公开(公告)号：EP3800546A1

公开(公告)日：2021-04-07

申请号：EP20209381.1

申请日：2016-05-26

申请人： Intel Corporation

发明人： Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Sahita, Ravi L. ,  Huntley, Barry E. ,  Patel, Baiju V.

IPC分类号： G06F9/30 ,  G06F21/52 ,  G06F12/14

摘要： Embodiments of the subject disclosure provide a processor and a system. The processor comprises: a shadow stack pointer, SSP, register, the SSP register to store a first SSP to identify a top of a first currently active shadow stack; a decode unit to decode a shadow stack protection instruction, the shadow stack protection instruction to indicate a second SSP, the second SSP to identify a top of a second shadow stack that the shadow stack protection instruction is attempting to switch to; and an execution unit coupled with the decode unit. The execution unit, in response to the shadow stack protection instruction, is to: perform one or more security checks, including to determine whether the second SSP indicated by the shadow stack protection instruction matches an SSP stored on the second shadow stack; if at least one of the security checks fail: not store the second SSP to the SSP register; and cause an exception; and if all of the security checks succeed: compromise the SSP stored on the second shadow stack; and store the second SSP to the SSP register.

公开(公告)号：EP4439283A1

公开(公告)日：2024-10-02

申请号：EP23209505.9

申请日：2023-11-13

申请人： Intel Corporation

发明人： Subramaniam, Kameswar ,  Brandt, Jason W. ,  Neiger, Gilbert

IPC分类号： G06F9/30

CPC分类号： G06F9/30032 ,  G06F9/30018 ,  G06F9/30076 ,  G06F9/30072 ,  G06F9/30189

摘要： Techniques for allowing a control and/or status register to be read or written to in a user privilege level are described. An example of an instruction for user privilege read is to include one or more fields for an opcode, one or more fields for a source operand that is to store a control and/or status register address, and one or more fields for a destination register operand, wherein the opcode is to indicate that execution circuitry is to read data from the control and/or status register whose identity is stored in the source operand and write the data in the destination register operand responsive to access to the control and/or status register being allowed, wherein access to the control and/or status register is at least in part determined by data of an operating system controlled data structure indexed by the control and/or status register address.

公开(公告)号：EP4198716A1

公开(公告)日：2023-06-21

申请号：EP22206017.0

申请日：2022-11-08

申请人： Intel Corporation

发明人： LeMay, Michael ,  Brandt, Jason W.

IPC分类号： G06F9/30 ,  G06F9/35

摘要： Systems, methods, and apparatuses for implementing capabilities using narrow registers are described. In certain examples, a hardware processor core comprises a capability management circuit to check a capability for a memory access request, the capability comprising an address field, a validity field, and a bounds field that is to indicate a lower bound and an upper bound of an address space to which the capability authorizes access; a decoder circuit to decode a single instruction into a decoded single instruction, the single instruction comprising fields to indicate a memory address that stores the capability and a single destination register, and an opcode to indicate that an execution circuit is to load a first proper subset of the capability from the memory address into the single destination register and load a second proper subset of the capability from the memory address into an implicit second destination register; and the execution circuit to execute the decoded single instruction according to the opcode.

公开(公告)号：EP4020192A1

公开(公告)日：2022-06-29

申请号：EP21198783.9

申请日：2021-09-24

申请人： Intel Corporation

发明人： Rozas, Carlos ,  Liu, Fangfei ,  Zou, Xiang ,  McKeen, Francis ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Alameldeen, Alaa ,  Basak, Abhishek ,  Constable, Scott ,  Unterluggauer, Thomas ,  Mallick, Asit ,  Fernandez, Matthew

IPC分类号： G06F9/38 ,  G06F9/30

摘要： Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.

公开(公告)号：EP3958160A1

公开(公告)日：2022-02-23

申请号：EP21201854.3

申请日：2019-05-24

申请人： INTEL Corporation

发明人： LeMay, Michael ,  Durham, David M. ,  Kounavis, Michael E. ,  Huntley, Barry E. ,  Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Triplett, Josh ,  Neiger, Gilbert ,  Grewal, Karanvir ,  Patel, Baiju V. ,  Zhuang, Ye ,  Tsai, Jr-Shian ,  Sukhomlinov, Vadim ,  Sahita, Ravi ,  Zhang, Mingwei ,  Farwell, James C. ,  Das, Amitabh ,  Bhuyan, Krishna

IPC分类号： G06F21/74 ,  G06F12/14 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32 ,  G06F9/455 ,  G06F21/53

摘要： Disclosed embodiments relate to encoded inline capabilities. In one example, an apparatus comprises: a trusted execution environment to configure a plurality of compartments in an address space of memory, each compartment comprising a private memory and a pointer to an object in a shared heap of the plurality of compartments, wherein each compartment is isolated from other compartments, is unable to access the private memory of other compartments, and is unable to access any object in the shared heap that is solely assigned to another compartment; decode circuitry to decode a single instruction into a decoded single instruction, the single instruction comprising a pointer for a first compartment to a first object in the shared heap; and execution circuitry to execute the decoded single instruction to generate an encoded capability, based at least in part on the pointer to the first object, to allow access to the first object in the shared heap by a second compartment in response to the second compartment having the encoded capability.