Patents by Inventor Vedvyas Shanbhogue
Vedvyas Shanbhogue has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11669335Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.Type: GrantFiled: March 28, 2019Date of Patent: June 6, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Ravi L. Sahita, Vincent Scarlata, Barry E. Huntley
-
Patent number: 11663006Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.Type: GrantFiled: June 7, 2021Date of Patent: May 30, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
-
Patent number: 11656805Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.Type: GrantFiled: December 22, 2020Date of Patent: May 23, 2023Assignee: INTEL CORPORATIONInventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel
-
Patent number: 11656873Abstract: An apparatus and method for efficiently managing shadow stacks. For example, one embodiment of a processor comprises: a plurality of registers to store a plurality of shadow stack pointers (SSPs); event processing circuitry to select a first SSP of the plurality of SSPs from a first register of the plurality of registers responsive to receipt of a first event associated with a first event priority level, the first SSP usable to identify a top of a first shadow stack; verification and utilization checking circuitry to determine whether the first SSP has been previously verified, wherein if the first SSP has not been previously verified then initiating a set of atomic operations to verify the first SSP and confirm that the first SSP is not in use, the set of atomic operations using a locking operation to lock data until the set of atomic operations are complete.Type: GrantFiled: February 1, 2022Date of Patent: May 23, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Gilbert Neiger, Deepak K. Gupta, H. Peter Anvin
-
Patent number: 11656899Abstract: Implementations of the disclosure provide a processing device comprising an address translation circuit to intercept a work request from an I/O device. The work request comprises a first ASID to map to a work queue. A second ASID of a host is allocated for the first ASID based on the work queue. The second ASID is allocated to at least one of: an ASID register for a dedicated work queue (DWQ) or an ASID translation table for a shared work queue (SWQ). Responsive to receiving a work submission from the SVM client to the I/O device, the first ASID of the application container is translated to the second ASID of the host machine for submission to the I/O device using at least one of: the ASID register for the DWQ or the ASID translation table for the SWQ based on the work queue associated with the I/O device.Type: GrantFiled: August 17, 2021Date of Patent: May 23, 2023Assignee: Intel CorporationInventors: Sanjay Kumar, Rajesh M. Sankaran, Gilbert Neiger, Philip R. Lantz, Jason W. Brandt, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya, Kun Tian
-
Patent number: 11658947Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.Type: GrantFiled: July 7, 2021Date of Patent: May 23, 2023Assignee: Intel CorporationInventors: David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas, Kapil Sood, Yu-Yuan Chen, Vedvyas Shanbhogue, Siddhartha Chhabra, Reshma Lal, Reouven Elbaz
-
Patent number: 11650818Abstract: A processor includes an execution unit and a processing logic operatively coupled to the execution unit, the processing logic to: enter a first execution state and transition to a second execution state responsive to executing a control transfer instruction. Responsive to executing a target instruction of the control transfer instruction, the processing logic further transitions to the first execution state responsive to the target instruction being a control transfer termination instruction of a mode identical to a mode of the processing logic following the execution of the control transfer instruction; and raises an execution exception responsive to the target instruction being a control transfer termination instruction of a mode different than the mode of the processing logic following the execution of the control transfer instruction.Type: GrantFiled: August 17, 2021Date of Patent: May 16, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Xiaoning Li
-
Publication number: 20230102178Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) or a virtual PUF key are described.Type: ApplicationFiled: September 25, 2021Publication date: March 30, 2023Inventors: Siddhartha CHHABRA, Vedvyas SHANBHOGUE, Prashant DEWAN, Baiju PATEL
-
Publication number: 20230098724Abstract: Techniques for copying a subset of status flags from a control and status register to a flags register in response to an instruction are described. An exemplary instruction includes a field for an opcode, the opcode to indicate execution circuitry is to copy from a first register a saturation flag value, an overflow value, and a carry value to a second register into one or more instructions of a different instruction set.Type: ApplicationFiled: September 25, 2021Publication date: March 30, 2023Inventors: Vedvyas SHANBHOGUE, Robert VALENTINE, Mark CHARNEY, Venkateswara MADDURI
-
Publication number: 20230099517Abstract: Processors, methods, and systems for user-level interprocessor interrupts are described. In an embodiment, a processing system includes a memory and a processing core. The memory is to store an interrupt control data structure associated with a first application being executed by the processing system. The processing core includes an instruction decoder to decode a first instruction, invoked by a second application, to send an interprocessor interrupt to the first application; and, in response to the decoded instruction, is to determine that an identifier of the interprocessor interrupt matches a notification interrupt vector associated with the first application; set, in the interrupt control data structure, a pending interrupt flag corresponding to an identifier of the interprocessor interrupt; and invoke an interrupt handler for the interprocessor interrupt identified by the interrupt control data structure.Type: ApplicationFiled: December 23, 2021Publication date: March 30, 2023Applicant: Intel CorporationInventors: Gilbert Neiger, Asit Mallick, Rajesh Sankaran, Hisham Shafi, Vedvyas Shanbhogue, Vivekananthan Sanjeepan, Jason Brandt
