公开(公告)号：US20220027287A1

公开(公告)日：2022-01-27

申请号：US17496327

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： Ravi L. SAHITA ,  Gilbert NEIGER ,  Vedvyas SHANBHOGUE ,  David M. DURHAM ,  Andrew V. ANDERSON ,  David A. KOUFATY ,  Asit K. MALLICK ,  Arumugam THIYAGARAJAH ,  Barry E. HUNTLEY ,  Deepak K. GUPTA ,  Michael LEMAY ,  Joseph F. CIHULA ,  Baiju V. PATEL

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F9/455

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20220308980A1

公开(公告)日：2022-09-29

申请号：US17834211

申请日：2022-06-07

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  Beeman STRONG

IPC: G06F11/34 ,  G06F11/30 ,  G06F21/57 ,  G06F21/56

Abstract: Processor trace systems and methods are described. For example, one embodiment comprises executing instrumented code by a compiler, the instrumented code including at least one call to un-instrumented code. The compiler can determine the at least one call to un-instrumented code is a next call to be executed. A resume tracing instruction can be inserted into the instrumented code prior to the at least one call to the un-instrumented code. The resume tracing instruction can be executed to selectively add processor tracing to the at least one call to the un-instrumented code, and the at least one call to the un-instrumented code can be executed.

公开(公告)号：US20210117535A1

公开(公告)日：2021-04-22

申请号：US17114246

申请日：2020-12-07

Applicant: INTEL CORPORATION

Inventor： Michael LEMAY ,  David M. DURHAM ,  Michael E. KOUNAVIS ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Jason W. BRANDT ,  Josh TRIPLETT ,  Gilbert NEIGER ,  Karanvir GREWAL ,  Baiju PATEL ,  Ye ZHUANG ,  Jr-Shian TSAI ,  Vadim SUKHOMLINOV ,  Ravi SAHITA ,  Mingwei ZHANG ,  James C. FARWELL ,  Amitabh DAS ,  Krishna BHUYAN

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US20190034350A1

公开(公告)日：2019-01-31

申请号：US15663223

申请日：2017-07-28

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  Steffen SCHULZ

IPC: G06F12/1045 ,  G06F12/1009

Abstract: Apparatuses, systems and methods associated microprocessor segment registers are disclosed herein. More particularly, the present disclosure relates to providing an auxiliary segment register(s) and/or auxiliary segment descriptor table(s), and various ways for their use, for example, providing new instructions for their access, or remapping existing processor resources. A machine might provide isolated execution regions and/or protected memory by associating or exclusively reserving some or all of the auxiliary segment register(s)/table(s) with a specific task, program, instruction sequence, etc. In some embodiments, such as in Internet of Things (IoT) or wearable devices, auxiliary resources may be employed to isolate mutually-distrustful code regions to facilitate engaging unknown devices. Other embodiments are also described and/or claimed.

公开(公告)号：US20220058023A1

公开(公告)日：2022-02-24

申请号：US17517580

申请日：2021-11-02

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  Vedvyas SHANBHOGUE ,  Deepak GUPTA ,  Ravi SAHITA ,  David M. DURHAM ,  Willem PINCKAERS ,  Enrico PERLA

IPC: G06F9/30 ,  G06F9/38 ,  G06F16/901 ,  G06F9/46 ,  G06F9/448

Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.

公开(公告)号：US20200004953A1

公开(公告)日：2020-01-02

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  David M. DURHAM ,  Michael E. KOUNAVIS ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Jason W. BRANDT ,  Josh TRIPLETT ,  Gilbert NEIGER ,  Karanvir GREWAL ,  Baiju V. PATEL ,  Ye ZHUANG ,  Jr-Shian TSAI ,  Vadim SUKHOMLINOV ,  Ravi SAHITA ,  Mingwei ZHANG ,  James C. FARWELL ,  Amitabh DAS ,  Krishna BHUYAN

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.