unit of protection is a unit of programs and user data, it is large from a few kilobytes to a few megabytes, and it is not suitable for use in the operating system because the protection level of the program is only divided into several stages. Traditional protection of system shared control blocks has been done at the software level because it is sufficient.

[Problems to be solved by the invention]

The above-mentioned conventional protection unit has a drawback that the unit is too large to protect the control block, so that it cannot be fully checked out. In addition, the protection level is one-dimensional, which is either high or low, which is insufficient to maintain a complicated protection relationship.

According to the present invention, a system shared control block (usually several bytes to several hundreds of bytes) is provided separately from the old memory protection means and address conversion means in which the unit of protection is a conventional program or user data (usually several kilobytes or more). A memory protection means as a protection unit coexists with the old hardware to solve the conventional drawback, and provides a method capable of preventing the destruction of the system shared control block and the system runaway due to improper access. The purpose is to

[Means for solving problems]

The present invention comprises an address array and a cache memory which are connected to a main memory and improve the effective speed of the main memory, an instruction decoder for interpreting general instructions, and an address conversion means for converting addresses for general instructions. In the virtual address system shared control block control system, a new instruction decoder for interpreting a new instruction for accessing the system shared control block, and a user check means for checking whether or not the access by the user is correct,
An access right check memory, which is referred to by this means, records access right information and is accessible from the main memory at a high speed, and a new address conversion for converting a logical address indicating the location of the system shared control block into an address on the main memory. Means and a memory protection means including an address conversion table referred to by the new address conversion means.
It is characterized by including a control block address table composed of a user ID block consisting of a logical address of the ID and the presence or absence of a control block corresponding thereto and a control block ID consisting of a logical address of the control block.

[Action]

When the new instruction for the system shared control block is provided, the new instruction decoder interprets that the provided new instruction is an instruction for accessing the system shared control block used by the operating system, and the user According to the access right information stored for checking in the access right check memory, the checking means checks whether the user's access is valid or not by using the user and its control block as an address constituent element. As a result, it is possible to protect the system shared control block from access by unauthorized users or access outside the period of use, and prevent destruction of the system shared control block and system runaway due to improper access.

〔Example〕

Next, embodiments of the present invention will be described with reference to the drawings. First
FIG. 1 is a block diagram showing the configuration of the embodiment of the present invention.

In the embodiment of the present invention, an address array 2 and a cache memory 3 which are connected to the main memory 1 and improve the effective speed of the main memory 1, a memory protection means 5, an instruction decoder 6 for interpreting general instructions, and general instructions. Address conversion means 4 for converting an address for use in the system, and a new instruction decoder 11 for interpreting a new instruction for accessing the system shared control block, which is a feature of the present invention, and whether or not the user's access is correct. User check method to check
12, an access right check memory 13 which is referred to by the user check means 12 and records access right information and is separated from the main memory 1 for high-speed access, and a logical address indicating the location of the system shared control block on the main memory. It includes a new address conversion means 14 for converting the address, and an address conversion table 15 referred to by the new address conversion means 14.

The operation of the embodiment of the present invention thus configured will be described. When a new instruction for the system shared control block is provided to the software using the hardware using the embodiment of the present invention, the portion that interprets this instruction is the new instruction decoder 11.

The format and usage example of the instruction are shown in FIG. This is an example of operating the system shared control block used inside the operating system. A module unit in the operating system is defined as a user, and an index indicating the user is called a user ID.

The DEFINE USER command declares the module running from here, that is, the user ID. Secure a control block of the required size with the GET CB instruction. At this time,
The logical address for accessing the secured control block is returned. The structure of the logical address is shown in FIG.

STORE CB instruction to store data in the control block, LOAD to refer to data from the control block
The CB instruction is used. Since the control block address is required to be accessed at high speed, the new address conversion means 10 separates the conversion table from the logical address to the real address on the main memory 1 in a format as shown in FIG. Have in memory.

At this time, each entry of the conversion table 15 has the presence / absence indication of the user and the control block respectively.
Each instruction of B judges that an exception has occurred, raises an interrupt, and notifies illegal access.

In addition, for the access other than the module indicated by DEFINE USER, the user check means 12 refers to the access right check memory 13 having the table shown in the table, and the user on the referred side which the subject is trying to access Check if read / write rights are granted. In this case also, an unauthorized access is notified by an interrupt. In the table, F indicates that the control block can be released, R can read, and W
Indicates that writing is possible, and N indicates that access is prohibited.

The contents of the access right check memory 13 are set / changed / deleted by the CHANGE ACCESS RIGHT command. The control block secured by the GET CB instruction in the module defined by DEFINE USER is CHANGE ACCESS RIGH
It cannot be used in other modules unless the access right is granted by the T instruction.

The control block is released by the FREE CB command, but at this time, the access right check memory 13 must have an indication that release is possible. When trying to release illegally, an interrupt is generated and the illegal release is notified.

When exiting the module, declare the cancellation of the usage authority with the END USER command. When the END USER command is issued, all control block operations are regarded as illegal operations and an interrupt is generated. Conventional instructions are processed by the instruction decoder 6, address conversion means 4, and memory protection means 5.

The address array 2 is commonly used in the conventional processing, and the main memory address after the address conversion is the cache memory 3
If there is, the data is loaded from the main memory 1 to the cache memory 3 and referred to. Since the control block is stored in the main memory 1 like normal programs and data, the control block main memory size is set to DE.
Must be initialized with the FINEINF instruction. At this time, the maximum value of the number of users is also specified in order to initialize the access right check memory 13.

As described above, according to the present invention, the system shared control block used in the operating system is accessed at an address different from the conventional one, and the access mechanism is used as a general program and a data operation instruction. It became possible to separate. As a result, there is an effect that illegal access can be eliminated and destruction of the system shared control block and system runaway can be prevented. By providing a control block address that shows the correspondence between the user ID and the control block, it becomes possible to protect the system shared control block in units of several bytes to several hundred bytes. Therefore, the system shared control block can be protected at a multidimensional level.

[Brief description of drawings]

FIG. 1 is a block diagram showing the overall configuration of an embodiment of the present invention. FIG. 2 is an instruction sequence when the operating system uses the instructions of the embodiment of the present invention. FIG. 3 is a diagram showing a configuration of a logical address of a control block. FIG. 4 is a diagram showing a conversion table for converting a logical address of a control block into an address on the main memory. 1 ... Main memory, 2 ... Address array, 3 ... Cache memory, 4 ... Address conversion means, 5,10 ... Memory protection means, 6 ... Instruction decoder, 11 ... New instruction decoder, 12 ... User check means, 13 ... Access right check memory, 14 ... New address conversion means, 15 ... Conversion table.

Claims (1)

(57) [Claims] 1. An address array (2) and a cache memory (3) connected to a main memory (1) for improving an effective speed of the main memory, an instruction decoder (6) for interpreting a general instruction, and a general instruction. A new instruction decoder (11) for interpreting a new instruction for accessing the system shared control block in the virtual address system shared control block control method, which comprises an address conversion means (4) for converting an address for A user check means (12) for checking whether the user's access is correct, and an access right check memory (13) which records the access right information referred to by this means and is separated from the main memory to enable high-speed access. And a new address conversion means (14) for converting a logical address indicating the location of the system shared control block into an address on the main memory. And a memory protection means including an address conversion table (15) referred to by the new address conversion means, wherein the address conversion table includes a user ID block consisting of the presence or absence of a user and a logical address of the user ID, A system-shared control block control method characterized by including a control block address table composed of the presence or absence of a corresponding control block and a control block ID consisting of a logical address of the control block.