-
Publication number: 20230098288Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.Type: ApplicationFiled: September 25, 2021Publication date: March 30, 2023Inventors: Vedvyas SHANBHOGUE, Ravi SAHITA, Utkarsh Y i wil, ABHISHEK BASAK, LEE ALBION, FILIP SCHMOLE, RUPIN VAKHARWALA, VINIT M ABRAHAM, RAGHUNANDAN MAKARAM
-
Patent number: 11599621Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.Type: GrantFiled: March 30, 2019Date of Patent: March 7, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Rajesh Sankaran, Abhishek Basak, Pradeep Pappachan, Utkarsh Y. Kakaiya, Ravi Sahita, Rupin Vakharwala
-
Patent number: 11593529Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.Type: GrantFiled: November 18, 2019Date of Patent: February 28, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Utkarsh Y. Kakaiya, Ravi Sahita, Abhishek Basak, Pradeep Pappachan, Erdem Aktas
-
Publication number: 20230042288Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.Type: ApplicationFiled: July 18, 2022Publication date: February 9, 2023Applicant: Intel CorporationInventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
-
Patent number: 11567791Abstract: A processor comprises a core, a cache, and a ZCM manager in communication with the core and the cache. In response to an access request from a first software component, wherein the access request involves a memory address within a cache line, the ZCM manager is to (a) compare an OTAG associated with the memory address against a first ITAG for the first software component, (b) if the OTAG matches the first ITAG, complete the access request, and (c) if the OTAG does not match the first ITAG, abort the access request. Also, in response to a send request from the first software component, the ZCM manager is to change the OTAG associated with the memory address to match a second ITAG for a second software component. Other embodiments are described and claimed.Type: GrantFiled: June 26, 2020Date of Patent: January 31, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Doddaballapur Jayasimha, Raghu Ram Kondapalli
-
Patent number: 11562063Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.Type: GrantFiled: December 7, 2020Date of Patent: January 24, 2023Assignee: Intel CorporationInventors: Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan
-
Patent number: 11556341Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described.Type: GrantFiled: June 7, 2021Date of Patent: January 17, 2023Assignee: Intel CorporationInventors: Ravi Sahita, Deepak Gupta, Vedvyas Shanbhogue, David Hansen, Jason W. Brandt, Joseph Nuzman, Mingwei Zhang
-
Publication number: 20220413861Abstract: Techniques for matrix multiplication are described. In some examples, a single instruction having a format of fields for an opcode, one or more fields to indicate a location of a source/destination operand, one or more fields to indicate a location of a first source operand, and one or more fields to indicate a location of a second source operand is used. Wherein the opcode is to indicate that execution circuitry is to: multiply values from corresponding data elements of the first and second sources, add a first subset of the multiplied values to a first value from the source/destination operand and store in a first data element position of the source/destination operand, and add a second subset of the multiplied values to a second value from the source/destination operand and store in a second data element position of the source/destination operand.Type: ApplicationFiled: June 26, 2021Publication date: December 29, 2022Inventors: Venkateswara MADDURI, Cristina ANDERSON, Robert VALENTINE, Mark CHARNEY, Vedvyas SHANBHOGUE
-
Publication number: 20220405234Abstract: A processor includes a widest set of data registers that corresponds to a given logical processor. Each of the data registers of the widest set have a first width in bits. A decode unit that corresponds to the given logical processor is to decode instructions that specify the data registers of the widest set, and is to decode an atomic store to memory instruction. The atomic store to memory instruction is to indicate data that is to have a second width in bits that is wider than the first width in bits. The atomic store to memory instruction is to indicate memory address information associated with a memory location. An execution unit is coupled with the decode unit. The execution unit, in response to the atomic store to memory instruction, is to atomically store the indicated data to the memory location.Type: ApplicationFiled: May 30, 2022Publication date: December 22, 2022Inventors: Vedvyas Shanbhogue, Stephen J. Robinson, Christopher D. Bryant, Jason W. Brandt
-
Publication number: 20220398017Abstract: An embodiment of an integrated circuit comprises circuitry to share page tables associated with a page between a processor memory management unit (MMU) and an input/output memory management unit (IOMMU), store a page table entry in the memory associated with the page, and separately control access to the page from a processor and from a direct memory access (DMA) request based on one or more fields of the stored page table entry. Other embodiments are disclosed and claimed.Type: ApplicationFiled: June 15, 2021Publication date: December 15, 2022Applicant: Intel CorporationInventors: Utkarsh Y. Kakaiya, David Koufaty, Rajesh Sankaran, Vedvyas Shanbhogue