| 发明名称 | Resource access control in a system-on-chip | ||
| 摘要 | A method for controlling access of a processor to a resource, wherein the processor has an instruction set including a virtualization extension, may include executing a resource access instruction by the processor using the virtualization extension, whereby the resource access instruction conveys a virtual address (VA) and a virtual machine identifier. The method may also include translating the virtual address to a physical address based on the virtual machine identifier, and looking-up an access control rule table using the physical address as a search key. Each entry of the rule table includes a virtual machine identifier. The method further includes controlling access to the resource based on the output of the rule table and a match between the virtual machine identifier returned by the table and the virtual machine identifier conveyed in the resource access instruction. | ||
| 申请公布号 | US9519596(B2) | 申请公布日期 | 2016.12.13 |
| 申请号 | US201514629613 | 申请日期 | 2015.02.24 |
| 申请人 | STMICROELECTRONICS (GRENOBLE 2) SAS;TECHNOLOGICAL EDUCATIONAL INSTITUTE OF CRETE | 发明人 | Coppola Antonio-Marcello;Kornaros Georgios;Grammatikakis Miltos |
| 分类号 | G06F12/00;G06F12/14;G06F9/455 | 主分类号 | G06F12/00 |
| 代理机构 | Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. | 代理人 | Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. |
| 主权项 | 1. A method for controlling access of a processor to a resource, wherein the processor has an instruction set including a virtualization extension, the method comprising: executing a resource access instruction by the processor using the virtualization extension, the resource access instruction conveying a virtual address and a virtual machine identifier; translating the virtual address to a physical address based upon the virtual machine identifier, the physical address comprising an actual physical address for accessing the resource without further translation; looking-up an access control rule table using the physical address as a search key, each entry of the access control rule table including a virtual machine identifier; and controlling access to the resource based on an output of the access control rule table and a match between the virtual machine identifier returned by the access control rule table and the virtual machine identifier conveyed in the resource access instruction, wherein controlling access comprises granting access to the resource if the access control rule table returns no entry. | ||
| 地址 | Grenoble FR | ||