Nothing Special   »   [go: up one dir, main page]

CN117349197A - Memory management unit and memory access method - Google Patents

Memory management unit and memory access method Download PDF

Info

Publication number
CN117349197A
CN117349197A CN202210741005.4A CN202210741005A CN117349197A CN 117349197 A CN117349197 A CN 117349197A CN 202210741005 A CN202210741005 A CN 202210741005A CN 117349197 A CN117349197 A CN 117349197A
Authority
CN
China
Prior art keywords
access
address
memory
authority
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210741005.4A
Other languages
Chinese (zh)
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pingtouge Shanghai Semiconductor Co Ltd
Original Assignee
Pingtouge Shanghai Semiconductor Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pingtouge Shanghai Semiconductor Co Ltd filed Critical Pingtouge Shanghai Semiconductor Co Ltd
Priority to CN202210741005.4A priority Critical patent/CN117349197A/en
Publication of CN117349197A publication Critical patent/CN117349197A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a memory management unit and a memory access method. The memory management unit comprises an instruction acquisition circuit, a page table inquiry circuit and a memory access circuit. The instruction acquisition circuit acquires a memory management instruction configured for accessing the data stream, wherein the memory management instruction at least comprises virtual memory addresses distributed based on authority protection granularity. The page table acquisition circuit acquires an address translation table and an access authority table in parallel. The page table lookup circuit queries the access authority table and the address translation table in parallel based on the virtual memory address to determine the access authority attribute and the physical address of the virtual memory address. The memory access circuit performs memory access based on the access authority attribute of the virtual memory address and the physical address. In the scheme of the embodiment of the invention, the address translation table and the access authority table are two independent tables, and the corresponding management granularity is also independent, so that the delay of the translation process of the page table is reduced, and the memory access efficiency is improved.

