公开(公告)号：WO2018009294A1

公开(公告)日：2018-01-11

申请号：PCT/US2017/036036

申请日：2017-06-06

Applicant: INTEL CORPORATION

Inventor： VIJ, Mona ,  CHAKRABARTI, Somnath ,  ROZAS, Carlos V. ,  MALLICK, Asit K.

IPC: G06F21/62 ,  G06F21/53 ,  G06F21/78

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F21/6245 ,  H04L63/06 ,  H04L63/08

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The instruction to indicate a first structure in a protected container memory and to indicate a second structure in the protected container memory. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine whether a status indicator is configured to allow at least one key to be exchanged between the first and second structures, and is to exchange the at least one key between the first and second structures when the status indicator is configured to allow the at least one key to be exchanged between the first and second structures.

Abstract translation: 一个方面的处理器包括解码单元以解码指令。 指示在受保护的容器内存中指示第一个结构并在受保护的容器内存中指示第二个结构的指令。 处理器还包括与解码单元耦合的执行单元。 响应于该指令，执行单元将确定状态指示符是否被配置为允许至少一个密钥在第一和第二结构之间交换，并且将交换第一和第二结构之间的至少一个密钥 当状态指示器被配置为允许至少一个键在第一和第二结构之间交换时。

公开(公告)号：WO2017052972A1

公开(公告)日：2017-03-30

申请号：PCT/US2016/048681

申请日：2016-08-25

Applicant: INTEL CORPORATION

Inventor： NAKAJIMA, Jun ,  MALLICK, Asit K. ,  VIPAT, Harshawardhan ,  TALLAM, Madhukar ,  CASTELINO, Manohar R.

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45583

Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.

Abstract translation: 用于多级虚拟化的技术包括具有支持根虚拟化模式和非根虚拟化模式的处理器的计算设备。 非根管理程序确定是否在根管理程序的控制下执行，如果是，则使用根管理程序注册回调处理程序并触发条件。 非根虚拟机管理程序托管一个或多个虚拟机。 响应于虚拟机退出，根管理程序确定是否为虚拟机退出原因注册了回调处理程序，如果是，则评估与回调处理程序相关联的触发条件。 如果触发条件满足，根管理程序将调用回调处理程序。 回调处理程序可以根据根虚拟机管理程序对虚拟化支持对象所做的更改来更新虚拟虚拟化支持对象。 根管理程序可以以非根虚拟化模式调用回调处理程序。 描述和要求保护其他实施例。

公开(公告)号：WO2018063719A1

公开(公告)日：2018-04-05

申请号：PCT/US2017/049431

申请日：2017-08-30

Applicant: INTEL CORPORATION

Inventor： LESLIE-HURD, Rebekah M. ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  NEIGER, Gilbert ,  MALLICK, Asit K. ,  ANATI, Ittai ,  ALEXANDROVICH, Ilya ,  SHANBHOGUE, Vedvyas ,  CHAKRABARTI, Somnath

IPC: G06F21/53 ,  G06F9/455

CPC classification number: G06F3/0631 ,  G06F3/0604 ,  G06F3/064 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F9/45558 ,  G06F2009/45583

Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

Abstract translation: 本公开的实施方式提供支持访客飞地存储器页面的超额预订。 在一个实现中，处理设备包括用于访问安全区域的存储器控​​制器单元和可操作地耦合到存储器控制器单元的处理器核心。 处理设备将识别存储器中的目标存储器页面。 目标内存页面与虚拟机（VM）的安全区域相关联。 接收包括对应于目标存储器页面的上下文信息的数据结构。 目标存储器页面的状态基于接收到的数据结构来确定。 指示目标存储器页面是否与VM的子存储器页面或父存储器页面中的至少一个相关联的状态。 于是，基于确定的状态产生从安全区域驱逐目标存储器页面的指令。

公开(公告)号：WO2017139054A1

公开(公告)日：2017-08-17

申请号：PCT/US2017/012828

申请日：2017-01-10

Applicant: INTEL CORPORATION

Inventor： MISHAELI, Michael ,  BRANDT, Jason W. ,  NEIGER, Gilbert ,  MALLICK, Asit K. ,  SANKARAN, Rajesh M. ,  MAKARAM, Raghunandan ,  CHAFFIN, Benjamin C. ,  CROSSLAND, James B. ,  ANVIN, H. Peter

IPC: G06F9/44 ,  G06F9/30

CPC classification number: G06F9/3009 ,  G06F9/3016 ,  G06F13/4068

Abstract: A processor of an aspect includes a decode unit to decode a user-level suspend thread instruction that is to indicate a first alternate state. The processor also includes an execution unit coupled with the decode unit. The execution unit is to perform the instruction at a user privilege level. The execution unit in response to the instruction, is to: (a) suspend execution of a user-level thread, from which the instruction is to have been received; (b) transition a logical processor, on which the user-level thread was to have been running, to the indicated first alternate state; and (c) resume the execution of the user-level thread, when the logical processor is in the indicated first alternate state, with a latency that is to be less than half a latency that execution of a thread can be resumed when the logical processor is in a halt processor power state.

