阅读说明：本技术 用于控制存储器存取的装置及方法 (Apparatus and method for controlling memory access ) 是由 鲁本·鲍里索维奇·艾拉佩蒂安 格雷姆·彼得·巴尔内斯 理查德·罗伊·格里森思怀特 于 2019-10-21 设计创作，主要内容包括：本申请提供一种用于控制存储器存取的装置及方法。装置具有存储器存取电路系统,用于响应于目标地址执行卷标保护型存储器存取操作,默认的卷标保护型存储器存取操作包括以下步骤：比较地址卷标与保护卷标,地址卷标与目标地址相关联,保护卷标储存在与一个或多个存储器位置的区块相关联的存储器系统中,一个或多个存储器位置的区块包括由目标地址识别出的寻址位置；以及生成是否在保护卷标与地址卷标之间检测到匹配的指示。此外,装置具有控制卷标储存器,用于对多个存储器区域中的每个区域,储存配置控制信息,此配置控制信息用于控制当目标地址在存储器区域内时存储器存取电路系统如何执行卷标保护型存储器存取操作。每个存储器区域对应于多个区块。这提供用于执行卷标保护型存储器存取操作的非常灵活且高效的机制。(The present application provides an apparatus and method for controlling memory access. The apparatus has memory access circuitry for performing tag protected memory access operations in response to a target address, the default tag protected memory access operations comprising the steps of: comparing the address tag to a protection tag, the address tag associated with a target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and generating an indication of whether a match is detected between the protection tag and the address tag. In addition, the apparatus has a control tag storage for storing, for each of the plurality of memory regions, configuration control information for controlling how the memory access circuitry performs a tag-protected memory access operation when the target address is within the memory region. Each memory region corresponds to a plurality of blocks. This provides a very flexible and efficient mechanism for performing tag-protected memory access operations.)

1. An apparatus, comprising:

memory access circuitry to perform tag-protected memory access operations in response to a target address, the default tag-protected memory access operations comprising:

comparing an address tag to a protection tag, the address tag associated with the target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and

generating an indication of whether a match is detected between the protection tag and the address tag; and

a control tag storage for storing configuration control information for each of a plurality of memory regions, the configuration control information for controlling how the memory access circuitry performs the tag-protected memory access operation when the target address is within the memory region, each memory region corresponding to a plurality of the blocks.

2. The apparatus of claim 1, wherein each memory region comprises one or more memory pages.

3. The apparatus of claim 2, wherein each memory region comprises a single memory page.

4. The apparatus of any preceding claim, wherein:

the configuration control information comprises the same volume label mode field and a memory area protection volume label; and is

When the addressed location identified by the target address is within a memory region in which the same tag mode field is set, the memory access circuitry is arranged to alter the tag-protected memory access operation such that the address tag is compared to the memory region protection tag for that memory region, rather than to the protection tag associated with the block containing the addressed location.

5. The apparatus of any preceding claim, wherein:

the configuration control information includes matching all mode fields; and

when the addressed location identified by the target address is within a memory region set to match all mode fields, the memory access circuitry is arranged to alter the tag-protected memory access operation such that when the address tag has a predetermined value, a comparison of the address tag and the protection tag is bypassed, and the generating step comprises generating an indication that a match is detected between the protection tag and the address tag.

6. The apparatus of any preceding claim, wherein:

the configuration control information comprises a precise volume label checking mode field; and is

When the addressed location identified by the target address is within a memory region in which an accurate tag check mode field is set, the memory access circuitry is arranged to perform the tag protected memory access operation such that when a mismatch is detected between the protection tag and the address tag, the memory access circuitry is arranged to prevent performance of a memory access to the addressed location.

7. The apparatus of claim 6, wherein:

when the addressed location identified by the target address is within a memory region in which a precise tag pattern field is cleared, arranging the memory access circuitry to perform the tag-protected memory access operation such that when a mismatch is detected between the protection tag and the address tag, arranging the memory access circuitry to allow memory accesses to the addressed location to be performed asynchronously with any mismatch indication generated for the mismatch.

8. The apparatus of any preceding claim, wherein the control tag storage comprises a cache structure.

9. The apparatus of claim 8 when dependent on claim 2, wherein the control tag store is provided by a Translation Lookaside Buffer (TLB) having a plurality of entries, each entry maintaining address translation information for a memory page and including a field for the configuration control information identifying that memory page.

10. The apparatus of any preceding claim, wherein the configuration control information for each memory region is maintained within a memory region of the memory system, and apparatus further comprises:

an instruction decoder to decode a configuration control information access instruction to control the memory access circuitry to load configuration control information for the determined memory region from the memory region and to store updated configuration control information for the determined memory region to the memory region.

11. The apparatus of claim 10, wherein the memory region is a dedicated region of the memory system accessible using the configuration control information access instructions.

12. The apparatus of any of the preceding claims, further comprising control tag storage update circuitry responsive to a trigger to perform a refresh operation with respect to the configuration control information stored in the control tag storage.

13. The apparatus of claim 12, wherein the trigger occurs when a refresh instruction is executed by the apparatus, the refresh instruction providing an address indication identifying one or more memory regions for which configuration control information is to perform the refresh operation.

14. The apparatus of claim 13 when dependent on claim 9, wherein the flush instruction is a TLB flush configuration control information instruction that, when executed, causes a maintenance operation to be performed within the TLB for identifying which entries within the TLB provide configuration control information for memory pages identified by the address indication of the TLB flush configuration control information instruction, and for performing a flush action for the configuration control information in each identified entry.

15. The apparatus of claim 14, wherein the refresh action comprises one of:

invalidating the configuration control information stored in the entry;

updating the configuration control information stored in the entry by retrieving a latest version of the configuration control information from the memory system.

16. The apparatus of claim 12, wherein the trigger occurs upon execution of a store instruction to store updated configuration control information for the determined memory region to the memory system.

17. The apparatus of any of claims 12 to 16, further comprising a system control register for controlling which operating modes of the apparatus are capable of performing the refresh operation.

18. The apparatus of claim 17, wherein the system control register identifies a degree to which the refresh operation is allowed to be performed when the apparatus is operating at an application level.

19. The apparatus of claim 18, wherein the system control register is set to seek to prevent a denial of service attack using the refresh operation attempt at the application level.

20. Apparatus as claimed in any preceding claim when dependent on claim 4, wherein said memory access circuitry is responsive to a request to access a protection tag associated with a selected block to take an alternative action when the same tag mode field is set in the memory region associated with the selected block.

21. Apparatus as claimed in any preceding claim when dependent on claim 4, wherein the apparatus is arranged to switch a selected memory region between a default mode in which the same tag mode field of the selected memory region is cleared and a same tag mode in which the same tag mode field of the selected memory region is set in dependence on a trigger state.

22. The apparatus of claim 21, wherein the trigger state is an update performed for protection tags associated with blocks within the selected memory region when a same tag mode field is set and results in a transition from a same tag mode to the default mode.

23. The apparatus of claim 22, wherein the conversion is processed by one of:

executing a number of instructions to perform a translation operation that results in clearing at least a same tag mode field in the configuration control information of the selected memory region;

exceptions are handled to a higher operating mode of the device to simulate the conversion operation.

24. Apparatus as claimed in any preceding claim when dependent on claim 2, wherein the memory page is one of:

a physical memory page;

a virtual memory page.

25. The apparatus of claim 24, wherein the memory page is a virtual memory page and the configuration control information is determined by address translation information stored in a page table in the memory system.

26. The apparatus of claim 25, wherein a system register is used to identify which bits of the address translation information provide the configuration control information.

