公开(公告)号：EP4145275A1

公开(公告)日：2023-03-08

申请号：EP22203480.3

申请日：2020-11-17

申请人： INTEL Corporation

发明人： Sahita, Ravi ,  Gupta, Deepak ,  Shanbhogue, Vedvyas ,  Hansen, David ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Zhang, Mingwei

IPC分类号： G06F9/30 ,  G06F9/355 ,  G06F9/38 ,  G06F12/02 ,  G06F12/14

摘要： Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：EP3885901A1

公开(公告)日：2021-09-29

申请号：EP20208101.4

申请日：2020-11-17

申请人： Intel Corporation

发明人： Sahita, Ravi ,  Gupta, Deepak ,  Shanbhogue, Vedvyas ,  Hansen, David ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Zhang, Mingwei

IPC分类号： G06F9/30 ,  G06F9/355 ,  G06F9/38 ,  G06F12/02 ,  G06F12/14

摘要： Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：EP3958160A1

公开(公告)日：2022-02-23

申请号：EP21201854.3

申请日：2019-05-24

申请人： INTEL Corporation

发明人： LeMay, Michael ,  Durham, David M. ,  Kounavis, Michael E. ,  Huntley, Barry E. ,  Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Triplett, Josh ,  Neiger, Gilbert ,  Grewal, Karanvir ,  Patel, Baiju V. ,  Zhuang, Ye ,  Tsai, Jr-Shian ,  Sukhomlinov, Vadim ,  Sahita, Ravi ,  Zhang, Mingwei ,  Farwell, James C. ,  Das, Amitabh ,  Bhuyan, Krishna

IPC分类号： G06F21/74 ,  G06F12/14 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32 ,  G06F9/455 ,  G06F21/53

摘要： Disclosed embodiments relate to encoded inline capabilities. In one example, an apparatus comprises: a trusted execution environment to configure a plurality of compartments in an address space of memory, each compartment comprising a private memory and a pointer to an object in a shared heap of the plurality of compartments, wherein each compartment is isolated from other compartments, is unable to access the private memory of other compartments, and is unable to access any object in the shared heap that is solely assigned to another compartment; decode circuitry to decode a single instruction into a decoded single instruction, the single instruction comprising a pointer for a first compartment to a first object in the shared heap; and execution circuitry to execute the decoded single instruction to generate an encoded capability, based at least in part on the pointer to the first object, to allow access to the first object in the shared heap by a second compartment in response to the second compartment having the encoded capability.