公开(公告)号：US09753832B2

公开(公告)日：2017-09-05

申请号：US13930501

申请日：2013-06-28

Applicant: Intel Corporation

Inventor： Ilya Wagner ,  Matthew C. Merten ,  Frank Binns ,  Christine E. Wang ,  Mayank Bomb ,  Tong Li ,  Thilo Schmitt ,  M D A. Rahman

IPC: G06F9/30 ,  G06F11/34

CPC classification number: G06F11/3466 ,  G06F11/348 ,  G06F2201/81

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for minimizing bandwidth to compress an output stream of an instruction tracing system. For example, the method may include identifying a current instruction in a trace of the IT module as a conditional branch (CB) instruction. The method includes executing one of generating a CB packet including a byte pattern with an indication of outcome of the CB instruction, or adding an indication of the outcome of the CB instruction to the byte pattern of an existing CB packet. The method includes generating a packet when a subsequent instruction in the trace is not the CB instruction. The packet is different from the CB packet. The method also includes adding the packet into a deferred queue when the packet is deferrable. The method further includes outputting the CB packet followed by the deferred packet into a packet log.

公开(公告)号：US10331452B2

公开(公告)日：2019-06-25

申请号：US14126313

申请日：2013-06-27

Applicant: Intel Corporation

Inventor： Thilo Schmitt ,  Peter Lachner ,  Beeman Strong ,  Ofer Levy ,  Thomas Toll ,  Matthew Merten ,  Tong Li ,  Ravi Rajwar ,  Konrad Lai

IPC: G06F9/30 ,  G06F11/36

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for tracking the mode of processing devices in an instruction tracing system. The method may include receiving an indication of a change in a current execution mode of the processing device. The method may also include determining that the current execution mode of the received indication is different than a value of an execution mode of a first execution mode (EM) packet previously-generated by the IT module. The method may also include generating, based on the determining that the current execution mode is different, a second EM packet that provides a value of the current execution mode of the processing device to indicate the change in the execution mode for an instruction in a trace generated by the IT module. The method may further include generating transactional memory (TMX) packets having n bit mode pattern in the packet log. The n is at least two and the n bit mode indicates transaction status of the TMX operation.

公开(公告)号：US10007784B2

公开(公告)日：2018-06-26

申请号：US14670988

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Michael LeMay ,  Ravi L. Sahita ,  Beeman C. Strong ,  Thilo Schmitt ,  Yuriy Bulygin ,  Markus T. Metzger

IPC: G06F21/56 ,  G06F21/44 ,  G06F21/52

CPC classification number: G06F21/56 ,  G06F21/44 ,  G06F21/52

Abstract: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.

公开(公告)号：US20190050566A1

公开(公告)日：2019-02-14

申请号：US15966358

申请日：2018-04-30

Applicant: Intel Corporation

Inventor： Michael LeMay ,  Ravi L. Sahita ,  Beeman C. Strong ,  Thilo Schmitt ,  Yuriy Bulygin ,  Markus T. Metzger

IPC: G06F21/56 ,  G06F21/52 ,  G06F21/44

Abstract: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.