公开(公告)号：US20180096136A1

公开(公告)日：2018-04-05

申请号：US15283317

申请日：2016-10-01

申请人： Michael LeMay ,  Barry E. Huntley ,  Ravi Sahita

发明人： Michael LeMay ,  Barry E. Huntley ,  Ravi Sahita

IPC分类号： G06F21/53 ,  G06F9/50 ,  G06F21/12

CPC分类号： G06F21/53 ,  G06F9/5016 ,  G06F21/121 ,  G06F21/74 ,  G06F2221/2113

摘要： Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

公开(公告)号：US09858411B2

公开(公告)日：2018-01-02

申请号：US14576665

申请日：2014-12-19

申请人： Ravi Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

发明人： Ravi Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

IPC分类号： G06F9/45 ,  G06F21/52 ,  G06F21/55 ,  G06F9/455 ,  G06F11/30

CPC分类号： G06F21/52 ,  G06F9/45558 ,  G06F11/30 ,  G06F21/554 ,  G06F2009/45591 ,  G06F2221/033

摘要： A method comprises filtering branch trap events at a branch event filter, monitoring a branch event filter to capture indirect branch trap events that cause a control flow trap exception, receiving the indirect branch trap events at a handler and the handler processing the indirect branch trap events.

公开(公告)号：US20130117743A1

公开(公告)日：2013-05-09

申请号：US13629395

申请日：2012-09-27

申请人： Gilbert Neiger ,  Barry E. Huntley ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Jason W. Brandt

发明人： Gilbert Neiger ,  Barry E. Huntley ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Jason W. Brandt

IPC分类号： G06F9/455

CPC分类号： G06F9/45545 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/4555

摘要： A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.

摘要翻译： 处理核心，包括指令执行逻辑电路和寄存器空间。 要从VMCS加载的与VM条目相称的寄存器空间，其中指示是否启用了代表VMM的由处理核心提供的服务的信息。 指令执行逻辑响应客户软件调用指令：参考寄存器空间以确认服务已经被使能，并且参考第二寄存器空间或存储器空间来获取由所述访客写入的所述服务的输入参数 软件。

公开(公告)号：US20130024861A1

公开(公告)日：2013-01-24

申请号：US13595838

申请日：2012-08-27

申请人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard A. Uhlig ,  Lawrence O. Smith ,  Barry E. Huntley

发明人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard A. Uhlig ,  Lawrence O. Smith ,  Barry E. Huntley

IPC分类号： G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/3861 ,  G06F9/45545 ,  G06F9/4555 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/542 ,  G06F13/24 ,  G06F2009/45566

摘要： Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.

摘要翻译： 公开了在分层虚拟化架构中处理虚拟化事件的装置和方法的实施例。 在一个实施例中，装置包括事件逻辑和评估逻辑。 事件逻辑是识别虚拟化事件。 评估逻辑是为了响应于虚拟化事件来确定是否将控制从子客户端传送到父访客。

公开(公告)号：US08291410B2

公开(公告)日：2012-10-16

申请号：US11618440

申请日：2006-12-29

申请人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Barry E. Huntley ,  Lawrence O. Smith ,  Shashank Shekhar

发明人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Barry E. Huntley ,  Lawrence O. Smith ,  Shashank Shekhar

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F2009/45566

摘要： Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.

摘要翻译： 公开了用于基于活动状态来控制虚拟机的设备，方法和系统的实施例。 在一个实施例中，装置包括虚拟机入口逻辑和活动状态评估逻辑。 虚拟机入口逻辑是将设备的控制从主机传送到访客。 活动状态评估逻辑是确定访客的活动状态是否在接收到控制时处于不活动状态。

公开(公告)号：US20190095350A1

公开(公告)日：2019-03-28

申请号：US15714217

申请日：2017-09-25

申请人： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

发明人： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

IPC分类号： G06F12/14 ,  G06F21/60 ,  G06F21/82 ,  G06F3/06

摘要： In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.

公开(公告)号：US09430384B2

公开(公告)日：2016-08-30

申请号：US13854107

申请日：2013-03-31

申请人： Carlos V Rozas ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael A Goldsmith ,  Barry E Huntley ,  Anton Ivanov ,  Simon P Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Rinat Rappoport ,  Scott Dion Rodgers ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H Smith ,  William Colin Wood

发明人： Carlos V Rozas ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael A Goldsmith ,  Barry E Huntley ,  Anton Ivanov ,  Simon P Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Rinat Rappoport ,  Scott Dion Rodgers ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H Smith ,  William Colin Wood

IPC分类号： G06F12/08 ,  G06F12/10

CPC分类号： G06F12/0875 ,  G06F12/0808 ,  G06F12/1027 ,  G06F2212/1016 ,  G06F2212/402

摘要： Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.

