-
1.发明授权Generating multiple address space identifiers per virtual machine to switch between protected micro-contexts 失效为每个虚拟机生成多个地址空间标识符,以便在受保护的微上下文之间切换公开(公告)号:US08316211B2
公开(公告)日:2012-11-20
申请号:US12165640
申请日:2008-06-30
IPC分类号: G06F12/00
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, an apparatus includes privileged mode logic, an interface, and memory management logic. The privileged mode logic is to transfer control of the processor among a plurality of virtual machines. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, determination logic, and a translation lookaside buffer. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage. The translation lookaside buffer is to store translations. Each translation lookaside buffer entry includes an address source identifiers. Each address source identifier is to identify a unique micro-context. Each address source identifier is based on a virtual partition identifier. At least two of the of virtual partition identifiers are associated with one of the virtual machines.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,装置包括特权模式逻辑,接口和存储器管理逻辑。 特权模式逻辑是在多个虚拟机之间传送处理器的控制。 该接口是执行一个事务来从内存中获取信息。 存储器管理逻辑将非翻译地址转换为存储器地址。 存储器管理逻辑包括存储位置,一系列翻译级,确定逻辑和翻译后备缓冲器。 存储位置是存储用于第一翻译阶段的数据结构的地址。 每个翻译阶段包括翻译逻辑,以基于未翻译地址的一部分在数据结构中找到条目。 每个条目是存储用于第一翻译阶段的不同数据结构的地址,用于连续翻译阶段的数据结构的地址或物理地址。 确定逻辑是确定条目是否存储用于第一翻译阶段的不同数据结构的地址。 翻译后备缓冲区用于存储翻译。 每个翻译后备缓冲器条目包括地址源标识符。 每个地址源标识符是识别唯一的微观上下文。 每个地址源标识符都是基于虚拟分区标识符。 至少两个虚拟分区标识符与一个虚拟机相关联。
-
2.发明授权Generating multiple address space identifiers per virtual machine to switch between protected micro-contexts 有权为每个虚拟机生成多个地址空间标识符,以便在受保护的微上下文之间切换公开(公告)号:US08738889B2
公开(公告)日:2014-05-27
申请号:US13650227
申请日:2012-10-12
IPC分类号: G06F12/00
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,一种方法包括接收需要地址转换的指令; 响应于接收到指令,从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中,所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个,多个虚拟分区标识符中的至少两个 与多个虚拟机中的一个相关联; 并重新启动页面散步。
-
3.发明申请GENERATING MULTIPLE ADDRESS SPACE IDENTIFIERS PER VIRTUAL MACHINE TO SWITCH BETWEEN PROTECTED MICRO-CONTEXTS 有权每个虚拟机产生多个地址空间识别器,以保护受保护的微控制器公开(公告)号:US20130036291A1
公开(公告)日:2013-02-07
申请号:US13650227
申请日:2012-10-12
IPC分类号: G06F12/10
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,一种方法包括接收需要地址转换的指令; 响应于接收到指令,从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中,所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个,多个虚拟分区标识符中的至少两个 与多个虚拟机中的一个相关联; 并重新启动页面散步。
-
4.发明申请SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS 审中-公开无缝加密存储区域防范基于硬件的攻击公开(公告)号:US20150205732A1
公开(公告)日:2015-07-23
申请号:US14449467
申请日:2014-08-01
申请人: Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
发明人: Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要: Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译: 公开了系统,装置和方法,并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中,一种装置包括解码器,控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。 密码逻辑是对数据进行交易操作。
-
公开(公告)号:US20080280593A1
公开(公告)日:2008-11-13
申请号:US11770067
申请日:2007-06-28
申请人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号: H04M1/66
CPC分类号: G06F21/52 , G06F9/4486
摘要: Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译: 公开了一种用于从第二功能限制多个代码的第一代码和第一函数的数据的访问的方法。 该方法包括通过第一功能调用第二功能,多个数据的地址可以被存储在堆栈页面中并以第一颜色(102)着色。 该方法包括在转换页面中执行访问控制检查,以验证第一功能是否具有调用第二功能的权限(104)。 此外,该方法包括通过使第二颜色(106)中的数据和/或地址着色来保护第一代码免受第二功能。 此外,该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数,第二函数的地址以第三颜色(108)着色,并且通过着色第一代码中的第一代码的地址来对第一代码进行保护 第一颜色(110)。
-
公开(公告)号:US08645704B2
公开(公告)日:2014-02-04
申请号:US11745399
申请日:2007-05-07
申请人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号: G06F21/00
CPC分类号: G06F21/629 , G06F2221/2141
摘要: Disclosed is a method for restricting access of a first code of a plurality of codes of a first function from a second function. The method comprises calling the second function by the first function, addresses of the plurality of codes are stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译: 公开了一种用于从第二功能限制第一功能的多个代码的第一代码的访问的方法。 该方法包括通过第一功能调用第二功能,将多个代码的地址存储在堆栈页面中并以第一颜色(102)着色。 该方法包括在转换页面中执行访问控制检查,以验证第一功能是否具有调用第二功能的权限(104)。 此外,该方法包括通过着色第二颜色(106)中的地址来保护第一代码免受第二功能。 此外,该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数,第二函数的地址以第三颜色(108)着色,并且通过着色第一代码中的第一代码的地址来对第一代码进行保护 第一颜色(110)。
-
公开(公告)号:US08341369B2
公开(公告)日:2012-12-25
申请号:US13336913
申请日:2011-12-23
申请人: Uday Savagaonkar , Travis T. Schluessler , Hormuzd Khosravi , Ravi Sahita , Gayathri Nagabhushan , David Durham
发明人: Uday Savagaonkar , Travis T. Schluessler , Hormuzd Khosravi , Ravi Sahita , Gayathri Nagabhushan , David Durham
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.
