Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: An apparatus and method for efficiently managing shadow stacks.

Abstract: Methods for detecting angiopoietin-2 (Angpt-2) and/or thrombospondin-2 (Tsp-2) in a sample involve obtaining or having obtained a blood or plasma sample from a subject; and detecting Angpt-2 and Tsp-2 in the sample. Detecting can involve performing an assay to determine whether the sample includes Angpt-2 and/or Tsp-2 or elevated levels of Angpt-2 and/or Tsp-2. Elevated levels are indicative of acute heart failure.

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

Abstract: Systems and methods that facilitate non-pertubative measurements of low and null magnetic field in high temperature plasmas.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

Abstract: Systems and methods that facilitate non-pertubative measurements of low and null magnetic field in high temperature plasmas.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

Abstract: A processor comprises a register to store a first pointer to a context data structure specifying a virtual machine context, the context data structure comprising a first field to store a second pointer to a plurality of realm switch control structures (RSCSs), and an execution unit comprising a logic circuit to execute a virtual machine (VM) according to the virtual machine context, wherein the VM comprises a guest operating system (OS) comprising a plurality of kernel components, and wherein each RSCS of the plurality of RSCSs specifies a respective component context associated with a respective kernel component of the plurality of kernel components, and execute a first kernel component of the plurality of kernel components using a first component context specified by a first RSCS of the plurality of RSCSs.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: A processor comprises a register to store a first reference to a context data structure specifying a virtual machine context, the context data structure comprising a second reference to a target array and an execution unit comprising a logic circuit to execute a virtual machine (VM) based on the virtual machine context, wherein the VM comprises a guest operating system (OS) associated with a page table comprising a first memory address mapping between a guest virtual address (GVA) space and a guest physical address (GPA) space, receive a request by the guest OS to switch from the first memory address mapping to a second memory address mapping, the request comprising an index value and a first root value, retrieve an entry, identified by the index value, from the target array, the entry comprising a second root value, and responsive to determining that the first root value matches the second root value, cause a switch from the first memory address mapping to the second memory address mapping.

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

Abstract: A processor comprises a register to store a first reference to a context data structure specifying a virtual machine context, the context data structure comprising a second reference to a target array and an execution unit comprising a logic circuit to execute a virtual machine (VM) based on the virtual machine context, wherein the VM comprises a guest operating system (OS) associated with a page table comprising a first memory address mapping between a guest virtual address (GVA) space and a guest physical address (GPA) space, receive a request by the guest OS to switch from the first memory address mapping to a second memory address mapping, the request comprising an index value and a first root value, retrieve an entry, identified by the index value, from the target array, the entry comprising a second root value, and responsive to determining that the first root value matches the second root value, cause a switch from the first memory address mapping to the second memory address mapping.

Abstract: Methods for detecting angiopoietin-2 (Angpt-2) and/or thrombospondin-2 (Tsp-2) in a sample involve obtaining or having obtained a blood or plasma sample from a subject; and detecting or Angpt-2 and Tsp-2 in the sample. Detecting can involve performing an assay to determine whether the sample includes Angpt-2 and/or Tsp-2 or elevated levels of Angpt-2 and/or Tsp-2. Elevated levels are indicative of acute heart failure.

Abstract: A processor comprises a register to store a first pointer to a context data structure specifying a virtual machine context, the context data structure comprising a first field to store a second pointer to a plurality of realm switch control structures (RSCSs), and an execution unit comprising a logic circuit to execute a virtual machine (VM) according to the virtual machine context, wherein the VM comprises a guest operating system (OS) comprising a plurality of kernel components, and wherein each RSCS of the plurality of RSCSs specifies a respective component context associated with a respective kernel component of the plurality of kernel components, and execute a first kernel component of the plurality of kernel components using a first component context specified by a first RSCS of the plurality of RSCSs.