Description

Memory management unit and memory access method
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a memory management unit and a memory access method.
Background
Virtual memory is a critical abstraction of any size in modern computer systems, whether personal terminals or large data centers. Virtual memory provides a programmer with memory space that is always large enough and linear to make programming easier. In addition, virtual memory enforces isolation between applications, allowing them to access only their own memory, thereby preventing applications from overwriting each other's content. In summary, virtual memory is a basic abstraction for programmability, code portability, and memory protection, a critical part of any modern computer system. Computer systems integrate hundreds of GB (gigabytes) of memory into several TBs (terabytes) of memory, while tightly integrated heterogeneous computing platforms (e.g., CPU, GPU, FPGA) are becoming more and more common. Since the trend of expanding Virtual Machines (VMs) of CPUs to all computing elements in a system to achieve an efficient and easy-to-use programming model is clear, the continuing need for faster memory access requires the rapid conversion of any computing element in the system to memory on the order of TB.
On the other hand, in order to improve the memory access efficiency and flexibility of the external device, the external device transmits a virtual memory address to a memory management unit such as an Input/output memory management unit (Input/output Memory Management Unit, IOMMU) or a system memory management unit (System Memory Management Unit, SMMU), and converts the virtual memory address into a physical memory address to perform memory access according to the physical memory address.
Virtualization techniques such as IO virtualization are not supported by the IOMMU/SMMU, enabling the SMMU/IOMMU in IOs may increase the overhead of accessing the data stream access latency. A page table structure is a data structure used by a page table that is capable of mapping multiple segments of smaller contiguous physical address space to a segment of larger contiguous virtual address space. The page table translation process of SMMU/IOMMU has become the bottleneck of IO performance, and accelerating the page table translation process can bring about performance improvement in the virtual scene.
As the memory capacity is larger, the number of page table structures increases, and accordingly, the delay of the page table translation process from the virtual address to the physical address increases, and the page table translation efficiency is lower, which results in lower memory access efficiency.
Disclosure of Invention
In view of the above, an embodiment of the present invention provides a memory management unit and a memory access method to at least partially solve the above-mentioned problems.
According to a first aspect of an embodiment of the present invention, there is provided a memory management unit, including: the instruction acquisition circuit acquires a memory management instruction configured for accessing the data stream, wherein the memory management instruction at least comprises a virtual memory address distributed based on authority protection granularity; a page table obtaining circuit, configured to obtain an address translation table and an access authority table in parallel according to the memory management instruction, wherein the address translation table is configured with an index from a virtual address to a physical address based on a query granularity, the access authority table is configured with an index of an access authority attribute based on the authority protection granularity, and the access authority attribute at least indicates at least one of authority and security attribute of read access or write access; the page table inquiry circuit is used for parallelly inquiring the access authority table and the address translation table based on the virtual memory address and determining the access authority attribute and the physical address of the virtual memory address; and the memory access circuit is used for performing memory access based on the access authority attribute and the physical address of the virtual memory address.
In another implementation of the present invention, the memory management instruction includes an identification of the access data stream, and the page table fetching circuitry is configured to: and obtaining an address translation table and an access authority table corresponding to the identification of the access data stream in parallel.
In another implementation of the present invention, the page table walk circuit is configured to: and acquiring an access authority table corresponding to the identification of the access data stream, and acquiring an address translation table corresponding to the identification of the data stream group in which the identification of the access data stream is located. And different data flow identifiers in the identification group of the access data flow share the address translation table, and the different data flow identifiers in the identification group of the access data flow correspond to different access authority tables.
In another implementation of the present invention, the memory access circuit is configured to: and performing authority verification on the access authority attribute of the virtual memory address, and performing memory access based on the physical address of the virtual memory address when the authority verification is passed.
In another implementation of the present invention, the memory access circuit is configured to: and inquiring the permission table based on the permission table configuration structure attribute of the access data stream, determining the corresponding read-write permission, judging whether the access permission attribute of the virtual memory address is matched with the target access permission attribute, and if so, checking the permission.
In another implementation of the present invention, the memory access circuit is further configured to: and when the permission verification is not passed, prohibiting the memory access of the memory management instruction.
In another implementation of the present invention, the access authority table includes respective page table levels, a first page table level of the respective page table levels is stored locally, and other page table levels are allocated in a memory space; the page table walk circuit is configured to: inquiring a first stage of a page table of the access authority table based on the virtual memory address; reading the other page table levels from the memory space based on the page table first level; and performing inquiry based on the other page table levels.
In another implementation of the present invention, the page table walk circuit is configured to: and acquiring a walking buffer or an authority searching buffer zone of the access authority table, wherein the walking buffer of the access authority table comprises a base address buffer of a target level page table in the process of searching the authority table, and the authority searching buffer zone corresponds to the identification of the access data stream and the access authority attribute of the virtual address space.
In another implementation manner of the present invention, the memory management unit further includes: and the table lookup control circuit searches the authority lookup buffer area according to the access data stream to obtain the access authority attribute of the access data stream, if the access authority attribute of the access data stream is not obtained in the lookup buffer area, executes authority table walk, directly accesses a next-stage page table of the authority table based on the base address of the target-stage page table in the walk buffer area, and accelerates the authority table walk process to obtain the authority attribute.
According to a second aspect of an embodiment of the present invention, there is provided an access method, including: acquiring a memory management instruction configured for accessing a data stream, wherein the memory management instruction at least comprises a virtual memory address distributed based on authority protection granularity; according to the memory management instruction, an address translation table and an access permission table are obtained in parallel, wherein the address translation table is configured with an index from a virtual address to a physical address based on query granularity, the access permission table is configured with an index of access permission attribute based on the right protection granularity, and the access permission attribute at least indicates at least one of permission and security attribute of read access or write access; based on the virtual memory address, the access authority table and the address translation table are queried in parallel, and the access authority attribute and the physical address of the virtual memory address are determined; and performing memory access based on the access authority attribute and the physical address of the virtual memory address.
According to a third aspect of an embodiment of the present invention, there is provided a memory access method, including: acquiring a memory management instruction configured for accessing a data stream, wherein the memory management instruction at least comprises a virtual memory address; determining access authority attribute and physical address of the virtual memory address; and performing authority verification on the access authority attribute of the virtual memory address, and performing memory access based on the physical address of the virtual memory address when the authority verification is passed.
According to a fourth aspect of an embodiment of the present invention, there is provided a memory access method. The memory access method comprises the following steps: acquiring a memory management instruction configured for an access data stream, wherein the memory management instruction at least comprises an identification of the access data stream; based on the identification of the access data stream, an access right table is obtained, and the access right table is configured with an index of access right attribute; and performing memory access based on the access authority attribute of the virtual memory address.
In another implementation manner of the present invention, the memory access method further includes: determining the identification of the data stream group where the access data stream is located; based on the identification of the data stream group, an address translation table is obtained, and the address translation table is configured with an index from a virtual address to a physical address; and inquiring the address translation table based on the identification of the data stream group to obtain a physical address. The performing memory access based on the access authority attribute of the virtual memory address includes: and performing memory access based on the access authority attribute of the virtual memory address and the physical address.
In the scheme of the embodiment of the invention, the address translation table is used for executing the index from the virtual address to the physical address based on the query granularity, the access authority table is used for executing the index of the access authority attribute based on the authority protection granularity, the address translation table and the access authority table are two independent tables, the corresponding management granularity is also independent, the larger query granularity can reduce the index depth of the address translation table, the access authority attribute at least indicates at least one of the authority and the security attribute of the read access or the write access, the smaller authority protection granularity can avoid the memory fragmentation problem caused by the memory super-division under the large query granularity, and the bit number of the memory fragmentation problem occupies less storage space compared with the preset bit number of the virtual address, thereby reducing the delay of the page table translation process and improving the memory access efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a schematic architecture diagram for an example external device for memory access.
Fig. 2A is a schematic block diagram of a memory access unit according to one embodiment of the present invention.
FIG. 2B is a schematic architecture diagram applicable to the memory access process of the embodiment of FIG. 2A.
FIG. 2C is a schematic diagram of a page table translation process of the embodiment of FIG. 2A.
Fig. 3A shows an example of a query procedure of the access right table of the embodiment of fig. 2A.
Fig. 3B illustrates another example of a query procedure of the access rights table of the embodiment of fig. 2A.
Fig. 3C illustrates another example of a query procedure of the access rights table of the embodiment of fig. 2A.
Fig. 3D illustrates another example of a query procedure of the access rights table of the embodiment of fig. 2A.
