公开(公告)号：US20170097898A1

公开(公告)日：2017-04-06

申请号：US14974972

申请日：2015-12-18

申请人： David M. Durham ,  Michael Lemay ,  Men Long

发明人： David M. Durham ,  Michael Lemay ,  Men Long

IPC分类号： G06F12/10 ,  G06F9/30 ,  G06F12/14

CPC分类号： G06F12/1027 ,  G06F9/3005 ,  G06F12/1408 ,  G06F12/1475 ,  G06F2212/402 ,  G06F2212/50 ,  Y02D10/13

摘要： Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

公开(公告)号：US20220012055A1

公开(公告)日：2022-01-13

申请号：US17485347

申请日：2021-09-25

申请人： Michael Lemay ,  David M. Durham

发明人： Michael Lemay ,  David M. Durham

IPC分类号： G06F9/30

摘要： Methods, apparatus, systems, and articles of manufacture are disclosed that perform bounds checking on authorized memory allocations during pointer arithmetic. In some examples, instruction decode circuitry decodes an update pointer instruction for a pointer. In some examples, bounds checking circuitry determines an authorized allocation for the pointer, determines one or more exclusion zones and poison zones for the pointer. In some examples, bounds checking circuitry updates the pointer and generates a fault if the pointer points to one of the exclusion zones and poisons the pointer if the pointer points to one of the poison zones.

公开(公告)号：US10515023B2

公开(公告)日：2019-12-24

申请号：US15088739

申请日：2016-04-01

申请人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

发明人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F12/1027 ,  G06F21/78

摘要： This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20140380009A1

公开(公告)日：2014-12-25

申请号：US14127561

申请日：2013-06-24

申请人： Michael Lemay ,  David M. Durham ,  Ravi L. Sahita ,  Andrew V. Anderson

发明人： Michael Lemay ,  David M. Durham ,  Ravi L. Sahita ,  Andrew V. Anderson

IPC分类号： G06F12/14 ,  G06F9/455 ,  G06F12/10

CPC分类号： G06F12/145 ,  G06F9/30076 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2212/1052 ,  G06F2212/151

摘要： Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure.

摘要翻译： 通常，本公开提供了用于虚拟机（VM）环境中的受保护的存储器视图的系统，方法和计算机可读介质，其实现了受VMX根模式之外的受信任客户机的嵌套页表访问。 该系统可以包括被配置为通过操作系统（OS）内核组件和由VM的来宾内的用户空间应用提供对嵌套页表结构的访问的编辑器模块，其中嵌套页表结构与 受保护的内存视图。 该系统还可以包括页面处理处理器，其被配置为通过维护嵌套页表结构中的安全信息来保护该访问。

公开(公告)号：US20160180079A1

公开(公告)日：2016-06-23

申请号：US14576665

申请日：2014-12-19

申请人： Ravi L. Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

发明人： Ravi L. Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

IPC分类号： G06F21/52

CPC分类号： G06F21/52 ,  G06F9/45558 ,  G06F11/30 ,  G06F21/554 ,  G06F2009/45591 ,  G06F2221/033

摘要： A method comprises filtering branch trap events at a branch event filter, monitoring a branch event filter to capture indirect branch trap events that cause a control flow trap exception, receiving the indirect branch trap events at a handler and the handler processing the indirect branch trap events

摘要翻译： 一种方法包括在分支事件过滤器处过滤分支陷阱事件，监视分支事件过滤器以捕获导致控制流陷阱异常的间接分支陷阱事件，在处理器处接收间接分支陷阱事件，并处理处理间接分支陷阱事件

公开(公告)号：US09858411B2

公开(公告)日：2018-01-02

申请号：US14576665

申请日：2014-12-19

申请人： Ravi Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

发明人： Ravi Sahita ,  Xiaoning Li ,  Barry E. Huntley ,  Ofer Levy ,  Vedvyas Shanbhogue ,  Yuriy Bulygin ,  Ido Ouziel ,  Michael Lemay ,  John M. Esper

IPC分类号： G06F9/45 ,  G06F21/52 ,  G06F21/55 ,  G06F9/455 ,  G06F11/30

CPC分类号： G06F21/52 ,  G06F9/45558 ,  G06F11/30 ,  G06F21/554 ,  G06F2009/45591 ,  G06F2221/033

摘要： A method comprises filtering branch trap events at a branch event filter, monitoring a branch event filter to capture indirect branch trap events that cause a control flow trap exception, receiving the indirect branch trap events at a handler and the handler processing the indirect branch trap events.

公开(公告)号：US20170185752A1

公开(公告)日：2017-06-29

申请号：US14757733

申请日：2015-12-23

申请人： Michael Lemay ,  Scott Robinson

发明人： Michael Lemay ,  Scott Robinson

IPC分类号： G06F21/10 ,  H04L29/08

CPC分类号： H04L67/1097 ,  G06F21/6245

摘要： Solutions for controlling data exposure among computing entities are described. A data transfer agent (DTA) module includes a data payload portion to store information content conditionally transferable to at least one other DTA module, and a code portion containing instructions that operationally implement: a DTA connectivity link to the at least one other DTA module; an attestation module to obtain, via the DTA connectivity link, attestation from each of the at least one other DTA module indicating a data output connectivity configuration of that other DTA module; and a decision module to determine a degree of permissible interaction with each of the at least one other DTA module based the attestation and on decision criteria.