公开(公告)号：US10705850B2

公开(公告)日：2020-07-07

申请号：US15730713

申请日：2017-10-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Pedro Miguel Teixeira ,  Neeraj K. Singh ,  Kenneth D. Johnson

IPC: G06F9/38 ,  G06F9/48 ,  G06F9/46 ,  G06F9/54 ,  G06F9/448 ,  G06F9/455 ,  G06F11/07

Abstract: A system for exception handling is configured to, in response to detection of an exception during a function call, search for an exception handler to handle the detected exception by unwinding a stack across a plurality of frames. A binary includes functions associated with one of a first application binary interface (ABI) or a second ABI. The stack includes a transition frame created between frames of the first ABI and the second ABI during execution of the binaries. The system is configured to detect the transition frame in the stack when encountering a change from a frame of one ABI to a frame of another ABI, and translate an interface context therebetween to handle the exception.

公开(公告)号：US10198572B2

公开(公告)日：2019-02-05

申请号：US14179378

申请日：2014-02-12

Applicant: Microsoft Technology Licensing, LLC

Inventor： David A. Hepkin ,  Kenneth D. Johnson

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/51

Abstract: A virtual machine manager facilitates selective code integrity enforcement. A virtual machine manager (or other higher privileged entity) can verify the integrity of code in memory pages, and a virtual processor running in kernel mode executes the code on a memory page only if the virtual machine manager (or other higher privileged entity) has verified the code integrity of that code. However, the virtual machine manager need not verify the integrity of code in memory pages when the virtual processor is running in user mode. Rather, an operating system running on the virtual processor can apply any of a variety of policies (e.g., optionally perform any of a variety of different checks or verifications of the code) to determine whether the code can be executed in user mode.

公开(公告)号：US10157268B2

公开(公告)日：2018-12-18

申请号：US15277283

申请日：2016-09-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jordan Thomas Rabet ,  Kenneth D. Johnson ,  Matthew R. Miller ,  Adam M. Zabrocki ,  Shawn Daniel Hoffman ,  Landy Wang ,  Yevgeniy M. Bak

IPC: G06F9/46 ,  G06F21/00 ,  G06F9/48

Abstract: Each program thread running on a computing device has an associated data stack and control stack. A stack displacement value is generated, which is the difference between the memory address of the base of the data stack and the memory address of the base of the control stack, and is stored in a register of a processor of the computing device that is restricted to operating system kernel use. For each thread on which return flow guard is enabled, prologue and epilogue code is added to each function of the thread (e.g., by a memory manager of the computing device). The data stack and the control stack each store a return address for the function, and when the function completes the epilogue code allows the function to return only if the return addresses on the data stack and the control stack match.

公开(公告)号：US20180113764A1

公开(公告)日：2018-04-26

申请号：US15332981

申请日：2016-10-24

Applicant: Microsoft Technology Licensing, LLC

Inventor： Aditya Bhandari ,  Kenneth D. Johnson ,  Cody Dean Hartwig ,  Bruce J. Sherwin, JR. ,  Jason S. Wohlgemuth

IPC: G06F11/14 ,  G06F11/07

CPC classification number: G06F11/1441 ,  G06F11/0712 ,  G06F11/0757 ,  G06F11/0778 ,  G06F11/1438

Abstract: A computing device runs a hypervisor that manages a watchdog timer, referred to as a hypervisor watchdog timer, for each operating system in each partition. Each hypervisor watchdog timer is re-armed at various intervals by the operating system running in the associated partition. In response to a hypervisor watchdog timer expiring, the watchdog timer resets the operating system in the associated partition. Optionally, after a threshold amount of time elapses without being re-armed, the hypervisor watchdog timer issues a non-maskable interrupt (NMI) to the operating system in the associated partition to allow the operating system to store crash data. Operation of the hypervisor watchdog timers is paused when the computing device enters a low power mode and resumes when the computing device exits the low power mode, removing any need to re-arm the hypervisor watchdog timers while the computing device is in the low power mode.

公开(公告)号：US20180004531A1

公开(公告)日：2018-01-04

申请号：US15199399

申请日：2016-06-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ling Tony Chen ,  Kenneth D. Johnson ,  Jonathan E. Lange ,  Kinshumann ,  Matthew Miller ,  Neeraj Singh

IPC: G06F9/38 ,  G06F3/06 ,  G06F9/30

CPC classification number: G06F9/3861 ,  G06F3/0604 ,  G06F3/0631 ,  G06F3/0673 ,  G06F9/30032 ,  G06F9/30054 ,  G06F11/28 ,  G06F21/6227

Abstract: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.

