公开(公告)号：US11782716B2

公开(公告)日：2023-10-10

申请号：US17517580

申请日：2021-11-02

Applicant: Intel Corporation

Inventor： Michael LeMay ,  Vedvyas Shanbhogue ,  Deepak Gupta ,  Ravi Sahita ,  David M. Durham ,  Willem Pinckaers ,  Enrico Perla

IPC: G06F9/30 ,  G06F9/38 ,  G06F9/448 ,  G06F9/46 ,  G06F16/901 ,  G06F9/455 ,  G06F12/14 ,  G06F21/52 ,  G06F21/79 ,  G06F9/35

CPC classification number: G06F9/30145 ,  G06F9/3836 ,  G06F9/449 ,  G06F9/468 ,  G06F16/9017

Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.

公开(公告)号：US11741018B2

公开(公告)日：2023-08-29

申请号：US17873668

申请日：2022-07-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Jacob Doweck ,  Michael Lemay ,  Deepak Gupta

IPC: G06F12/10 ,  G06F12/1027

CPC classification number: G06F12/1027 ,  G06F2212/681

Abstract: An apparatus and method for efficient process-based compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data; memory management circuitry coupled to the execution circuitry, the memory management circuitry to manage access to a system memory by a plurality of related processes using one or more process-specific translation structures and one or more shared translation structures to be shared by the related processes; and one or more control registers to store a process-specific base address pointer associated with a first process of the plurality of related processes and to store a shared base address pointer to identify the shared translation structures; wherein the memory management circuitry is to use the process-specific base address pointer in combination with a first linear address provided by the first process to walk the process-specific translation structures to identify any permissions and/or physical address associated with the first linear address, wherein if permissions are identified, the memory management circuitry is to use the permissions in place of any permissions specified in the shared translation structures.

公开(公告)号：US20220012059A1

公开(公告)日：2022-01-13

申请号：US17341068

申请日：2021-06-07

Applicant: Intel Corporation

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US11029957B1

公开(公告)日：2021-06-08

申请号：US16833478

申请日：2020-03-27

Applicant: INTEL CORPORATION

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US11556341B2

公开(公告)日：2023-01-17

申请号：US17341068

申请日：2021-06-07

Applicant: Intel Corporation

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US11030113B1

公开(公告)日：2021-06-08

申请号：US16728928

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： David M. Durham ,  Jacob Doweck ,  Michael Lemay ,  Deepak Gupta

IPC: G06F12/10 ,  G06F12/1027

Abstract: An apparatus and method for efficient process-based compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data; memory management circuitry coupled to the execution circuitry, the memory management circuitry to manage access to a system memory by a plurality of related processes using one or more process-specific translation structures and one or more shared translation structures to be shared by the related processes; and one or more control registers to store a process-specific base address pointer associated with a first process of the plurality of related processes and to store a shared base address pointer to identify the shared translation structures; wherein the memory management circuitry is to use the process-specific base address pointer in combination with a first linear address provided by the first process to walk the process-specific translation structures to identify any permissions and/or physical address associated with the first linear address, wherein if permissions are identified, the memory management circuitry is to use the permissions in place of any permissions specified in the shared translation structures.

公开(公告)号：US20220283813A1

公开(公告)日：2022-09-08

申请号：US17359534

申请日：2021-06-26

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  H. Peter Anvin ,  Vedvyas Shanbhogue ,  Deepak Gupta

IPC: G06F9/30

Abstract: Techniques for flexible return and event delivery are described. As an example, an exemplary apparatus includes decoder circuitry to decode a single instruction, the single instruction to include a field for an opcode; and execution circuitry to execute the decoded single instruction according to the opcode to cause a return from an event handler while staying in a most privileged level and establish a return context that was in effect before event delivery.

公开(公告)号：US11409662B2

公开(公告)日：2022-08-09

申请号：US17321087

申请日：2021-05-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Jacob Doweck ,  Michael Lemay ,  Deepak Gupta

IPC: G06F12/10 ,  G06F12/1027

Abstract: An apparatus and method for efficient process-based compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data; memory management circuitry coupled to the execution circuitry, the memory management circuitry to manage access to a system memory by a plurality of related processes using one or more process-specific translation structures and one or more shared translation structures to be shared by the related processes; and one or more control registers to store a process-specific base address pointer associated with a first process of the plurality of related processes and to store a shared base address pointer to identify the shared translation structures; wherein the memory management circuitry is to use the process-specific base address pointer in combination with a first linear address provided by the first process to walk the process-specific translation structures to identify any permissions and/or physical address associated with the first linear address, wherein if permissions are identified, the memory management circuitry is to use the permissions in place of any permissions specified in the shared translation structures.

公开(公告)号：US11163569B2

公开(公告)日：2021-11-02

申请号：US16729358

申请日：2019-12-28

Applicant: Intel Corporation

Inventor： Michael Lemay ,  Vedvyas Shanbhogue ,  Deepak Gupta ,  Ravi Sahita ,  David M. Durham ,  Willem Pinckaers ,  Enrico Perla

IPC: G06F16/90 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/30 ,  G06F9/38 ,  G06F16/901 ,  G06F9/46 ,  G06F9/448

Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.