Minimizing bandwidth to track return targets by an instruction tracing system
    4.
    发明授权
    Minimizing bandwidth to track return targets by an instruction tracing system 有权
    最小化带宽以通过指令跟踪系统跟踪返回目标

    公开(公告)号:US09442729B2

    公开(公告)日:2016-09-13

    申请号:US13890654

    申请日:2013-05-09

    摘要: A processing device implementing minimizing bandwidth to track return targets by an instruction tracing system is disclosed. A processing device of the disclosure an instruction fetch unit comprising a return stack buffer (RSB) to predict a target address of a return (RET) instruction corresponding to a call (CALL) instruction. The processing device further includes a retirement unit comprising an instruction tracing module to initiate instruction tracing for instructions executed by the processing device, determine whether the target address of the RET instruction was mispredicted, determine a value of call depth counter (CDC) maintained by the instruction tracing module, and when the target address of the RET instruction was not mispredicted and when the value of the CDC is greater than zero, generate an indication that the RET instruction branches to a next linear instruction after the corresponding CALL instruction.

    摘要翻译: 公开了一种通过指令跟踪系统实现最小化带宽以跟踪返回目标的处理设备。 本公开的处理装置包括一个指令提取单元,该单元包括用于预测与一个调用(CALL)指令相对应的返回(RET)指令的目标地址的返回栈缓冲器(RSB)。 所述处理装置还包括退出单元,所述退出单元包括指令跟踪模块,用于启动由所述处理设备执行的指令的指令跟踪,确定所述RET指令的目标地址是否被错误预测,确定由所述处理设备维护的所述呼叫深度计数器 指令跟踪模块,并且当RET指令的目标地址未被错误预测时,并且当CDC的值大于零时,生成指令在相应的CALL指令之后分支到下一个线性指令。

    MINIMIZING BANDWIDTH TO TRACK RETURN TARGETS BY AN INSTRUCTION TRACING SYSTEM
    5.
    发明申请
    MINIMIZING BANDWIDTH TO TRACK RETURN TARGETS BY AN INSTRUCTION TRACING SYSTEM 有权
    通过指令跟踪系统最小化带宽跟踪返回目标

    公开(公告)号:US20140337604A1

    公开(公告)日:2014-11-13

    申请号:US13890654

    申请日:2013-05-09

    IPC分类号: G06F9/30

    摘要: A processing device implementing minimizing bandwidth to track return targets by an instruction tracing system is disclosed. A processing device of the disclosure an instruction fetch unit comprising a return stack buffer (RSB) to predict a target address of a return (RET) instruction corresponding to a call (CALL) instruction. The processing device further includes a retirement unit comprising an instruction tracing module to initiate instruction tracing for instructions executed by the processing device, determine whether the target address of the RET instruction was mispredicted, determine a value of call depth counter (CDC) maintained by the instruction tracing module, and when the target address of the RET instruction was not mispredicted and when the value of the CDC is greater than zero, generate an indication that the RET instruction branches to a next linear instruction after the corresponding CALL instruction.

    摘要翻译: 公开了一种通过指令跟踪系统实现最小化带宽以跟踪返回目标的处理设备。 本公开的处理装置包括一个指令提取单元,该单元包括用于预测与一个调用(CALL)指令相对应的返回(RET)指令的目标地址的返回栈缓冲器(RSB)。 所述处理装置还包括退出单元,所述退出单元包括指令跟踪模块,用于启动由所述处理设备执行的指令的指令跟踪,确定所述RET指令的目标地址是否被错误预测,确定由所述处理设备维护的所述呼叫深度计数器 指令跟踪模块,并且当RET指令的目标地址未被错误预测时,并且当CDC的值大于零时,生成指令在相应的CALL指令之后分支到下一个线性指令。

    Managing generated trace data for a virtual machine
    6.
    发明授权
    Managing generated trace data for a virtual machine 有权
    管理虚拟机的生成跟踪数据

    公开(公告)号:US09329884B2

    公开(公告)日:2016-05-03

    申请号:US14329192

    申请日:2014-07-11

    IPC分类号: G06F9/455

    摘要: A processing device with tracing functionality for a virtual machine is described. The processing device includes a tracing register to store a value indicative of whether tracing is enabled or disabled, a tracing module to generate trace data while tracing is enabled, and an internal buffer to store the trace data. When tracing is disabled, the processing device removes the trace data from the buffer. Mechanisms are described to ensure that the trace data is not corrupted during this process, despite the presence of page faults that may result from trace output writes.

    摘要翻译: 描述了具有用于虚拟机的跟踪功能的处理设备。 处理装置包括跟踪寄存器,用于存储指示跟踪是启用还是禁用的值,跟踪模块用于在跟踪被启用时生成跟踪数据,以及内部缓冲器来存储跟踪数据。 当禁用跟踪时,处理设备将从缓冲区中删除跟踪数据。 描述了机制,以确保在此过程中跟踪数据不会损坏,尽管存在可能由跟踪输出写入引起的页面错误。

    Control flow integrity
    8.
    发明授权

    公开(公告)号:US10248424B2

    公开(公告)日:2019-04-02

    申请号:US15283370

    申请日:2016-10-01

    摘要: One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.

    TECHNOLOGIES FOR CONTROL FLOW EXPLOIT MITIGATION USING PROCESSOR TRACE
    9.
    发明申请
    TECHNOLOGIES FOR CONTROL FLOW EXPLOIT MITIGATION USING PROCESSOR TRACE 有权
    使用处理器跟踪控制流量开采减少的技术

    公开(公告)号:US20160283714A1

    公开(公告)日:2016-09-29

    申请号:US14670988

    申请日:2015-03-27

    IPC分类号: G06F21/56 G06F21/44

    CPC分类号: G06F21/56 G06F21/44 G06F21/52

    摘要: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.

    摘要翻译: 用于控制流利用减轻的技术包括具有具有实时指令跟踪支持的处理器的计算设备。 在处理过程中,处理器产生指示过程控制流的跟踪数据。 计算设备分析跟踪数据以识别可疑的控制流攻击。 计算设备可以使用启发式算法来识别返回导向的编程漏洞。 计算设备可以基于跟踪数据来维护阴影栈。 计算设备可以基于跟踪数据来识别对未授权地址的间接分支,以识别面向跳跃的编程漏洞。 每当进程被抢占时,计算设备可以检查跟踪数据。 处理器可以实时地检测错误的返回指令,并且在该过程的过程空间中调用软件处理程序以验证和维护该影子栈。 描述和要求保护其他实施例。