公开(公告)号：US12086237B2

公开(公告)日：2024-09-10

申请号：US17557643

申请日：2021-12-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Haim Cohen ,  Graham John Harper ,  Mehmet Iyigun ,  Kenneth D. Johnson

IPC: G06F21/51 ,  G06F21/31 ,  G06F21/52 ,  G06F21/53 ,  G06F21/54 ,  G06F21/57 ,  G06F21/64 ,  G06F21/79

CPC classification number: G06F21/54 ,  G06F21/31 ,  G06F21/64 ,  G06F21/79

Abstract: Securely redirecting a system service routine via a provider service table. A service call provider is loaded within an operating system executing in a lower trust security zone. The service call provider comprises metadata indicating a system service routine to be redirected to the service call provider. Based on the metadata, a provider service table is built within a higher trust security zone. The service table redirects the system service routine to the service call provider. Memory page(s) associated with the provider service table are hardware protected, and a read-only view is exposed to the operating system. The provider service table is associated with a user-mode process. A service call for a particular system service routine is received by the operation system from the user-mode process and, based on the provider service table being associated with the user-mode process, the service call is directed to the service call provider.

公开(公告)号：US10831886B2

公开(公告)日：2020-11-10

申请号：US16247705

申请日：2019-01-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： David A. Hepkin ,  Kenneth D. Johnson

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/51

Abstract: A virtual machine manager facilitates selective code integrity enforcement. A virtual machine manager (or other higher privileged entity) can verify the integrity of code in memory pages, and a virtual processor running in kernel mode executes the code on a memory page only if the virtual machine manager (or other higher privileged entity) has verified the code integrity of that code. However, the virtual machine manager need not verify the integrity of code in memory pages when the virtual processor is running in user mode. Rather, an operating system running on the virtual processor can apply any of a variety of policies (e.g., optionally perform any of a variety of different checks or verifications of the code) to determine whether the code can be executed in user mode.

公开(公告)号：US10963567B2

公开(公告)日：2021-03-30

申请号：US15990230

申请日：2018-05-25

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Kenneth D. Johnson ,  Jonathan E. Lange

IPC: G06F9/30 ,  G06F21/56 ,  G06F9/38 ,  G06F21/75 ,  H04L9/00 ,  G06F21/52

Abstract: Preventing the observation of the side effects of mispredicted speculative execution flows using restricted speculation. In an embodiment a microprocessor comprises a register file including a plurality of entries, each entry comprising a value and a flag. The microprocessor (i) sets the flag corresponding to any entry whose value results from a memory load operation that has not yet been retired or cancelled, or results from a calculation that was derived from a register file entry whose corresponding flag was set, and (ii) clears the flag corresponding to any entry when the operation that generated the entry's value is retired. The microprocessor also comprises a memory unit that is configured to hold any memory load operation that uses an address whose value is calculated based on a register file entry whose flag is set, unless all previous instructions have been retired or cancelled.

公开(公告)号：US20190147160A1

公开(公告)日：2019-05-16

申请号：US16247705

申请日：2019-01-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： David A. Hepkin ,  Kenneth D. Johnson

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/51

Abstract: A virtual machine manager facilitates selective code integrity enforcement. A virtual machine manager (or other higher privileged entity) can verify the integrity of code in memory pages, and a virtual processor running in kernel mode executes the code on a memory page only if the virtual machine manager (or other higher privileged entity) has verified the code integrity of that code. However, the virtual machine manager need not verify the integrity of code in memory pages when the virtual processor is running in user mode. Rather, an operating system running on the virtual processor can apply any of a variety of policies (e.g., optionally perform any of a variety of different checks or verifications of the code) to determine whether the code can be executed in user mode.

公开(公告)号：US20180088988A1

公开(公告)日：2018-03-29

申请号：US15277283

申请日：2016-09-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jordan Thomas Rabet ,  Kenneth D. Johnson ,  Matthew R. Miller ,  Adam M. Zabrocki ,  Shawn Daniel Hoffman ,  Landy Wang ,  Yevgeniy M. Bak

IPC: G06F9/48 ,  G06F9/46

CPC classification number: G06F9/485 ,  G06F21/126 ,  G06F21/566

Abstract: Each program thread running on a computing device has an associated data stack and control stack. A stack displacement value is generated, which is the difference between the memory address of the base of the data stack and the memory address of the base of the control stack, and is stored in a register of a processor of the computing device that is restricted to operating system kernel use. For each thread on which return flow guard is enabled, prologue and epilogue code is added to each function of the thread (e.g., by a memory manager of the computing device). The data stack and the control stack each store a return address for the function, and when the function completes the epilogue code allows the function to return only if the return addresses on the data stack and the control stack match.