27. The apparatus of any preceding claim, further comprising determination circuitry to determine, based on knowledge of an address translation factor, whether an update to the configuration control information is allowed to be performed by the apparatus in its current operating mode, or whether an exception to a higher operating mode is required to handle a request for the update.

28. A method of controlling memory access, comprising:

performing a tag-protected memory access operation in response to a target address, the default tag-protected memory access operation comprising:

comparing an address tag to a protection tag, the address tag associated with the target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of the one or more memory locations including an addressed location identified by the target address; and

generating an indication of whether a match is detected between the protection tag and the address tag;

storing configuration control information for each of a plurality of memory regions; and

using the configuration control information to control how the memory access circuitry performs the tag-protected memory access operation when the target address is within the memory region, each memory region corresponding to at least one of the blocks.

29. A computer program for controlling a host data processing apparatus to provide an instruction execution environment for instruction execution of object program code, the computer program comprising:

memory access program logic to perform a tag-protected memory access operation in response to a target address, the default tag-protected memory access operation comprising:

comparing an address tag to a protection tag, the address tag associated with the target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of the one or more memory locations including an addressed location identified by the target address; and

generating an indication of whether a match is detected between the protection tag and the address tag; and

a control tag data structure to store configuration control information for each of a plurality of memory regions, the configuration control information to control how the memory access program logic performs the tag-protected memory access operation when the target address is within the memory region, each memory region corresponding to at least one of the blocks.

Technical Field

The present technology relates to the field of data processing.

Background

Software to be executed by a data processing apparatus is typically written in a high-level programming language and then compiled into code according to an instruction set architecture supported by the apparatus on which the software is to be executed. For example, software may be initially written in a higher level language (such as Java, C, or C + +), and may subsequently be compiled into a natively supported instruction set architecture (such as x86 or C + +))。

Some higher-order programming languages, such as Java, are considered memory security languages because they include runtime error detection checks to check for certain errors on memory accesses. In contrast, memory insecure languages (such as C and C + +) do not include such runtime error checking. The persistent use of memory-insecure languages means that in code compiled from a given instruction set architecture, there may be a large number of memory-related errors that may be readily utilized by attackers or by other malicious parties. Such errors may include:

boundary violations where the array index provided by the code exceeds the legal boundary of the array;

errors used after release, where memory locations are accessed after they have been deallocated or released;

an error used after return, where a memory access is made to an address (such as a value on the stack) associated with a variable used within the function after having been returned in the function;

error for out-of-range use, where a variable is accessed outside of the range of the declared variable; and

errors used before initialization, where the memory address associated with a variable is accessed before the variable has been initialized.

These are just some examples of memory-related errors that may result in unpredictable behavior and may provide a way for attackers to take advantage of. Accordingly, it may be desirable to provide architectural support within an instruction set architecture supported by a given processing device to assist in runtime detection of certain classes of memory errors.

Disclosure of Invention

In one exemplary configuration, an apparatus is provided that includes memory access circuitry to perform tag-guarded memory access operations in response to a target address,

the default tag protected memory access operation comprises the steps of: comparing the address tag to a protection tag, the address tag associated with a target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and generating an indication of whether a match is detected between the protection tag and the address tag, the control tag storage to store, for each of a plurality of memory regions, configuration control information to control how tag-protected memory access operations are performed by the memory access circuitry when the target address is within the memory region, each memory region corresponding to a plurality of blocks.

In another exemplary configuration, there is provided a method of controlling memory access, the method comprising: performing a tag protected memory access operation in response to the target address; storing configuration control information for each of a plurality of memory regions; and using the configuration control information to control how the memory access circuitry performs tag-protected memory access operations when the target address is within the memory regions, each memory region corresponding to at least one of the blocks,

the default tag protected memory access operation comprises the steps of: comparing the address tag to a protection tag, the address tag associated with a target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and generating an indication of whether a match is detected between the protection tag and the address tag.

According to yet another exemplary configuration, there is provided a computer program for controlling a host data processing apparatus to provide an instruction execution environment for executing instructions of object program code, the computer program comprising: memory access program logic for performing tag protected memory access operations in response to a target address, and a control tag data structure for storing configuration control information for each of a plurality of memory regions, the configuration control information for controlling how the memory access program logic performs the tag protected memory access operations when the target address is within the memory region, each memory region corresponding to at least one block of the blocks, a default tag protected memory access operation comprising the steps of: comparing the address tag to a protection tag, the address tag associated with a target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and generating an indication of whether a match is detected between the protection tag and the address tag.

In yet another exemplary configuration, an apparatus is provided that includes: a memory access module for performing tag protected memory access operations in response to a target address; and a control tag storage module for storing configuration control information for each of the plurality of memory regions, the configuration control information for controlling how the memory access module performs tag protected memory access operations when the target address is within the memory region, each memory region corresponding to the plurality of blocks, the default tag protected memory access operation comprising the steps of: comparing the address tag to a protection tag, the address tag associated with a target address, the protection tag stored in a memory system associated with a block of one or more memory locations, the block of one or more memory locations including an addressed location identified by the target address; and generating an indication of whether a match is detected between the protection tag and the address tag.

Drawings

The present technology will be further described, by way of example only, with reference to the examples of the present technology illustrated in the accompanying drawings, in which:

fig. 1 schematically illustrates an example of a data processing apparatus;

FIG. 2 illustrates an example of a tag-protected memory access operation that includes checking whether an address tag matches a protection tag;

FIG. 3 schematically illustrates a memory address space and the provision of both a protection tag (guard tag) and a page tag (page tag) within the memory address space, in accordance with one exemplary arrangement;

FIG. 4 illustrates a plurality of fields that may be provided within a page tag according to one exemplary arrangement;

FIG. 5 is a flow chart illustrating how tag protected memory access operations are handled based on whether the same tag mode is set within a page tag of an associated memory region;

FIG. 6 is a flow chart illustrating how tag protected memory access operations are handled according to whether a match all mode is set within a page tag of an associated memory region;

FIG. 7 is a flow chart illustrating how tag protected memory access operations are handled according to whether a precise tag check mode is set within a page tag of an associated memory region;

FIG. 8 illustrates how the TLB of FIG. 1 may be extended to include page tag values, according to one exemplary arrangement;

FIG. 9 is a block diagram illustrating components that may be provided within the TLB of FIG. 1, according to one exemplary arrangement;

FIG. 10 is a flow diagram illustrating operation of the page tag update/refresh circuitry of FIG. 9 in one exemplary arrangement;

FIG. 11 is a flowchart illustrating operation of the tag access control circuitry of FIG. 9 according to one exemplary arrangement;

FIG. 12 is a flow diagram illustrating how a TLB flush operation may be handled according to a setting set within a system control register of a device, according to one exemplary arrangement;

FIG. 13A is a flowchart illustrating steps that may be taken when seeking to update a protection label for a selected group (granule), according to one exemplary configuration;

FIG. 13B is a flowchart illustrating a particular sequence of steps that may be performed when seeking to update the protection tag of a selected granule, this particular mechanism resulting in a transition from the same tag mode to the default mode;

FIG. 14 is a flowchart illustrating steps that may be performed to process a request to seek to read a protection tag of a selected granule from memory in accordance with one exemplary arrangement;

FIG. 15 is a flow diagram illustrating how operations may be handled for storing a page protection tag to memory in accordance with one exemplary arrangement; and

FIG. 16 illustrates an example of a simulator that supports the techniques described herein.

Detailed Description

One approach to preventing certain memory usage errors of the type described above may be to provide a protection tag that is stored in a memory system associated with a block of one or more memory locations. When a tag-protected memory access operation is requested based on a target address identifying a particular addressed location in the memory system, the memory access circuitry may compare an address tag associated with the target address to a protection tag stored in the memory system associated with a block of one or more memory locations that includes the addressed location identified by the target address. The memory access circuitry may generate an indication of whether a match is detected between the protection tag and the address tag. This indication can be used to control whether the memory access is allowed to proceed smoothly or whether subsequent operations can proceed smoothly, or can only be reported when the memory access is allowed to proceed normally.

