公开(公告)号：US20160246732A1

公开(公告)日：2016-08-25

申请号：US14628405

申请日：2015-02-23

申请人： Vedvyas Shanbhogue ,  Christopher Bryant

发明人： Vedvyas Shanbhogue ,  Christopher Bryant

IPC分类号： G06F12/10 ,  G06F3/06

CPC分类号： G06F12/1036 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2212/68

摘要： Embodiments of an invention for a guest-physical address translation lookaside buffer are disclosed. In an embodiment, a processor includes an instruction decoder, a control register, and memory address translation hardware. The instruction decoder is to receive an instruction to transfer control of the processor to guest software to execute on a virtual machine. The virtual machine is to have a plurality of resources to be controlled by a virtual machine monitor. The virtual machine monitor is to execute on a host machine having a host-physical memory to be accessed using a plurality of host-physical addresses. The plurality of resources is to include a guest-physical memory. The guest software is to access the guest-physical memory using a plurality of guest-virtual addresses. The control register is to store a pointer to a plurality of virtual address page tables. The memory address translation hardware is to translate, without causing a virtual machine exit, guest-virtual addresses to host-physical addresses using the plurality of virtual address page tables and a plurality of extended page tables. The memory address translation hardware includes a virtual address translation lookaside buffer in which to store a plurality of virtual address entries corresponding to guest-virtual address to host-physical address translations. The memory address translation hardware also includes a guest-physical address translation lookaside buffer in which to store a plurality of guest-physical address entries corresponding to guest-physical address to host-physical address translations.

摘要翻译： 公开了一种客体物理地址转换后备缓冲器的发明的实施例。 在一个实施例中，处理器包括指令解码器，控制寄存器和存储器地址转换硬件。 指令解码器用于接收将处理器的控制转移到客户软件以在虚拟机上执行的指令。 虚拟机具有要被虚拟机监视器控制的多个资源。 虚拟机监视器将在具有要使用多个主机物理地址访问的主机物理存储器的主机上执行。 多个资源是包括客体物理存储器。 访客软件是使用多个访客虚拟地址访问访客物理内存。 控制寄存器用于存储指向多个虚拟地址页表的指针。 存储器地址转换硬件是在不引起虚拟机退出的情况下转换，使用多个虚拟地址页表和多个扩展页表来访客虚拟地址到主机物理地址。 存储器地址转换硬件包括虚拟地址转换后备缓冲器，其中存储与客体虚拟地址对应的多个虚拟地址条目到主机 - 物理地址转换。 存储器地址转换硬件还包括客体 - 物理地址转换后备缓冲器，其中存储与客体物理地址对应的多个访客物理地址条目到主机 - 物理地址转换。

公开(公告)号：US20190228145A1

公开(公告)日：2019-07-25

申请号：US16370921

申请日：2019-03-30

申请人： Vedvyas Shanbhogue ,  Ravi Sahita ,  Abhishek Basak ,  Pradeep Pappachan ,  Utkarsh Kakaiya ,  Ravi Sahita ,  Rupin Vakharwala

发明人： Vedvyas Shanbhogue ,  Ravi Sahita ,  Abhishek Basak ,  Pradeep Pappachan ,  Utkarsh Kakaiya ,  Ravi Sahita ,  Rupin Vakharwala

IPC分类号： G06F21/44 ,  G06F13/16 ,  G06F3/06

摘要： Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

公开(公告)号：US09330020B2

公开(公告)日：2016-05-03

申请号：US14142309

申请日：2013-12-27

申请人： Paul Caprioli ,  Vedvyas Shanbhogue ,  Koichi Yamada

发明人： Paul Caprioli ,  Vedvyas Shanbhogue ,  Koichi Yamada

IPC分类号： G06F12/00 ,  G06F12/10

CPC分类号： G06F12/1027 ,  G06F12/1009

摘要： Detailed herein are systems, apparatuses, and methods for transparent page level instruction translation. Exemplary embodiments include an instruction translation lookaside buffer (iTLB), wherein each iTLB entry includes a linear address of a page in memory, a physical address of the page in memory, and a remapping indicator.

