公开(公告)号：US20220237123A1

公开(公告)日：2022-07-28

申请号：US17712632

申请日：2022-04-04

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Robert S. Chappell ,  Jesus Corbal ,  Edward T. Grochowski ,  Stephen H. Gunther ,  Buford M. Guy ,  Thomas R. Huff ,  Christopher J. Hughes ,  Elmoustapha Ould-Ahmed-Vall ,  Ronak Singhal ,  Seyed Yahya Sotoudeh ,  Bret L. Toll ,  Lihu Rappoport ,  David B. Papworth ,  James D. Allen

IPC: G06F12/0831 ,  G06F12/1027 ,  G06F12/1009 ,  G06F9/30

Abstract: Embodiments of an invention a processor architecture are disclosed. In an embodiment, a processor includes a decoder, an execution unit, a coherent cache, and an interconnect. The decoder is to decode an instruction to zero a cache line. The execution unit is to issue a write command to initiate a cache line sized write of zeros. The coherent cache is to receive the write command, to determine whether there is a hit in the coherent cache and whether a cache coherency protocol state of the hit cache line is a modified state or an exclusive state, to configure a cache line to indicate all zeros, and to issue the write command toward the interconnect. The interconnect is to, responsive to receipt of the write command, issue a snoop to each of a plurality of other coherent caches for which it must be determined if there is a hit.

公开(公告)号：US20220207138A1

公开(公告)日：2022-06-30

申请号：US17134350

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Alaa Alameldeen ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F21/55 ,  G06F21/54 ,  G06F9/30 ,  G06F9/38

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a decode circuitry and store circuitry coupled to the decode circuitry. The decode circuitry is to decode a store hardening instruction to mitigate vulnerability to a speculative execution attack. The store circuitry is to be hardened in response to the store hardening instruction.

公开(公告)号：US20220019432A1

公开(公告)日：2022-01-20

申请号：US17404890

申请日：2021-08-17

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Xiaoning Li

IPC: G06F9/30 ,  G06F9/38 ,  G06F21/55

Abstract: A processor includes an execution unit and a processing logic operatively coupled to the execution unit, the processing logic to: enter a first execution state and transition to a second execution state responsive to executing a control transfer instruction. Responsive to executing a target instruction of the control transfer instruction, the processing logic further transitions to the first execution state responsive to the target instruction being a control transfer termination instruction of a mode identical to a mode of the processing logic following the execution of the control transfer instruction; and raises an execution exception responsive to the target instruction being a control transfer termination instruction of a mode different than the mode of the processing logic following the execution of the control transfer instruction.

公开(公告)号：US20220012059A1

公开(公告)日：2022-01-13

申请号：US17341068

申请日：2021-06-07

Applicant: Intel Corporation

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US11029957B1

公开(公告)日：2021-06-08

申请号：US16833478

申请日：2020-03-27

Applicant: INTEL CORPORATION

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US20200382303A1

公开(公告)日：2020-12-03

申请号：US16998913

申请日：2020-08-20

Applicant: Intel Corporation

Inventor： Milind Girkar ,  Jason W. Brandt ,  Michael LeMay

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/60

Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.

公开(公告)号：US10740249B2

公开(公告)日：2020-08-11

申请号：US16401889

申请日：2019-05-02

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Sanjoy K. Mondal ,  Richard A. Uhlig ,  Gilbert Neiger ,  Robert T. George

IPC: G06F13/00 ,  G06F12/1036 ,  G06F9/48 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/02 ,  G06F12/1045 ,  G06F12/12 ,  G06F12/0804 ,  G06F12/0891 ,  G06F12/109 ,  G06F12/123

Abstract: In one embodiment of the present invention, a method includes switching between a first address space and a second address space, determining if the second address space exists in a list of address spaces; and maintaining entries of the first address space in a translation buffer after the switching. In such manner, overhead associated with such a context switch may be reduced.

公开(公告)号：US20200159676A1

公开(公告)日：2020-05-21

申请号：US16722707

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Ramya Jayaram Masti ,  Gilbert Neiger ,  Jason W. Brandt

IPC: G06F12/14 ,  G06F21/62

Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

公开(公告)号：US20200007332A1

公开(公告)日：2020-01-02

申请号：US16024259

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Milind Girkar ,  Jason W. Brandt ,  Michael LeMay

IPC: H04L9/32 ,  G06F21/60 ,  H04L9/08

Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.

公开(公告)号：US20200004991A1

公开(公告)日：2020-01-02

申请号：US16352051

申请日：2019-03-13

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Uday Savagaonkar ,  Ravi L. Sahita

IPC: G06F21/71 ,  G06F9/30 ,  G06F9/38 ,  G06F21/52

Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.