公开(公告)号：US20120117300A1

公开(公告)日：2012-05-10

申请号：US12959109

申请日：2010-12-02

申请人： Erik C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

发明人： Erik C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC分类号： G06F12/08

CPC分类号： G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

摘要： One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

摘要翻译： 本发明的一个实施例是使翻译后备缓冲器（TLB）中的条目无效的技术。 处理器中的TLB具有多个TLB条目。 当执行无效操作时，每个TLB条目与虚拟机扩展（VMX）标签字相关联，指示相关联的TLB条目是否根据处理器模式而无效。 处理器模式是虚拟机（VM）中的执行之一，而不是虚拟机中的执行。 无效操作属于一个无效的无效操作集合，它由（1）可能为空的操作集合组合，使一组可变数量的TLB条目无效，（2）一组可能的空白操作，使一个TLB无效 条目，（3）使多个TLB条目无效的可能的一组操作，（4）启用和禁用虚拟存储器的使用的可能的一组可能的空操作，以及（5）配置物理的可能的一组操作 地址大小，页面大小或其他虚拟内存系统行为，以改变物理机器解释TLB条目的方式。

公开(公告)号：US20130212313A1

公开(公告)日：2013-08-15

申请号：US13837648

申请日：2013-03-15

申请人： Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

发明人： Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC分类号： G06F12/10

CPC分类号： G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

摘要： One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

摘要翻译： 本发明的一个实施例是使翻译后备缓冲器（TLB）中的条目无效的技术。 处理器中的TLB具有多个TLB条目。 当执行无效操作时，每个TLB条目与虚拟机扩展（VMX）标签字相关联，指示相关联的TLB条目是否根据处理器模式而无效。 处理器模式是虚拟机（VM）中的执行之一，而不是虚拟机中的执行。 无效操作属于一个无效的无效操作集合，它由（1）可能为空的操作集合组合，使一组可变数量的TLB条目无效，（2）一组可能的空白操作，使一个TLB无效 条目，（3）使多个TLB条目无效的可能的一组操作，（4）启用和禁用虚拟存储器的使用的可能的一组可能的空操作，以及（5）配置物理的可能的一组操作 地址大小，页面大小或其他虚拟内存系统行为，以改变物理机器解释TLB条目的方式。

公开(公告)号：US08543772B2

公开(公告)日：2013-09-24

申请号：US12959109

申请日：2010-12-02

申请人： Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

发明人： Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC分类号： G06F12/08

CPC分类号： G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

摘要： One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

摘要翻译： 本发明的一个实施例是使翻译后备缓冲器（TLB）中的条目无效的技术。 处理器中的TLB具有多个TLB条目。 当执行无效操作时，每个TLB条目与虚拟机扩展（VMX）标签字相关联，指示相关联的TLB条目是否根据处理器模式而无效。 处理器模式是虚拟机（VM）中的执行之一，而不是虚拟机中的执行。 无效操作属于一个无效的无效操作集合，它由（1）可能为空的操作集合组合，使一组可变数量的TLB条目无效，（2）一组可能的空白操作，使一个TLB无效 条目，（3）使多个TLB条目无效的可能的一组操作，（4）启用和禁用虚拟存储器的使用的可能的一组可能的空操作，以及（5）配置物理的可能的一组操作 地址大小，页面大小或其他虚拟内存系统行为，以改变物理机器解释TLB条目的方式。

公开(公告)号：US20050080934A1

公开(公告)日：2005-04-14

申请号：US10676584

申请日：2003-09-30

申请人： Erik Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

发明人： Erik Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC分类号： G06F12/10 ,  G06F3/00

CPC分类号： G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

摘要： One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

公开(公告)号：US07124273B2

公开(公告)日：2006-10-17

申请号：US10084282

申请日：2002-02-25

申请人： Andy Glew ,  Michael A. Kozuch ,  Erich S. Boleyn ,  Lawrence O. Smith, III ,  Gilbert Neiger ,  Richard Uhlig

发明人： Andy Glew ,  Michael A. Kozuch ,  Erich S. Boleyn ,  Lawrence O. Smith, III ,  Gilbert Neiger ,  Richard Uhlig

IPC分类号： G06F12/00

CPC分类号： G06F12/1036

摘要： A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.