摘要翻译： 这里详细描述了用于透明页面级指令转换的系统，装置和方法。 示例性实施例包括指令转换后备缓冲器（iTLB），其中每个iTLB条目包括存储器中的页面的线性地址，存储器中的页面的物理地址以及重映射指示符。

公开(公告)号：US20140189326A1

公开(公告)日：2014-07-03

申请号：US13729371

申请日：2012-12-28

申请人： Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith

发明人： Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith

IPC分类号： G06F9/30

CPC分类号： G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

摘要： Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

摘要翻译： 公开了用于安全飞行器中的存储器管理的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一指令和第二指令。 执行单元执行第一指令，其中第一指令的执行包括将飞地页面缓存中的页面分配到安全飞地。 执行单元还执行第二指令，其中第二指令的执行包括确认页的分配。

公开(公告)号：US20140189325A1

公开(公告)日：2014-07-03

申请号：US13729277

申请日：2012-12-28

申请人： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon

发明人： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon

IPC分类号： G06F9/30

CPC分类号： G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

摘要： Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

摘要翻译： 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US08510569B2

公开(公告)日：2013-08-13

申请号：US12639616

申请日：2009-12-16

申请人： Ned Smith ,  Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

发明人： Ned Smith ,  Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

IPC分类号： G06F9/30 ,  G06F21/22

CPC分类号： G06F21/554 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64

摘要： In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

公开(公告)号：US20090222792A1

公开(公告)日：2009-09-03

申请号：US12039486

申请日：2008-02-28

申请人： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Uday R. Savagaonkar

发明人： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Uday R. Savagaonkar

IPC分类号： G06F9/44

CPC分类号： G06F9/4484 ,  G06F2209/542

摘要： A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded.

摘要翻译： 提供了一种用于自动修改软件代理的可执行文件的方法。 该方法包括检测可执行文件中的原始静态入口点和出口点，并产生相应的变换点; 通过将可执行文件链接到完整性服务环境并嵌入签名的代理清单来修改可执行文件; 将修改的可执行文件加载到存储器中并且与所述软件代理的管理程序注册目标列表，其中所述目标列表提供受保护页面和活动页面表之间的映射; 检测可执行文件中的动态入口点和出口点，并生成相应的转换点; 响应于被转换的退出点被调用，切换到受保护的上下文，并且响应于被转换的入口点被切换到活动上下文; 以及响应于所述软件代理被卸载，将所述软件代理与所述存储器保护模块取消注册。

公开(公告)号：US07178056B2

公开(公告)日：2007-02-13

申请号：US10000335

申请日：2001-12-04

申请人： Vedvyas Shanbhogue

发明人： Vedvyas Shanbhogue

IPC分类号： G06F11/00

CPC分类号： G06F11/2038 ,  G06F8/60 ,  G06F8/65 ,  G06F11/2097

摘要： Application software on a fault tolerant system having an active engine and a standby engine is upgraded. As part of the upgrade, the system determines if the active engine and the standby engine are executing different versions of the application software. The system sends a description of work units from the active engine to the standby engine and sends database activities from the active engine to the standby engine.

摘要翻译： 在具有主动引擎和备用引擎的容错系统上的应用软件被升级。 作为升级的一部分，系统确定主动引擎和备用引擎是否正在执行应用软件的不同版本。 系统将工作单元的描述从活动引擎发送到备用引擎，并将数据库活动从活动引擎发送到备用引擎。

公开(公告)号：US20210406195A1

公开(公告)日：2021-12-30

申请号：US17473468

申请日：2021-09-13

申请人： Rupin Vakharwala ,  Vedvyas Shanbhogue

发明人： Rupin Vakharwala ,  Vedvyas Shanbhogue

IPC分类号： G06F12/1027 ,  G06F13/16 ,  G06F13/42

摘要： Embodiments described herein may include apparatus, systems, techniques, or processes that are directed to PCIe Address Translation Service (ATS) to allow devices to have a DevTLB that caches address translation (per page) information in conjunction with a Device ProcessInfoCache (DevPIC) that will store process specific information. Other embodiments may be described and/or claimed.

公开(公告)号：US20210382987A1

公开(公告)日：2021-12-09

申请号：US17407035

申请日：2021-08-19

申请人： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

发明人： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC分类号： G06F21/52 ,  G06F3/06 ,  G06F12/14 ,  G06F9/30 ,  G06F9/46

摘要： A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.