ALLPCB
1. Need for register write protection
In software–hardware interactions, a host typically writes to registers at specific addresses to instruct hardware to perform particular operations.
When using PCIe SR-IOV, a chip may be accessed by multiple hosts. Doorbell registers are often bound to a specific host; from a safety and isolation perspective, a doorbell should only be writable by its bound host, and writes from other hosts should not cause incorrect behavior.
Register write protection means that certain registers can be updated only by a designated host and cannot be updated by other hosts. These registers can be single registers or arrays implemented as RAM.
2. Hardware implementation of register write protection
In the design shown, multiple hosts are numbered as func_id with consecutive encodings. Multiple doorbells are implemented as a RAM (db_data_mem) whose address represents the func_id, binding each func_id to a specific doorbell entry.
The design uses three RAMs: db_id_func_mem, db_id2func_id_mem, and db_data_mem.
db_id_func_mem is a virtual RAM used by the configuration CSR logic to generate RAM write accesses. It is shown in the diagram to clarify the flow. Its address corresponds to func_id and its write data packet is {db_id, db_data}.
db_id2func_id_mem maps db_id to func_id: its address is db_id and its stored data is func_id. The contents of db_id2func_id_mem are configured by software ahead of time.
db_data_mem is the target RAM: its address corresponds to func_id and its data field stores db_data.
The configuration CSR write access signals to db_id_func_mem include wdata, wen, waddr, etc. Here wdata is {db_id, db_data} and waddr represents func_id.
A write to db_id_func_mem triggers a read from db_id2func_id_mem using db_id as the read address to obtain the expected func_id.
The write request signals, after timing alignment, compare the delayed write address (wr_addr_dly) with the func_id read from db_id2func_id_mem. If they match, the db_data is written into db_data_mem. If they do not match, db_data_mem is not written.
3. Why this design enforces write protection
Each host knows its own db_id and the doorbell address (func_id) that it should use, but it does not know other hosts' db_id values or doorbell addresses. When a host attempts to write a doorbell it must include its db_id in the write. The hardware matches the provided db_id with the stored func_id mapping and only allows the update if they match.
If the db_id does not match the func_id, the doorbell is not updated. Since other hosts do not know the mapping between a given doorbell address and the expected db_id, this significantly reduces the risk of accidental writes by other hosts.
