Search

US-20260127117-A1 - IDENTIFYING A SOURCE OF A FUNCTION CALL AND INHERITING ACCESS PERMISSION

US20260127117A1US 20260127117 A1US20260127117 A1US 20260127117A1US-20260127117-A1

Abstract

Systems and methods provide for inherited access permissions, thereby facilitating read and write access by called contexts. Hardware logic may enforce access permissions in the system. When a processor core executes code associated with a first context, the processor core generates a first hardware signal identifying the first context. The processor core may then switch from the first context to the second context due to the first context calling the second context. The processor core may then generate a second hardware signal identifying the calling (first) context, and then the first hardware signal identifies the called (second) context. The hardware logic that enforces the access permissions may then determine that the second context is being called and that the second context includes either direct access permissions or inherited access permissions associated with the calling (first) context.

Inventors

  • David P. Foley
  • Venkatesh Natarajan

Assignees

  • TEXAS INSTRUMENTS INCORPORATED

Dates

Publication Date
20260507
Application Date
20251230

Claims (20)

  1. 1 . An apparatus, comprising: a processing unit configured to execute instructions from a plurality of execution contexts, wherein the plurality of execution contexts includes a calling execution context calls an instruction in an active execution context; a memory having a plurality of memory regions; configuration registers and fetch zone decoder a calling context register configured to store an identifier of the calling execution context; and a security control unit comprising: a direct permission register array configured to store access permissions for each of the plurality of execution contexts with respect to each of the plurality of memory regions; and an inherited permission register array configured to store inherited access capability indicators for each of the plurality of execution contexts, wherein the security control unit is configured to: receive a memory access request from the processing unit, the memory access request specifying a target memory region and an identifier of the active execution context; determine that the active execution context lacks access permission to the target memory region based on the direct permission register array; determine that the active execution context has inherited access capability based on the inherited permission register array; retrieve the identifier of the calling execution context from the calling context register; verify that the calling execution context has access permission to the target memory region based on the direct permission register array; and authorize the memory access request to the active execution context based on the verification.
  2. 2 . The apparatus of claim 1 , wherein the processing unit is further configured to: execute a function call instruction that transfers control from a first execution context to a second execution context; and update the calling context register with an identifier of the first execution context upon execution of the function call instruction.
  3. 3 . The apparatus of claim 1 , further comprising: a return context register configured to store an identifier of a returning execution context, wherein the processing unit is configured to update the return context register upon completion of function execution and return of control to a previously executing context.
  4. 4 . The apparatus of claim 3 , wherein the processing unit is configured to execute code that reads contents of the return context register to verify proper return paths during function execution.
  5. 5 . The apparatus of claim 1 , wherein: the plurality of execution contexts comprises at least a first application context, a second application context, and a shared library context; and the shared library context is configured with inherited access capability but no direct access permissions to any of the plurality of memory regions.
  6. 6 . The apparatus of claim 5 , wherein: the first application context has access permission to a first subset of the plurality of memory regions; the second application context has access permission to a second subset of the plurality of memory regions; and the first subset and the second subset are mutually exclusive.
  7. 7 . The apparatus of claim 1 , wherein the security control unit is further configured to: deny the memory access request based on determining when the active execution context lacks both access permission and inherited access capability; and deny the memory access request based on determining the active execution context has inherited access capability but the calling execution context lacks access permission to the target memory region.
  8. 8 . The apparatus of claim 1 , further comprising: a configuration registers and fetch zone decoder configured to: associate each execution context with a respective address range in the memory; and determine an execution context identifier based on an instruction fetch address provided by the processing unit.
  9. 9 . The apparatus of claim 8 , wherein the configuration registers and fetch decoder is further configured to: associate each execution context with a stack identifier; and associate each execution context with a zone identifier, wherein different zone identifiers correspond to different security levels including manufacturer-only access, trusted partner access, and third-party developer access.
  10. 10 . The apparatus of claim 1 , wherein the security control unit operates entirely through hardware logic without requiring software or firmware intervention for permission determinations.
  11. 11 . A method, comprising: executing, by a processing unit, instructions from a plurality of execution contexts, wherein the plurality of execution contexts includes a calling execution context that calls an instruction in an active execution context; storing, by a calling context register, an identifier of the calling execution context; storing, by in a direct permission register array, access permissions for each of the plurality of execution contexts with respect to each of a plurality of memory regions; storing, by an inherited permission register array, inherited access capability indicators for each of the plurality of execution contexts; receiving, by a security control unit, a memory access request from the processing unit, the memory access request specifying a target memory region and an identifier of the active execution context; determining, by the security control unit, that the active execution context lacks access permission to the target memory region based on the direct permission register array; determining, by the security control unit, that the active execution context has inherited access capability based on the inherited permission register array; retrieving, by the security control unit, the identifier of the calling execution context from the calling context register; verifying, by the security control unit, that the calling execution context has access permission to the target memory region based on the direct permission register array; and authorizing, by the security control unit, the memory access request to the active execution context based on the verification.
