公开(公告)号：US20190163902A1

公开(公告)日：2019-05-30

申请号：US16149297

申请日：2018-10-02

Applicant: Arm Limited

Inventor： Alastair David REID ,  Dominic Phillip MULLIGAN ,  Milosch MERIAC ,  Matthias Lothar BOETTCHER ,  Nathan Yong Seng CHONG ,  Ian Michael CAULFIELD ,  Peter Richard GREENHALGH ,  Frederic Claude Marie PIRY ,  Albin Pierrick TONNERRE ,  Thomas Christopher GROCUTT ,  Yasuo ISHII

IPC: G06F21/55 ,  H04L9/06 ,  G06F12/10 ,  G06F9/38

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

公开(公告)号：US20180181347A1

公开(公告)日：2018-06-28

申请号：US15834434

申请日：2017-12-07

Applicant: ARM LIMITED

Inventor： François Christopher Jacques BOTMAN ,  Thomas Christopher GROCUTT

IPC: G06F3/06

CPC classification number: G06F3/0659 ,  G06F3/061 ,  G06F3/0673 ,  G06F9/30036 ,  G06F9/30043 ,  G06F9/30181 ,  G06F9/30189 ,  G06F9/345

Abstract: An apparatus and method are provided for controlling vector memory accesses. The apparatus comprises a set of vector registers, and flag setting circuitry that is responsive to a determination that a vector generated for storage in one of the vector registers comprises a plurality of elements that meet specified contiguousness criteria, to generate flag information associated with that vector register. Processing circuitry is then used to perform a vector memory access operation in order to access in memory a plurality of data values at addresses determined from an address vector operand comprising a plurality of address elements. The address vector operand is provided in a specified vector register of the vector register set, such that the plurality of elements of the vector stored in that specified vector register form the plurality of address elements. The processing circuitry is arranged to determine whether the specified vector register has flag information associated therewith, and if it does, then that flag information is used when determining a number of accesses to memory required to access the plurality of data values. This provides an efficient mechanism for allowing gather or scatter type memory access operations to be implemented using a reduced number of accesses to memory in certain situations where the flag information has been generated for the associated address vector operand.

公开(公告)号：US20170024557A1

公开(公告)日：2017-01-26

申请号：US15284830

申请日：2016-10-04

Applicant: ARM Limited

Inventor： Thomas Christopher GROCUTT ,  Richard Roy GRISENTHWAITE

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F9/30134 ,  G06F9/462 ,  G06F21/6245 ,  G06F2221/2105

Abstract: A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level.

Abstract translation: 一种数据处理装置，包括用于执行数据处理的电路，多个寄存器; 以及包括具有不同安全级别的区域的数据存储器，至少一个安全区域（用于存储由安全域中操作的数据处理电路可访问并且不能由不安全域中操作的数据处理电路访问的敏感数据）和少于 安全区域（用于存储较不安全的数据）。 电路被配置为响应于正在执行的程序代码的存储位置来确定将数据存储到数据或从其加载数据。 响应于调用要执行的功能的程序代码，功能代码被存储在第二区域中，第二区域具有与第一区域不同的安全级别，数据处理电路被配置为确定第一和第二区域中的哪一个 具有较低的安全级别。

公开(公告)号：US20160063242A1

公开(公告)日：2016-03-03

申请号：US14935504

申请日：2015-11-09

Applicant: ARM Limited

Inventor： Thomas Christopher GROCUTT ,  Richard Roy GRISENTHWAITE ,  Simon John CRASKE

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F9/30134 ,  G06F9/462 ,  G06F2221/034 ,  G06F2221/2105

Abstract: A data processing apparatus includes processing circuitry and a data store including a plurality of regions including a secure region and a less secure region. The secure region is configured to store sensitive data accessible by the circuitry when operating in a secure domain and not accessible by the circuitry when operating in a less secure domain. The data store includes a plurality of stacks with a secure stack in the secure region. Stack access circuitry is configured to store predetermined processing state to the secure stack. The processing circuitry further comprises fault checking circuitry configured to identify a first fault condition if the data stored in the predetermined relative location is the first value. This provides protection against attacks from the less secure domain, for example performing a function call return from an exception, or an exception return from a function call.

公开(公告)号：US20150227462A1

公开(公告)日：2015-08-13

申请号：US14579405

申请日：2014-12-22

Applicant: ARM Limited

Inventor： Thomas Christopher GROCUTT

IPC: G06F12/08

CPC classification number: G06F12/0813 ,  G06F12/06 ,  G06F12/1441 ,  Y02D10/13

Abstract: A data processing apparatus has a memory attribute unit having storage regions for storing attribute data for controlling access to a corresponding memory address range by processing circuitry. In response to a target memory address, the processing circuitry can perform a region identifying operation to output a region identifying value identifying which of the storage regions 9 of the attribute unit corresponds to the target memory address. The region identifying value is made available to at least some software executed by the data processing apparatus. This can be useful for quickly checking access permissions of a range of addresses or for determining how to update the memory attribute unit.

