Abstract: A processing system includes a processing core and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store a page table entry (PTE) comprising a mapping from a virtual memory page referenced by an application running on the processing core to an identifier of a memory frame of a memory, a first plurality of access permission flags associated with accessing the memory frame under a first privilege mode, and a second plurality of access permission flags associated with accessing the memory under a second privilege mode.

Abstract: The present disclosure is directed to systems and methods for detecting stack-pivot attacks in a processor-based device. Processor circuitry executes one or more applications via sequential execution of instructions on a stack. Stack pivot attacks occur when an attacker takes control of the stack and uses the stack to execute a series of code sections referred to as “gadgets.” A stack-pivot attack detector establishes an allowable processor stack offset change value associated with an application and monitors a processor stack offset change value responsive to an occurrence of a processor stack exchange instruction. A stack-pivot attack is detected when the processor offset change value exceeds the allowable processor stack offset change value. Upon detecting a stack-pivot attack, the stack-pivot detection circuitry causes the selective termination of the application.

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.

Abstract: A host Virtual Machine Monitor (VMM) operates “blindly,” without the host VMM having the ability to access data within a guest virtual machine (VM) or the ability to access directly control structures that control execution flow of the guest VM. Guest VMs execute within a protected region of memory (called a key domain) that even the host VMM cannot access. Virtualization data structures that pertain to the execution state (e.g., a Virtual Machine Control Structure (VMCS)) and memory mappings (e.g., Extended Page Tables (EPTs)) of the guest VM are also located in the protected memory region and are also encrypted with the key domain key. The host VMM and other guest VMs, which do not possess the key domain key for other key domains, cannot directly modify these control structures nor access the protected memory region. The host VMM, however, can verify correctness of the control structures of guest VMs.

Abstract: Embodiments of an invention for a return address overflow buffer are disclosed. In one embodiment, a processor includes a stack pointer to store a reference to a first return address stored on a stack, an obscured address stack pointer to store a reference to an encrypted second return address stored in a memory, hardware to decrypt the encrypted second return address to generate a decrypted second return address, and a return address verification logic, responsive to receiving a return instruction, to compare the first return address to the decrypted second return address.

Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.

Abstract: A processing system includes a processing core to execute a virtual machine (VM) comprising a guest operating system (OS) and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store an extended page table entry (EPTE) comprising a mapping from a guest physical address (GPA) associated with the guest OS to an identifier of a memory frame, a first plurality of access right flags associated with accessing the memory frame in a first page mode referenced by an attribute of a memory page identified by the GPA, and a second plurality of access right flags associated with accessing the memory frame in a second page mode referenced by the attribute of the memory page identified by the GPA.

Abstract: A processing system includes a processing core and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store a page table entry (PTE) comprising a mapping from a virtual memory page referenced by an application running on the processing core to an identifier of a memory frame of a memory, a first plurality of access permission flags associated with accessing the memory frame under a first privilege mode, and a second plurality of access permission flags associated with accessing the memory under a second privilege mode.

Abstract: Embodiments of the invention provide a method of creating, based on an operating-system-scheduled thread running on an operating-system-visible sequencer and using an instruction set extension, a persistent user-level thread to run on an operating-system-sequestered sequencer independently of context switch activities on the operating-system-scheduled thread. The operating-system-scheduled thread and the persistent user-level thread may share a common virtual address space. Embodiments of the invention may also provide a method of causing a service thread running on an additional operating-system-visible sequencer to provide operating system services to the persistent user-level thread. Embodiments of the invention may further provide apparatus, system, and machine-readable medium thereof.

Abstract: Embodiments of the invention provide a method of creating, based on an operating-system-scheduled thread running on an operating-system-visible sequencer and using an instruction set extension, a persistent user-level thread to run on an operating-system-sequestered sequencer independently of context switch activities on the operating-system-scheduled thread. The operating-system-scheduled thread and the persistent user-level thread may share a common virtual address space. Embodiments of the invention may also provide a method of causing a service thread running on an additional operating-system-visible sequencer to provide operating system services to the persistent user-level thread. Embodiments of the invention may further provide apparatus, system, and machine-readable medium thereof.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: Embodiments of an invention for sharing a guest physical address space between virtualized contexts are disclosed. In an embodiment, a processor includes a cache memory and a memory management unit. The cache memory includes a plurality of entry locations, each entry location having a guest physical address field and a host physical address field. The memory management unit includes page-walk hardware and cache memory access hardware. The page-walk hardware is to translate a guest physical address to a host physical address using a plurality of page table entries. The cache memory access hardware is to store the guest physical address and the host physical address in the cache memory only if a shareability indicator in at least one of the page table entries is set.

Abstract: In an embodiment, a method is provided. The method includes managing user-level threads on a first instruction sequencer in response to executing user-level instructions on a second instruction sequencer that is under control of an application level program. A first user-level thread is run on the second instruction sequencer and contains one or more user level instructions. A first user level instruction has at least 1) a field that makes reference to one or more instruction sequencers or 2) implicitly references with a pointer to code that specifically addresses one or more instruction sequencers when the code is executed.

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

Abstract: A processor is described having a functional unit within an instruction execution pipeline. The functional unit having circuitry to determine whether substantive data from a larger source data size will fit within a smaller data size that the substantive data is to flow to.

Abstract: Embodiments of the invention provide a method of creating, based on an operating-system-scheduled thread running on an operating-system-visible sequencer and using an instruction set extension, a persistent user-level thread to run on an operating-system-sequestered sequencer independently of context switch activities on the operating-system-scheduled thread. The operating-system-scheduled thread and the persistent user-level thread may share a common virtual address space. Embodiments of the invention may also provide a method of causing a service thread running on an additional operating-system-visible sequencer to provide operating system services to the persistent user-level thread. Embodiments of the invention may further provide apparatus, system, and machine-readable medium thereof.