Fig. 3E shows another example of a query procedure of the access right table of the embodiment of fig. 2A.
Fig. 3F shows an example of a rights lookup buffer.
Fig. 4 is a flowchart illustrating steps of a memory access method according to another embodiment of the present invention.
FIG. 5A is a flowchart illustrating a memory access method according to another embodiment of the present invention.
FIG. 5B is a diagram illustrating a memory access process according to the embodiment of FIG. 5A.
FIG. 6A is a flowchart illustrating a memory access method according to another embodiment of the present invention.
Fig. 6B is a schematic diagram of a query procedure of the access right table in the embodiment of fig. 6A.
FIG. 6C is a diagram illustrating a lookup process of the address translation table of the embodiment of FIG. 6A.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood by those skilled in the art, the technical solutions in the embodiments of the present invention will be clearly and specifically described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, but not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the present invention, shall fall within the scope of protection of the embodiments of the present invention.
The implementation of the embodiments of the present invention will be further described below with reference to the accompanying drawings.
FIG. 1 is a schematic architecture diagram for an example external device for memory access. The architecture of fig. 1 includes a central processing unit (Central Processing Unit, CPU) 10, memory 12, external devices 13, and IOMMU 14, any two of which may communicate over an external bus 15. It should be understood that an External Bus (External Bus) is a concept corresponding to an internal Bus of a CPU, and is not limited to this naming method, and may be referred to as a system Bus or the like. External buses include, but are not limited to, I2C buses, ISA (Industry Standard Architecture) buses, PCI (Peripheral Component Interconnect) buses, PCI-Express buses, AGP (Accelerated Graphics Port) buses, and the like. The external bus 15 is not limited to one type of bus, but may be implemented using different types of buses, for example, different communicators of the above-described components may be arranged with various bus interfaces, and communicate using corresponding buses, for example, configured as Network-on-chip (NOC).
Furthermore, the CPU 110 is exemplarily shown to include the memory management unit MMU 11, but it should be understood that the MMU 11 may be configured outside the CPU and connected to the external bus 15. The Memory 12 may be implemented using a dynamic Random Access Memory (Dynamic Random Access Memory, DRAM) or a Static Random Access Memory (SRAM) storage medium. The IOMMU 14 shown in the figures is also exemplary, and in general, the memory management unit of the external device 13 itself may be of a different type for different CPU architectures, for example, SMMU in another example.
In addition, the external device may include a device with a special capability, such as a graphics card, a network card, or a driving device, or a device that cooperates with a memory to improve data processing efficiency, in an example, the external device needs to access data or instructions in the memory 12 by accessing a data stream, if the memory 12 is accessed by a physical memory address, a faster access speed can be obtained for one data, but the calculation manner of the physical memory address makes the requirement for dividing a storage area in the memory 12 stiffer, and the flexibility of memory access is poor.
In another example, the architecture of fig. 1 applies to a virtual machine scenario, where the virtual machine implements the running environment requirements of specific software through a virtual specific hardware environment, or implements protection of real hardware. At this time, if the external device 13 is used to access the memory by using the physical memory address, the configuration cost of the external device 13 is increased, and the flexibility is also poor.
The memory management unit such as the IOMMU 14 can flexibly configure the correspondence between the virtual memory address and the physical memory address by performing the translation between the virtual memory address and the physical memory address, and flexible access configuration is realized between various external devices 13 and various memories 12 without changing the addressing logic of the memories 12 and the access logic of the external devices 13, thereby improving the memory access efficiency of the external devices.
It should be understood that the number of external devices 13 may be one or more, and that a plurality of external devices may perform functions such as address conversion using one or more memory management units 14, preferably one external device corresponds to one memory management unit, or one memory management unit is used to perform address conversion based on respective address conversion correspondence relationships corresponding to the respective external devices.
With the increasing capacity of the access memory and the requirement of authority protection granularity, the number of stages of the page table structure is increased, each stage of address of the page table structure needs to be determined based on the last stage of address, the access authority attribute can be obtained after the last stage of address is indexed, in general, the index efficiency of the last stage of address is lower, and when the access authority attribute is not matched, the last stage of repackaging is required to be returned, so that the delay of the page table translation process from the virtual address to the physical address is increased, and the page table translation efficiency is lower.
For example, the current page table of the 48-bit address system is a 4-level page table, and then evolves to a 5-level page table, in order to reduce the number of levels of the radix tree structure of the page table, a large page table is often a better scheme, but based on the current page table structure, the large page table can bring about excessive allocation of memory, and for this reason, the current management software often does not adopt the large page table, so that the number of levels of the data structure of the page table is still more, and further, the time delay of the lookup table is not reduced.
The current table lookup buffer (Table Lookup Buffer, TLB) is critical to the performance improvement of the table lookup, but the current TLB has a very limited memory access (memory reach) relative to a large increase in memory capacity due to the increase in the number of page tables and the defect of large page tables, and thus, address translation has become a critical factor in the access memory path.
To this end, embodiments of the present invention provide a memory management unit, such as an MMU, SMMU, or IOMMU. As shown in FIG. 2A, the memory management unit includes instruction fetch circuitry 210, page table fetch circuitry 220, page table walk circuitry 230, and memory access circuitry 240.
Turning now to fig. 2B, an exemplary architecture for the memory access unit of fig. 1 is depicted, with CPU 10, including external devices such as SMMU or IOMMU 14, coupled to memory controller 108 via network-on-chip 1500, memory controller 108 being configured to control memory 106, for example, memory 106 may be a system memory (e.g., dynamic Random Access Memory (DRAM)). Memory controller 108 may be included, for example, to manage memory access requests, such as read access requests or write access requests, between CPU 10 and memory 106. CPU 10 may include one or more processor cores, e.g., processor cores 0 through N, where N is a positive integer, e.g., each of the plurality of processor cores has an instance of the circuitry, etc., depicted and/or discussed with reference to 112. In one example, the memory controller 108 is to provide (e.g., fill) data (e.g., cache lines) for misses in the cache(s) (e.g., misses in the L3 or other Last Level Cache (LLC) 110 of the processor 102). The core 112 includes a first level cache (level one (L1)) 116 (e.g., a data cache (Dcache)), and a second level (L2) or intermediate level cache (MLC) 118. In some embodiments, the L1, L2/MLC 118 is managed by its cache controller circuitry to cache data (e.g., and/or instructions) according to, for example, specified cache coherency. In some examples, data (e.g., and/or instructions) stored within the various processor caches are managed at a granularity that may be a fixed size (e.g., 64-bit, 128-bit, 512-bit, etc. length) cache line. That is, each processor core may have an instruction processing unit 111, an MMU 11, a cache L1 and a cache L2 provided therein, and it should be understood that the SMMU or IOMMU 14 or MMU 11 described above may be examples of the memory management unit of fig. 1.
Further, the instruction fetch circuit 210 fetches a memory management instruction configured for the access data stream, where the memory management instruction includes at least a virtual memory address allocated based on the authority protection granularity.
The page table acquisition circuit 220 acquires the address translation table and the access authority table in parallel according to the memory management instruction. In one example, the address translation table may be configured for a group of processes, referred to as a group address translation table (Goup Translation Table, GTT). The access rights table may be configured for a particular process and is referred to as a data stream rights table (Stream Permission Table, SPT). The authority protection granularity of the access authority table (or referred to as the memory allocation granularity) can be matched with 4KB, 16KB, 32KB, 64KB, 2MB and the like, the query granularity of the address translation table can be matched with 4KB, 16KB, 32KB, 64KB, 2MB and the like, and the authority protection granularity of the access authority table can be smaller than the query granularity of the address translation table for the same access instruction, so that the memory access efficiency is improved.
It should be appreciated that the granularity of a walk (granularity) or authority protection (granularity) herein indicates a partition or management scale of a memory space, and that the memory space within the same granularity is not further partitioned when performing memory allocation, and accordingly, the walk granularity corresponds to a minimum address mapping range of the last page table when performing address translation.
It should be appreciated that, as one example, the address translation table and the access authority table described above may be stored in the cache L1 and the cache L2, the address translation table being configured with an index of virtual addresses to physical addresses based on query granularity, the access authority table being configured with an index of access authority attributes based on authority protection granularity, the access authority attributes indicating at least one of authority and security attributes of read access or write access.
It should also be appreciated that the data structures of the address translation table and the access rights table may or may not be identical. For example, the address translation table and the access authority table may be configured based on a Radix Tree (Radix Tree). For example, in IOMMU/SMMU, the last page table of the data structure of the address translation table does not require permission information.
It should also be appreciated that in the IOMMU/SMMU, an access authority table (Stream Permission Table) Entry (SPT Entry, SPTE) may be established for the identification stream ID of the access data stream, the request ID in the PCIe system consisting of bus number, device number and function number. Based on this entry, a configuration of the corresponding access rights table may be obtained, including but not limited to: the authority protection granularity (granularity) of the access authority table, whether it is two-stage (two-stage) translation based on the access authority table and the address translation table, the start base address of the access authority table, and the like.
It should be appreciated that the access rights attribute may indicate the rights of read access or write access, read only access, write only access, read write access, and the like. For example, the access authority attribute is expressed based on 2 bits (bits), for example, 2 bits represent read and write, respectively. The access rights attribute may also indicate a security attribute, which may also be represented within 2 bits.
The page table walk circuit 230 walks up the access authority table and the address translation table in parallel based on the virtual memory address, determining the access authority attribute and the physical address of the virtual memory address.
The memory access circuit 240 performs memory access based on the access authority attribute of the virtual memory address and the physical address.