Abstract translation: 数据处理装置具有存储属性单元，该存储器属性单元具有存储区域，用于存储用于通过处理电路控制对对应的存储器地址范围的访问的属性数据。 响应于目标存储器地址，处理电路可以执行区域识别操作，以输出识别属性单元的哪个存储区域9对应于目标存储器地址的区域标识值。 所述区域识别值对于由所述数据处理装置执行的至少一些软件是可用的。 这可以用于快速检查一系列地址的访问权限或确定如何更新内存属性单元。

公开(公告)号：US20240320292A1

公开(公告)日：2024-09-26

申请号：US18125432

申请日：2023-03-23

Applicant: Arm Limited

Inventor： Jesse Garrett BEU ,  Thomas Christopher GROCUTT

IPC: G06F17/16

CPC classification number: G06F17/16

Abstract: A data processing apparatus includes input circuitry that receives a matrix having values in a first format. Output circuitry outputs the matrix having the values in a second format while adjustment circuitry performs a modification of the matrix from the first format to the second format. The second format is computationally contiguous in respect of a data processing apparatus having the first and second vector registers both configured to be dynamically spatially and dynamically temporally divided, performing a matrix multiplication.

公开(公告)号：US20230056039A1

公开(公告)日：2023-02-23

申请号：US17759426

申请日：2020-12-21

Applicant: Arm Limited

Inventor： Thomas Christopher GROCUTT

IPC: G06F3/06

Abstract: A technique for controlling access to a set of memory mapped control registers. The apparatus has processing circuitry for executing program code to perform data processing operations, and a set of memory mapped control registers for storing control information used to control operation of the processing circuitry. Further, a lockdown register used to store a lockdown value. The processing circuitry is arranged to execute store instructions to perform write operations to a memory address space . Thethe processing circuitry is arranged to prevent a write operation being performed to change the control information in the memory mapped control registers . This significantly reduces the prospect of an attacker seeking to exploit a software vulnerability to change the control information in the memory mapped control registers.

公开(公告)号：US20220366036A1

公开(公告)日：2022-11-17

申请号：US17756948

申请日：2020-11-03

Applicant: Arm Limited

Inventor： Thomas Christopher GROCUTT

IPC: G06F21/54 ,  G06F21/55 ,  G06F9/46 ,  G06F9/30

Abstract: An apparatus for handling exceptions, including a processing circuitry operable in at least one security domain to execute program code that includes a plurality of exception handling routines executed in response to corresponding exceptions, and a plurality of registers for storing data for access by the processing circuitry when executing the program code. The exception control circuitry is arranged in response to occurrence of a given exception from background processing to trigger a state saving operation to save data from the plurality of registers before triggering the processing circuitry to execute a given exception handling routine. Configuration storage provides configuration information used to categorise exception handling routines. The exception control circuitry is arranged to determine with reference to the configuration information whether the given exception handling routine is of a first or second category within the security domain that the given exception handling routine will be executed in.

公开(公告)号：US20210294924A1

公开(公告)日：2021-09-23

申请号：US17266855

申请日：2019-08-22

Applicant: Arm Limited

Inventor： Thomas Christopher GROCUTT

IPC: G06F21/74 ,  G06F21/54 ,  G06F21/55 ,  G06F21/64 ,  G06F9/38

Abstract: An apparatus has processing circuitry 4 supporting a number of security domains, and within each domain supporting a number of modes including a handler mode for exception processing and a thread mode for background processing. For an exception entry transition from secure thread mode to secure handler mode, a transition disable indicator 42 is set. For at least one type of exception return transition to processing in the secure domain and the thread mode when the transition disable indicator 42 is set, a fault is signaled. This can protect against some security attacks.

公开(公告)号：US20200089559A1

公开(公告)日：2020-03-19

申请号：US16338757

申请日：2017-10-20

Applicant: Arm Limited ,  THE CHANCELLOR, MASTERS AND SCHOLARS OF THE UNIVERSITY OF CAMBRIDGE

Inventor： Sam AINSWORTH ,  Thomas Christopher GROCUTT ,  Timothy Martin JONES

IPC: G06F11/07 ,  G06F12/0837 ,  G06F12/0875 ,  G06F9/30

Abstract: An apparatus comprises a main processor to execute a main stream of program instructions, two or more checker processors to execute respective checker streams of program instructions in parallel with each other, the checker streams corresponding to different portions of the main stream executed by the main processor, and error detection circuitry to detect an error when a mismatch is detected between an outcome of a given portion of the main stream executed on the main processor and an outcome of the corresponding checker stream executed on one of the plurality of checker processors. This approach enables high performance main processors 4 to be checked for errors with lower circuit area and power consumption overhead than a dual-core lockstep technique.