This may be useful because, for example, when a memory region is initialized, a protection tag for memory banks for which the code is expected to access a particular value may be set based on a compiler compiling the code in a memory insecure language (such as C or C + +), and corresponding address tag values may be associated with target addresses pointing to those banks. If a memory usage error occurs and, for example, the address pointer is out of range usage or extends beyond the boundaries of an already initialized efficient range, the protection tag associated with the addressed location may not match the address tag associated with the target address, and then an indication of whether a match is detected in this case may be used to trigger some error handling response or error reporting mechanism. The particular response taken may depend on the particular software needs being executed, or on the particular microarchitectural implementation of the architecture. Thus, even if a high-level language does not have a module for performing runtime error checking to prevent memory access errors, the ISA for compiled code may include architectural features for performing such checks.

However, it is desirable to provide a more flexible and efficient mechanism for performing tag-protected memory access operations.

According to the techniques described herein, a data processing device is provided with a control tag storage arranged to store, for each of a plurality of memory regions, configuration control information for controlling how tag protected memory access operations are performed by memory access circuitry when a target address is within the memory region. Each memory region is arranged to correspond to a plurality of blocks. Thus, according to the methods described herein, the manner in which tag protected memory access operations are performed may be controlled according to the currently accessed memory region. This provides great flexibility in that individual memory regions may be treated differently. This approach may also achieve significant efficiency benefits because, as discussed in more detail later, it may avoid accessing or updating individual protection tags associated with blocks in certain memory regions, while still allowing a desired form of tag-protected memory access operation to be performed with respect to that memory region.

Each memory region may take various forms, but in one exemplary embodiment each memory region includes one or more memory pages. In particular, it should be understood that the memory address space is typically partitioned into physical pages, and each memory region to which configuration control information is provided may correspond to one or more of those physical pages. In systems that use virtual-to-physical address translation, it should be understood that a virtual page may also be defined, with the translation information required to enable a virtual address within the virtual page to be translated to a physical address being obtained from one or more associated page tables in memory. According to the methods described herein, the one or more memory pages forming each memory region may be physical pages, or alternatively virtual pages.

Although each memory region may include more than one memory page in one embodiment, each memory region includes a single memory page in one particular embodiment. It has been found that this provides a particularly efficient form for the use of the method described herein, as it provides control of page-by-page tag protected memory access operations, and also enables associated configuration control information to be efficiently managed and accessed. For example, typically, one or more cache structures may be provided within the device for maintaining information associated with individual memory pages. For example, a Translation Lookaside Buffer (TLB) may be used to store address translation data associated with a particular memory page. Since the configuration control information is also provided page by page in embodiments where the memory area comprises a single memory page, the configuration control information may also be easily cached within the device, for example by using existing caching structures.

The configuration control information may take various forms. In one example, the configuration control information includes a same tag mode field and a memory region protection tag. When the addressed location identified by the target address is within a memory region in which the same tag mode field is set, the memory access circuitry may then be arranged to alter tag-protected memory access operations such that the address tag is compared to the memory region protection tag for that memory region, rather than to the protection tag associated with the block containing the addressed location. Such an approach may provide significant performance/efficiency benefits. For example, where it is deemed appropriate that all blocks within a particular memory region have the same protection tag value, the need to set those individual protection tag values can be avoided by setting the same tag mode field within the configuration control information, and storing the required protection tag information as a memory region protection tag within the configuration control information. When the same tag mode field is set, any tag-protected memory access operation is performed for blocks of memory locations within the memory region using a single memory region protection tag stored as configuration control information for the memory region, rather than using individual protection tags associated with each block.

In addition to the performance/efficiency benefits that can be realized by not requiring maintenance of individual protection tags for blocks within a memory region (the same tag mode field is set for blocks within the memory region in the corresponding configuration control information), this approach also enables faster execution of checks performed during any individual tag-protected memory access operation. In particular, accessing the memory region protection tag may be faster than accessing the individual protection tags of the block because the number of memory region protection tags that will be present is less than the number of individual block-based protection tags. This may be particularly the case where the memory region protection tag is cached within the cache structure of the device (such as in the TLB).

The configuration control information need not only support a single mode (such as the same tag mode described above), and alternatively or additionally, different modes may also be identified by the configuration control information. For example, in one exemplary arrangement, configuring the control information may include matching all of the mode fields. When the addressed location identified by the target address is within a region of the memory that is set to match all of the mode fields, the memory access circuitry may be arranged to alter the tag-protected memory access operation such that when the address tag has a predetermined value, the comparison of the address tag and the protection tag is bypassed and the generating step comprises generating an indication that a match is detected between the protection tag and the address tag. This may provide significant flexibility while also ensuring sufficient security of the tag-protected memory access method when needed. In particular, it means that the tag-protected memory access method can only be used in memory regions deemed necessary, while other memory regions can efficiently bypass this tag-protected memory access control by setting the address tag to a predetermined value. This may be useful in various situations. For example, some existing programs may legitimately clear one or more upper bits of an address, which may include address tag information, for example. A specific example of this is the use of compressed pointers. Thus, in such a case, it may be beneficial to set all of the mode fields that match within the memory area that is performing such an action, so that the difference between the protection tag and the address tag is unmarked.

In one exemplary arrangement, if the addressed location identified by the target address is within a memory region that is set to match all of the mode fields, but the protection tag is not at the predetermined value described above, then a normal tag-protected memory access operation will be performed. The actual form of tag-protected memory access operations performed at this point will depend on the other configuration information provided for the memory region. For example, if the same tag mode field is set, the address tag comparison will be performed with reference to the memory region protection tag rather than the associated protection tag of the associated block of memory locations.

While the above-described matching of all patterns references an address tag having a predetermined value, in alternative embodiments the protection tag may be set to a predetermined value and thus the comparison of the address tag and the protection tag is bypassed if the protection tag has a predetermined value.

As another example of information maintained as part of the configuration control information for a memory region, the configuration control information may include a precise tag check mode field. When the addressed location identified by the target address is within the memory region in which the precise tag check mode field is set, then the memory access circuitry may be arranged to perform a tag protected memory access operation such that when a mismatch is detected between the protection tag and the address tag, the memory access circuitry is arranged to prevent performance of a memory access to the addressed location. Thus, according to this method, when the precise tag check mode field is set, the checking of the protection tag and the address tag is performed in synchronization with the associative memory access to stop the memory access if there is a mismatch. The action taken at this point may be different, but in one embodiment, the exception may be raised to a higher exception level (exception level) with appropriate action taken.

Additionally, in one exemplary arrangement, when the addressed location identified by the target address is within a memory region for which the precise tag mode field is not set, the memory access circuitry is arranged to perform a tag-protected memory access operation such that when a mismatch is detected between the protection tag and the address tag, the memory access circuitry is arranged to allow memory accesses to the addressed location to be performed asynchronously to any mismatch indication generated for the mismatch. Thus, in this approach, memory accesses are not delayed in performing the check, and instead any mismatch indication is generated asynchronously to the memory access to indicate whether a match or mismatch occurred. It should be noted that although a separate mismatch indication may be generated each time a mismatch is detected, enabling direct identification of memory accesses that fail tag checking, in other embodiments a more general indication may be issued, for example indicating that one or more accesses have not passed tag checking, allowing additional investigation to be performed following this indication to determine more detail about the failed memory access.