It should be appreciated that memory 106 may be accessed when the permission verification of the access permission attribute is passed, and memory 106 may be disabled when the permission verification is not passed. The permission check may include at least one of a read-write access check and a security check.
In one example, read-write access verification may be performed first, and upon passing of the read-write access verification, security verification based on security attributes may be performed, and upon passing of the security verification, access to memory 106 may be performed. Accordingly, the bits representing the read-write access may be high order bits representing the security attribute.
In another example, the security check may be performed first, and the read-write access check may be performed when the security check passes, and the access to the memory 106 may be performed when the read-write access check passes. Accordingly, the bits representing the security attributes may be high order bits representing the read and write access.
Further, when the read-write access check fails or the security check fails, access to the memory 106 is prohibited.
In the scheme of the embodiment of the invention, the address translation table is used for executing the index from the virtual address to the physical address based on the query granularity, the access authority table is used for executing the index of the access authority attribute based on the authority protection granularity, the address translation table and the access authority table are two independent tables, the corresponding management granularity is also independent, the larger query granularity can reduce the index depth of the address translation table, the access authority attribute at least indicates at least one of the authority and the security attribute of the read access or the write access, the smaller authority protection granularity can avoid the memory fragmentation problem caused by the memory super-division under the large query granularity, and the bit number of the memory fragmentation problem occupies less storage space compared with the preset bit number of the virtual address, thereby reducing the delay of the page table translation process and improving the memory access efficiency.
The page table translation process of the embodiment of FIG. 2A will be described in connection with FIG. 2C. As shown, the processes are processed in the identifier mapping 21 module based on the identifier of the accessing data stream (i.e., the data stream identifier), resulting in an identifier of the process group to which the process accessing the data stream belongs, i.e., the identifier of the data stream group. Then, in parallel, the address translation table 22 is acquired based on the identification of the process group, and the access authority table 23 is acquired based on the identification of the access data stream.
Further, the identification of the access data stream may be obtained from a memory management instruction, where the memory management instruction further includes a virtual memory address, where the virtual memory address is processed by the access authority table 23 and the access authority table 23 to obtain a final page table and a target access authority attribute of the virtual address, and then the final page table and the target access authority attribute of the virtual address are input into the comprehensive lookup 24 module to obtain a physical memory address.
In one example, the MMU 11 may include a lookup control circuit 130, a permission lookup buffer (Permission Lookup Buffer, PLB) 132, a TLB 134, and a miss processing circuit 104 therein, for example, when a virtual address in a write access request is hit in the PLB 132 or TLB 134 (e.g., there is a valid mapping for the input virtual address), the physical address cached in the PLB 132 or TLB 134 is read directly through the lookup control circuit 130, and when the virtual address in the write access request is not hit in the PLB 132 or TLB 134 (e.g., there is no valid mapping for the input virtual address), the address translation table and access permission table stored in the cache L1 or cache L2 are queried by the miss processing circuit 104, respectively, based on the query result.
In another example, the SMMU or IOMMU 14 provided in the external device includes a lookup control circuit 140 for querying the PLB 142 or TLB 144 based on the IO access instruction of the external device, i.e., querying the PLB 142 or TLB 144 according to the virtual address in the IO access instruction. Similarly to the case of the MMU, when the virtual address in the IO access instruction is not hit in the PLB 142 or the TLB 144, the address translation table and the access authority table are respectively queried by the miss processing circuit 152 or 154, and stored in the PLB 132 or the TLB 134 based on the query result.
In other words, once the physical address of the data access request is determined, it is used to access the data, e.g., a hit occurs to the cache when it is determined that the cache includes a copy of the data of the physical address. In addition, one or more TLBs or PLBs are updated with virtual-to-physical address mappings of the completed lookup table.
In addition, page table walk circuit 230 obtains the PLB of the access permission table, i.e., the permission walk buffer. The rights lookup buffer corresponds to an identification of the access data stream and an access rights attribute of the virtual address space. The page table walk circuit 230 may also obtain a walk cache of the access permission table, where the walk cache includes a base address cache for the target page table during the permission table walk.
In addition, the memory management unit further includes: a look-up table control circuit, such as look-up table control circuit 130 or 140. The lookup table control circuit looks up the buffer area according to the access data stream, and obtains the access authority attribute of the access data stream, if the access authority attribute of the access data stream is not obtained in the lookup buffer area, the authority table walk is executed, the next-stage page table of the authority table is directly accessed based on the base address of the target-stage page table in the walk buffer area, the authority table walk process is accelerated, and the authority attribute is obtained.
In other examples, the memory management instruction includes an identification of an access data stream, the page table fetch circuitry to: the address translation table and the access permission table corresponding to the identification of the access data stream are obtained in parallel, and the identification of the access data stream is associated with the address translation table and the access permission table, so that the obtaining efficiency of the address translation table and the access permission table is improved, for example, the address translation table and the access permission table can be preconfigured based on the access data stream, and the identification of the access data stream is associated with the address translation table and the access permission table.
In other examples, the page table walk circuitry is to: and acquiring an access authority table corresponding to the identification of the access data stream, and acquiring an address translation table corresponding to the identification of the data stream group in which the identification of the access data stream is located. Different data stream identifiers in the identification group of the access data stream identify the shared address translation table, and different data stream identifiers in the identification group of the access data stream correspond to different access authority tables.
It should be understood that the address translation table established for the Group of data streams is independent of the access authority table established for the data streams, and the address translation table may be marked with the identification (Group ID) of the Group of data streams, the access authority table may be marked with the identification (Stream ID) of the data streams, in other words, the data streams may be marked with the identification of the data streams and the identification of the Group of data streams in which the data streams are located. The identification of each data stream and the identification of each data stream group can be based on mapping of a hash algorithm or linear mapping based on other algorithms, namely, the identification of the data stream group is indexed based on the identification of the data stream. Accordingly, the access permission table may be indexed based on the identification of the data stream, then the corresponding permission attribute based on the virtual address, and the address translation table may be indexed based on the identification of the data stream group, then the corresponding physical address based on the virtual address. The data structure of the address translation table may be different from or the same as the data structure of the access authority table. In one particular example, the identity of the data stream may be configured to be the same as the identity of the data stream group to be compatible with conventional address translation tables.
In addition, the access rights table or the address translation table may be invalidated. For a change in the access space of a data stream corresponding to a particular process, system software (installed in memory, capable of invoking an interface of an operating system installed to memory) may be able to invalidate the associated entry of the access permission table belonging to the identity of the data stream without invalidating the associated entry of the corresponding address translation table, so that other processes are not affected by any.
That is, the system software may flexibly manage the memory address space according to the access authority table and the address translation table. For example, the system software establishes an address mapping table for a plurality of processes (users), and the corresponding address space is a large continuous block of address space (which is not required to be used by other users), and the granularity of address query is large. But the identification of different data streams establishes an independent authority table, and the authority protection granularity of each access authority table is smaller, so that the fine granularity access authority of a section of large continuous address space is accurately controlled, on one hand, the number of base tree stages of the address translation table is reduced, and further, the number of times of table turning is reduced, and the memory range of the TLB corresponding to the address translation table in the technology of the invention can be more easily configured and larger than that of the TLB corresponding to the small granularity of the page table in the prior art. On the other hand, the access authority table controls the access authority of the address space in a finer granularity mode, so that the space can be efficiently utilized, and memory fragmentation finally caused by excessive memory allocation is avoided.
It should be appreciated that the index address translation table and the access authority table may be performed independently, and the index address translation table may precede the index access authority table, or the index access authority table may precede the index address translation table, or the index authority table and the index address translation table may be indexed at the same time.
For example, the memory access circuit 240 performs a permission check on the access permission attribute of the virtual memory address, and performs memory access based on the physical address of the virtual memory address when the permission check passes. For another example, the memory access circuit 240 configures a structure attribute based on a permission table of the access data stream, queries the permission table, determines the corresponding read-write permission, and determines whether the access permission attribute of the virtual memory address matches the target access permission attribute, and if so, the permission check passes. For another example, the memory access circuit 240 disables memory access by the memory management instruction when the permission check fails.
In this example, the re-indexing of the access permission attribute does not excessively reduce the index efficiency even if the permission check is not passed, because the access permission attribute indicates at least one of the permission and security attributes of the read access or the write access, the number of bits of which occupies less memory space than the preset number of bits of the virtual address, thereby ensuring the index efficiency.
In other examples, the access permission table includes respective page table levels, a first page table level in the respective page table levels being stored locally, and other page table levels being allocated in memory space.
