Translation bypass by host iommu for systems with virtual iommu
US-2018136868-A1 · May 17, 2018 · US
Cryptographic memory ownership table for secure public cloud
US11520906B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11520906-B2 |
| Application number | US-202016830379-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 26, 2020 |
| Priority date | Nov 10, 2017 |
| Publication date | Dec 6, 2022 |
| Grant date | Dec 6, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload. The instructions, when executed, also cause the processor to (i) receive a request from a guest workload managed by the untrusted workload manager to access a memory using a requested guest address; (ii) obtain, from the untrusted workload manager, a translated workload manager-provided hardware physical address to correspond to the requested guest address; (iii) determine whether a stored mapping exists for the translated workload manager-provided hardware physical address; (iv) in response to finding the stored mapping, determine whether a stored expected guest address from the stored mapping matches the requested guest address; and (v) if the stored expected guest address from the stored mapping matches the requested guest address, enable the guest workload to access contents of the translated workload-manager provided hardware physical address.
First claim
Opening claim text (preview).
What is claimed is: 1. At least one non-transitory computer-readable medium comprising instructions that, when executed, enable a processor to: execute a guest workload managed by an untrusted workload manager, the guest workload to create memory ownership entries for a memory ownership structure for the guest workload, the memory ownership entries to map original guest addresses to respective original hardware physical addresses; receive a request from the guest workload managed by the untrusted workload manager to access memory using a requested guest address; after receiving the request from the guest workload managed by the untrusted workload manager to access memory using the requested guest address, obtain a translated hardware physical address to correspond to the requested guest address; determine whether the memory ownership structure for the guest workload contains a memory ownership entry for the translated hardware physical address; if the memory ownership structure for the guest workload contains the memory ownership entry for the translated hardware physical address, determine whether a stored expected guest address from the memory ownership entry matches the requested guest address; if the stored expected guest address from the memory ownership entry matches the requested guest address, enable the guest workload to access contents of the translated hardware physical address; and if the stored expected guest address from the memory ownership entry does not match the requested guest address, abort the request from the guest workload to access memory. 2. The at least one computer-readable medium of claim 1 , wherein the instructions, when executed, further enable the processor to: determine whether a stored expected hardware physical address from the memory ownership entry for the translated hardware physical address matches the translated hardware physical address; and wherein enabling the guest workload to access contents of the translated hardware physical address comprises enabling the guest workload if (a) the stored expected guest address from the memory ownership entry matches the requested guest address and (b) the stored expected hardware physical address from the memory ownership entry matches the translated hardware physical address. 3. The at least one computer-readable medium of claim 1 , wherein the memory ownership entries map original guest physical addresses to respective original hardware physical addresses. 4. The at least one computer-readable medium of claim 1 , wherein the instructions further enable the processor to: identify a stored expected register value for the guest workload to enable the processor to locate a page directory and a page table for the guest workload; and verify that a workload manager-provided register value matches the stored expected register value for the guest workload prior to accessing the page directory and the page table for the guest workload. 5. The at least one computer-readable medium of claim 1 , wherein the instructions further enable the processor to: in response to receiving, from the workload manager, a hardware physical address for a control structure for the guest workload, determine whether a control structure indicator in a memory ownership entry for said hardware physical address in the memory ownership table for the guest workload is TRUE prior to loading the control structure for the guest workload from said hardware physical address. 6. The at least one computer-readable medium of claim 1 , wherein the instructions further enable the processor to: identify an expected content verification value for a particular original hardware physical address; and verify that the expected content verification value matches a hash of contents of the particular original hardware physical address prior to accessing data stored at the particular original hardware physical address. 7. At least one non-transitory computer-readable medium comprising instructions that, when executed, enable a processor to: execute a guest workload managed by an untrusted workload manager, wherein the guest workload is to: (i) receive, from the untrusted workload manager, an allocation of a region of a memory, (ii) provide an original guest address for a memory location of the region of the memory, (iii) receive an original hardware physical address assigned to the original guest address, and (iv) create a memory ownership entry for a memory ownership structure for the guest workload, the memory ownership entry to map the original hardware physical address to the original guest address; in response to receiving a request from the guest workload to access memory using a requested guest address, obtain a translated hardware physical address to correspond to the requested guest address; determine whether the memory ownership structure for the guest workload contains a memory ownership entry for the translated hardware physical address which contains a stored expected guest address that matches the requested guest address; and if the memory ownership structure for the guest workload does not contain a memory ownership entry for the translated hardware physical address which contains the stored expected guest address that matches the requested guest address, abort the request from the guest workload to access memory. 8. The at least one computer-readable medium of claim 7 , wherein the guest workload is further to: cause contents written by the guest workload into the region of the memory to be encrypted with a consumer-provided key for the guest workload; and cause each memory ownership entry for the guest workload to be encrypted with the consumer-provided key. 9. The at least one computer-readable medium of claim 8 , wherein: causing the memory ownership entry for the guest workload to be encrypted with the consumer-provided key binds the original guest address of the memory ownership entry to the original hardware physical address of the memory ownership entry. 10. The at least one computer-readable medium of claim 8 , wherein: causing the contents written by the guest workload to be encrypted with the consumer-provided key further binds the original guest address of the memory ownership entry to encrypted contents of the original hardware physical address of the memory ownership entry. 11. The at least one computer-readable medium of claim 7 , wherein: the guest workload is further to provide the memory ownership entry to the untrusted workload manager, to be stored in the memory ownership structure for the guest workload. 12. The at least one computer-readable medium of claim 7 , wherein the memory ownership entry maps the original hardware physical address to an original guest physical address. 13. The at least one computer-readable medium of claim 7 , wherein: the guest workload is further to store an expected register value for the guest workload to enable the processor to locate a page directory and a page table for the guest workload; and the processor is to verify that a workload manager-provided register value matches the expected register value for the guest workload prior to accessing the page directory and the page table for the guest workload. 14. The at least one computer-readable medium of claim 7 , wherein the instructions further enable the processor to: in response to receiving, from the workload manager, a hardware physical address for a control structure for the guest workload, determine whether a control structure indicator in a memory ownership entry for said hardware physical address in the memory ownership table for the guest worklo
Assignees
Inventors
Classifications
in relation to content · CPC title
using page tables, e.g. page table structures · CPC title
Security improvement · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
for multiple virtual address spaces, e.g. segmentation (G06F12/1036 takes precedence) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11520906B2 cover?
- A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload. The instructions, when executed, also cause the processor to (i) receive a request from a guest workload managed by the untrusted workload manager to access a memory using a requested guest address; (ii) obtain, fro…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 06 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).