公开(公告)号：US20170249261A1

公开(公告)日：2017-08-31

申请号：US15175348

申请日：2016-06-07

Applicant: Intel Corporation

Inventor： DAVID M. DURHAM ,  RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  ARUMUGAM THIYAGARAJAH ,  ASIT K. MALLICK ,  BARRY E. HUNTLEY ,  DAVID A. KOUFATY ,  DEEPAK K. GUPTA ,  BAIJU V. PATEL

IPC: G06F12/14 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45533 ,  G06F12/1009 ,  G06F12/1027 ,  G06F21/78 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/656 ,  G06F2212/657

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20150378633A1

公开(公告)日：2015-12-31

申请号：US14320334

申请日：2014-06-30

Applicant: Intel Corporation

Inventor： RAVI L. SAHITA ,  VEDVYAS SHANBHOGUE ,  GILBERT NEIGER ,  JONATHAN EDWARDS ,  IDO OUZIEL ,  BARRY E. HUNTLEY ,  STANISLAV SHWARTSMAN ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY

IPC: G06F3/06 ,  G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2009/45583 ,  G06F2212/657

Abstract: An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages.

Abstract translation: 一种细粒度记忆保护装置和方法。 例如，方法的一个实施例包括：使用虚拟地址执行第一查找操作以识别存储器页面的物理地址，所述存储器页面包括多个子页面; 确定是否为所述存储器页启用子页面许可; 如果启用子页面许可，则执行第二查找操作以确定与存储器页面的一个或多个子页面相关联的许可; 以及实现与一个或多个子页面相关联的许可。

公开(公告)号：US20230076318A1

公开(公告)日：2023-03-09

申请号：US17903307

申请日：2022-09-06

Applicant: Intel Corporation

Inventor： ELIEZER WEISSMANN ,  MARK CHARNEY ,  MICHAEL MISHAELI ,  ROBERT VALENTINE ,  ITAI RAVID ,  JASON W. BRANDT ,  GILBERT NEIGER ,  BARUCH CHAIKIN ,  EFRAIM ROTEM

IPC: G06F9/38 ,  G06F9/30

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

公开(公告)号：US20230023329A1

公开(公告)日：2023-01-26

申请号：US17891180

申请日：2022-08-19

Applicant: Intel Corporation

Inventor： UTKARSH Y. KAKAIYA ,  RAJESH SANKARAN ,  GILBERT NEIGER ,  PHILIP LANTZ ,  SANJAY K. KUMAR

IPC: G06F9/34 ,  G06F9/30 ,  G06F12/109

Abstract: In one embodiment, a processor comprises: a first configuration register to store a pointer to a process address space identifier (PASID) table; and an execution circuit coupled to the first configuration register. The execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, obtain a PASID table handle from the command data, access a first entry of the PASID table using the pointer from the first configuration register and the PASID table handle to obtain a PASID value, insert the PASID value into the command data, and send the command data to a device coupled to the processor. Other embodiments are described and claimed.

公开(公告)号：US20160179721A1

公开(公告)日：2016-06-23

申请号：US14581677

申请日：2014-12-23

Applicant: Intel Corporation

Inventor： GILBERT NEIGER ,  RAJESH M. SANKARAN

IPC: G06F13/34

CPC classification number: G06F13/34

Abstract: Systems and methods for delivering interrupts to user-level applications. An example processing system comprises: a memory configured to store a plurality of user-level APIC data structures and a plurality of user-level interrupt handler address data structures corresponding to a plurality of user-level applications being executed by the processing system; and a processing core configured, responsive to receiving a notification of a user-level interrupt, to: set a pending interrupt bit flag having a position defined by an identifier of the user-level interrupt in a user-level APIC data structure associated with a user-level application that is currently being executed by the processing core, and invoke a user-level interrupt handler identified by a user-level interrupt handler address data structure associated with the user-level application, for a pending user-level interrupt having a highest priority among one or more pending user-level interrupts identified by the user-level APIC data structure.

