公开(公告)号：US20230376252A1

公开(公告)日：2023-11-23

申请号：US18200544

申请日：2023-05-22

Applicant: Intel Corporation

Inventor： VEDVYAS SHANBHOGUE ,  JASON W. BRANDT ,  RAVI L. SAHITA ,  BARRY E. HUNTLEY ,  BAIJU V. PATEL

IPC: G06F3/06 ,  G06F9/30 ,  G06F21/52 ,  G06F9/38 ,  G06F12/1009 ,  G06F12/109 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/1045 ,  G06F12/14 ,  G06F12/1036

CPC classification number: G06F3/0673 ,  G06F9/30145 ,  G06F3/0622 ,  G06F3/0629 ,  G06F21/52 ,  G06F9/3861 ,  G06F9/30054 ,  G06F9/3806 ,  G06F9/30134 ,  G06F12/1009 ,  G06F9/30101 ,  G06F12/109 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/1063 ,  G06F12/1491 ,  G06F12/1036 ,  G06F2212/651 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

公开(公告)号：US20210406019A1

公开(公告)日：2021-12-30

申请号：US16914343

申请日：2020-06-27

Applicant: Intel Corporation

Inventor： TOBY OPFERMAN ,  PRASHANT SETHI ,  ABHIMANYU K. VARDE ,  BARRY E. HUNTLEY ,  MICHAEL W. Chynoweth ,  JASON W. BRANDT

IPC: G06F9/30 ,  G06F9/38

Abstract: Systems, methods, and apparatuses relating to an instruction for operating system transparent instruction state management of new instructions for application threads are described. In one embodiment, a hardware processor includes a decoder to decode a single instruction into a decoded single instruction, and an execution circuit to execute the decoded single instruction to cause a context switch from a current state to a state comprising additional state data that is not supported by an execution environment of an operating system that executes on the hardware processor.

公开(公告)号：US20170286318A1

公开(公告)日：2017-10-05

申请号：US15089235

申请日：2016-04-01

Applicant: INTEL CORPORATION

Inventor： KIRK D. BRANNOCK ,  BARRY E. HUNTLEY ,  VINCENT J. ZIMMER

IPC: G06F12/14 ,  G06F12/10 ,  G06F13/24

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.

公开(公告)号：US20170249261A1

公开(公告)日：2017-08-31

申请号：US15175348

申请日：2016-06-07

Applicant: Intel Corporation

Inventor： DAVID M. DURHAM ,  RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  ARUMUGAM THIYAGARAJAH ,  ASIT K. MALLICK ,  BARRY E. HUNTLEY ,  DAVID A. KOUFATY ,  DEEPAK K. GUPTA ,  BAIJU V. PATEL

IPC: G06F12/14 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45533 ,  G06F12/1009 ,  G06F12/1027 ,  G06F21/78 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/656 ,  G06F2212/657

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20150378633A1

公开(公告)日：2015-12-31

申请号：US14320334

申请日：2014-06-30

Applicant: Intel Corporation

Inventor： RAVI L. SAHITA ,  VEDVYAS SHANBHOGUE ,  GILBERT NEIGER ,  JONATHAN EDWARDS ,  IDO OUZIEL ,  BARRY E. HUNTLEY ,  STANISLAV SHWARTSMAN ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY

IPC: G06F3/06 ,  G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2009/45583 ,  G06F2212/657

Abstract: An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages.

Abstract translation: 一种细粒度记忆保护装置和方法。 例如，方法的一个实施例包括：使用虚拟地址执行第一查找操作以识别存储器页面的物理地址，所述存储器页面包括多个子页面; 确定是否为所述存储器页启用子页面许可; 如果启用子页面许可，则执行第二查找操作以确定与存储器页面的一个或多个子页面相关联的许可; 以及实现与一个或多个子页面相关联的许可。