公开(公告)号：US09268707B2

公开(公告)日：2016-02-23

申请号：US13730920

申请日：2012-12-29

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Xiaoning Li ,  Manohar R. Castelino

IPC: G06F12/02 ,  G06F12/10 ,  G06F9/455 ,  G06F12/14

CPC classification number: G06F12/109 ,  G06F9/45533 ,  G06F9/45558 ,  G06F12/0292 ,  G06F12/1009 ,  G06F12/145 ,  G06F2009/45583 ,  G06F2212/151 ,  G06F2212/657

Abstract: Methods and apparatus relating to low overhead paged memory runtime protection are described. In an embodiment, permission information for guest physical mapping are received prior to utilization of paged memory by an Operating System (OS) based on the guest physical mapping. The permission information is provided through an Extended Page Table (EPT). Other embodiments are also described.

Abstract translation: 描述了与低开销分页存储器运行时保护有关的方法和装置。 在一个实施例中，客户物理映射的许可信息在基于客户物理映射的操作系统（OS）利用分页存储器之前被接收。 许可信息通过扩展页表（EPT）提供。 还描述了其它实施例。

公开(公告)号：US08719546B2

公开(公告)日：2014-05-06

申请号：US13734851

申请日：2013-01-04

Applicant: Intel Corporation

Inventor： Baohong Liu ,  Manohar R. Castelino ,  Kuo-Lang Tseng ,  Ritu Sood ,  Madhukar Tallam

IPC: G06F12/14

CPC classification number: G06F12/1009 ,  G06F2212/151

Abstract: Embodiments of techniques and systems for using substitute virtualized-memory page tables are described. In embodiments, a virtual machine monitor (VMM) may determine that a virtualized memory access to be performed by an instruction executing on a guest software virtual machine is not allowed in accordance with a current virtualized-memory page table (VMPT). The VMM may select a substitute VMPT that permits the virtualized memory access, In scenarios where a data access length for the instruction is known, the substitute VMPT may include full execute, read, and write permissions for the entire guest software address space. In scenarios where a data access length for the instruction is not known, the substitute VMPT may include less than full execute, read, and write permissions for the entire guest software address space, and may be modified to allow the requested virtualized memory access. Other embodiments may be described and claimed.

Abstract translation: 描述了使用替代虚拟化内存页表的技术和系统的实施例。 在实施例中，虚拟机监视器（VMM）可以根据当前的虚拟存储器页表（VMPT）来确定不允许通过在客户软件虚拟机上执行的指令执行的虚拟化存储器访问。 VMM可以选择允许虚拟化存储器访问的替代VMPT。在已知指令的数据访问长度的情况下，替代VMPT可以包括整个客户软件地址空间的完全执行，读取和写入权限。 在不知道指令的数据访问长度的情况下，替代VMPT可以包括对于整个客户软件地址空间的小于完全执行，读取和写入许可，并且可以被修改以允许所请求的虚拟存储器访问。 可以描述和要求保护其他实施例。