摘要翻译: 根据所公开的实施例,提供了用于实现基于虚拟处理器的系统的硬件的方法,系统和装置,该系统检测对所识别的存储器区域的指定类型的存储器访问,并且响应于该检测产生虚拟机的中断 基于虚拟化处理器的系统的监视器(VMM)。
-
公开(公告)号:US07802050B2
公开(公告)日:2010-09-21
申请号:US11541474
申请日:2006-09-29
申请人: Uday Savagaonkar , Ravi Sahita , David Durham
发明人: Uday Savagaonkar , Ravi Sahita , David Durham
IPC分类号: G06F21/00
摘要: Methods, apparatuses, articles, and systems for observing, by a virtual machine manager of a physical device, execution of a target process of a virtual machine of the physical device, including virtual addresses of the virtual machine referenced during the execution, are described herein. The virtual machine manager further determines whether the target process is executing in an expected manner based at least in part on the observed virtual address references and expected virtual address references.
摘要翻译: 本文描述了由物理设备的虚拟机管理器观察物理设备的虚拟机的目标进程(包括在执行期间引用的虚拟机的虚拟地址)的方法,装置,物品和系统 。 虚拟机管理器进一步基于观察到的虚拟地址引用和预期的虚拟地址引用来进一步确定目标进程是否以预期的方式执行。
-
公开(公告)号:US07748037B2
公开(公告)日:2010-06-29
申请号:US11233733
申请日:2005-09-22
IPC分类号: G06F21/00
CPC分类号: G06F12/1491 , G06F21/74 , Y02D10/13
摘要: A system and process are described to enable at least one of a plurality of host agents executing on a system to update memory region types of a system memory, register the at least one host agent in a registry stored in system management memory, receive a system management interrupt (SMI) from one of the plurality of host agents to update a memory region type, determine if the host agent issuing the SMI is listed in the registry stored in system management memory, update the memory region in response to determining the host agent issuing the SMI is listed in the registry, and maintain the memory region type in response to determining the host agent issuing the SMI is not listed in the registry.
摘要翻译: 描述系统和过程以使得在系统上执行的多个主机代理中的至少一个能够更新系统存储器的存储器区域类型,在存储在系统管理存储器中的注册表中注册至少一个主机代理,接收系统 管理中断(SMI)从多个主机代理之一更新存储器区域类型,确定发出SMI的主机代理是否列在存储在系统管理存储器中的注册表中,响应于确定主机代理来更新存储器区域 发出SMI是在注册表中列出的,并且维护内存区域类型以响应确定发起SMI的主机代理不在注册表中列出。
-
公开(公告)号:US20070079090A1
公开(公告)日:2007-04-05
申请号:US11233733
申请日:2005-09-22
IPC分类号: G06F12/14
CPC分类号: G06F12/1491 , G06F21/74 , Y02D10/13
摘要: In response to an attempt to execute an instruction to specify memory type, deciding if the instruction was attempted by a registered program.
摘要翻译: 响应于尝试执行指定存储器类型的指令,确定注册程序是否尝试了该指令。
-
-
-
-
-
-
-
-
-
搜索结果
142 条记录 (耗时 0.026 秒)
