公开(公告)号：US10394595B2

公开(公告)日：2019-08-27

申请号：US15684002

申请日：2017-08-23

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Deepak K. Gupta ,  Ravi L. Sahita ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Joseph F. Cihula

IPC: G06F9/455 ,  G06F12/1009 ,  G06F12/1027

Abstract: A processor comprises a register to store a first reference to a context data structure specifying a virtual machine context, the context data structure comprising a second reference to a target array and an execution unit comprising a logic circuit to execute a virtual machine (VM) based on the virtual machine context, wherein the VM comprises a guest operating system (OS) associated with a page table comprising a first memory address mapping between a guest virtual address (GVA) space and a guest physical address (GPA) space, receive a request by the guest OS to switch from the first memory address mapping to a second memory address mapping, the request comprising an index value and a first root value, retrieve an entry, identified by the index value, from the target array, the entry comprising a second root value, and responsive to determining that the first root value matches the second root value, cause a switch from the first memory address mapping to the second memory address mapping.

公开(公告)号：US10394556B2

公开(公告)日：2019-08-27

申请号：US14975840

申请日：2015-12-20

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F9/46 ,  G06F21/52

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

公开(公告)号：US20190065226A1

公开(公告)日：2019-02-28

申请号：US15684002

申请日：2017-08-23

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Deepak K. Gupta ,  Ravi L. Sahita ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Joseph F. Cihula

IPC: G06F9/455 ,  G06F12/1009 ,  G06F12/1027

CPC classification number: G06F9/45558 ,  G06F12/1009 ,  G06F12/1027 ,  G06F2009/45583

Abstract: A processor comprises a register to store a first reference to a context data structure specifying a virtual machine context, the context data structure comprising a second reference to a target array and an execution unit comprising a logic circuit to execute a virtual machine (VM) based on the virtual machine context, wherein the VM comprises a guest operating system (OS) associated with a page table comprising a first memory address mapping between a guest virtual address (GVA) space and a guest physical address (GPA) space, receive a request by the guest OS to switch from the first memory address mapping to a second memory address mapping, the request comprising an index value and a first root value, retrieve an entry, identified by the index value, from the target array, the entry comprising a second root value, and responsive to determining that the first root value matches the second root value, cause a switch from the first memory address mapping to the second memory address mapping.

公开(公告)号：US20250053641A1

公开(公告)日：2025-02-13

申请号：US18904854

申请日：2024-10-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F9/30 ,  G06F9/46 ,  G06F12/14

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US20240296051A1

公开(公告)日：2024-09-05

申请号：US18661103

申请日：2024-05-10

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Deepak K. Gupta ,  Rodrigo Branco ,  Joseph Nuzman ,  Robert S. Chappell ,  Sergiu Ghetie ,  Wojciech Powiertowski ,  Jared W. Stark, IV ,  Ariel Sabba ,  Scott J. Cape ,  Hisham Shafi ,  Lihu Rappoport ,  Yair Berger ,  Scott P. Bobholz ,  Gilad Holzstein ,  Sagar V. Dalvi ,  Yogesh Bijlani

IPC: G06F9/38 ,  G06F9/30

CPC classification number: G06F9/3844 ,  G06F9/30101 ,  G06F9/3806

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

公开(公告)号：US12001842B2

公开(公告)日：2024-06-04

申请号：US18324788

申请日：2023-05-26

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F9/46 ,  G06F21/52

CPC classification number: G06F9/3004 ,  G06F9/30134 ,  G06F9/461 ,  G06F21/52

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

公开(公告)号：US20230401309A1

公开(公告)日：2023-12-14

申请号：US18232810

申请日：2023-08-10

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F12/14 ,  G06F9/30 ,  G06F9/46

CPC classification number: G06F21/52 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0673 ,  G06F12/1491 ,  G06F9/30101 ,  G06F9/461 ,  G06F9/30134 ,  G06F2212/1052 ,  G06F2221/033 ,  G06F2221/2141

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US20210357213A1

公开(公告)日：2021-11-18

申请号：US17340632

申请日：2021-06-07

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F9/46 ,  G06F21/52

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

公开(公告)号：US20200089871A1

公开(公告)日：2020-03-19

申请号：US16585373

申请日：2019-09-27

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F12/14 ,  G06F9/30 ,  G06F9/46

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US20200042318A1

公开(公告)日：2020-02-06

申请号：US16534970

申请日：2019-08-07

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F21/52 ,  G06F9/46

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.