The page table walk circuit 230 walks up the page table head of the access authority table based on the virtual memory address, reads other page table levels from the memory space based on the page table head, and walks up based on the other page table levels.
Furthermore, in each stage of page tables, the index may be based on a corresponding number of valid index bits. An example of indexing based on the number of valid index bits will be described below in connection with fig. 3A-3E, with fig. 3A and 3B being two examples of a query procedure of the access authority table of the embodiment of fig. 2A, respectively.
In fig. 3A, the system is a 48-bit address system, in this example, the access permission table is divided into four levels of page tables. The access rights table has a rights protection granularity of 4KB, in other examples, the rights protection granularity may be 16KB, 64KB, 2MB, etc. Each stage page table of the access authority table of this example is allocated 4KB, each entry is 8B, in other examples, each stage page table is allocated 8KB, 16KB, 32KB, etc.
Specifically, the first-stage page table corresponds to 44-47 bits, the second-stage page table corresponds to 35-44 (9) bits, the third-stage page table corresponds to 26-35 (9) bits, and the fourth-stage page table (final page table) corresponds to 12-26 bits. Wherein, bits 0-11 correspond to the authority protection granularity of 4KB of the access authority table, and the access authority attribute is allocated with 2 bits for representing the authority of read access or write access, so that every 8 bits correspond to the attribute of 4KB (4K bytes) spaces, thereby being capable of covering 4KB spaces. The two-level page table and the three-level page table are allocated 4KB, i.e., 2 12 B, each entry is 8B (2 3 B) As a bit number difference between the allocated index bit number and the effective index bit number, therefore, the second-level page table and the third-level page table correspond to 2, respectively 9 B。
The table lookup process of the access authority table will be specifically described with reference to fig. 3A, and the table lookup process of fig. 3B to 3F and the table lookup process type of fig. 3A will not be described herein.
When the virtual address in the memory management instruction misses the PLB, a first-stage page table to directory pointer is selected for the address in the 44-47 bit section by bit shifting of the linear address on the basis of the base address. Accordingly, a virtual address is returned that is queried to the directory pointer.
Then, based on the virtual address of the returned directory pointer, a second-level page table such as the directory pointer is selected to a third-level page table such as the directory by shifting bits of the linear address for the address in the 35-44 bit section, where the 44-47 bit section has the same value, respectively. Accordingly, the virtual address of the target is returned.
Then, based on the virtual address of the returned directory, a three-level page table such as a directory is selected by shifting bits of the linear address to a three-level page table such as an authority table entry for a 26-35 bit region, where the 35-47 bit region has the same value. Accordingly, the virtual address of the entry of the claim table is returned.
Then, based on the virtual address of the returned authority table entry, a three-level page table to address offset, such as an authority table entry, is selected by bit shifting of the linear address for the address of the 12-26 bit segment region, where the 26-47 bit segment region has the same value. Accordingly, returning the offset virtual address, the bits 0-11 correspond to the permission attribute corresponding to the offset address of the access permission table.
Alternatively, in fig. 3B, the system is a 48-bit address system. It should be appreciated that in this example, the access rights table is divided into three levels of page tables. The access rights table has a rights protection granularity of 2MB, and in other examples, the rights protection granularity may be 4KB, 16KB, 64KB, etc. Each stage page table of the access authority table of this example is allocated 4KB, each entry is 8B, in other examples, each stage page table is allocated 8KB, 16KB, 32KB, etc.
Specifically, the first stage page table corresponds to 44-47 bits, the second stage page table corresponds to 35-44 (9) bits, and the third stage page table (last stage page table) corresponds to 21-35 (14) bits. The 0-20 bits correspond to the authority protection granularity of 2MB of the access authority table, the access authority attribute is allocated with 2 bits for representing the authority of the read access or the write access, and the address corresponding to the authority of the read access or the write access is added, so that each 8 bits corresponds to the attribute of the space of 4 2MB (2M bytes), thereby covering the space of 4 2 MB. The second level page table is allocated 4KB, i.e. 2 12 B, each entry is 8B (2 3 B) 3B is the bit number difference between the allocated index bit number and the valid index bit number, and therefore the second page table corresponds to 2 9 B。
Alternatively, in fig. 3C, the system is a 48-bit address system. It should be appreciated that in this example, the access rights table is divided into four levels of page tables. The access rights table has a rights protection granularity of 16KB, in other examples, the rights protection granularity may be 4KB, 64KB, 2MB, etc. Each stage page table of the access authority table of this example is allocated 4KB, each entry is 8B, in other examples, each stage page table is allocated 8KB, 16KB, 32KB, etc.
Specifically, the first-stage page table corresponds to 46-47 bits, the second-stage page table corresponds to 37-46 (9) bits, the third-stage page table corresponds to 28-37 (9) bits, and the fourth-stage page table (final page table) corresponds to 14-28 bits. Wherein, bits 0-14 correspond to the authority protection granularity 16KB of the access authority table, and the access authority attribute is allocated with 2 bits for representing the authority of read access or write access, so that every 8 bits correspond to the attribute of 4 spaces of 16KB (16K bytes), thereby being capable of covering 4 spaces of 16 KB. The two-level page table and the three-level page table are allocated 4KB, i.e., 2 12 B, each entry is 8B (2 3 B) As a bit number difference between the allocated index bit number and the effective index bit number, therefore, the second-level page table and the third-level page table correspond to 2, respectively 9 B。
Alternatively, in fig. 3D, the system is a 48-bit address system. It should be appreciated that in this example, the access rights table is divided into three levels of page tables. The access rights table has a rights protection granularity of 4KB, in other examples, the rights protection granularity may be 16KB, 64KB, 2MB, etc. Each stage page table of the access authority table of this example is allocated 4KB, each entry is 8B, in other examples, each stage page table is allocated 8KB, 16KB, 32KB, etc.
Specifically, the first-level page table corresponds to 39-47 (8) bits, the second-level page table corresponds to 30-39 (9) bits, and the third-level page table (last-level page table) corresponds to 12-30 (18) bits. The 0-12 bits correspond to the authority protection granularity of 4KB of the access authority table, the access authority attribute is allocated with 2 bits (bits) for representing the authority of read access or write access, so that each 8 bits correspond to the attribute of the 4KB (4K bytes) space, thereby covering the 4KB space, and the combined page tables of other stages are added to obtain the 12-29 (18) bits corresponding to the access authority attribute in the first-stage page table of the example. The second level page table is allocated 4KB, i.e. 2 12 B, each entry is 8B (2 3 B) Thus, the second page table corresponds to 2 9 B。
Further, in fig. 3E, the second stage page table entry adds offset (offset) information, and the last stage page table is not required to allocate all memory space, only a part of memory space is required to be allocated to build the last stage page table, so that the overhead of the memory is reduced.
Further, in some examples, to determine the access rights attribute of the virtual memory address, a walk cache or rights lookup buffer (Permission Lookup Buffer, PLB) of the access rights table may be obtained. Here, the walking buffer of the access authority table includes a base address buffer of a target page table in the authority table lookup process, and the authority lookup buffer corresponds to an identification of an access data stream and an access authority attribute of a virtual address space.
In one example, an access permission table is adopted to realize a permission table walking cache (walk cache) and a Permission Lookup Buffer (PLB), so that the purpose of accelerating the permission information lookup process is achieved. In the memory access method, the access authority attribute of the corresponding data stream can be directly searched in the authority search buffer, and as the number of storage bits required by each entry in the data structure of the authority search buffer is less, for example, a plurality of bits, a storage unit with one bit can store a plurality of access authority attributes for continuously protecting the granularity size space, compared with the entry of the current address translation table search buffer (Table Lookup Buffer, TLB), the required storage space is greatly reduced, and therefore, the memory range of the PLB is more easily configured larger relative to the TLB, and thus, compared with the prior art that only the TLB and the page table granularity cannot be randomly configured to be large, the memory range of the PLB can be more efficiently searched.
Further, the buffer area is searched according to the access data stream searching authority, and the access authority attribute of the access data stream is obtained. If the access authority attribute of the access data stream is not obtained in the lookup buffer, the authority table walk is executed, and the next stage page table of the authority table is directly accessed based on the base address of the target stage page table in the walk buffer, so that the walk length is reduced, and the lookup of the authority table is accelerated.
In other examples, the access permission table includes respective page table levels, with a first or intermediate page table level of the respective page table levels stored locally and other page table levels allocated in memory space. Querying an access permission table based on the virtual memory address, comprising: inquiring a first stage of a page table of an access authority table based on the virtual memory address; reading other page table levels from the memory space based on the page table first level; queries are based on other page table levels.
It should be appreciated that the first page table stage of the data structure of the access permission table occupies less memory space, and after being cached locally, the first page table stage can be directly and quickly read from the local in the process of searching, i.e. the memory access of the page table can be directly skipped, thereby reducing the searching delay.
As an example of querying the access rights table based on the virtual memory address, a walking buffer or a person rights lookup buffer of the access rights table may be obtained. It should be appreciated that the base address of the target page table during the lookup of the permission table is stored in a walking cache of the access permission table, and the permission lookup buffer corresponds to the identity of the access data stream and the access permission attribute of the virtual address space. In other words, if the access right attribute of the virtual address space is determined in the right lookup buffer, the access right attribute is directly read. If the access right attribute of the access data stream is not obtained in the search buffer area, the relevant information is determined in the walking buffer area for calculation, and the access right attribute is obtained.
Specifically, the buffer area can be searched according to the access data flow, the access authority attribute of the access data flow is obtained, if the access authority attribute of the access data flow is not obtained in the search buffer area, the walking of the authority table is executed, the next-stage page table of the authority table is directly accessed based on the base address of the target-stage page table in the walking buffer area, so that the walking length is reduced, and the search of the authority table is accelerated.
As an example, the privilege table encoding= (virtual address-base address)/privilege protection granularity, as shown in fig. 3F, the base address of the virtual memory address space covered by the current privilege lookup buffer may be searched according to the virtual address carried by the access data stream, and the privilege table encoding may be determined in combination with the privilege protection granularity, and then an index instruction may be generated based on the privilege table encoding to index into the access privilege attribute in the privilege lookup buffer.
