公开(公告)号：US20180181755A1

公开(公告)日：2018-06-28

申请号：US15391895

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Xiaoning LI ,  Ravi L. SAHITA ,  Barry E. HUNTLEY

IPC: G06F21/56 ,  G06F21/51 ,  G06F12/14

CPC classification number: G06F21/567 ,  G06F12/0875 ,  G06F21/51 ,  G06F21/566 ,  G06F2212/1052 ,  G06F2212/452 ,  G06F2221/034

Abstract: In an embodiment, a processor comprises Return Oriented Programming (ROP) logic to: detect a first branch event at a first point in time; determine whether the first branch event is indirect; in response to a determination that the first branch event is an indirect branch event, determine whether a memory location referenced by the indirect branch event is specified as read-only; and in response to a determination that the memory location referenced by the indirect branch event is specified as read-only, convert the first branch event to a direct branch event. Other embodiments are described and claimed.

公开(公告)号：US20210399882A1

公开(公告)日：2021-12-23

申请号：US17465311

申请日：2021-09-02

Applicant: Intel Corporation

Inventor： Ido OUZIEL ,  Arie AHARON ,  Dror CASPI ,  Baruch CHAIKIN ,  Jacob DOWECK ,  Gideon GERZON ,  Barry E. HUNTLEY ,  Francis X. MCKEEN ,  Gilbert NEIGER ,  Carlos V. ROZAS ,  Ravi L. SAHITA ,  Vedvyas SHANBHOGUE ,  Assaf ZALTSMAN

IPC: H04L9/08 ,  G06F9/455 ,  G06F12/1009 ,  G06F21/60 ,  G06F21/62

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

公开(公告)号：US20220027287A1

公开(公告)日：2022-01-27

申请号：US17496327

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： Ravi L. SAHITA ,  Gilbert NEIGER ,  Vedvyas SHANBHOGUE ,  David M. DURHAM ,  Andrew V. ANDERSON ,  David A. KOUFATY ,  Asit K. MALLICK ,  Arumugam THIYAGARAJAH ,  Barry E. HUNTLEY ,  Deepak K. GUPTA ,  Michael LEMAY ,  Joseph F. CIHULA ,  Baiju V. PATEL

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F9/455

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20160283160A1

公开(公告)日：2016-09-29

申请号：US14672020

申请日：2015-03-27

Applicant: INTEL CORPORATION

Inventor： Sanjeev N. TRIKA ,  Benjamin W. BOYER ,  Ravi L. SAHITA ,  Xiaoning LI ,  Faraz A. SIDDIQI

IPC: G06F3/06 ,  G06F12/14

CPC classification number: G06F3/0638 ,  G06F3/0604 ,  G06F3/0619 ,  G06F3/0632 ,  G06F3/064 ,  G06F3/0673 ,  G06F12/1466

Abstract: Provided are a method, system, and computer readable storage medium for managing access to a storage device. A logical-to-physical mapping indicates for each logical address a physical address in the storage device having current data for the logical address and version information indicating whether there is a prior version of data for the logical address. In response to the logical-to-physical mapping indicating that there is no prior version of the data for a target logical address of a write, including information on the target physical address and the physical address indicated in the logical-to-physical mapping in checkpoint information. The version information for the target logical address is updated to indicate that there is a prior version of data. Data for the write is written to a target physical address. The logical-to-physical mapping for the target logical address is updated to indicate the target physical address.

Abstract translation: 提供了一种用于管理对存储设备的访问的方法，系统和计算机可读存储介质。 逻辑到物理映射指示每个逻辑地址存储设备中具有用于逻辑地址的当前数据的物理地址和指示是否存在逻辑地址的先前版本的数据的版本信息。 响应于指示对于写入的目标逻辑地址没有先前版本的数据的逻辑到物理映射，包括关于目标物理地址和逻辑到物理映射中指示的物理地址的信息 检查点信息。 更新目标逻辑地址的版本信息以指示存在先前版本的数据。 写入数据将写入目标物理地址。 目标逻辑地址的逻辑到物理映射被更新以指示目标物理地址。