白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Avoiding asynchronous enclave exits based on requests to invalidate translation lookaside buffer entries

專利號(hào)
US10867092B2
公開(kāi)日期
2020-12-15
申請(qǐng)人
Intel Corporation(US CA Santa Clara)
發(fā)明人
Dror Caspi; Ido Ouziel
IPC分類
G06F30/3323; G06F9/46; G06F9/455; G06F12/1009; G06F12/1027; G06F12/0897; G06F9/52
技術(shù)領(lǐng)域
enclave,tlb,rlp,epoch,in,rar,page,processor,ilp,or
地域: CA CA Santa Clara

摘要

Technologies are provided in embodiments including a memory element to store a payload indicating an action to be performed associated with a remote action request (RAR) and a remote action handler circuit to identify the action to be performed, where the action includes invalidating one or more entries of a translation lookaside buffer (TLB), determine that the logical processor entered an enclave mode during a prior epoch, perform one or more condition checks on control and state pages of the enclave mode, and based on results of the one or more condition checks, adjust one or more variables associated with the logical processor to simulate the logical processor re-entering the enclave mode. Specific embodiments include the remote action handler circuit to invalidate an entry of the TLB based, at least in part, on the results of the one or more condition checks.

說(shuō)明書(shū)

TECHNICAL FIELD

This disclosure relates in general to the field of processing logic of microprocessors, and more particularly, avoiding asynchronous enclave exits based on requests to invalidate translation lookaside buffer (TLB) entries.

BACKGROUND

Data and code security in modern computer architectures is a significant concern, which has led to the development and use of techniques to create and maintain secure computing environments. A secure computing environment that protects selected code and data from inadvertent or malicious disclosure or modification is often referred to as a trusted execution environment (TEE). An example of a TEE is an enclave, which can be established as a protected area of execution in a process. Enclaves are isolated memory regions of code and data. Applications can use special central processing unit (CPU) instructions to create enclaves and to control entries into and exits from running in an enclave mode in which the isolated memory regions can be accessed. Thus, enclaves can be protected from other code that is not in the enclave.

In a trusted execution environment, the operating system may not be trusted to manage permissions, physical memory, and page table mapping changes. Ensuring security and integrity of private memory contents without trusting the operating system can result in significant overhead.

BRIEF DESCRIPTION OF THE DRAWINGS

To provide a more complete understanding of the present disclosure and features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying FIGURES, where like reference numerals represent like parts, in which:

權(quán)利要求

1
What is claimed is:1. An apparatus, the apparatus comprising:a memory element to store a payload indicating an action to be performed associated with a remote action request (RAR); anda remote action handler circuit of a logical processor to:identify the action to be performed, the action including invalidating one or more entries of a translation lookaside buffer (TLB);determine that the logical processor is running in an enclave mode;based on determining that the logical processor entered the enclave mode during a prior epoch of an enclave, perform one or more condition checks on control and state pages associated with the enclave; andbased on results of the one or more condition checks, adjust one or more variables associated with the logical processor to simulate the logical processor re-entering the enclave mode, wherein adjusting the one or more variables is to include setting a first variable to indicate that the logical processor entered the enclave mode during a current epoch of the enclave.2. The apparatus of claim 1, wherein the remote action handler circuit is to further:invalidate an entry of the TLB based, at least in part, on the results of the one or more condition checks, wherein the entry to be invalidated includes a page address within an enclave address range of memory.3. The apparatus of claim 2, wherein the page address included in the entry of the TLB is omitted from the RAR.4. The apparatus of claim 1, wherein the remote action handler circuit is to further:invalidate the one or more entries of the TLB, wherein the RAR indicates one or more page addresses included in the one or more entries of the TLB, respectively, and wherein the one or more page addresses are within an enclave address range of memory.5. The apparatus of claim 1, wherein the remote action handler circuit is to further:determine that one or more page addresses indicated by the RAR are within an enclave address range.6. The apparatus of claim 1, wherein the prior epoch corresponds to a first period of the enclave during which the one or more entries of the TLB were not invalidated and a prior value was assigned to a global epoch variable.7. The apparatus of claim 1, wherein the results indicate that the control and state pages associated with the enclave mode are unmodified, unblocked and otherwise accessible to the logical processor.8. The apparatus of claim 1, wherein the control page includes meta information related to a thread running on the logical processor.9. The apparatus of claim 1, wherein at least one state page includes context information associated with a state of the logical processor.10. The apparatus of claim 1, wherein the one or more variables include one or more enclave reference counters.11. The apparatus of claim 10, wherein the setting the first variable to indicate that the logical processor entered the enclave mode during the current epoch includes assigning a current value of a global epoch variable to the first variable.12. The apparatus of claim 10, wherein adjusting the one or more enclave reference counters includes:incrementing a first enclave reference counter for the current epoch by one; anddecrementing a second enclave reference counter for the prior epoch by one.13. The apparatus of claim 10, wherein, prior to the setting the first variable, the remote action handler circuit is to further:determine the logical processor entered the enclave mode during the prior epoch based on a comparison of a current value of the first variable and a current value of a global epoch variable.14. The apparatus of claim 1, wherein the RAR is associated with one of an inter-processor interrupt (IPI) or a RAR signal.15. A system comprising:a memory; anda logical processor coupled to the memory and including a remote action interface circuit comprising microcode to:identify a received remote action request (RAR) associated with an action to be performed including invalidating one or more entries of a translation lookaside buffer (TLB);determine that the logical processor is running in an enclave mode;based on determining that the logical processor entered the enclave mode during a prior epoch of an enclave, perform one or more condition checks on control and state pages of the enclave; andbased on results of the one or more condition checks, adjust one or more variables associated with the logical processor to simulate the logical processor re-entering the enclave mode, wherein adjusting the one or more variables is to include setting a first variable to indicate that the logical processor entered the enclave mode during a current epoch of the enclave.16. The system of claim 15, wherein the microcode is to further:invalidate an entry of the TLB based, at least in part, on the results of the one or more condition checks, wherein the entry to be invalidated includes a page address within an enclave address range of the memory.17. The system of claim 15, wherein the microcode is to further:determine that one or more page addresses indicated by the RAR are within an enclave address range.18. The system of claim 15, wherein the results indicate that the control and state pages associated with the enclave mode are unmodified, unblocked and otherwise accessible to the logical processor.19. The system of claim 15, wherein the control page includes meta information related to a thread running on the logical processor.20. The system of claim 15, wherein at least one state page includes context information associated with a state of the logical processor.21. The system of claim 15, wherein the memory includes an enclave page cache that stores one or more pages at one or more page addresses corresponding to the one or more entries of the TLB.22. A method, the method comprising:identifying, by a logical processor, an action to be performed associated with a received remote action request (RAR), the action including invalidating one or more entries of a translation lookaside buffer (TLB);determining that the logical processor is running in an enclave mode;based on the determining that the logical processor entered the enclave mode during a prior epoch of an enclave, performing one or more condition checks on control and state pages of the enclave; andbased on results of the one or more condition checks, adjusting one or more variables associated with the logical processor to simulate the logical processor re-entering the enclave mode, wherein the adjusting the one or more variables includes setting a first variable to indicate that the logical processor entered the enclave mode during a current epoch of the enclave.23. The method of claim 22, further comprising:invalidating an entry of the TLB based, at least in part, on the results of the one or more condition checks, wherein the entry to be invalidated includes a page address within an enclave address range of memory.24. The method of claim 22, further comprising:determining that one or more page addresses specified in the RAR are within an enclave address range.25. The method of claim 22, wherein the RAR is associated with one of an inter-processor interrupt (IPI) or a RAR signal.
微信群二維碼
意見(jiàn)反饋