Fig. 4 is a flowchart illustrating steps of a memory access method according to an embodiment of the present invention. The memory access method of the present embodiment may be performed by a memory management unit, including but not limited to SMMU, IOMMU, MMU, etc.
The memory access method of the embodiment comprises the following steps:
s410: and acquiring a memory management instruction configured for the access data stream, wherein the memory management instruction at least comprises virtual memory addresses distributed based on authority protection granularity.
S420: and according to the memory management instruction, the address translation table and the access permission table are obtained in parallel, wherein the address translation table is configured with an index from a virtual address to a physical address based on query granularity, the access permission table is configured with an index of access permission attribute based on permission protection granularity, and the access permission attribute at least indicates at least one of permission and security attribute of read access or write access.
S430: and based on the virtual memory address, the access authority table and the address translation table are queried in parallel, and the access authority attribute and the physical address of the virtual memory address are determined.
S440: and performing memory access based on the access authority attribute and the physical address of the virtual memory address.
In the scheme of the embodiment of the invention, the address translation table is used for executing the index from the virtual address to the physical address based on the query granularity, the access authority table is used for executing the index of the access authority attribute based on the authority protection granularity, the address translation table and the access authority table are two independent tables, the corresponding management granularity is also independent, the larger query granularity can reduce the index depth of the address translation table, the access authority attribute at least indicates at least one of the authority and the security attribute of the read access or the write access, and the bit number of the access authority attribute occupies less storage space compared with the preset bit number of the virtual address, thereby reducing the delay of the page table translation process and improving the memory access efficiency.
As another embodiment of the present invention, fig. 5A shows a memory access method according to another embodiment of the present invention. The memory access method may include:
s510: and acquiring a memory management instruction configured for accessing the data stream, wherein the memory management instruction at least comprises a virtual memory address.
S520: and determining the access authority attribute and the physical address of the virtual memory address.
S530: and performing authority verification on the access authority attribute of the virtual memory address, and performing memory access based on the physical address of the virtual memory address when the authority verification is passed.
It should be appreciated that the memory may be accessed when the permission check of the access permission attribute passes, and the memory may be disabled when the permission check fails. The permission check may include at least one of a read-write access check and a security check. In one example, the read-write access check may be performed first, and when the read-write access check passes, then the security check based on the security attribute is performed, and when the security check passes, the access to the memory is performed. Accordingly, the bit representing the read-write access may be at the high order of the bit representing the security attribute. In another example, the security check may be performed first, and the read-write access check may be performed when the security check passes, and the memory access may be performed when the read-write access check passes. Accordingly, the bits representing the security attribute may be high order bits representing the read-write access. Further, when the read-write access check fails or the security check fails, the access of the memory is forbidden.
Further, as shown in fig. 5B, the IOMMU or SMMU obtains the data flow identification, and accordingly, determines the data flow identification based on the data flow identification. Accordingly, the address translation table is queried based on the data stream group identification, and after the query response is obtained, the physical address is obtained. In parallel, the access rights table is queried based on the data stream identification, and access rights attributes are obtained after the query response is obtained. And then, performing permission verification based on the access permission attribute, executing memory access when the permission verification is passed, and prohibiting the memory access when the permission verification is not passed.
Alternatively, the query of the address translation table, i.e., the query of the physical address, may be started after the permission verification is performed, reducing the waste of query resources when the permission verification is not passed.
As another embodiment of the present invention, fig. 6A shows a memory access method according to another embodiment of the present invention. The memory access method comprises the following steps:
s610: and acquiring a memory management instruction configured for the access data stream, wherein the memory management instruction at least comprises an identification of the access data stream.
S620: based on the identification of the access data stream, an access right table is obtained, and the access right table is configured with an index of access right attribute.
S630: and performing memory access based on the access authority attribute of the virtual memory address.
It should be understood that the address translation table established for the Group of data streams is independent of the access authority table established for the data streams, and the address translation table may be marked with the identification (Group ID) of the Group of data streams, the access authority table may be marked with the identification (Stream ID) of the data streams, in other words, the data streams may be marked with the identification of the data streams and the identification of the Group of data streams in which the data streams are located. The identification of each data stream and the identification of each data stream group can be based on mapping of a hash algorithm or linear mapping based on other algorithms, namely, the identification of the data stream group is indexed based on the identification of the data stream.
In one example, as shown in FIG. 6B, an access rights table is obtained based on a data stream identification (i.e., an identification of an access data stream), and the access rights table is queried for access rights attributes.
In other examples, as shown in fig. 6C, in the memory access method, an identifier of a data stream group where the access data stream is located may be determined, an address translation table is obtained based on the identifier of the data stream group, and then the address translation table is queried based on the identifier of the data stream group to obtain the physical address. It should be appreciated that the address translation table is configured with virtual to physical address indices. Accordingly, as an example of performing memory access based on the access right attribute of the virtual memory address, memory access may be performed based on the access right attribute of the virtual memory address and the physical address.
Accordingly, the access permission table may be indexed based on the identification of the data stream, then the corresponding permission attribute based on the virtual address, and the address translation table may be indexed based on the identification of the data stream group, then the corresponding physical address based on the virtual address. The data structure of the address translation table may be different from or the same as the data structure of the access authority table. In one specific example, the identity of the data stream may be configured to be the same as the identity of the data stream group to accommodate a conventional address translation table.
It should also be appreciated that the explanation of the steps and operations in the memory access method of fig. 4-6C is consistent with the examples of fig. 2A-2C, and will not be repeated here.
In some examples, the memory management instructions include an identification of the access data stream. As an example of acquiring the address translation table and the access right table in parallel, the address translation table and the access right table corresponding to the identification of the access data stream may be acquired in parallel. The identification of the access data stream is associated with the address translation table and the access permission table, which is beneficial to improving the acquisition efficiency of the address translation table and the access permission table, for example, the address translation table and the access permission table can be configured in advance based on the access data stream, and the identification of the access data stream is associated with the address translation table and the access permission table.
In other examples, as an example of memory access, the access authority attribute of the virtual memory location may be subjected to authority verification, and when the authority verification passes, the memory access is performed based on the physical address of the virtual memory address. Further, the structure attribute may be configured based on the authority table of the access data stream, the authority table may be queried, the corresponding read-write authority may be determined, then, whether the access authority attribute of the virtual memory address matches with the target access authority attribute may be determined, if so, the authority check is passed, and if not, the authority check is not passed, and the memory access of the memory management instruction may be prohibited.
The memory access method of the present embodiment corresponds to the corresponding embodiment of the memory management unit, and has similar beneficial effects, and will not be described herein. In addition, the functional implementation of each module in the apparatus of this embodiment may refer to the description of the corresponding portion in the foregoing method embodiment, which is not repeated herein.
It should be noted that, according to implementation requirements, each component/step described in the embodiments of the present invention may be split into more components/steps, or two or more components/steps or part of operations of the components/steps may be combined into new components/steps, so as to achieve the objects of the embodiments of the present invention.
The above-described methods according to embodiments of the present invention may be implemented in hardware, firmware, or as software or computer code storable in a recording medium such as a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or as computer code originally stored in a remote recording medium or a non-transitory machine-readable medium that is downloaded through a network and which is to be stored in a local recording medium, so that the methods described herein may be processed by such software on a recording medium using a general purpose computer, a special purpose processor, or programmable or dedicated hardware such as an ASIC or FPGA. It is understood that a computer, processor, microprocessor controller, or programmable hardware includes a storage component (e.g., RAM, ROM, flash memory, etc.) that can store or receive software or computer code that, when accessed and executed by a computer, processor, or hardware, performs the methods described herein. Furthermore, when a general purpose computer accesses code for implementing the methods illustrated herein, execution of the code converts the general purpose computer into a special purpose computer for performing the methods illustrated herein.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present invention.
The above embodiments are only for illustrating the embodiments of the present invention, but not for limiting the embodiments of the present invention, and various changes and modifications may be made by one skilled in the relevant art without departing from the spirit and scope of the embodiments of the present invention, so that all equivalent technical solutions also fall within the scope of the embodiments of the present invention, and the scope of the embodiments of the present invention is defined by the claims.