  12. 12 . The method of claim 11 , further comprising: executing a function call instruction that transfers control from a first execution context to a second execution context; and updating the calling context register with an identifier of the first execution context upon execution of the function call instruction.
  13. 13 . The method of claim 11 , further comprising: storing an identifier of a returning execution context in a return context register; and updating the return context register upon completion of function execution and return of control to a previously executing context.
  14. 14 . The method of claim 13 , further comprising: executing code that reads contents of the return context register to verify proper return paths during function execution.
  15. 15 . The method of claim 11 , wherein: the plurality of execution contexts comprises at least a first application context, a second application context, and a shared library context; and the shared library context is configured with inherited access capability but no direct access permissions to any of the plurality of memory regions.
  16. 16 . The method of claim 15 , wherein: the first application context has access permission to a first subset of the plurality of memory regions; the second application context has access permission to a second subset of the plurality of memory regions; and the first subset and the second subset are mutually exclusive.
  17. 17 . The method of claim 11 , further comprising: denying the memory access request based on determining when the active execution context lacks both access permission and inherited access capability; and denying the memory access request based on determining the active execution context has inherited access capability but the calling execution context lacks access permission to the target memory region.
  18. 18 . The method of claim 11 , further comprising: associating each execution context with a respective address range in memory; and determining an execution context identifier based on an instruction fetch address provided by the processing unit.
  19. 19 . The method of claim 18 , further comprising: associating each execution context with a stack identifier; and associating each execution context with a zone identifier, wherein different zone identifiers correspond to different security levels including manufacturer-only access, trusted partner access, and third-party developer access.
  20. 20 . The method of claim 11 , wherein determining access permissions and authorizing memory access requests is performed entirely through hardware logic without requiring software or firmware intervention for permission determinations.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of and claims priority to U.S. Patent Application No. 18/637,758, filed April 17, 2024, which claims the benefit of United States Provisional Application 63/532,092, filed August 11, 2023, each of which is hereby incorporated by reference in its entirety. TECHNICAL FIELD The present application is related, generally, to read operations and write operations directed to memory and, more specifically, to enforcing access permissions of the memory based on context identity. BACKGROUND Embedded code may be separated into different contexts, where access permissions of each context to memory regions may differ. For instance, code may be split into a first context for the main application, a second context for a communication protocols stack, and a third context for library functions that may be called throughout the application by multiple contexts. The access permissions may allow the first context to access a first memory region but not a second memory region and may allow the second context to access the second memory region but not the first memory region. In one example, if the third context is allowed to access both the first memory region and the second memory region, then that may set up a situation in which access permissions may be worked around. For instance, the first context may be able to call the third context to read or write to the second memory region. There is a need in the art for more robust access permission enforcement. SUMMARY In one embodiment, an apparatus includes: a processor core; hardware logic coupled to the processor core; memory coupled to the hardware logic and having a plurality of memory regions; and a first register configured to identify a direct access permission of a first memory region of the memory and a second register configured to identify an inherited access permission of the first memory region; wherein the hardware logic is configured to: receive a memory access request from the processor core, wherein the memory access request corresponds to the first memory region; receive, from the processor core, an identifier of a first context associated with the memory access request; determine whether the identifier of the first context matches information in the second register; receive a hardware signal from the processor core, the hardware signal including an identifier of a second context; in response to determining that the identifier of the first context corresponds to the information in the second register, determine whether the identifier of the second context corresponds to information in the first register; and allow the memory access request to proceed based on determining whether the identifier of the second context corresponds to the information in the first register. In another embodiment, a method is performed by hardware logic, and the method includes: receiving a memory access request from a processing unit, wherein the memory access request is directed to a first memory region; receiving a first hardware signal identifying a first context associated with the memory access request; determining whether the first context has an inherited access permission for the first memory region; receiving an identifier of a calling context from a second hardware signal from the processing unit; determining whether the calling context has direct access permission to the first memory region, based at least in part upon the first context having the inherited access permission; and determining whether to allow or deny the memory access request based at least in part on whether the calling context has direct access permission to the first memory region. In yet another embodiment, an apparatus includes: a first register configured to indicate direct access permission with respect to a plurality of contexts and a plurality of memory regions; a second register configured to indicate inherited access permission with respect to the plurality of memory regions; hardware logic configured to enforce access to the plurality of memory regions, wherein the hardware logic is further configured to: receive an access request for a first memory region of the plurality of memory regions and an identifier of a first context associated with the access request; determine whether the first context has inherited access permission for the first memory region, including checking the identifier of the first context against information in the second register; in response to determining that the first context has inherited access permission for the first memory region, determine whether an identifier of a second context, received via a hardware signal from a processor core, has direct access permission to the first memory region; and determine whether to allow or deny the access request based at least in part on whether the identifier of the second context has direct access permission to the first memory region. BRIEF DESCRIPTIO