公开(公告)号：US20190089709A1

公开(公告)日：2019-03-21

申请号：US16194648

申请日：2018-11-19

Applicant: Intel Corporation

Inventor： Barry E. HUNTLEY ,  Gilbert NEIGER ,  H. Peter ANVIN ,  Asit K. MALLICK ,  Adriaan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06 ,  G06F21/74

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

公开(公告)号：US20240143513A1

公开(公告)日：2024-05-02

申请号：US17958337

申请日：2022-10-01

Applicant: Intel Corporation

Inventor： Gilbert NEIGER ,  Andreas KLEEN ,  David SHEFFIELD ,  Jason BRANDT ,  Ittai ANATI ,  Vedvyas SHANBHOGUE ,  Ido OUZIEL ,  Michael S. BAIR ,  Barry E. HUNTLEY ,  Joseph NUZMAN ,  Toby OPFERMAN ,  Michael A. ROTHMAN

IPC: G06F12/1009 ,  G06F12/0811 ,  G06F12/1027

CPC classification number: G06F12/1009 ,  G06F12/0811 ,  G06F12/1027

Abstract: An apparatus and method for switching between different types of paging using separate control registers and without disabling paging. For example, one embodiment of a processor comprises: a first control register to store a first base address of a first paging structure associated with a first type of paging having a first number of paging structure levels; a second control register to store a second base address of a second paging structure associated with a first type of paging having a second number of paging structure levels greater than the first number of paging structure levels; page walk circuitry to select either the first base address from the first control register or the second base address from the second control register responsive to a first address translation request, the selection based on a characteristic of program code initiating the address translation request.

公开(公告)号：US20230281016A1

公开(公告)日：2023-09-07

申请号：US17712116

申请日：2022-04-02

Applicant: Intel Corporation

Inventor： Gilbert NEIGER ,  H. Peter ANVIN

IPC: G06F9/30 ,  G06F9/38

CPC classification number: G06F9/3016 ,  G06F9/3806

Abstract: Techniques for flexible return and event delivery are described. In particular, in some examples, event delivery causes a stack switch if the event stack level is greater than the current stack level wherein the new stack level is always the greater of the current stack level and the event stack level.

公开(公告)号：US20230273795A1

公开(公告)日：2023-08-31

申请号：US18311810

申请日：2023-05-03

Applicant: Intel Corporation

Inventor： Eliezer WEISSMANN ,  Mark CHARNEY ,  Michael MISHAELI ,  Robert VALENTINE ,  Itai RAVID ,  Jason W. BRANDT ,  Gilbert NEIGER ,  Baruch CHAIKIN ,  Efraim ROTEM

IPC: G06F9/38 ,  G06F9/30

CPC classification number: G06F9/3851 ,  G06F9/30076 ,  G06F9/30101 ,  G06F9/3836

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

公开(公告)号：US20220171625A1

公开(公告)日：2022-06-02

申请号：US17590648

申请日：2022-02-01

Applicant: Intel Corporation

Inventor： Vedvyas SHANBHOGUE ,  Gilbert NEIGER ,  Deepak K. GUPTA ,  H. Peter ANVIN

IPC: G06F9/30 ,  G06F21/52

Abstract: An apparatus and method for efficiently managing shadow stacks. For example, one embodiment of a processor comprises: a plurality of registers to store a plurality of shadow stack pointers (SSPs); event processing circuitry to select a first SSP of the plurality of SSPs from a first register of the plurality of registers responsive to receipt of a first event associated with a first event priority level, the first SSP usable to identify a top of a first shadow stack; verification and utilization checking circuitry to determine whether the first SSP has been previously verified, wherein if the first SSP has not been previously verified then initiating a set of atomic operations to verify the first SSP and confirm that the first SSP is not in use, the set of atomic operations using a locking operation to lock data until the set of atomic operations are complete.

公开(公告)号：US20200004953A1

公开(公告)日：2020-01-02

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  David M. DURHAM ,  Michael E. KOUNAVIS ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Jason W. BRANDT ,  Josh TRIPLETT ,  Gilbert NEIGER ,  Karanvir GREWAL ,  Baiju V. PATEL ,  Ye ZHUANG ,  Jr-Shian TSAI ,  Vadim SUKHOMLINOV ,  Ravi SAHITA ,  Mingwei ZHANG ,  James C. FARWELL ,  Amitabh DAS ,  Krishna BHUYAN

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US20190042467A1

公开(公告)日：2019-02-07

申请号：US16023537

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Ravi SAHITA ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Dror CASPI ,  Baruch CHAIKIN ,  Gilbert NEIGER ,  Arie AHARON ,  Arumugam THIYAGARAJAH

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/02 ,  G06F9/455

Abstract: Examples include a processor including at least one untrusted extended page table (EPT), circuitry to execute a set of instructions of the instruction set architecture (ISA) of the processor to manage at least one secure extended page table (SEPT), and a physical address translation component to translate a guest physical address of a guest physical memory to a host physical address of a host physical memory using one of the at least one untrusted EPT and the at least one SEPT.