公开(公告)号：US20170177500A1

公开(公告)日：2017-06-22

申请号：US14979038

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： VEDVYAS SHANBHOGUE ,  CHRISTOPHER BRYANT ,  JEFF WIEDEMEIER

IPC: G06F12/10 ,  G06F12/08

CPC classification number: G06F12/1045 ,  G06F12/0875 ,  G06F12/1027 ,  G06F12/1475 ,  G06F2212/1024 ,  G06F2212/452 ,  G06F2212/684

Abstract: An apparatus and method for sub-page extended page table protection. For example, one embodiment of an apparatus comprises: a page miss handler to perform a page walk using a guest physical address (GPA) and to detect whether a page identified with the GPA is mapped with sub-page permissions; a sub-page control storage to store at least one GPA and other data related to a sub-page; the page miss handler to determine whether the GPA is programmed in the sub-page control storage; and the page miss handler to send a translation to a translation lookaside buffer (TLB) with a sub-page protection indication set to cause a matching of the sub-page control storage when an access matches a TLB entry with sub-page protection indication.

公开(公告)号：US20160381050A1

公开(公告)日：2016-12-29

申请号：US14752221

申请日：2015-06-26

Applicant: INTEL CORPORATION

Inventor： VEDVYAS SHANBHOGUE ,  JASON W. BRANDT ,  RAVI L. SAHITA ,  BARRY E. HUNTLEY ,  BAIJU V. PATEL

IPC: H04L29/06 ,  G06F3/06 ,  G06F9/30

CPC classification number: G06F3/0673 ,  G06F3/0622 ,  G06F3/0629 ,  G06F9/30054 ,  G06F9/30101 ,  G06F9/30134 ,  G06F9/30145 ,  G06F9/3806 ,  G06F9/3861 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1063 ,  G06F12/1081 ,  G06F12/109 ,  G06F12/1491 ,  G06F21/52 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/651 ,  G06F2212/657

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

Abstract translation: 方面的处理器包括解码指令的解码单元。 处理器还包括与解码单元耦合的执行单元。 执行单元响应于该指令，是确定由于指令而尝试改变影子栈的影子堆栈指针将导致阴影堆栈指针超过允许的范围。 响应于确定对阴影堆栈指针的尝试改变将导致阴影堆栈指针超过允许的范围，执行单元也将采取异常。 公开了其他处理器，方法，系统和指令。

公开(公告)号：US20230376252A1

公开(公告)日：2023-11-23

申请号：US18200544

申请日：2023-05-22

Applicant: Intel Corporation

Inventor： VEDVYAS SHANBHOGUE ,  JASON W. BRANDT ,  RAVI L. SAHITA ,  BARRY E. HUNTLEY ,  BAIJU V. PATEL

IPC: G06F3/06 ,  G06F9/30 ,  G06F21/52 ,  G06F9/38 ,  G06F12/1009 ,  G06F12/109 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/1045 ,  G06F12/14 ,  G06F12/1036

CPC classification number: G06F3/0673 ,  G06F9/30145 ,  G06F3/0622 ,  G06F3/0629 ,  G06F21/52 ,  G06F9/3861 ,  G06F9/30054 ,  G06F9/3806 ,  G06F9/30134 ,  G06F12/1009 ,  G06F9/30101 ,  G06F12/109 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/1063 ,  G06F12/1491 ,  G06F12/1036 ,  G06F2212/651 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

公开(公告)号：US20210200673A1

公开(公告)日：2021-07-01

申请号：US16728800

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： DEEPAK GUPTA ,  MINGWEI ZHANG ,  RAVI SAHITA ,  VEDVYAS SHANBHOGUE ,  MICHAEL LEMAY ,  DAVID M. DURHAM

IPC: G06F12/02 ,  G06F12/0895 ,  G06F9/30

Abstract: An apparatus and method for memory management using compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request using a first linear address; and address translation circuitry to perform a first walk operation through a set of one or more address translation tables to translate the first linear address to a first physical address, the address translation circuitry to concurrently perform a second walk operation through a set of one or more linear address metadata tables to identify metadata associated with the linear address, and to use one or more portions of the metadata to validate access by the at least one instruction to the first physical address.

公开(公告)号：US20190102567A1

公开(公告)日：2019-04-04

申请号：US15721082

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： MICHAEL LEMAY ,  DAVID D. DURHAM ,  MINGWEI ZHANG ,  VEDVYAS SHANBHOGUE

IPC: G06F21/62 ,  G06F21/53 ,  G06F21/44 ,  G06F21/78

Abstract: Apparatuses for computing are disclosed herein. In embodiments, an apparatus may include one or more processors, a memory, and a compiler to be operated by the one or more processors to compile a computer program. The compiler may include one or more analyzers to parse and analyze source code of the computer program that generates pointers or de-references pointers. The compiler may also include a code generator coupled to the one or more analyzers to generate executable instructions for the source code of the computer program including insertion of additional encryption or decryption executable instructions into the computer program, based at least in part on a result of the analysis, to authenticate memory access operations of the source code.

