公开(公告)号：US20190102321A1

公开(公告)日：2019-04-04

申请号：US15719977

申请日：2017-09-29

Applicant: INTEL CORPORATION

Inventor： ANNA TRIKALINOU

IPC: G06F12/14 ,  G06F12/1027 ,  G06F12/1009

Abstract: Various embodiments are generally directed to techniques for shared virtual memory (SVM) access protection, such as by performing a security check whenever a write request arrives from an SVM device, for instance. Some embodiments are particularly directed to an input/output memory management unit (IOMMU) that prevents an SVM device from modifying a code page with a memory transaction request by generating an access request fault and/or a translation completion with read-only access in response to the memory transaction request.

公开(公告)号：US20180285262A1

公开(公告)日：2018-10-04

申请号：US15476918

申请日：2017-03-31

Applicant: INTEL CORPORATION

Inventor： ANNA TRIKALINOU ,  RAJESH M. SANKARAN ,  STEPHEN JUNKINS

IPC: G06F12/084 ,  G06F12/14 ,  G06F12/1045 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/1072 ,  G06F12/02

Abstract: Various embodiments described herein include an input/output memory management unit (IOMMU) that can restrict write accesses originating from a shared virtual memory (SVM) device towards a CPU's code page, so that the SVM device cannot be used to attack and manipulate the CPU's behavior. In some embodiments, the IOMMU may perform a security check so that whenever a write request arrives from an SVM device, if the page requested is present and is executable, an access violation fault is generated and the request is terminated. In some such embodiments, this may prevent a malicious or vulnerable device from corrupting the CPU's process memory and causing an arbitrary code execution with the CPU process's privileges.