公开(公告)号：US20220027287A1

公开(公告)日：2022-01-27

申请号：US17496327

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： Ravi L. SAHITA ,  Gilbert NEIGER ,  Vedvyas SHANBHOGUE ,  David M. DURHAM ,  Andrew V. ANDERSON ,  David A. KOUFATY ,  Asit K. MALLICK ,  Arumugam THIYAGARAJAH ,  Barry E. HUNTLEY ,  Deepak K. GUPTA ,  Michael LEMAY ,  Joseph F. CIHULA ,  Baiju V. PATEL

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F9/455

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20210303304A1

公开(公告)日：2021-09-30

申请号：US16833599

申请日：2020-03-28

Applicant: Intel Corporation

Inventor： Vedvyas SHANBHOQUE ,  Gilbert NEIGER ,  Deepak K. GUPTA ,  H. Peter ANVIN

IPC: G06F9/30 ,  G06F9/48 ,  G06F9/54 ,  G06F16/176

Abstract: An apparatus and method for efficiently managing shadow stacks. For example, one embodiment of a processor comprises: a plurality of registers to store a plurality of shadow stack pointers (SSPs), each SSP associated with a different event priority; event processing circuitry to select a first SSP of the plurality of SSPs from a first register of the plurality of registers responsive to receipt of a first event associated with a first event priority level, the first SSP usable to identify a top of a first shadow stack; verification and utilization checking circuitry to determine whether the first SSP has been previously verified, wherein if the first SSP has not been previously verified then initiating a set of atomic operations to verify the first SSP and confirm that the first SSP is not in use, the set of atomic operations using a locking operation to lock data until the set of atomic operations are complete, and wherein if the first SSP has been previously verified, then re-verifying the first SSP and confirming that the first SSP is not in use without using the locking operation.

公开(公告)号：US20220171625A1

公开(公告)日：2022-06-02

申请号：US17590648

申请日：2022-02-01

Applicant: Intel Corporation

Inventor： Vedvyas SHANBHOGUE ,  Gilbert NEIGER ,  Deepak K. GUPTA ,  H. Peter ANVIN

IPC: G06F9/30 ,  G06F21/52

Abstract: An apparatus and method for efficiently managing shadow stacks. For example, one embodiment of a processor comprises: a plurality of registers to store a plurality of shadow stack pointers (SSPs); event processing circuitry to select a first SSP of the plurality of SSPs from a first register of the plurality of registers responsive to receipt of a first event associated with a first event priority level, the first SSP usable to identify a top of a first shadow stack; verification and utilization checking circuitry to determine whether the first SSP has been previously verified, wherein if the first SSP has not been previously verified then initiating a set of atomic operations to verify the first SSP and confirm that the first SSP is not in use, the set of atomic operations using a locking operation to lock data until the set of atomic operations are complete.