Claims (13)

1. A memory management unit comprising:
the instruction acquisition circuit acquires a memory management instruction configured for accessing the data stream, wherein the memory management instruction at least comprises a virtual memory address distributed based on authority protection granularity;
A page table obtaining circuit, configured to obtain an address translation table and an access authority table in parallel according to the memory management instruction, wherein the address translation table is configured with an index from a virtual address to a physical address based on a query granularity, the access authority table is configured with an index of an access authority attribute based on the authority protection granularity, and the access authority attribute at least indicates at least one of authority and security attribute of read access or write access;
the page table inquiry circuit is used for parallelly inquiring the access authority table and the address translation table based on the virtual memory address and determining the access authority attribute and the physical address of the virtual memory address;
and the memory access circuit is used for performing memory access based on the access authority attribute and the physical address of the virtual memory address.
2. The method of claim 1, wherein the memory management instruction includes an identification of the access data stream, the page table fetch circuitry to: and obtaining an address translation table and an access authority table corresponding to the identification of the access data stream in parallel.
3. The method of claim 2, wherein the page table walk circuit is to: acquiring an access authority table corresponding to the identification of the access data stream, and acquiring an address translation table corresponding to the identification of the data stream group in which the identification of the access data stream is located;
And the address translation table is shared by different data flow identifiers in the identification group of the access data flow, and the different data flow identifiers in the identification group of the access data flow correspond to different access authority tables.
4. The method of claim 1, wherein the memory access circuit is to: and performing authority verification on the access authority attribute of the virtual memory address, and performing memory access based on the physical address of the virtual memory address when the authority verification is passed.
5. The method of claim 4, wherein the memory access circuit is to: and inquiring the permission table based on the permission table configuration structure attribute of the access data stream, determining the corresponding read-write permission, judging whether the access permission attribute of the virtual memory address is matched with the target access permission attribute, and if so, checking the permission.
6. The method of claim 5, wherein the memory access circuitry is further to: and when the permission verification is not passed, prohibiting the memory access of the memory management instruction.
7. The method of claim 1, wherein the access rights table includes respective page table levels, a first page table of the respective page table levels being stored locally, other page table levels being allocated in memory space;
The page table walk circuit is configured to:
inquiring a first stage of a page table of the access authority table based on the virtual memory address;
reading the other page table levels from the memory space based on the page table first level;
and performing inquiry based on the other page table levels.
8. The method of claim 1, wherein the page table walk circuit is to:
and acquiring a walking buffer or an authority searching buffer zone of the access authority table, wherein the walking buffer of the access authority table comprises a base address buffer of a target level page table in the process of searching the authority table, and the authority searching buffer zone corresponds to the identification of the access data stream and the access authority attribute of the virtual address space.
9. The method of claim 8, wherein the memory management unit further comprises: and the table lookup control circuit searches the authority lookup buffer area according to the access data stream to obtain the access authority attribute of the access data stream, if the access authority attribute of the access data stream is not obtained in the lookup buffer area, executes authority table walk, directly accesses a next-stage page table of the authority table based on the base address of the target-stage page table in the walk buffer area, accelerates the authority table walk process and obtains the authority attribute.
10. A memory access method comprising:
acquiring a memory management instruction configured for accessing a data stream, wherein the memory management instruction at least comprises a virtual memory address distributed based on authority protection granularity;
according to the memory management instruction, an address translation table and an access authority table are obtained in parallel, wherein the address translation table is configured with an index from a virtual address to a physical address based on query granularity, the access authority table is configured with an index of access authority attribute based on the authority protection granularity, and the access authority attribute at least indicates at least one of authority and security attribute of read access or write access;
based on the virtual memory address, the access authority table and the address translation table are queried in parallel, and the access authority attribute and the physical address of the virtual memory address are determined;
and performing memory access based on the access authority attribute and the physical address of the virtual memory address.
11. A memory access method comprising:
acquiring a memory management instruction configured for accessing a data stream, wherein the memory management instruction at least comprises a virtual memory address;
determining access authority attribute and physical address of the virtual memory address;
And performing authority verification on the access authority attribute of the virtual memory address, and performing memory access based on the physical address of the virtual memory address when the authority verification is passed.
12. A memory access method comprising:
acquiring a memory management instruction configured for an access data stream, wherein the memory management instruction at least comprises an identification of the access data stream;
based on the identification of the access data stream, an access right table is obtained, and the access right table is configured with an index of access right attribute;
and performing memory access based on the access authority attribute of the virtual memory address.
13. The method of claim 12, wherein the method further comprises:
determining the identification of the data stream group in which the access data stream is located;
based on the identification of the data stream group, an address translation table is obtained, and the address translation table is configured with an index from a virtual address to a physical address;
inquiring the address translation table based on the identification of the data stream group to obtain a physical address;
the performing memory access based on the access authority attribute of the virtual memory address includes:
and performing memory access based on the access authority attribute of the virtual memory address and the physical address.
CN202210741005.4A 2022-06-28 2022-06-28 Memory management unit and memory access method Pending CN117349197A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210741005.4A CN117349197A (en) 2022-06-28 2022-06-28 Memory management unit and memory access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210741005.4A CN117349197A (en) 2022-06-28 2022-06-28 Memory management unit and memory access method

