What technology area does this patent fall under?

Primary CPC classification G06F21/52. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 24 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

32-bit address space containment to secure processes from speculative rogue cache loads

US10599835B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10599835-B2
Application number	US-201815960467-A
Country	US
Kind code	B2
Filing date	Apr 23, 2018
Priority date	Feb 6, 2018
Publication date	Mar 24, 2020
Grant date	Mar 24, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments are disclosed to mitigate the meltdown vulnerability by selectively using page table isolation. Page table isolation is enabled for 64-bit applications, so that unprivileged areas in the kernel address space cannot be accessed in user mode due to speculative execution by the processor. On the other hand, page table isolation is disabled for 32-bit applications thereby providing mapping into unprivileged areas in the kernel address space. However, speculative execution is limited to a 32-bit address space in a 32-bit application, and s access to unprivileged areas in the kernel address space can be inhibited.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method in a computing system comprising a target processor and physical memory, the computing system including an operating system and an application that executes on the target processor, the method comprising: translating virtual addresses to physical addresses in the physical memory using user-space page tables associated with the executing application and a first set of kernel-space page tables when the target processor is executing in kernel mode; translating virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a first kind; and translating virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and a second set of kernel-space page tables that is at most a subset of the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a second kind. 2. The method of claim 1 , wherein the first set of kernel-space page tables includes information that maps virtual addresses in a kernel address space of the operating system to physical addresses of the physical memory, wherein the second set of kernel-space page tables includes information that maps at most a subset of the virtual addresses in the kernel address space of the operating system to physical addresses of the physical memory. 3. The method of claim 1 , wherein the second set of kernel-space page tables maps only to a portion of a kernel address space of the operating system sufficient to enter and exit system calls, to process interrupts, and to process exceptions. 4. The method of claim 1 , further comprising: setting a size flag associated with the application to a first data value when the application comprises machine code of the first kind; setting the size flag to a second data value when the application comprises machine code of the second kind; and using the size flag to determine whether to use the first set of kernel-space page tables or the second set of kernel-space page tables when the target processor is executing in user mode. 5. The method of claim 1 , wherein the machine code of the first kind comprises machine coded instructions of a processor having a word size that is shorter in length than a word size of the target processor, wherein the machine code of the second kind comprises machine coded instructions of the target processor. 6. The method of claim 1 , wherein the machine code of the first kind is machine code for a 32-bit processor, wherein the machine code of the second kind is machine code for a 64-bit processor. 7. The method of claim 1 , wherein the user-space page tables include information that maps virtual addresses in a user address space of the executing application to physical addresses in the physical memory. 8. A non-transitory computer-readable storage medium having stored thereon computer executable instructions, which when executed by a computer device, cause the computer device to: translate virtual addresses to physical addresses in a physical memory using user-space page tables associated with an application executing on the computer device and a first set of kernel-space page tables when a target processor of the computing device is executing in kernel mode; translate virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a first kind; and translating virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and a second set of kernel-space page tables that is at most a subset of the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a second kind. 9. The non-transitory computer-readable storage medium of claim 8 , wherein the first set of kernel-space page tables includes information that maps virtual addresses in a kernel address space of an operating system executing on the computing device to physical addresses of the physical memory, wherein the second set of kernel-space page tables includes information that maps at most a subset of the virtual addresses in the kernel address space of the operating system to physical addresses of the physical memory. 10. The non-transitory computer-readable storage medium of claim 8 , wherein the second set of kernel-space page tables maps only to a portion of a kernel address space of an operating system executing on the computing device to enter and exit system calls, to process interrupts, and to process exceptions. 11. The non-transitory computer-readable storage medium of claim 8 , wherein the computer executable instructions, which when executed by the computer device, further cause the computer device to: set a size flag associated with the application to a first data value when the application comprises machine code of the first kind; set the size flag to a second data value when the application comprises machine code of the second kind; and use the size flag to determine whether to use the first set of kernel-space page tables or the second set of kernel-space page tables when the target processor is executing in user mode. 12. The non-transitory computer-readable storage medium of claim 8 , wherein the machine code of the first kind comprises machine coded instructions of a processor having a word size that is shorter in length than a word size of the target processor, wherein the machine code of the second kind comprises machine coded instructions of the target processor. 13. The non-transitory computer-readable storage medium of claim 8 , wherein the machine code of the first kind is machine code for a 32-bit processor, wherein the machine code of the second kind is machine code for a 64-bit processor. 14. A computer apparatus comprising: a target processor; a physical memory; and a computer-readable storage medium comprising instructions for controlling the target processor to be operable to: translate virtual addresses to physical addresses in the physical memory using user-space page tables associated with an application executing on the computer apparatus and a first set of kernel-space page tables when the target processor is executing in kernel mode; translate virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a first kind; and translating virtual addresses to physical addresses in the physical memory using the user-space page tables associated with the executing application and a second set of kernel-space page tables that is at most a subset of the first set of kernel-space page tables when the target processor is executing in user mode and the application comprises machine code of a second kind. 15. The apparatus of claim 14 , wherein the first set of kernel-space page tables includes information that maps virtual addresses in a kernel address space of an operating system executing on the computing apparatus to physical add

Assignees

Vmware Inc

Inventors

Classifications

G06F21/52Primary
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
G06F12/1036
for multiple virtual address spaces, e.g. segmentation (G06F12/1045 takes precedence) · CPC title
G06F21/74
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
G06F12/1441
for a range · CPC title
G06F12/0615
Address space extension · CPC title

Patent family

Related publications grouped by family.

View patent family 67476019

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10599835B2 cover?: Embodiments are disclosed to mitigate the meltdown vulnerability by selectively using page table isolation. Page table isolation is enabled for 64-bit applications, so that unprivileged areas in the kernel address space cannot be accessed in user mode due to speculative execution by the processor. On the other hand, page table isolation is disabled for 32-bit applications thereby providing mapp…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/52. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 24 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).