Abstract translation: 一方面的处理器包括解码单元，以解码用于指示第一替代状态的用户级暂停线程指令。 处理器还包括与解码单元耦合的执行单元。 执行单元将在用户权限级别执行指令。 响应于该指令，执行单元用于：（a）暂停执行从其接收指令的用户级线程; （b）将用户级线程已经在其上运行的逻辑处理器转换到所指示的第一替代状态; （c）当逻辑处理器处于指示的第一交替状态时，恢复用户级线程的执行，其等待时间小于等待线程的执行可以在逻辑处理器 处于停止处理器电源状态。

公开(公告)号：WO2019133172A1

公开(公告)日：2019-07-04

申请号：PCT/US2018/063054

申请日：2018-11-29

Applicant: INTEL CORPORATION

Inventor： WEISSMANN, Eliezer ,  GENDLER, Alexander ,  ROTEM, Efraim ,  COHEN, Moshe ,  MALLICK, Asit K. ,  BRANDT, Jason, W. ,  SUBRAMANIAM, Kameswar ,  FELLMAN, Nathan ,  SHAFI, Hisham

IPC: G06F13/36

Abstract: Processor, method, and system for reducing latency in accessing remote registers is described herein. One embodiment of a processor includes one or more remote registers and remote register access circuitry. The remote register access circuitry is to detect a request from the requestor to access a first register of the one or more remote registers, access to the first register in accordance to the request without the requestor having to wait for completion of the access, and provide a notification accessible to the requestor upon completion of the access to the first register of the one or more remote registers.

公开(公告)号：WO2018013267A1

公开(公告)日：2018-01-18

申请号：PCT/US2017/036877

申请日：2017-06-09

Applicant: INTEL CORPORATION

Inventor： SANKARAN, Rajesh M. ,  SETHI, Prashant ,  MALLICK, Asit K. ,  WOODHOUSE, David ,  VAKHARWALA, Rupin H.

IPC: G06F12/02

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/064 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/109 ,  G06F12/145 ,  G06F2212/1024 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/651 ,  G06F2212/656 ,  G06F2212/657 ,  G06F2212/683

Abstract: An apparatus includes an extended capability register and an input/output (I/O) memory management circuitry. The I/O memory management circuitry is to receive, from an I/O device, an address translation request referencing a guest virtual address associated with a guest virtual address space of a virtual machine. The I/O memory management circuitry may translate the guest virtual address to a guest physical address associated with a guest physical address space of the virtual machine, and, responsive to determining that a value stored by the extended capability register indicates a restrict-translation-request-response (RTRR) mode, transmit, to the I/O device, a translation response having the guest physical address.

Abstract translation: 一种装置包括扩展能力寄存器和输入/输出（I / O）存储器管理电路。 I / O存储器管理电路将从I / O设备接收引用与虚拟机的访客虚拟地址空间相关联的访客虚拟地址的地址转换请求。 I / O存储器管理电路可以将访客虚拟地址转换为与虚拟机的访客物理地址空间相关联的访客物理地址，并且响应于确定由扩展能力寄存器存储的值指示限制 - 翻译 - 请求 - 响应（RTRR）模式，向I / O设备传输具有客户物理地址的转换响应。

公开(公告)号：WO2018005384A1

公开(公告)日：2018-01-04

申请号：PCT/US2017/039331

申请日：2017-06-26

Applicant: INTEL CORPORATION

Inventor： SCARLATA, Vincent R. ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  JOHNSON, Simon P. ,  ZHANG, Bo ,  VIJ, Mona ,  BAKER, Brandon ,  KUMAR, Mohan J. ,  MALLICK, Asit K. ,  GENTRY, Mark A. ,  CHAKRABARTI, Somnath

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/0816 ,  G06F21/6218 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/06

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to store data in a secure domain in a cloud network, create encryption keys, where each encryption key is to provide a different type of access to the data, and store the encryption keys in a secure domain key store in the cloud network. In an example, each encryption key provides access to a different version of the data. In another example, a counter engine stores the location of each version of the data in the cloud network.

Abstract translation: 这里描述的特定实施例提供了一种电子设备，其可以被配置为将数据存储在云网络中的安全域中，创建加密密钥，其中每个加密密钥将提供对 数据，并将加密密钥存储在云网络中的安全域密钥存储中。 在一个示例中，每个加密密钥提供对不同版本的数据的访问。 在另一个例子中，计数器引擎将每个数据版本的位置存储在云网络中。

公开(公告)号：WO2018044475A1

公开(公告)日：2018-03-08

申请号：PCT/US2017/044961

申请日：2017-08-01

Applicant: INTEL CORPORATION

Inventor： LESLIE-HURD, Rebekah M. ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  CHAKRABARTI, Somnath ,  MALLICK, Asit K.

IPC: G06F12/14

CPC classification number: G06F12/0824 ,  G06F12/0808 ,  G06F12/0811 ,  G06F12/084 ,  G06F21/53 ,  G06F21/572 ,  G06F2212/1008 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/60 ,  G06F2212/62 ,  G06F2221/032

Abstract: A processing device includes a first counter having a first count value of a number of child pages among a plurality of child pages present in an enclave memory of a first virtual machine (VM). The plurality of child pages are associated with a parent page in the enclave memory. The processing device includes a second counter having a second count value of a number of child pages among the plurality of child pages not present in the enclave memory and being shared by a second VM, wherein the second VM is different from the first VM. A non-zero value of at least one of the first counter or the second counter prevents eviction of the parent page from the enclave memory.

Abstract translation: 处理设备包括第一计数器，该第一计数器具有存在于第一虚拟机（VM）的区域存储器中的多个子页面中的多个子页面的第一计数值。 多个子页面与区域存储器中的父页面相关联。 处理设备包括第二计数器，该第二计数器具有第二计数器，该第二计数器具有第二计数器，该第二计数器具有在该区域存储器中不存在并且由第二VM共享的多个子页面中的多个子页面的第二计数值，其中第二VM不同于第一VM。 第一计数器或第二计数器中的至少一个的非零值防止从飞地存储器中逐出父页面。

公开(公告)号：WO2014197310A1

公开(公告)日：2014-12-11

申请号：PCT/US2014/040209

申请日：2014-05-30

Applicant: INTEL CORPORATION ,  PATEL, Baiju V. ,  LI, Xiaoning ,  ANVIN, H. P. ,  MALLICK, Asit K. ,  NEIGER, Gilbert ,  CROSSLAND, James B. ,  OPFERMAN, Toby ,  KHARE, Atul A. ,  BRANDT, Jason W. ,  COKE, James S. ,  VAJDA, Brian L.

Inventor： PATEL, Baiju V. ,  LI, Xiaoning ,  ANVIN, H. P. ,  MALLICK, Asit K. ,  NEIGER, Gilbert ,  CROSSLAND, James B. ,  OPFERMAN, Toby ,  KHARE, Atul A. ,  BRANDT, Jason W. ,  COKE, James S. ,  VAJDA, Brian L.

IPC: G06F12/14 ,  G06F12/02

CPC classification number: G06F12/145 ,  G06F8/434 ,  G06F9/30105 ,  G06F9/30134 ,  G06F21/52

Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.

Abstract translation: 示例处理系统可以包括：下堆叠绑定寄存器，被配置为存储第一存储器地址，第一存储器地址识别经由堆栈段可寻址的存储器的下限; 上堆叠绑定寄存器，其被配置为存储第二存储器地址，所述第二存储器地址通过所述堆栈段识别所述存储器可寻址的上限; 并且通过将经由所述堆栈段访问的存储器地址与所述第一存储器地址和所述第二存储器地址中的至少一个进行比较来配置用于检测未授权堆栈枢转的堆栈边界检查逻辑。

公开(公告)号：WO2013016345A3

公开(公告)日：2013-01-31

申请号：PCT/US2012/047991

申请日：2012-07-24

Applicant: INTEL CORPORATION ,  SANKARAN, Rajesh M. ,  KOKER, Altug ,  LANTZ, Philip ,  MALLICK, Asit K. ,  CROSSLAND, James B. ,  NAVALE, Aditva ,  NEIGER, Gilbert ,  ANDERSON, Andrew V.

Inventor： SANKARAN, Rajesh M. ,  KOKER, Altug ,  LANTZ, Philip ,  MALLICK, Asit K. ,  CROSSLAND, James B. ,  NAVALE, Aditva ,  NEIGER, Gilbert ,  ANDERSON, Andrew V.

IPC: G06F12/10 ,  G06F15/80

Abstract: Methods and apparatus are disclosed for efficient TLB (translation look-aside buffer) shoot-downs for heterogeneous devices sharing virtual memory in a multi-core system. Embodiments of an apparatus for efficient TLB shoot-downs may include a TLB to store virtual address translation entries, and a memory management unit, coupled with the TLB, to maintain PASID (process address space identifier) state entries corresponding to the virtual address translation entries. The PASID state entries may include an active reference state and a lazy-invalidation state. The memory management unit may perform atomic modification of PASID state entries responsive to receiving PASID state update requests from devices in the multi-core system and read the lazy-invalidation state of the PASID state entries. The memory management unit may send PASID state update responses to the devices to synchronize TLB entries prior to activation responsive to the respective lazy-invalidation state.