Publications (1)

Publication Number Publication Date
CN117349197A true CN117349197A (en) 2024-01-05

Family

ID=89359965

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210741005.4A Pending CN117349197A (en) 2022-06-28 2022-06-28 Memory management unit and memory access method

Country Status (1)

Country Link
CN (1) CN117349197A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117851291A (en) * 2024-03-07 2024-04-09 北京象帝先计算技术有限公司 Memory access system, electronic component and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117851291A (en) * 2024-03-07 2024-04-09 北京象帝先计算技术有限公司 Memory access system, electronic component and electronic equipment

Similar Documents

Publication Publication Date Title
CN110998549B (en) Address translation cache
KR102317332B1 (en) Invalidating stored address translations
CN107562515B (en) Method for managing memory in virtualization technology
JP5628404B2 (en) Cache memory attribute indicator with cached memory data
KR101614865B1 (en) I/o memory management unit including multilevel address translation for i/o and computation offload
KR101575827B1 (en) Iommu using two-level address translation for i/o and computation offload devices on a peripheral interconnect
US7917725B2 (en) Processing system implementing variable page size memory organization using a multiple page per entry translation lookaside buffer
US10191853B2 (en) Apparatus and method for maintaining address translation data within an address translation cache
US10037283B2 (en) Updating least-recently-used data for greater persistence of higher generality cache entries
US10997078B2 (en) Method, apparatus, and non-transitory readable medium for accessing non-volatile memory
US6073226A (en) System and method for minimizing page tables in virtual memory systems
US11803482B2 (en) Process dedicated in-memory translation lookaside buffers (TLBs) (mTLBs) for augmenting memory management unit (MMU) TLB for translating virtual addresses (VAs) to physical addresses (PAs) in a processor-based system
CN107870867B (en) Method and device for 32-bit CPU to access memory space larger than 4GB
CN115292214A (en) Page table prediction method, memory access operation method, electronic device and electronic equipment
CN110046107B (en) Memory address translation apparatus and method
CN109983538B (en) Memory address translation
CN117349197A (en) Memory management unit and memory access method
US10366008B2 (en) Tag and data organization in large memory caches
JP2007280421A (en) Data processor
JPH07281947A (en) Converter for input-output address
US20200097415A1 (en) Arithmetic processor, information processing device and control method of arithmetic processor
CN116249972A (en) Memory protection method and protection agent control device
WO2023064609A1 (en) Translation tagging for address translation caching
WO2023064590A1 (en) Software indirection level for address translation sharing
JP2019096307A (en) Data storage for plural data types

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination