Patents by Inventor Asit K. Mallick
Asit K. Mallick has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10135825Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.Type: GrantFiled: December 24, 2014Date of Patent: November 20, 2018Assignee: Intel CorporationInventors: Barry E. Huntley, Gilbert Neiger, H. Peter Anvin, Asit K. Mallick, Adriaan Van De Ven, Scott D. Rodgers
-
Patent number: 10048881Abstract: An apparatus includes an extended capability register and an input/output (I/O) memory management circuitry. The I/O memory management circuitry is to receive, from an I/O device, an address translation request referencing a guest virtual address associated with a guest virtual address space of a virtual machine. The I/O memory management circuitry may translate the guest virtual address to a guest physical address associated with a guest physical address space of the virtual machine, and, responsive to determining that a value stored by the extended capability register indicates a restrict-translation-request-response (RTRR) mode, transmit, to the I/O device, a translation response having the guest physical address.Type: GrantFiled: July 11, 2016Date of Patent: August 14, 2018Assignee: Intel CorporationInventors: Rajesh M. Sankaran, Prashant Sethi, Asit K. Mallick, David Woodhouse, Rupin H. Vakharwala
-
Publication number: 20180095894Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.Type: ApplicationFiled: September 30, 2016Publication date: April 5, 2018Inventors: Rebekah M. Leslie-Hurd, Francis X. McKeen, Carlos V. Rozas, Gilbert Neiger, Asit K. Mallick, Ittai Anati, Ilya Alexandrovich, Vedvyas Shanbhogue, Somnath Chakrabarti
-
Patent number: 9916257Abstract: Methods and apparatus are disclosed for efficient TLB (translation look-aside buffer) shoot-downs for heterogeneous devices sharing virtual memory in a multi-core system. Embodiments of an apparatus for efficient TLB shoot-downs may include a TLB to store virtual address translation entries, and a memory management unit, coupled with the TLB, to maintain PASID (process address space identifier) state entries corresponding to the virtual address translation entries. The PASID state entries may include an active reference state and a lazy-invalidation state. The memory management unit may perform atomic modification of PASID state entries responsive to receiving PASID state update requests from devices in the multi-core system and read the lazy-invalidation state of the PASID state entries. The memory management unit may send PASID state update responses to the devices to synchronize TLB entries prior to activation responsive to the respective lazy-invalidation state.Type: GrantFiled: July 26, 2011Date of Patent: March 13, 2018Assignee: Intel CorporationInventors: Rajesh M. Sankaran, Altug Koker, Philip R. Lantz, Asit K. Mallick, James B. Crossland, Aditya Navale, Gilbert Neiger, Andrew V. Anderson
-
Publication number: 20180011651Abstract: An apparatus includes an extended capability register and an input/output (I/O) memory management circuitry. The I/O memory management circuitry is to receive, from an I/O device, an address translation request referencing a guest virtual address associated with a guest virtual address space of a virtual machine. The I/O memory management circuitry may translate the guest virtual address to a guest physical address associated with a guest physical address space of the virtual machine, and, responsive to determining that a value stored by the extended capability register indicates a restrict-translation-request-response (RTRR) mode, transmit, to the I/O device, a translation response having the guest physical address.Type: ApplicationFiled: July 11, 2016Publication date: January 11, 2018Inventors: Rajesh M. Sankaran, Prashant Sethi, Asit K. Mallick, David Woodhouse, Rupin H. Vakharwala
-
Publication number: 20180007051Abstract: A processor of an aspect includes a decode unit to decode an instruction. The instruction to indicate a first structure in a protected container memory and to indicate a second structure in the protected container memory. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine whether a status indicator is configured to allow at least one key to be exchanged between the first and second structures, and is to exchange the at least one key between the first and second structures when the status indicator is configured to allow the at least one key to be exchanged between the first and second structures.Type: ApplicationFiled: July 2, 2016Publication date: January 4, 2018Applicant: Intel CorporationInventors: Mona Vij, Somnath Chakrabarti, Carlos V. Rozas, Asit K. Mallick
-
Publication number: 20180006809Abstract: Particular embodiments described herein provide for an electronic device that can be configured to store data in a secure domain in a cloud network, create encryption keys, where each encryption key is to provide a different type of access to the data, and store the encryption keys in a secure domain key store in the cloud network. In an example, each encryption key provides access to a different version of the data. In another example, a counter engine stores the location of each version of the data in the cloud network.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Applicant: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, Mona Vij, Brandon Baker, Mohan J. Kumar, Asit K. Mallick, Mark A. Gentry, Somnath Chakrabarti
-
Patent number: 9785463Abstract: Methods and apparatus for using per task time slice information to improve dynamic performance state selection are described. In one embodiment, a new performance state is selected for a process based on one or more previous execution time slice values of the process. Other embodiments are also described.Type: GrantFiled: December 14, 2010Date of Patent: October 10, 2017Assignee: Intel CorporationInventors: Adriaan Van De Ven, A. Leonard Brown, Asit K. Mallick
-
Publication number: 20170249261Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.Type: ApplicationFiled: June 7, 2016Publication date: August 31, 2017Applicant: Intel CorporationInventors: DAVID M. DURHAM, RAVI L. SAHITA, GILBERT NEIGER, VEDVYAS SHANBHOGUE, ANDREW V. ANDERSON, MICHAEL LEMAY, JOSEPH F. CIHULA, ARUMUGAM THIYAGARAJAH, ASIT K. MALLICK, BARRY E. HUNTLEY, DAVID A. KOUFATY, DEEPAK K. GUPTA, BAIJU V. PATEL