It may be useful in some cases to not set the precise tag check mode for certain memory regions in order to increase the speed of data access (e.g., by disabling the precise tag check mode relative to memory pages that are currently subject to frequent accesses of data). However, since configuration control information may be specified on a memory region by memory region, and in one exemplary embodiment on a page-by-page basis, the described method may provide security/adaptation capability by disabling the precise tag check mode only when necessary, and not necessarily throughout the entire process performed by the device.

The control tag storage may take various forms. This is formed, for example, by the portion of the memory system that couples with the memory access circuitry. In some embodiments, the control tag storage may include a cache structure for caching configuration control information for certain memory regions in order to increase the speed of access to the configuration control information. When such a cache structure is used, the cache structure may take various forms. For example, the cache structure may be a dedicated cache structure for caching configuration control information for one or more memory regions. Alternatively, the cache structure may be a cache structure that also serves protection tags for individual blocks of the cache location.

In one exemplary arrangement where each memory region includes one or more memory pages, a particularly efficient implementation of the cache structure may be achieved by arranging the control tag storage to include a Translation Lookaside Buffer (TLB) having a plurality of entries. Each entry is used to maintain address translation information for a memory page in accordance with the standard behavior of a TLB, but in this embodiment each entry also includes a field for configuration control information identifying the memory page. The use of TLB structures may provide a particularly accurate method for caching configuration control information associated with memory pages, as entries have been provided to maintain other information related to such memory pages.

In one exemplary arrangement where each memory region includes one or more physical pages, the page table structure in memory need not be changed, and the address translation information for each entry is obtained in a standard manner. In addition, however, each TLB entry may be expanded to provide additional fields for identifying configuration control information, and a separate access may be performed to obtain the desired entry of configuration control information for the page in question (e.g., by reading that information from the memory system).

However, in alternative embodiments, the configuration control information may be associated with a virtual page in memory, and in that case it is possible to supplement the page table information in memory to include the configuration control information. In this case, the configuration control information will be retrieved and populated in the entries of the TLB as part of the page table walk process for obtaining the address translation information. In some such cases, such as in smaller systems where the overall memory address space is relatively small, there may be an existing redundant space within the page table that may be used to accommodate configuration control information. In such an embodiment, a system register may be used to identify which bits of address translation information retrieved from the page table provide configuration control information. Such a change may be faster because no additional lookup is needed to load the page tag information when initially filling the TLB entry, as all information is retrieved directly as part of the page table walk process. Additionally, if the system page tables do not have sufficient space, it may be possible and potentially more efficient to place the page table information in some extended portion of the page table or similar structure if the particular architecture under consideration is available.

In one example arrangement, the configuration control information for each memory region is maintained within a memory region of the memory system, and the apparatus further comprises an instruction decoder for decoding a configuration control information access instruction to control the memory access circuitry to load the configuration control information for the determined memory region from the memory region and to store updated configuration control information for the determined memory region to the memory region. Although a general memory address space may be used for this purpose, so that standard load or store instructions may be used to access the configuration control information, in one exemplary arrangement the memory region is a dedicated region of the memory system that is provided specifically for storing the configuration control information. In this case, the configuration control access instruction may be a particular form of load and store instruction provided for accessing the memory region. The system may then configure the granting of the right to access the memory region to a particular exception level. For example, at the application/user level, the private memory area may only be accessed using specific load and access instructions provided for that purpose, while at the kernel level it may be more free to access the private memory area using other instructions.

In one exemplary arrangement, the apparatus may further include control tag storage update circuitry responsive to the trigger to perform a refresh operation with respect to configuration control information stored in the control tag storage. As previously described, the control tag storage may include one or more cache structures, and the use of control tag storage update circuitry may be used to avoid cache information becoming stale.

The trigger performing the refresh operation may occur in a number of ways. In one example arrangement, the trigger occurs when a refresh command is executed by the device, the refresh command providing an address indication identifying one or more memory regions for which the configuration control information is to perform a refresh operation. Thus, the address indication may specify a particular address, or range of addresses, and based on that information may determine one or more memory regions whose configuration control information is to perform a refresh operation.

The refresh instruction may take various forms. In embodiments where configuration control information is cached within a TLB structure, the flush instruction may be a TLB flush configuration control information instruction that, when executed, causes a maintenance operation to be performed within the TLB to identify which entries within the TLB provide configuration control information for a memory page identified by the address indication of the TLB flush configuration control information instruction, and perform the flush operation with respect to the configuration control information in each identified entry.

The refresh action performed may take various forms, and may involve, for example, invalidating configuration control information stored in an identifying entry of the TLB, or updating the configuration control information by retrieving the latest version of the information from the memory system.

Although in the above examples, the trigger occurs as a result of executing a particular refresh instruction, the trigger may occur as a result of other events. For example, the trigger may occur when a store instruction is executed to store updated configuration control information for the determined memory region to the memory system. In particular, when such a store is performed, it is known that the cached information may now be stale, and thus a refresh operation may be triggered directly.

It should be noted that regardless of the triggering mechanism used, the flush operation may only affect the contents of the TLB entries that maintain the configuration control information, and the other contents of the TLB entries (i.e., the address translation information and associated attribute information) will not change in response to the flush operation described above in one exemplary embodiment. However, the entire TLB entry may still be invalidated using an already existing TLB invalidation operation.

In an exemplary embodiment, the system control register may be used to control which modes of operation of the enabling means perform refresh operations. For example, the system control register may identify the extent to which refresh operations are allowed to be performed when the device is operating at the application level (also sometimes referred to as the user level).

The system control register information may take various forms. For example, this information may be used to select between a plurality of different modes. For example, one mode may indicate that a refresh operation is not allowed to be performed in exception level 0, instead any attempt to perform a refresh operation at exception level 0 should be intercepted to exception level 1, the exception level associated with the operating system/kernel. Alternatively, another mode may be specified, which indicates that the refresh operation is allowed for all pages in exception level 0. As another example, a mode may be specified that indicates that some pages are allowed to be swiped in exception level 0, depending on the page attributes specified in the relevant page table in memory. The set of related page attributes may then be defined by the architecture or implementation. In the absence of those page attributes, attempts to perform refresh operations may again be intercepted to exception level 1. Since such information can be specified page by page, this can enable refresh operations to be performed faster in many cases by avoiding the need to intercept refresh requests to higher exception levels in some cases, while still maintaining security when needed to ensure that refreshes are intercepted to higher exception levels.

On the other hand, allowing such refresh operations to occur in user space may result in a mechanism for performing denial of service attacks from untrusted processes. For example, such an untrusted process may seek to perform refresh operations frequently within the exception level 0 user space, thereby slowing the operation of the system. However, by intercepting to a higher exception level, it can be used to manage such denial of service issues. Thus, in one exemplary configuration, the system control register may be set to try to prevent denial of service attacks using refresh operation attempts at the application level.

For example, using the type of configuration described above, the system control registers may be configured at exception level 1 such that only exception level 0 refresh operations are allowed for trusted processes, while refresh is disabled for other processes. Another way to mitigate such denial of service attacks may be to intercept refresh operations to exception level 1 after every N times the refresh operations are performed, or if N or more refresh operations are performed within a predetermined period of time. This will allow for fast page tag refresh in most cases and also provide a way for the kernel to control how often refresh operations are performed, thereby preventing related denial of service attacks.

In the embodiment using the same tag mode, the same tag mode is also set for controlling other functions than the tag-protected memory access operation. In particular, the memory access circuitry may be responsive to a request to access a protection tag associated with a selected block to take an alternative action when the same tag mode field is set for a memory region associated with the selected block. Such an access may be performed to try to read the protection tag value, or to write an updated protection tag value. In each case, the alternative actions performed when setting the same tag mode may be different. For example, using any instruction that attempts to store the protected tag value of a block to memory, where the block is in a region of memory that has the same tag mode field set, may cause an exception to be generated so that the exception handler can determine what steps to take for the storage request. As another example, using any instruction that attempts to read a protection tag for a block from memory, where the block is within a memory region that sets the same tag pattern, may result in a return of the memory region protection tag instead of the block's protection tag.