公开(公告)号：US20180341767A1

公开(公告)日：2018-11-29

申请号：US15605573

申请日：2017-05-25

Applicant: INTEL CORPORATION

Inventor： ABHISHEK BASAK ,  RAVI L. SAHITA ,  VEDVYAS SHANBHOGUE

IPC: G06F21/52 ,  G06F12/06

CPC classification number: G06F21/52 ,  G06F12/06 ,  G06F2212/1008 ,  G06F2212/1052 ,  G06F2212/154 ,  G06F2221/033

Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.

公开(公告)号：US20170249261A1

公开(公告)日：2017-08-31

申请号：US15175348

申请日：2016-06-07

Applicant: Intel Corporation

Inventor： DAVID M. DURHAM ,  RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  ARUMUGAM THIYAGARAJAH ,  ASIT K. MALLICK ,  BARRY E. HUNTLEY ,  DAVID A. KOUFATY ,  DEEPAK K. GUPTA ,  BAIJU V. PATEL

IPC: G06F12/14 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45533 ,  G06F12/1009 ,  G06F12/1027 ,  G06F21/78 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/656 ,  G06F2212/657

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20160378684A1

公开(公告)日：2016-12-29

申请号：US14751902

申请日：2015-06-26

Applicant: INTEL CORPORATION

Inventor： KRYSTOF C. ZMUDZINSKI ,  VEDVYAS SHANBHOGUE

IPC: G06F12/10 ,  G11C7/10

CPC classification number: G06F12/1027 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1036 ,  G06F12/1408 ,  G06F12/1441 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/79 ,  G06F2009/45587 ,  G06F2212/1024 ,  G06F2212/1052 ,  G06F2212/305 ,  G06F2212/651 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor of an aspect includes at least one translation lookaside buffer (TLB) and a memory management unit (MMU). Each TLB is to store translations of logical addresses to corresponding physical addresses. The MMU, in response to a miss in the at least one TLB for a translation of a first logical address to a corresponding physical address, is to check for a multi-page protected container page versus regular page (P/R) check hint. If the multi-page P/R check hint is found, then the MMU is to check a P/R indication. If the multi-page P/R check hint is not found, then the MMU does not check the P/R indication. Other processors, methods, and systems are also disclosed.

Abstract translation: 一个方面的处理器包括至少一个翻译后备缓冲器（TLB）和存储器管理单元（MMU）。 每个TLB将逻辑地址的翻译存储到相应的物理地址。 响应于在至少一个TLB中为了将第一逻辑地址转换为对应的物理地址而错过的MMU是检查多页面受保护的容器页面与常规页面（P / R）检查提示。 如果发现多页P / R检查提示，则MMU将检查P / R指示。 如果未找到多页P / R检查提示，则MMU不会检查P / R指示。 还公开了其他处理器，方法和系统。

公开(公告)号：US20160092371A1

公开(公告)日：2016-03-31

申请号：US14498321

申请日：2014-09-26

Applicant: INTEL CORPORATION

Inventor： VEDVYAS SHANBHOGUE

IPC: G06F12/10

CPC classification number: G06F12/1009 ,  G06F12/1027 ,  G06F12/127 ,  G06F2212/1041 ,  G06F2212/401 ,  G06F2212/684

Abstract: An apparatus and method are described for translation lookaside buffer (TLB) miss handling. For example, one embodiment of a processor comprises: a translation lookaside buffer (TLB) to store virtual-to-physical address translations; a page miss handler (PMH) to process TLB misses when a desired virtual-to-physical address translation is not present in the TLB; and a compressed page table to be managed by the PMH, the compressed page table to store specified portions of page tables, wherein in response to a TLB miss for a first address translation, the PMH is to check the compressed page table to determine if a page table entry corresponding to the first address translation is stored therein and, if so, to provide the first address translation from the compressed page table.

Abstract translation: 描述了用于翻译后备缓冲器（TLB）未命中处理的装置和方法。 例如，处理器的一个实施例包括：用于存储虚拟到物理地址转换的翻译后备缓冲器（TLB）; 当期望的虚拟到物理地址转换不存在于TLB中时，用于处理TLB的页面未命中处理器（PMH）未命中; 以及由PMH管理的压缩页表，压缩页表以存储页表的指定部分，其中响应于第一地址转换的TLB未命中，PMH是检查压缩页表以确定是否 存储与第一地址转换相对应的页表项，如果是，则从压缩页表提供第一地址转换。

公开(公告)号：US20150378633A1

公开(公告)日：2015-12-31

申请号：US14320334

申请日：2014-06-30

Applicant: Intel Corporation

Inventor： RAVI L. SAHITA ,  VEDVYAS SHANBHOGUE ,  GILBERT NEIGER ,  JONATHAN EDWARDS ,  IDO OUZIEL ,  BARRY E. HUNTLEY ,  STANISLAV SHWARTSMAN ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY

IPC: G06F3/06 ,  G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2009/45583 ,  G06F2212/657

Abstract: An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages.

Abstract translation: 一种细粒度记忆保护装置和方法。 例如，方法的一个实施例包括：使用虚拟地址执行第一查找操作以识别存储器页面的物理地址，所述存储器页面包括多个子页面; 确定是否为所述存储器页启用子页面许可; 如果启用子页面许可，则执行第二查找操作以确定与存储器页面的一个或多个子页面相关联的许可; 以及实现与一个或多个子页面相关联的许可。