Abstract translation: 将中断传送到用户级应用程序的系统和方法。 一个示例性处理系统包括：存储器，被配置为存储多个用户级APIC数据结构以及与由处理系统执行的多个用户级应用相对应的多个用户级中断处理程序地址数据结构; 以及处理核心，其被配置为响应于接收到用户级别中断的通知，以：在与用户级中断相关联的用户级APIC数据结构中设置具有由用户级别中断的标识符定义的位置的待决中断位标志 当前由处理核心执行的用户级应用程序，并且调用由与用户级应用程序相关联的用户级中断处理程序地址数据结构标识的用户级中断处理程序，用于具有 由用户级APIC数据结构识别的一个或多个未决用户级中断中的最高优先级。

公开(公告)号：US20200159673A1

公开(公告)日：2020-05-21

申请号：US16686379

申请日：2019-11-18

Applicant: Intel Corporation

Inventor： RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  DAVID A. KOUFATY ,  ASIT K. MALLICK ,  ARUMUGAM THIYAGARAJAH ,  BARRY E. HUNTLEY ,  DEEPAK K. GUPTA ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  BAIJU V. PATEL

IPC: G06F12/14 ,  G06F9/455 ,  G06F12/1009 ,  G06F12/1027

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20210406055A1

公开(公告)日：2021-12-30

申请号：US16911445

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： UTKARSH Y. KAKAIYA ,  SANJAY K. KUMAR ,  PHILIP LANTZ ,  GILBERT NEIGER ,  RAJESH SANKARAN ,  VEDVYAS SHANBHOGUE

IPC: G06F9/455 ,  G06F9/30 ,  G06F9/50 ,  G06F9/54

Abstract: In one embodiment, a processor comprises: a first configuration register to store quality of service (QoS) information for a process address space identifier (PASID) value associated with a first process; and an execution circuit coupled to the first configuration register, where the execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, insert the QoS information and the PASID value into the command data, and send a request comprising the command data to a device coupled to the processor, to enable the device to use the QoS information of a plurality of requests to manage sharing between a plurality of processes. Other embodiments are described and claimed.

公开(公告)号：US20210406022A1

公开(公告)日：2021-12-30

申请号：US16911441

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： UTKARSH Y. KAKAIYA ,  RAJESH SANKARAN ,  GILBERT NEIGER ,  PHILIP LANTZ ,  SANJAY K. KUMAR

IPC: G06F9/34 ,  G06F9/30

Abstract: In one embodiment, a processor comprises: a first configuration register to store a pointer to a process address space identifier (PASID) table; and an execution circuit coupled to the first configuration register. The execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, obtain a PASID table handle from the command data, access a first entry of the PASID table using the pointer from the first configuration register and the PASID table handle to obtain a PASID value, insert the PASID value into the command data, and send the command data to a device coupled to the processor. Other embodiments are described and claimed.

公开(公告)号：US20170315926A1

公开(公告)日：2017-11-02

申请号：US15652028

申请日：2017-07-17

Applicant: INTEL CORPORATION

Inventor： MICHAEL LEMAY ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  GILBERT NEIGER ,  RAVI L. SAHITA

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F21/00 ,  G06F9/455 ,  G06F12/14

CPC classification number: G06F12/1009 ,  G06F9/45533 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1483 ,  G06F21/00 ,  G06F21/53 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1024 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/651 ,  G06F2212/657 ,  G06F2212/68 ,  G06F2221/2141

Abstract: Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor.

公开(公告)号：US20160378678A1

公开(公告)日：2016-12-29

申请号：US14750982

申请日：2015-06-25

Applicant: Intel Corporation

Inventor： MICHAEL LEMAY ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  GILBERT NEIGER ,  RAVI L. SAHITA

IPC: G06F12/10 ,  G06F9/455 ,  G06F12/14

CPC classification number: G06F12/1009 ,  G06F9/45533 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1483 ,  G06F21/00 ,  G06F21/53 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1024 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/651 ,  G06F2212/657 ,  G06F2212/68 ,  G06F2221/2141

Abstract: Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor.

Abstract translation: 通常，本公开提供了用于页表编辑控制器的系统，方法和计算机可读介质，其被配置为通过操纵扩展页表来控制虚拟机（VM）客户软件对访客页表的访问。 该系统可以包括翻译后备缓冲器（TLB），以维护将一个或多个客户线性地址（GLA）锁定到一个或多个允许的访客物理地址（GPA）的策略; 页面处理器，用于根据访客页表更新TLB; 以及页表编辑控制（PTEC）模块，用于：识别将与所述策略相关联的GLA映射到第一GPA的所述访客页表的条目; 验证映射是否符合策略; 并且基于验证，应用于VM访客和页面移动处理器的受限辅助功能，将访客页面表放入多个受限访问状态之一。