-
公开(公告)号:US11640361B2
公开(公告)日:2023-05-02
申请号:US16296306
申请日:2019-03-08
IPC分类号: G06F12/14 , G06F12/109 , G06F12/1036 , G06F12/1072
摘要: According to one or more embodiments of the present invention, a computer implemented method includes receiving a secure access request for a secure page of memory at a secure interface control of a computer system. The secure interface control can check a disable virtual address compare state associated with the secure page. The secure interface control can disable a virtual address check in accessing the secure page to support mapping of a plurality of virtual addresses to a same absolute address to the secure page based on the disable virtual address compare state being set and/or to support secure pages that are accessed using an absolute address and do not have an associated virtual address.
-
公开(公告)号:US11531627B2
公开(公告)日:2022-12-20
申请号:US16296345
申请日:2019-03-08
摘要: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.
-
公开(公告)号:US11029991B2
公开(公告)日:2021-06-08
申请号:US16296336
申请日:2019-03-08
摘要: According to one or more embodiments of the present invention, a computer implemented method includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine by determining, by a secure interface control of the host server, a security mode of the virtual machine. Based on the security mode being a first mode, the secure interface control loads a virtual machine state from a first state descriptor, which is stored in a non-secure portion of memory. Based on the security mode being a second mode, the secure interface control loads the virtual machine state from a second state descriptor, which is stored in a secure portion of the memory.
-
公开(公告)号:US20200285762A1
公开(公告)日:2020-09-10
申请号:US16296352
申请日:2019-03-08
发明人: Jonathan D. Bradbury , Martin Schwidefsky , Christian Borntraeger , Lisa Cranton Heller , Heiko Carstens , Fadi Y. Busaba
摘要: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.
-
5.发明申请公开(公告)号:US20200285747A1
公开(公告)日:2020-09-10
申请号:US16296452
申请日:2019-03-08
发明人: Christian Borntraeger , Claudio Imbrenda , Fadi Y. Busaba , Jonathan D. Bradbury , Lisa Cranton Heller
摘要: A method is provided by a secure interface control of a computer that provides a partial instruction interpretation for an instruction which enables an interruption. The secure interface control fetches a program status word or a control register value from a secure guest storage. The secure interface control notifies an untrusted entity of guest interruption mask updates. The untrusted entity is executed on and in communication with hardware of the computer through the secure interface control to support operations of a secure entity executing on the untrusted entity. The secure interface control receives, from the untrusted entity, a request to present a highest priority, enabled guest interruption in response to the notifying of the guest interruption mask updates. The secure interface control moves interruption information into a guest prefix page and injecting the interruption in the secure entity when an injection of the interruption is determined to be valid.
-
公开(公告)号:US20200285501A1
公开(公告)日:2020-09-10
申请号:US16296460
申请日:2019-03-08
发明人: Lisa Cranton Heller , Fadi Y. Busaba , Jonathan D. Bradbury , Christian Borntraeger , Utz Bacher , Reinhard Theodor Buendgen
IPC分类号: G06F9/455
摘要: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
公开(公告)号:US20200285499A1
公开(公告)日:2020-09-10
申请号:US16296315
申请日:2019-03-08
摘要: According to one or more embodiments of the present invention, a computer implemented method includes receiving a request from a requestor, to access a page of memory. The requestor is either a secure entity of a computer system or a secure interface control of the computer system. The request is tagged as a secure request from a secure domain of the computer system. It is verified that the request is making an access to a page that is both registered as secure and registered as belonging to the secure domain. The requestor is provided access to the page based at least in part on the page being registered as secure and as belonging to the secure domain. The requestor is prevented from accessing the page, based on one or both of the page not being registered as secure, and the page not being registered as belonging to the secure domain.
-
公开(公告)号:US10740106B2
公开(公告)日:2020-08-11
申请号:US14854258
申请日:2015-09-15
发明人: Fadi Y. Busaba , Harold W. Cain, III , Michael Karl Gschwind , Maged M. Michael , Valentina Salapura
摘要: A transactional memory system determines whether a hardware transaction can be salvaged. A processor of the transactional memory system begins execution of a transaction in a transactional memory environment. Based on detection that an amount of available resource for transactional execution is below a predetermined threshold level, the processor determines whether the transaction can be salvaged. Based on determining that the transaction can not be salvaged, the processor aborts the transaction. Based on determining the transaction can be salvaged, the processor performs a salvage operation, wherein the salvage operation comprises one or more of: determining that the transaction can be brought to a stable state without exceeding the amount of available resource for transactional execution, and bringing the transaction to a stable state; and determining that a resource can be made available, and making the resource available.
-
公开(公告)号:US20200065138A1
公开(公告)日:2020-02-27
申请号:US16672081
申请日:2019-11-01
发明人: Fadi Y. Busaba , Harold W. Cain, III , Michael Karl Gschwind , Valentina Salapura , Timothy J. Slegel
IPC分类号: G06F9/46 , G06F12/0862 , G06F12/0817 , G06F12/0811 , G06F3/06 , G06F13/42 , G06F13/16
摘要: A computer-implemented method includes identifying two or more memory locations and referencing, by a memory access request, the two or more memory locations. The memory access request is a single action pursuant to a memory protocol. The computer-implemented method further includes sending the memory access request from one or more processors to a node and fetching, by the node, data content from each of the two or more memory locations. The computer-implemented method further includes packaging, by the node, the data content from each of the two or more memory locations into a memory package, and returning the memory package from the node to the one or more processors. A corresponding computer program product and computer system are also disclosed.
-
公开(公告)号:US10572298B2
公开(公告)日:2020-02-25
申请号:US15804321
申请日:2017-11-06
发明人: Fadi Y. Busaba , Dan F. Greiner , Michael K. Gschwind , Maged M. Michael , Valentina Salapura , Chung-Lung K. Shum
摘要: A transactional memory system dynamically predicts the resource requirements of hardware transactions. A processor of the transactional memory system predicts resource requirements of a first hardware transaction to be executed based on a resource hint, a type of hardware transaction that is associated with a given hardware transaction, and a previous execution of a prior hardware transaction that is associated with the type of hardware transaction. The processor allocates resources for the given hardware transaction based on the predicted resource requirements. The processor initiates execution of the first hardware transaction using at least a portion of the allocated resources.
-
-
-
-
-
-
-
-
-
搜索结果
315 条记录 (耗时 0.027 秒)