摘要翻译： 说明和逻辑为安全的飞地页面缓存提供了高级分页功能。 实施例包括多个硬件线程或处理核心，用于存储分配给由硬件线程可访问的安全空间的共享页面地址的安全数据的高速缓存。 解码级将指定所述共享页地址的第一指令解码为操作数，并且执行单元标记对应于共享页地址的飞地页高速缓存映射的条目，以阻止所述第一或第二硬件线程中的任一个的新转换的创建 访问共享页面。 第二指令被解码以执行，第二指令指定所述安全飞地作为操作数，并且执行单元记录当前访问与安全飞地相对应的飞地页面缓存中的安全数据的硬件线程，并且当任何 的硬件线程退出安全飞地。

公开(公告)号：US20160092673A1

公开(公告)日：2016-03-31

申请号：US14498075

申请日：2014-09-26

申请人： Michael LeMay ,  Barry E. Huntley

发明人： Michael LeMay ,  Barry E. Huntley

IPC分类号： G06F21/52 ,  G06F9/455

CPC分类号： G06F21/52 ,  G06F8/30 ,  G06F8/31 ,  G06F9/4484 ,  G06F9/45533 ,  G06F9/45558 ,  G06F11/3419 ,  G06F21/56 ,  G06F2009/45587

摘要： Technologies for shadow stack support for legacy guests include a computing device having a processor with shadow stack support. During execution of a call instruction, the processor determines whether a legacy stack pointer is within bounds and generates a virtual machine exit if the legacy stack pointer is out-of-bounds. If not out-of-bounds, the processor pushes a return address onto the legacy stack and onto a shadow stack protected by a hypervisor. During execution of a return instruction, the processor determines whether top return addresses of the legacy stack and the shadow stack match, and generates a virtual machine exit if the return addresses do not match. If the return addresses match, the processor pops the return addresses off of the legacy stack and off of the shadow stack. The stack out-of-bounds and the stack mismatch virtual machine exits may be handled by the hypervisor. Other embodiments are described and claimed.

摘要翻译： 用于传统客户端的影子堆栈支持技术包括具有处理器的计算设备，该处理器具有阴影栈支持。 在执行调用指令期间，处理器确定传统堆栈指针是否在边界内，如果传统堆栈指针超出边界，则会生成虚拟机退出。 如果不是超出范围，处理器将返回地址推送到传统堆栈上，并将其保存到由管理程序保护的影子堆栈上。 在执行返回指令期间，处理器确定传统堆栈和影子堆叠的顶部返回地址是否匹配，并且如果返回地址不匹配则生成虚拟机退出。 如果返回地址匹配，处理器会将返回地址从传统堆栈中弹出并离开阴影栈。 虚拟机管理程序可以处理堆栈超出范围和堆栈不匹配的虚拟机退出。 描述和要求保护其他实施例。

公开(公告)号：US20150007304A1

公开(公告)日：2015-01-01

申请号：US13930766

申请日：2013-06-28

申请人： Lior Malka ,  Koichi Yamada ,  Palanivelrajan Shanmugavelayutham ,  Barry E. Huntley ,  Scott D. Rodgers ,  James D. Beaney, JR.

发明人： Lior Malka ,  Koichi Yamada ,  Palanivelrajan Shanmugavelayutham ,  Barry E. Huntley ,  Scott D. Rodgers ,  James D. Beaney, JR.

IPC分类号： G06F21/52

CPC分类号： G06F21/74 ,  G06F21/54

摘要： A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.

摘要翻译： 描述了处理器和方法，用于管理与不同类型的程序代码相关联的不同特权级别，包括二进制翻译程序代码。 例如，方法的一个实施例包括响应于检测到多个不同类型的程序代码中的相应的一个程序代码的执行，包括本机可执行程序代码，翻译的可执行程序代码和二进制转换，来进入多个特权模式之一 程序代码。 在一个实施例中，二进制翻译程序代码包括子组件，每个子组件与不同的权限级别相关联，以提高安全性。

公开(公告)号：US20130247040A1

公开(公告)日：2013-09-19

申请号：US13837526

申请日：2013-03-15

申请人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard A. Uhlig ,  Lawrence O. Smith ,  Barry E. Huntley

发明人： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard A. Uhlig ,  Lawrence O. Smith ,  Barry E. Huntley

IPC分类号： G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/3861 ,  G06F9/45545 ,  G06F9/4555 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/542 ,  G06F13/24 ,  G06F2009/45566

摘要： Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.