-
Publication number: 20170249260Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.Type: ApplicationFiled: April 1, 2016Publication date: August 31, 2017Inventors: RAVI L. SAHITA, GILBERT NEIGER, VEDVYAS SHANBHOGUE, DAVID M. DURHAM, ANDREW V. ANDERSON, DAVID A. KOUFATY, ASIT K. MALLICK, ARUMUGAM THIYAGARAJAH, BARRY E. HUNTLEY, DEEPAK K. GUPTA, MICHAEL LEMAY, JOSEPH F. CIHULA, BAIJU V. PATEL
-
Patent number: 9747123Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: GrantFiled: September 25, 2015Date of Patent: August 29, 2017Assignee: Intel CorporationInventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20170228233Abstract: A processor of an aspect includes a decode unit to decode a user-level suspend thread instruction that is to indicate a first alternate state. The processor also includes an execution unit coupled with the decode unit. The execution unit is to perform the instruction at a user privilege level. The execution unit in response to the instruction, is to: (a) suspend execution of a user-level thread, from which the instruction is to have been received; (b) transition a logical processor, on which the user-level thread was to have been running, to the indicated first alternate state; and (c) resume the execution of the user-level thread, when the logical processor is in the indicated first alternate state, with a latency that is to be less than half a latency that execution of a thread can be resumed when the logical processor is in a halt processor power state.Type: ApplicationFiled: February 9, 2016Publication date: August 10, 2017Applicant: INTEL CORPORATIONInventors: Michael Mishaeli, Jason W. Brandt, Gilbert Neiger, Asit K. Mallick, Rajesh M. Sankaran, Raghunandan Makaram, Benjamin C. Chaffin, James B. Crossland, H. Peter Anvin
-
Publication number: 20170090963Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20160191525Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.Type: ApplicationFiled: December 24, 2014Publication date: June 30, 2016Applicant: Intel CorporationInventors: Barry E. Huntley, Gilbert NEIGER, H P. ANVIN, Asit K. MALLICK, Arjan VAN DE VEN, Scott D. RODGERS
-
Patent number: 9323533Abstract: Apparatuses and methods for supervisor mode execution protection are disclosed. In one embodiment, a processor includes an interface to access a memory, execution hardware, and control logic. A region in the memory is user memory. The execution hardware is to execute an instruction. The control logic is to prevent the execution hardware from executing the instruction when the instruction is stored in user memory and the processor is in supervisor mode.Type: GrantFiled: December 29, 2011Date of Patent: April 26, 2016Assignee: Intel CorporationInventors: Adriaan Van De Ven, Baiju V. Patel, Asit K. Mallick, Gilbert Neiger, James S. Coke, Martin G. Dixon, Jason W. Brandt
-
Patent number: 9239801Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.Type: GrantFiled: June 5, 2013Date of Patent: January 19, 2016Assignee: Intel CorporationInventors: Baiju V. Patel, Xiaoning Li, H P. Anvin, Asit K. Mallick, Gilbert Neiger, James B. Crossland, Toby Opferman, Atul A. Khare, Jason W. Brandt, James S. Coke, Brian L. Vajda
-
Publication number: 20150199198Abstract: Apparatuses and methods for supervisor mode execution protection are disclosed. In one embodiment, a processor includes an interface to access a memory, execution hardware, and control logic. A region in the memory is user memory. The execution hardware is to execute an instruction. The control logic is to prevent the execution hardware from executing the instruction when the instruction is stored in user memory and the processor is in supervisor mode.Type: ApplicationFiled: December 29, 2011Publication date: July 16, 2015Inventors: Adriaan Van De Ven, Baiju V. Patel, Asit K. Mallick, Gilbert Neiger, James S. Coke, Martin G. Dixon, Jason W. Brandt
-
Patent number: 9069605Abstract: Method, apparatus and system embodiments to schedule OS-independent “shreds” without intervention of an operating system. For at least one embodiment, the shred is scheduled for execution by a scheduler routine rather than the operating system. A scheduler routine may run on each enabled sequencer. The schedulers may retrieve shred descriptors from a queue system. The sequencer associated with the scheduler may then execute the shred described by the descriptor. Other embodiments are also described and claimed.Type: GrantFiled: October 30, 2013Date of Patent: June 30, 2015Assignee: Intel CorporationInventors: Richard A. Hankins, Hong Wang, Gautham N. Chinya, Trung A. Diep, Shivnandan D. Kaushik, Bryant E. Bigbee, John P. Shen, Asit K. Mallick, Baiju V. Patel, James Paul Held, Milind B. Girkar, Prashant Sethi, Xinmin Tian
-
Publication number: 20140365742Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.Type: ApplicationFiled: June 5, 2013Publication date: December 11, 2014Inventors: BAIJU V. PATEL, XIAONING LI, H P. ANVIN, ASIT K. MALLICK, GILBERT NEIGER, JAMES B. CROSSLAND, TOBY OPFERMAN, ATUL A. KHARE, JASON W. BRANDT, JAMES S. COKE, BRIAN L. VAJDA
-
Publication number: 20140115594Abstract: Method, apparatus and system embodiments to schedule OS-independent “shreds” without intervention of an operating system. For at least one embodiment, the shred is scheduled for execution by a scheduler routine rather than the operating system. A scheduler routine may run on each enabled sequencer. The schedulers may retrieve shred descriptors from a queue system. The sequencer associated with the scheduler may then execute the shred described by the descriptor. Other embodiments are also described and claimed.Type: ApplicationFiled: October 30, 2013Publication date: April 24, 2014Inventors: Richard A. Hankins, Hong Wang, Gautham N. Chinya, Trung A. Diep, Shivnandan D. Kaushik, Bryant E. Bigbee, John P. Shen, Asit K. Mallick, Baiju V. Patel, James Paul Held, Milind B. Girkar, Prashant Sethi, Xinmin Tian