In one exemplary arrangement, means may be arranged for the selected memory region to switch between a default mode in which the same tag mode field of the selected memory region is cleared and a same tag mode in which the same tag mode field of the selected memory region is set, according to a trigger state. Depending on the particular implementation, the switching function may be implemented in software or hardware.

The trigger state may take various forms. For example, such a scheme may be used in conjunction with the tagging of memory regions used as stacks. For example, a default stack page may have the same tag mode disabled. Subsequently, the tagging of small variables can always be performed with the same tag mode disabled. However, when tagging such a large buffer is considered efficient according to heuristic algorithms, the large buffer may be tagged and untagged using a method that enables the same tagging mode. Subsequently, the same tag mode may be disabled all the time when the tag is cancelled, so as to revert to the original tag value.

As another example, the trigger state may be an update that is performed with respect to the protection tag associated with the block within the selected memory region when the same tag mode field is set and that results in a transition from the same tag mode to the default mode. In particular, certain steps may be taken to migrate from the same tag mode to a default mode to thereafter allow storage of the newly assigned protection tag value for the identified block.

Such a method may be explicitly processed by executing a plurality of instructions to perform a switching operation that results in clearing at least the same tag mode field in configuration control information for a selected memory region. Those instructions may also, for example, cause the current memory region protection tag value to be written into each of the single block protection tags so as to overwrite the previous protection tag value of the block before updating the identified block with the new protection tag value.

Alternatively, multiple instructions are not executed, but rather an exception may be raised to a higher operating mode of the device to simulate a conversion operation. Exceptions may be triggered for a number of reasons. For example, an exception is directly triggered when an attempt is made to update the protection tag associated with a block when the corresponding memory region has set the same tag mode.

In one exemplary arrangement, the apparatus further comprises determination circuitry to determine, based on knowledge of the address conversion factor, whether to allow an update to the configuration control information to be performed by the apparatus in its current operating mode or whether to require an exception to a higher operating mode to handle a request for an update. The determination circuitry may be provided as part of the memory access circuitry. The address translation factor may take various forms. For example, the system may support multiple different virtual page sizes, and perhaps at some lower exception level, the software does not know the minimum page size used. In this case, the updater may need to be intercepted to a higher exception level in order to process the update request accordingly (either to allow or prevent the update). However, if the minimum page size can be exposed to user space, some such updates may be allowed to be performed without being trapped in a higher exception level. In particular, if it is determined that the current updates are related to a minimum page size, those updates may be allowed to execute at the current exception level, otherwise they may be trapped in a higher exception level where processing updates may occur.

As another example, a particular physical page may be mapped into several virtual pages, and in that case the update operation may only perform an update to the current mapping. For example, if an entry is stored in the TLB for one of the images, a flush may be performed for the particular image, but not for another mapping to the same physical page. If the software knows about multiple image cases, the software can handle such cases accordingly. However, to support the case of implicit page sharing, update operations are preferably intercepted to a higher exception level when the sharing is not known by the lower exception level (such as EL 0). In many cases, the existence of implicit page sharing may be implied by some attribute bits associated with the page. For example, if implied page sharing is implemented using a copy-on-write procedure, the virtual page may be indicated as unwritable, and attempting to update configuration control information in this case may be trapped at a higher exception level.

If desired, additional information fields may be provided within the configuration control information to identify specific situations that need to be handled at a higher exception level. Thus, if the corresponding field is set, any refresh operation will be trapped in the next exception level. If desired, the system may be configured to not allow a non-privileged exception level (such as EL0) to modify this field.

Specific examples will now be described with reference to the accompanying drawings.

Fig. 1 schematically illustrates an example of a data processing apparatus 2. It should be understood that this is merely a high-level representation of a subset of the components of the apparatus, and that the apparatus may include many other components not shown. The apparatus 2 comprises processing circuitry 4 for performing data processing in response to instructions decoded by an instruction decoder 6. Instruction decoder 6 decodes instructions fetched from instruction cache 8 to generate control signals 10 for controlling processing circuitry 4 to perform corresponding processing operations represented by the instructions. Processing circuitry 4 may include one or more execution units to perform operations on the values stored in registers 14 to generate result values to be written back to the registers. For example, the execution units may include an arithmetic/logic unit (ALU) to perform arithmetic or logical operations, a floating point unit to perform operations using floating point operands, and a vector processing unit to perform vector operations on operands comprising a plurality of individual data elements. The processing circuitry also includes a memory access unit (or load/store unit) 15 for controlling the transfer of data between the registers 14 and the memory system. In this example, the memory system includes an instruction cache 8, a level 1 data cache 16, a level 2 cache 17 shared between data and instructions, and a main memory 18. It should be understood that other cache hierarchies are possible-this is just one example. A Memory Management Unit (MMU) 20 is used to provide address translation functionality to support memory accesses triggered by the load/store unit 15. The MMU has a Translation Lookaside Buffer (TLB) 22 for caching a subset of entries from page tables stored in memory system 16, memory system 17, memory system 18. Each page table entry may provide an address translation map for the corresponding address page and may also specify access control parameters, such as access permissions specifying whether the page is read-only or both readable and writable, or access permissions specifying which privilege levels may access the page.

FIG. 2 schematically illustrates the concept of tag protected memory access. The physical address space used to reference memory locations within the memory system may be logically partitioned into a number of blocks 30, each block including a number of addressable locations. For simplicity, in the example of fig. 2, each block 30 includes four memory locations, although other block sizes may be used. Each block 30 is associated with a corresponding protection tag 32. The protection tags associated with a number of blocks 30 may be grouped together and stored in different architecturally accessible memory locations 34 within the physical address space, or in additional storage locations provided in the main memory 18 that are architecturally inaccessible (not mapped to the same physical address space). In some cases, it may be preferable to use separate non-architecturally accessible storage to avoid running out of space in data caches 16, 17 to cache protection tag values, which may affect execution of conventional code and may make coherency management more complex. An additional tag cache 19 may be provided in the micro-architecture for caching tag values from non-architecturally accessible storage for faster access than if the tag had to be accessed from main memory 18. The particular image of the tag storage location 34 corresponding to each tile 30 may be controlled by the load/store unit 15 and may be hardwired or programmable. Although in fig. 2 each tag 32 is associated with a block of physical addresses, it is also possible to provide a protection tag 32 associated with a virtual memory location in the virtual memory address space, but this may require some additional address translation at each memory access. Thus, by associating the protection tag 32 with a physical memory location, performance may be improved. Generally, for a particular micro-architectural implementation, it may be chosen exactly how to associate the protection tag 32 with the corresponding block 30 of physical address space. Generally, all that is required is to access and compare the protection tag 32 associated with a given block of memory.

Thus, when a tag-protected memory access is required, the address tag 40 (associated with the target address 42 identifying the addressed location 44 to be accessed) is compared to the protection tag 32 (associated with the block of memory locations 30 that includes the addressed location 44). For example, in FIG. 2, the target address 42 points to a location B1 in memory, labeled 44 in the address space of FIG. 2. Thus, protection tag B (associated with the block of location B including location B1) is compared to address tag 40 (associated with target address 42). As shown at the top of FIG. 2, the address tag 40 may be determined as a function of selected bits of the target address itself. In particular, the address tag may be determined from bits within a portion of the target address that are not used to indicate a particular memory location to be selected as the addressing location 44. For example, in some architectures, the top portion of the bits of the target address may always have some fixed value, such as a sign extension (all 0's or all 1's), so the address tag 40 may be used to tag the address by overwriting such unused bits with any tag value. For example, a particular address tag value may be selected by a programmer or compiler. The address and protection tags 32 may be a relatively small number of bits, such as 4 bits, and therefore need not occupy much space in memory and in the target address. Providing a tag space of 4 bits, i.e., 16 possible tag values, is generally sufficient to detect many common types of memory access errors.