公开(公告)号：US07921293B2

公开(公告)日：2011-04-05

申请号：US11340181

申请日：2006-01-24

申请人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

发明人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： G06F21/57

摘要： An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

摘要翻译： 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收的负载安全区域指令。 否则，响应于接收到的负载安全区域指令，引导存储器保护元件以形成安全存储器环境。 一旦定向，就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后，一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储，外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

公开(公告)号：US07024555B2

公开(公告)日：2006-04-04

申请号：US10043843

申请日：2001-11-01

申请人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

发明人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

IPC分类号： G06F1/26

CPC分类号： G06F21/57

摘要： An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.

公开(公告)号：US20070192577A1

公开(公告)日：2007-08-16

申请号：US11340181

申请日：2006-01-24

申请人： Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

发明人： Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

IPC分类号： G06F15/177

CPC分类号： G06F21/57

摘要： An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

摘要翻译： 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收到的负载安全区域指令。 否则，响应于接收到的负载安全区域指令，引导存储器保护元件以形成安全存储器环境。 一旦定向，就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后，一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储，外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

公开(公告)号：US20060075402A1

公开(公告)日：2006-04-06

申请号：US10956239

申请日：2004-09-30

申请人： Gilbert Neiger ,  Steven Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford Hall ,  Dion Rodgers ,  Lawrence Smith ,  Andrew Anderson ,  Richard Uhlig ,  Michael Kozuch ,  Andy Glew

发明人： Gilbert Neiger ,  Steven Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford Hall ,  Dion Rodgers ,  Lawrence Smith ,  Andrew Anderson ,  Richard Uhlig ,  Michael Kozuch ,  Andy Glew

IPC分类号： G06F9/455

CPC分类号： G06F9/45558

摘要： In one embodiment, a method includes transitioning control to a virtual machine (VM) from a virtual machine monitor (VMM), determining that a VMM timer indicator is set to an enabling value, and identifying a VMM timer value configured by the VMM. The method further includes periodically comparing a current value of a timing source with the VMM timer value, generating an internal event if the current value of the timing source has reached the VMM timer value, and transitioning control to the VMM in response to the internal event without incurring an event handling procedure in any one of the VMM and the VM.

摘要翻译： 在一个实施例中，一种方法包括从虚拟机监视器（VMM）向虚拟机（VM）转换控制，确定VMM定时器指示符被设置为使能值，以及识别由VMM配置的VMM定时器值。 该方法还包括周期性地比较定时源的当前值与VMM定时器值，如果定时源的当前值达到VMM定时器值，则产生内部事件，并响应于内部事件转换到VMM 而不会在任何一个VMM和VM中引发事件处理过程。

公开(公告)号：US07840962B2

公开(公告)日：2010-11-23

申请号：US10956239

申请日：2004-09-30

申请人： Gilbert Neiger ,  Steven M. Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford D. Hall ,  Dion Rodgers ,  Lawrence O. Smith ,  Andrew V. Anderson ,  Richard A. Uhlig ,  Michael Kozuch ,  Andy Glew

发明人： Gilbert Neiger ,  Steven M. Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford D. Hall ,  Dion Rodgers ,  Lawrence O. Smith ,  Andrew V. Anderson ,  Richard A. Uhlig ,  Michael Kozuch ,  Andy Glew

IPC分类号： G06F9/455 ,  G06F9/46 ,  G06F11/00

CPC分类号： G06F9/45558

摘要： In one embodiment, a method includes transitioning control to a virtual machine (VM) from a virtual machine monitor (VMM), determining that a VMM timer indicator is set to an enabling value, and identifying a VMM timer value configured by the VMM. The method further includes periodically comparing a current value of a timing source with the VMM timer value, generating an internal event if the current value of the timing source has reached the VMM timer value, and transitioning control to the VMM in response to the internal event without incurring an event handling procedure in any one of the VMM and the VM.

摘要翻译： 在一个实施例中，一种方法包括从虚拟机监视器（VMM）向虚拟机（VM）转换控制，确定VMM定时器指示符被设置为使能值，以及识别由VMM配置的VMM定时器值。 该方法还包括周期性地比较定时源的当前值与VMM定时器值，如果定时源的当前值达到VMM定时器值，则产生内部事件，并响应于内部事件转换到VMM 而不会在任何一个VMM和VM中引发事件处理过程。