公开(公告)号：US20170249260A1

公开(公告)日：2017-08-31

申请号：US15088739

申请日：2016-04-01

申请人： RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  DAVID A. KOUFATY ,  ASIT K. MALLICK ,  ARUMUGAM THIYAGARAJAH ,  BARRY E. HUNTLEY ,  DEEPAK K. GUPTA ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  BAIJU V. PATEL

发明人： RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  DAVID A. KOUFATY ,  ASIT K. MALLICK ,  ARUMUGAM THIYAGARAJAH ,  BARRY E. HUNTLEY ,  DEEPAK K. GUPTA ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  BAIJU V. PATEL

IPC分类号： G06F12/14 ,  G06F12/10 ,  G06F21/62 ,  G06F3/06

摘要： This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20140365742A1

公开(公告)日：2014-12-11

申请号：US13910333

申请日：2013-06-05

申请人： BAIJU V. PATEL ,  XIAONING LI ,  H P. ANVIN ,  ASIT K. MALLICK ,  GILBERT NEIGER ,  JAMES B. CROSSLAND ,  TOBY OPFERMAN ,  ATUL A. KHARE ,  JASON W. BRANDT ,  JAMES S. COKE ,  BRIAN L. VAJDA

发明人： BAIJU V. PATEL ,  XIAONING LI ,  H P. ANVIN ,  ASIT K. MALLICK ,  GILBERT NEIGER ,  JAMES B. CROSSLAND ,  TOBY OPFERMAN ,  ATUL A. KHARE ,  JASON W. BRANDT ,  JAMES S. COKE ,  BRIAN L. VAJDA

IPC分类号： G06F12/14

CPC分类号： G06F12/145 ,  G06F8/434 ,  G06F9/30105 ,  G06F9/30134 ,  G06F21/52

摘要： An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.

摘要翻译： 示例处理系统可以包括：下堆叠绑定寄存器，被配置为存储第一存储器地址，第一存储器地址识别经由堆栈段可寻址的存储器的下限; 上堆叠绑定寄存器，其被配置为存储第二存储器地址，所述第二存储器地址通过所述堆栈段识别所述存储器可寻址的上限; 并且通过将经由所述堆栈段访问的存储器地址与所述第一存储器地址和所述第二存储器地址中的至少一个进行比较来配置用于检测未授权堆栈枢转的堆栈边界检查逻辑。