Thus, when performing tag-protected memory accesses, load/store unit 15 compares address tag 40 and protection tag 32, and protection tag 32 is associated with block 30, which includes addressed location 44, and determines whether they match. Load/store unit 15 generates a match indication indicating whether address tag 40 and protection tag 32 match. For example, the match indication may be a fault signal 60, which is generated if there is a mismatch between the address tag 40 and the protection tag 32, or an indication placed in a status register indicating whether there is a match, or an entry added to the error report indicating the address at which the error was detected and/or the instruction address of the instruction that triggered the error.

According to the method described herein, configuration control information is provided for each of a plurality of different memory regions, where each memory region includes a plurality of blocks illustrated in fig. 2. The memory regions may take various forms, but in one exemplary arrangement each memory region comprises a memory page, where each memory page will comprise a plurality of blocks illustrated in fig. 2. This is illustrated schematically in fig. 3, where the individual blocks referred to in fig. 2 are referred to in fig. 3 as granules 100, with each granule having a protection tag associated therewith. As previously described with respect to fig. 2, a memory area 105 may be provided for storing the protection tag.

In addition, however, as illustrated in FIG. 3, groups of granules 100 form corresponding pages in memory, and a page tag 110 is provided in association with each page. For purposes of the exemplary implementations described herein, each memory region having associated configuration control information is assumed to be a page, and thus the associated configuration control information is referred to herein as a page tag. A region of memory 120 may be provided for storing page tags. The previous discussion of how to store the protection tag in memory applies equally to the page tag 110, and thus these may be stored in architecturally accessible memory locations within the physical address space, or in additional storage locations provided in architecturally inaccessible memory (not mapped to the same physical address space). In the latter case, the tag cache 19 may be extended to cache page tags, or alternatively a separate cache structure may be provided. In one particular embodiment discussed later herein, multiple page tags are actually cached within entries of the TLB22, which provides a particularly efficient mechanism for caching page tag information.

Various forms of configuration control information may be stored within individual page tags. The information stored herein is used to control how tag-protected memory access operations are performed by load/store unit 15. FIG. 4 illustrates a page tag 110 in one particular exemplary form.

As illustrated in fig. 4, a number of different fields are provided. In particular, a match all mode field 130 is provided, a precise tag check mode field 135 is provided, the same tag mode field 140 is provided, and additionally a page protection tag field 145 is provided for storing a page protection tag (also referred to herein as a memory region protection tag). The manner in which tag-protected memory access operations are controlled in accordance with which of such different fields are set will now be discussed in more detail with reference to fig. 5-7.

FIG. 5 indicates how tag protected memory access operations are altered depending on whether the same tag mode is set within field 140. At step 150, the memory page associated with the target address of the access request is identified, and at step 155, the page tag referencing the memory page. This may involve the following steps: the page tag is fetched from memory in a cache structure provided for caching the page tag, such as tag cache 19 or TLB22, or the associated page tag is retrieved from memory without caching the associated page tag within the system.

At step 160, a determination is made as to whether the same tag mode is set in the page tag, and if not, the process simply proceeds to step 165, where a default tag protected memory access check is performed to compare the address tag of the target address with the protection tag of the associated granule.

However, if the same tag mode is set, then the process proceeds to step 170, where a modified tag protected memory access check is performed. In particular, rather than using the protection tag of the associated granule, the page protection tag in field 145 is used and the address tag of the target address is checked against the page protection tag accordingly to detect if there is a match. Subsequently, the actions taken upon matching are the same as previously discussed with reference to FIG. 2 when discussing comparisons to individual protection tags.

FIG. 6 illustrates the steps performed to implement a tag protected memory access operation depending on whether all modes are set to match. Steps 200 and 205 correspond to steps 150 and 155 of fig. 5. At step 210, a determination is made as to whether all of the modes are set in field 130 of page tag 110 and if not, the process proceeds to step 215 where a default tag protected memory access check is performed.

If, however, the settings match all of the patterns, then the process proceeds to step 220 where it is determined whether the address tag of the target address has a predetermined value. The predetermined value may take various forms, but in one exemplary arrangement the predetermined value is a zero value of the address tag. If the address tag has a value other than the predetermined value, the process proceeds to step 215 where a default tag protected memory access check is performed. If, however, the address tag has a predetermined value, the process instead proceeds to step 225, which indicates that a match has been detected without checking the protection tag of the associated granule.

FIG. 7 is a flow chart illustrating how a tag-protected memory access operation is performed with the precise tag mode set within field 135. Steps 250 and 255 correspond to steps 150 and 155 of fig. 5 discussed previously. At step 260, it is determined whether the precise tag check mode is set, and if not, a default tag protected memory access check is performed at step 265 asynchronously with the associated memory access. Thus, this means that regardless of the outcome of the check, the memory access continues and instead there is a delay in reporting any mismatch. This may be useful in the case where it is only desirable to generate reports of which access operations failed the check, but those accesses are not prevented from occurring. As previously described, a mismatch indication may be presented separately for each access that fails tag-protected memory access checking, or any mismatch indication presented may merely identify that one or more memory accesses have failed, and if necessary perform further investigation in an attempt to find more detail.

Conversely, however, if the precise tag check mode is set, then the process proceeds to step 270 where a default tag protected memory access check is performed, but memory accesses are delayed until the check results are available, so that if a mismatch is detected between the address tag and the protection tag, then access is prevented from being performed. Then in one exemplary implementation no access is performed and an exception is generated to trigger an exception handler at a higher exception level. It should be understood that the steps taken by the exception handler will depend on the implementation.

Although in the discussion of fig. 5-7 above, it is assumed that only one of the mode field 130, 135, 140 is set for any particular page tag, this is for ease of illustration only, and the different modes discussed with reference to fig. 5-7 may be set or cleared independently of each other in one embodiment. Thus, for example, when considering the match all check process of FIG. 6, if the process proceeded to step 215 but the same tag mode field was set, step 215 would actually perform a tag protected memory access check with reference to the page protection tag in field 145 instead of the granule protection tag. Furthermore, if the process proceeds to step 225 while the same tag mode field is set, then checking against the page protection tag is also skipped, thereby indicating a match as detectable without checking the address tag using the page protection tag. As another example, if the same tag mode field and exact tag check field are set, the page protection tag 145 will be used again instead of the protection tag of the granule when either step 265 or step 270 of FIG. 7 is performed.

As previously mentioned, in one exemplary embodiment the page tag may be cached within the TLB22 of the MMU 20 illustrated in FIG. 1. FIG. 8 illustrates an exemplary embodiment in which the TLB storage structure 280 of the TLB is extended to include additional fields. As illustrated in FIG. 8, a standard field 300, a standard field 305, a standard field 310 are provided for each entry within the TLB. As will be appreciated by those skilled in the art, field 300 is used to store a virtual address portion and field 305 is used to store a corresponding physical address portion, and if it is determined that the particular address index is an entry in the TLB, the virtual address may be translated to a physical address using the virtual-to-physical address map indicated by portions 300, 305. The field 310 is used to store various attributes of the memory page associated with the entry, such as whether accesses to the memory page are cacheable, bufferable, and the like.

