公开(公告)号：US20180253370A1

公开(公告)日：2018-09-06

申请号：US15972390

申请日：2018-05-07

Applicant: INTEL CORPORATION

Inventor： Matthew C. Merten ,  Beeman C. Strong ,  Michael W. Chynoweth ,  Grant G. Zhou ,  Andreas Kleen ,  Kimberly C. Weier ,  Angela D. Schmid ,  Stanislav Bratanov ,  Seth Abraham ,  Jason W. Brandt ,  Ahmad Yasin

IPC: G06F11/36 ,  G06F9/455 ,  H04L12/26 ,  H04L12/24

CPC classification number: G06F11/3636 ,  G06F9/45558 ,  G06F2009/45591 ,  H04L41/0613 ,  H04L43/04

Abstract: A processor is to execute and retire instructions for a virtual machine. A reload register is coupled to the core is to store a reload value. A performance monitoring counter (PMC) register is coupled to the reload register and an event-based sampler operatively is coupled to the reload register and the PMC register. The event-based sampler includes circuitry to load the reload value into the PMC register and increment the PMC register after detecting each occurrence of an event of a certain type as a result of execution of the instructions. Upon detecting an occurrence of the event after the PMC register reaches a predetermined trigger value, the event-based sampler is to execute microcode to generate field data for elements within a sampling record, wherein the field data relates to a current processor state of execution, and reload the reload value from the reload register into the PMC register.

公开(公告)号：US10007784B2

公开(公告)日：2018-06-26

申请号：US14670988

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Michael LeMay ,  Ravi L. Sahita ,  Beeman C. Strong ,  Thilo Schmitt ,  Yuriy Bulygin ,  Markus T. Metzger

IPC: G06F21/56 ,  G06F21/44 ,  G06F21/52

CPC classification number: G06F21/56 ,  G06F21/44 ,  G06F21/52

Abstract: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.

公开(公告)号：US20180004628A1

公开(公告)日：2018-01-04

申请号：US15201405

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Beeman C. Strong ,  Matthew C. Merten ,  Lee W. Baugh

IPC: G06F11/36 ,  G06F9/30 ,  G06F12/0875

CPC classification number: G06F11/3648 ,  G06F9/3004 ,  G06F9/30145 ,  G06F9/3017 ,  G06F9/3877 ,  G06F11/3476 ,  G06F11/3636 ,  G06F12/0875 ,  G06F2212/452

Abstract: There is disclosed in an example a processor, having: a front end including circuitry to decode instructions from an instruction stream; a data cache unit including circuitry to cache data for the processor; and a core triggering block (CTB) to provide integration between two or more different debug capabilities.

公开(公告)号：US20170371769A1

公开(公告)日：2017-12-28

申请号：US15194881

申请日：2016-06-28

Applicant: INTEL CORPORATION

Inventor： Matthew C. Merten ,  Beeman C. Strong ,  Michael W. Chynoweth ,  Grant G. Zhou ,  Andreas Kleen ,  Kimberly C. Weier ,  Angela D. Schmid ,  Stanislav Bratanov ,  Seth Abraham ,  Jason W. Brandt ,  Ahmad Yasin

IPC: G06F11/36 ,  G06F9/455 ,  H04L12/26 ,  H04L12/24

CPC classification number: G06F11/3636 ,  G06F9/45558 ,  G06F2009/45591 ,  H04L41/0613 ,  H04L43/04

Abstract: A core includes a memory buffer and executes an instruction within a virtual machine. A processor tracer captures trace data and formats the trace data as trace data packets. An event-based sampler generates field data for a sampling record in response to occurrence of an event of a certain type as a result of execution of the instruction. The processor tracer, upon receipt of the field data: formats the field data into elements of the sampling record as a group of record packets; inserts the group of record packets between the trace data packets as a combined packet stream; and stores the combined packet stream in the memory buffer as a series of output pages. The core, when in guest profiling mode, executes a virtual machine monitor to map output pages of the memory buffer to host physical pages of main memory using multilevel page tables.

公开(公告)号：US09524227B2

公开(公告)日：2016-12-20

申请号：US14327375

申请日：2014-07-09

Applicant: Intel Corporation

Inventor： Toby Opferman ,  James B. Crossland ,  Jason W. Brandt ,  Beeman C. Strong

IPC: G06F11/00 ,  G06F11/36 ,  G06F9/30 ,  G06F11/34 ,  G06F9/38

CPC classification number: G06F9/30123 ,  G06F9/30145 ,  G06F9/3877 ,  G06F11/3024 ,  G06F11/3079 ,  G06F11/3466 ,  G06F11/3471 ,  G06F11/348 ,  G06F11/36 ,  G06F11/3636 ,  G06F11/3656

Abstract: Methods and apparatuses for generating a suppressed address trace are described. In some embodiments, a processor includes a trace generator having a trace suppressor that outputs a suppressed address trace for instructions executed by the processor. In some embodiments, a method to generate a suppressed address trace for a processor includes generating a suppressed address trace of executed instructions from a trace suppressor of a trace generator of the processor.

Abstract translation: 描述用于产生抑制地址迹线的方法和装置。 在一些实施例中，处理器包括具有跟踪抑制器的跟踪发生器，该跟踪抑制器输出用于由处理器执行的指令的抑制地址跟踪。 在一些实施例中，用于为处理器生成抑制地址轨迹的方法包括从处理器的跟踪发生器的跟踪抑制器产生已执行指令的抑制地址轨迹。