公开(公告)号：US20220027287A1

公开(公告)日：2022-01-27

申请号：US17496327

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： Ravi L. SAHITA ,  Gilbert NEIGER ,  Vedvyas SHANBHOGUE ,  David M. DURHAM ,  Andrew V. ANDERSON ,  David A. KOUFATY ,  Asit K. MALLICK ,  Arumugam THIYAGARAJAH ,  Barry E. HUNTLEY ,  Deepak K. GUPTA ,  Michael LEMAY ,  Joseph F. CIHULA ,  Baiju V. PATEL

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F9/455

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20210051149A1

公开(公告)日：2021-02-18

申请号：US17084406

申请日：2020-10-29

Applicant: Intel Corporation

Inventor： Barry E. HUNTLEY ,  Gilbert NEIGER ,  H. Peter ANVIN ,  Asit K. MALLICK ,  Adriaan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06 ,  G06F21/74

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

公开(公告)号：US20160191525A1

公开(公告)日：2016-06-30

申请号：US14582829

申请日：2014-12-24

Applicant: Intel Corporation

Inventor： Barry E. Huntley ,  Gilbert NEIGER ,  H P. ANVIN ,  Asit K. MALLICK ,  Arjan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F21/74 ,  H04L63/1433

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

Abstract translation: 公开了用于保护管理员模式信息的发明的实施例。 在一个实施例中，一种装置包括存储位置，指令硬件，执行硬件和控制逻辑。 存储位置是存储一个指示灯，以使能管理员模式信息保护。 指令硬件是接收访问主管模式信息的指令。 执行硬件是执行指令。 如果启用了管理员模式信息保护并且当前权限级别比管理员模式更低权限，则控制逻辑是防止执行指令。

公开(公告)号：US20210258311A1

公开(公告)日：2021-08-19

申请号：US17307992

申请日：2021-05-04

Applicant: Intel Corporation

Inventor： Barry E. HUNTLEY ,  Gilbert NEIGER ,  H. Peter ANVIN ,  Asit K. MALLICK ,  Adriaan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06 ,  G06F21/74

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

公开(公告)号：US20190089709A1

公开(公告)日：2019-03-21

申请号：US16194648

申请日：2018-11-19

Applicant: Intel Corporation

Inventor： Barry E. HUNTLEY ,  Gilbert NEIGER ,  H. Peter ANVIN ,  Asit K. MALLICK ,  Adriaan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06 ,  G06F21/74

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.