As also illustrated in fig. 8, each entry in TLB store 280 may be extended to include two additional fields. The field 315 is used to store a page tag for the memory page associated with the entry, and a page tag valid field 320 may also be provided to identify whether the information stored in the page tag field 315 is invalid.

Fields 300, 305, 310 will be populated using a standard TLB update procedure, which typically involves a page table walk process that accesses one or more page tables stored in memory to retrieve the necessary address translation information. Hereinafter, the contents of the fields 300, 305, 310 are collectively referred to as address translation information. The field 315 will not be populated by a conventional page table walk process, but rather a separate access may be performed, such as when initially allocating an entry into a TLB, to retrieve the page tag of a memory-related page from memory, with the information populated in the field 315, followed by setting the page tag valid field 320.

Although the above method may be used where the memory pages associated with the page tag are physical pages, in alternative embodiments the memory pages associated with the page tag may also be virtual pages. In this case, the fields 315, 320 may be filled due to the standard page table walk process used to obtain the address translation information, since in this case the page tag information may be included within the page table information stored in memory and therefore will be retrieved as part of the page table walk process. In some cases, such as in smaller systems where the overall memory address space is relatively small, there may be an existing redundant space within the page table that can easily accommodate the page tag information. In this case, information may be retained within one of the system control registers 24 illustrated in FIG. 1 to identify which bits of address translation information retrieved from the page table provide the page tag information.

In one implementation based on virtual addresses, a separate page tag valid field 320 may not be needed because the page tag information is retrieved as part of a standard page table walk process, so a general valid flag for the entire entry may be used to indicate the validity of the address translation data, including the page tag information obtained from the page table walk process.

FIG. 9 is a block diagram illustrating components disposed within the TLB 350, according to an exemplary embodiment. The TLB 350 includes TLB storage 280, which may take the form discussed above with reference to FIG. 8. The TLB access control circuitry 355 is to perform access operations based on the specified virtual address to retrieve address translation information and thereby generate a corresponding physical address for the specified virtual address. As will be discussed later with reference to FIG. 11, page tag information for the associated memory region may also be provided at this point as output from the TLB.

Additionally, TLB maintenance circuitry 360 may be provided for performing TLB maintenance operations on the contents of the TLB storage 280. In addition to including standard TLB maintenance operations, the TLB maintenance circuitry 360 may include page tag update/refresh circuitry 365 responsive to page tag update/refresh operations for performing a sequence of steps, as will be discussed in greater detail below with reference to fig. 10. As illustrated in FIG. 10, at step 400, a TLB refresh page tags (TLBRPT) operation is identified, having an associated address or address range. The need for a TLBRPT operation may be identified in various ways. For example, an explicit instruction, referred to herein as a TLBRPT instruction, may be provided that provides a range of addresses/locations and, when executed, results in a refresh operation being performed. Alternatively, the TLB flush operation may be automatically triggered by another operation being performed. For example, an instruction may be provided for storing page tag information to memory, such an instruction referred to herein as an STPT instruction. When such an instruction is executed to update a page tag in memory, a refresh operation may be automatically invoked to try to refresh any cached copy of the relevant page tag.

Furthermore, although refresh operations may be performed directly in response to executing instructions at a particular exception level, in some embodiments, refresh operations may only be allowed to be performed at certain higher privilege levels, and thus execution of refresh operations may be simulated at a higher exception level rather than being performed as a result of executing instructions at a current lower exception level.

If desired, one of the system control registers 24 may be used to provide information identifying at which exception level such refresh operations may be performed. For example, such information may identify that a refresh operation cannot be performed at exception level 0, and any attempt to perform a refresh operation at exception level 0 should be intercepted to exception level 1. Alternatively, the control information may identify that a refresh operation may be performed at exception level 0, or a refresh operation may be performed on some pages at exception level 0, depending on the page attributes specified in the associated page table in memory. Whichever application is described above, it is assumed that the refresh operation is now being performed at step 400, either directly via execution of the appropriate instruction, or through emulation at a higher exception level.

At step 405, a TLB entry is identified that includes address translation information for an address range that matches address information associated with the TLBRPT operation. The TLBRPT operation may only identify a single page, in which case at most one TLB entry will need to be flushed, or alternatively identify multiple pages, so there may be multiple TLB entries that need to be flushed.

At step 410, it is determined whether the refresh operation is operating in an invalid mode, rather than in an update mode. If operating in the invalid mode, the process proceeds to step 415, where the page table valid flag 320 is cleared for each identified TLB entry. Thus, this indicates that the current content in the page tag field 315 is not valid, and therefore that the page tag information needs to be retrieved from memory if it needs to be used at the appropriate time.

However, if at step 410 it is determined that an update mode is being used, then the process proceeds to step 420, where the process retrieves the latest version of the relevant page or page tag from memory and updates the page tag information in each identified TLB entry. For each such entry, the PT valid flag is also set.

FIG. 11 is a flowchart illustrating operation of the TLB access control circuitry 355 of FIG. 9, according to an example embodiment. At step 450, an access operation to be performed is identified, the access operation specifying a target virtual address. In step 455, the virtual-to-physical address translation is performed using TLB access control circuitry 355 of TLB storage 280. If not detected in the TLB, this process would involve performing a page table walk process and then allocating entries in the TLB for relevant address translation information. Thus, it should be understood that when step 455 has been performed, an entry will be allocated in the TLB store, either because the entry already exists and a hit is detected, or because it is not detected, resulting in the entry being filled into the TLB store. The physical address determined at step 455 may then be returned to the load/store unit 15.

At step 460, it is determined whether the TLB entry for the address translation process has set the PT valid flag 320. The situation will be different if the page table entry happens to be filled in step 455 in order to service the access request. Additionally, it will be understood from the previous discussion that if the refresh operation was previously performed using the invalid operating mode, the PT valid flag may not be set, and thus step 415 of FIG. 10 may proceed.

If the TLB entry in question has set the PT valid flag, the process may simply proceed to step 470, where the page tag stored in the entry may be provided to the load/store unit for controlling tag-protected memory access checks on the target address of the access operation.

However, if the PT valid flag is not set in the associated entry, then in step 465, the page tag of the associated page is retrieved from memory and then stored in the field 315 of the associated TLB entry (with the PT valid flag then set). Thereafter, the process proceeds to step 470.

FIG. 12 is a flow chart illustrating how TLBRPT processing may be affected by information stored in system control registers 24. At step 500, it is determined whether a TLBRPT operation is required. If not, then at step 505, the relevant system control register is reviewed to determine if the contents of the system control register indicate that the execution of the TLBRPT operation at the current exception level is not permitted. If this is the case, then at step 510, an exception is triggered to cause the TLBRPT operation to be processed at a higher exception level.

However, if the system control register does not prevent the TLBRPT operation from being performed at the current exception level, then a check is made at step 515 whether the system control register contents indicate that the permissions depend on the page attributes in the page table. If not, then a refresh operation may be performed at the current exception level in step 520. However, the relevant page attributes identified by the system control register are additionally reviewed at step 525. This typically involves accessing the TLB in order to retrieve the relevant attributes. Thereafter, at step 530, it is determined whether the page attributes are of a form that allows a refresh operation to be performed at the current exception level. If so, the process proceeds to step 520, but otherwise proceeds to step 510.

In the embodiment using the same tag mode, the setting of the same tag mode can be used to additionally control other functions besides the tag-protected memory access operation. This is illustrated by way of example with reference to fig. 13A. At step 550, a determination is made as to whether an update to the protection tag of the selected granule has been requested. This may occur, for example, due to a store instruction being executed that seeks to update a particular protection tag in memory. If so, then at step 565, the associated memory page (i.e., the memory page that includes the selected granule) is identified, followed by a determination at step 570 whether the same tag mode is set for the corresponding page tag. If not, then at step 580, the protection tag may be updated for the selected granule in a standard manner. However, if the same tag mode is set, then at step 575, an exception may be generated to a higher exception level. At this point an exception handler may be executed, the form of which depends on the implementation.

