公开(公告)号：US20190042764A1

公开(公告)日：2019-02-07

申请号：US15808986

申请日：2017-11-10

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra ,  Ravi L. Sahita ,  Barry E. Huntley ,  Gilbert Neiger ,  Gideon Gerzon ,  Baiju V. Patel

IPC: G06F21/60 ,  G06F3/06 ,  G06F12/1009

Abstract: In a public cloud environment, each consumer's/guest's workload is encrypted in a cloud service provider's (CSP's) server memory using a consumer-provided key unknown to the CSP's workload management software. An encrypted consumer/guest workload image is loaded into the CSP's server memory at a memory location specified by the CSP's workload management software. Based upon the CSP-designated memory location, the guest workload determines expected hardware physical addresses into which memory mapping structures and other types of consumer data should be loaded. These expected hardware physical addresses are specified by the guest workload in a memory ownership table (MOT), which is used to check that subsequently CSP-designated memory mappings are as expected. Memory ownership table entries also may be encrypted by the consumer-provided key unknown to the CSP.

公开(公告)号：US10114767B2

公开(公告)日：2018-10-30

申请号：US13837822

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Rajesh Sankaran Madukkarumukumana ,  Richard UhligQ ,  Lawrence Smith, III ,  Scott D. Rodgers

IPC: G06F12/10 ,  G06F12/14 ,  G06F9/455 ,  G06F12/109

Abstract: A processor including a virtualization system of the processor with a memory virtualization support system to map a reference to guest-physical memory made by guest software executable on a virtual machine which in turn is executable on a host machine in which the processor is operable to a reference to host-physical memory of the host machine.

公开(公告)号：US10102380B2

公开(公告)日：2018-10-16

申请号：US13802272

申请日：2013-03-13

Applicant: INTEL CORPORATION

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US20180095894A1

公开(公告)日：2018-04-05

申请号：US15282300

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit K. Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC: G06F12/12 ,  G06F3/06 ,  G06F12/0875 ,  G06F9/455

CPC classification number: G06F12/12 ,  G06F3/0604 ,  G06F3/0631 ,  G06F3/064 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F9/45558 ,  G06F12/0875 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/402 ,  G06F2212/604

Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

公开(公告)号：US20180074969A1

公开(公告)日：2018-03-15

申请号：US15260893

申请日：2016-09-09

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Baiju V. Patel ,  Gur Hildesheim ,  Ron Rais ,  Andrew V. Anderson ,  Jason W. Brandt ,  David M. Durham ,  Barry E. Huntley ,  Raanan Sade ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Arumugam Thiyagarajah

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45545 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/145 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/151 ,  G06F2212/651

Abstract: A processing system includes a processing core to execute a virtual machine (VM) comprising a guest operating system (OS) and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store an extended page table entry (EPTE) comprising a mapping from a guest physical address (GPA) associated with the guest OS to an identifier of a memory frame, a first plurality of access right flags associated with accessing the memory frame in a first page mode referenced by an attribute of a memory page identified by the GPA, and a second plurality of access right flags associated with accessing the memory frame in a second page mode referenced by the attribute of the memory page identified by the GPA.

公开(公告)号：US20180067866A1

公开(公告)日：2018-03-08

申请号：US15259411

申请日：2016-09-08

Applicant: INTEL CORPORATION

Inventor： Vedvyas Shanbhogue ,  Gilbert Neiger ,  Barry E. Huntley

IPC: G06F12/1009 ,  G06F11/07 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45558 ,  G06F11/0712 ,  G06F11/073 ,  G06F11/0751 ,  G06F11/0787 ,  G06F12/109 ,  G06F12/145 ,  G06F2009/45583 ,  G06F2212/1024 ,  G06F2212/151 ,  G06F2212/651

Abstract: A processor includes a core with virtualization support circuitry to, in response to a request to access an instruction, retrieve a logical address from a virtual machine control structure (VMCS) associated with a virtual machine. The logical address corresponds to the instruction to be accessed. The virtualization support circuitry may further translate the logical address to a guest virtual address; invoke translation circuitry to translate the guest virtual address to a guest physical address, and translate the guest physical address to a host physical address; and store at least one of the guest physical address or the host physical address in the VMCS.

公开(公告)号：US20180060247A1

公开(公告)日：2018-03-01

申请号：US15620663

申请日：2017-06-12

Applicant: Intel Corporation

Inventor： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Richard Uhlig ,  Scott Dion Rodgers ,  Rajesh M. Sankaran ,  Camron Rust ,  Sebastian Schoenberg

IPC: G06F12/02 ,  G06F9/455

CPC classification number: G06F12/1027 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/45558 ,  G06F12/0246 ,  G06F12/0875 ,  G06F12/1009 ,  G06F12/1036 ,  G06F12/1054 ,  G06F2009/45583 ,  G06F2212/152 ,  G06F2212/2022 ,  G06F2212/452 ,  G06F2212/50 ,  G06F2212/65 ,  G06F2212/657 ,  G06F2212/68 ,  G06F2212/683 ,  G06F2212/7201

Abstract: A processor including logic to execute an instruction to synchronize a mapping from a physical address of a guest of a virtualization based system (guest physical address) to a physical address of the host of the virtualization based system (host physical address), and stored in a translation lookaside buffer (TLB), with a corresponding mapping stored in an extended paging table (EPT) of the virtualization based system.

公开(公告)号：US09898330B2

公开(公告)日：2018-02-20

申请号：US14076341

申请日：2013-11-11

Applicant: Intel Corporation

Inventor： Atul Khare ,  Leena Puthiyedath ,  Asit Mallick ,  Jim Coke ,  Michael Mishaeli ,  Gilbert Neiger ,  Vivekananthan Sanjeepan ,  Jason Brandt

IPC: G06F9/46 ,  G06F9/30

CPC classification number: G06F9/461 ,  G06F9/30003 ,  G06F9/30043 ,  G06F9/30101

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

公开(公告)号：US09892069B2

公开(公告)日：2018-02-13

申请号：US14800419

申请日：2015-07-15

Applicant: Intel Corporation

Inventor： Rajesh Sankaran Madukkarumukumana ,  Gilbert Neiger ,  Ohad Falik ,  Sridhar Muthrasanallur ,  Gideon Gerzon

IPC: G06F13/24 ,  G06F9/48

CPC classification number: G06F13/24 ,  G06F9/4812

Abstract: Embodiments of systems, apparatuses, and methods for posting interrupts to virtual processors are disclosed. In one embodiment, an apparatus includes look-up logic and posting logic. The look-up logic is to look-up an entry associated with an interrupt request to a virtual processor in a data structure. The posting logic is to post the interrupt request in a data structure specified by information in the first data structure.

公开(公告)号：US20180004562A1

公开(公告)日：2018-01-04

申请号：US15200725

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Barry E. Huntley ,  Jr-Shian Tsai ,  Gilbert Neiger ,  Rajesh M. Sankaran ,  Mesut A. Ergin ,  Ravi L. Sahita ,  Andrew J. Herdrich ,  Wei Wang

IPC: G06F9/455 ,  G06F12/10 ,  G11C7/10

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/45533 ,  G06F12/0292 ,  G06F12/10 ,  G06F12/109 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2212/151 ,  G11C7/1072

Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.