公开(公告)号：US10713177B2

公开(公告)日：2020-07-14

申请号：US15260893

申请日：2016-09-09

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Baiju V. Patel ,  Gur Hildesheim ,  Ron Rais ,  Andrew V. Anderson ,  Jason W. Brandt ,  David M. Durham ,  Barry E. Huntley ,  Raanan Sade ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Arumugam Thiyagarajah

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/455

Abstract: A processing system includes a processing core to execute a virtual machine (VM) comprising a guest operating system (OS) and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store an extended page table entry (EPTE) comprising a mapping from a guest physical address (GPA) associated with the guest OS to an identifier of a memory frame, a first plurality of access right flags associated with accessing the memory frame in a first page mode referenced by an attribute of a memory page identified by the GPA, and a second plurality of access right flags associated with accessing the memory frame in a second page mode referenced by the attribute of the memory page identified by the GPA.

公开(公告)号：US20200151362A1

公开(公告)日：2020-05-14

申请号：US16740373

申请日：2020-01-10

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas ,  Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  Kapil Sood

IPC: G06F21/64 ,  H04L9/06 ,  G06F21/60

Abstract: A system may include a root port and an endpoint upstream port. The root port may include transaction layer hardware circuitry to determine, by logic circuitry at a transaction layer of a protocol stack of a device, that a packet is to traverse to a link partner on a secure stream, authenticate a receiving port of the link partner, configure a transaction layer packet (TLP) prefix to identify the TLP as a secure TLP, associating the secure TLP with the secure stream, apply integrity protection and data encryption to the Secure TLP, transmit the secure TLP across the secure stream to the link partner.

公开(公告)号：US20200089871A1

公开(公告)日：2020-03-19

申请号：US16585373

申请日：2019-09-27

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F12/14 ,  G06F9/30 ,  G06F9/46

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US20200042318A1

公开(公告)日：2020-02-06

申请号：US16534970

申请日：2019-08-07

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F21/52 ,  G06F9/46

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

公开(公告)号：US10536264B2

公开(公告)日：2020-01-14

申请号：US15392324

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R Sastry ,  Jesse R. Walker ,  Ravi L. Sahita ,  Abhishek Basak ,  Vedvyas Shanbhogue ,  David M. Durham

IPC: H04L9/06 ,  G06F21/72 ,  G06F21/44

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.

公开(公告)号：US10445494B2

公开(公告)日：2019-10-15

申请号：US15658699

申请日：2017-07-25

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/00 ,  G06F21/52 ,  G06F9/30 ,  G06F9/38 ,  G06F9/448

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

公开(公告)号：US10360374B2

公开(公告)日：2019-07-23

申请号：US15605573

申请日：2017-05-25

Applicant: INTEL CORPORATION

Inventor： Abhishek Basak ,  Ravi L. Sahita ,  Vedvyas Shanbhogue

IPC: G06F21/00 ,  G06F21/52 ,  G06F12/06

Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.

公开(公告)号：US10282306B2

公开(公告)日：2019-05-07

申请号：US15861364

申请日：2018-01-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/14 ,  G06F9/455 ,  G06F12/109 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20190042280A1

公开(公告)日：2019-02-07

申请号：US15936585

申请日：2018-03-27

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Avinash N. Ananthakrishnan ,  Eugene Gorbatov ,  Russell Fenger ,  Ashok Raj ,  Kameswar Subramaniam

IPC: G06F9/445 ,  G06F11/34 ,  G06F11/30

Abstract: In one embodiment, a processor includes a plurality of cores to execute instructions, a first identification register having a first field to store a feedback indicator to indicate to an operating system (OS) that the processor is to provide hardware feedback information to the OS dynamically and a power controller coupled to the plurality of cores. The power controller may include a feedback control circuit to dynamically determine the hardware feedback information for at least one of the plurality of cores and inform the OS of an update to the hardware feedback information. Other embodiments are described and claimed.

公开(公告)号：US10120805B2

公开(公告)日：2018-11-06

申请号：US15408774

申请日：2017-01-18

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC: G06F9/30 ,  G06F12/0837 ,  G06F9/455 ,  G06F12/1045

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.