FIG. 13B is a flow diagram illustrating a particular exemplary sequence that may be performed when seeking to update a protection tag of a selected granule. In particular, according to the method described in FIG. 13B, an attempt to update a protection tag for a particular granule may invoke a mechanism to switch from the same tag mode of operation to a default mode. The steps illustrated in FIG. 13B may be performed explicitly via execution of an instruction sequence, or may be performed implicitly, such as by taking exceptions when executing a store granule (STG) instruction, to simulate the required processing steps at higher exception levels.

When an update to the protection tag of the selected granule is detected at step 600, then at step 605 the memory page corresponding to the selected granule is identified and then a determination is made at step 610 as to whether the same tag mode is set. If not, the process may proceed directly to step 630, where the protection tag of the selected granule is updated to the value specified by the update mechanism used at step 600.

However, if the same tag mode is set, then at step 615, the page tag of the associated memory page is updated so that the same tag mode flag is changed to clear rather than set, and the updated page tag is then stored to memory. Thereafter, at step 620, a flush page tag operation is performed with respect to the associated entry in the TLB, since it is known that the previous page tag information is now invalid. As is apparent from the previous discussion of FIG. 10, this will result in either the page tag valid flag being cleared in the TLB entry, or the latest version of the page tag being retrieved from memory and stored into the TLB, this latest version indicating that the same tag mode is no longer set.

At step 625, for each granule of the memory page, the corresponding protection tag is updated to overwrite the protection tag information with the page protection tag information in the field 145 of the page tag. Thus, it can be seen that at this point the location is the same as when the same tag mode has still been set, but instead of the overall page protection tag being used, each of the individual protection tags associated with the intra-page zone have been updated to have the same value as the page protection tag.

Thereafter, at step 630, the protection tag of the selected granule specified by the update mechanism used by step 600 may be updated to the value specified by the update mechanism.

Thus, it should be understood that a protection tag update has been performed, but a byproduct of this process is that the same tag mode is not set for the page in question. Thus, subsequent tag-protected memory access operations will be performed with reference to the relevant granule protection tag.

FIG. 14 is a flow chart illustrating how the presence of the same tag pattern being set may affect read requests for protection tags for a selected granule. If a read request is detected at step 650, the read request being a protection tag seeking to read the selected granule from memory, then the corresponding memory page, i.e., the memory page containing the selected granule, is identified at step 655. Thereafter, at step 660, it is determined whether the same tag pattern is set within the page tag of the memory page. If not, the process proceeds to step 670, where the protection tag for the selected granule is read from memory in the usual manner.

If, however, the same tag mode is set, then the process proceeds to step 665 where the protection tag for the selected granule is not read, but rather the page protection tag for the memory page is returned. Thus, a read request results in the return of the page protection tag, rather than the current protection tag content of the selected granule.

FIG. 15 is a flow diagram illustrating how an STPT instruction may be processed at exception level 0(EL0) according to one exemplary arrangement. In particular, the STPT instruction is a particular form of store instruction for updating the contents of a page tag. When it is determined at step 700 that such a STPT instruction is to be executed at EL0, then one or more address translation factors are referenced at step 705 in order to determine whether execution of the STPT instruction can be performed at EL 0. Thus, it is determined that the STPT instruction may be executed at EL0 at step 710, then the process proceeds to step 715, where the STPT operation is performed. Otherwise, however, the process proceeds to step 720, where an exception is triggered to cause the STPT operation to be processed at a higher exception level.

Different examples of address translation factors may be considered at step 705. As one particular example, if the system supports the use of multiple virtual page sizes, and exposes the minimum virtual page size to exception level 0, the processing circuitry at exception level 0 may determine whether the STPT operation involves one or more minimum-sized virtual pages. If not, the STPT operation will not be performed at exception level 0, but will instead fall into exception level 1.

As another example, where a particular physical page may be mapped into several virtual pages, an implicit page sharing mechanism may be used so that different virtual addresses may be mapped to the same physical address. Where this would be transparent to the processing circuitry executing at exception level 0, and thus there is implicit page sharing, then an additional bit may be provided within the page tag information, which when set to indicate such, results in the interception to exception level 1 of any attempt to perform a STPT operation associated with the corresponding page.

FIG. 16 illustrates a simulator implementation that may be used. Although the previously described embodiments implement the present invention in terms of apparatus and methods for operating specific processing hardware that supports the related art, it is also possible to provide an instruction execution environment according to the embodiments described herein that is implemented via the use of a computer program. Such computer programs are often referred to as simulators as long as they provide a software-based implementation of the hardware architecture. Various simulator computer programs include simulators, virtual machines, models, and binary translators (including dynamic binary translators). In general, simulator embodiments may run on host processor 1130, optionally running host operating system 1120, supporting simulator program 1110. In some arrangements, there are multiple emulation layers between the hardware and the provided instruction execution environment and/or multiple different instruction execution environments provided on the same host processor. Historically, powerful processors have been required to provide simulator implementations that execute at reasonable speeds, but this approach may be reasonable in some cases, such as when it is desired that the native code of another processor be run for compatibility or reuse reasons. For example, simulator embodiments may provide an instruction execution environment with additional functionality not supported by the host processor hardware, or provide an instruction execution environment typically associated with a different hardware architecture. An overview of the Simulation is given in "Some architectural Simulation Techniques" written by Robert Bedichek at pages 53-63 of the "winter 1990USENIX conference".

Embodiments have been described previously with reference to specific hardware configurations or features, in an analog embodiment, equivalent functionality may be provided by appropriate software configurations or features. For example, certain circuitry may be implemented in analog embodiments as computer program logic. Likewise, memory hardware such as registers or caches may be implemented as software data results in analog embodiments. One or more of the hardware components referenced in the previously described embodiments reside in an arrangement on host hardware (e.g., host processor 1130) that some analog embodiments may utilize where appropriate.

The simulator 1110 may be stored on a computer-readable storage medium 1112 (which may be a non-transitory medium) and provides a program interface (instruction execution environment) to the same object code 1100 (which may include applications, operating systems, and hypervisors) as the application programming interface of the hardware architecture modeled by the simulator 1110. Thus, the program instructions of object code 1100 may be executed within an instruction execution environment using simulator 1110 so that host computer 1130, which does not actually have the hardware features of device 2 as described above, may simulate such features. For example, the simulation program 1110 may include memory access program logic 1114 for controlling access to memory by instructions of the object code 1100. For example, the memory access program logic 1114 may include instructions to perform a comparison of the protection tag and the address tag and report whether any mismatches have been detected between the protection tag and the address tag. In addition, the emulator 1110 may include a control tag data structure 1116 for storing configuration control information for each of a plurality of memory regions, the configuration control information for controlling how tag-protected memory access operations are performed when a target address is within the memory region.

In this application, the term "configured to" is used to mean that a component of a device has a configuration capable of performing a defined operation. In this context, "configuration" means an arrangement or manner of interconnection of hardware or software. For example, the device may have dedicated hardware that provides defined operations, or the processor or other processing components may be programmed to perform the functions. "configured to" does not imply that device components need to be changed in any way in order to provide the defined operation.

Although illustrative embodiments of the present invention have been described in detail herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments and that various changes, additions and modifications may be effected therein by one skilled in the art without departing from the scope and spirit of the invention as defined by the appended claims. For example, various combinations of the features of the dependent claims could be made with the features of the independent claims without departing from the scope of the present invention.