What technology area does this patent fall under?

Primary CPC classification G06F12/1009. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Dec 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Dynamic page table edit control

US2016378678A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016378678-A1
Application number	US-201514750982-A
Country	US
Kind code	A1
Filing date	Jun 25, 2015
Priority date	Jun 25, 2015
Publication date	Dec 29, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor.

First claim

Opening claim text (preview).

What is claimed is: 1 . A system for controlling access by virtual machine (VM) guests to guest page tables, said system comprising: a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update said TLB based on said guest page tables; and a page table edit control (PTEC) module to: identify entries of said guest page tables that map GLAs associated with said policy to a first GPA; verify that said mapping conforms to said policy; and place said guest page table into one of a plurality of restricted accessibility states based on said verification, said restricted accessibility enforced by Extended Page Table (EPT) permissions and applied to said VM guests and to said page walk processor. 2 . The system of claim 1 , wherein said PTEC module is incorporated in a virtual machine monitor (VMM) executing in a virtual-machine extensions (VMX) root mode of said system. 3 . The system of claim 1 , wherein said PTEC module enforces said restricted accessibility states by controlling EPT views of said guest page tables. 4 . The system of claim 1 , wherein said identifying is limited to guest page tables associated with security of said system. 5 . The system of claim 1 , wherein said PTEC module is further to create a copy of said guest page table at a second GPA. 6 . The system of claim 1 , wherein said PTEC module is further to remap said guest page table to a second GPA, said second GPA inaccessible to said VM guests. 7 . The system of claim 1 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further permits said page walk processor to access said guest page table. 8 . The system of claim 1 , wherein one of said plurality of restricted accessibility states prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 9 . The system of claim 1 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further prohibits said page walk processor from accessing said guest page table. 10 . The system of claim 1 , wherein one of said plurality of restricted accessibility states permits said VM guest to read from said guest page table, prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 11 . The system of claim 1 , wherein one of said plurality of restricted accessibility states permits said VM guest to read from said guest page table, prohibits said VM guest from writing to said guest page table and further permits said page walk processor to access said guest page table. 12 . A method for controlling access by virtual machine (VM) guests to guest page tables, said method comprising: maintaining a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); identifying entries of said guest page tables that map GLAs associated with said policy to a first GPA; verifying that said mapping conforms to said policy; and placing said guest page table into one of a plurality of restricted accessibility states based on said verification, said restricted accessibility enforced by Extended Page Table (EPT) permissions and applied to said VM guests and to a page walk processor. 13 . The method of claim 12 , wherein said restricted accessibility is enforced by controlling EPT views of said guest page tables. 14 . The method of claim 12 , wherein said identifying is limited to guest page tables associated with security of said VM. 15 . The method of claim 12 , further comprising creating a copy of said guest page table at a second GPA. 16 . The method of claim 12 , further comprising remapping said guest page table to a second GPA, said second GPA inaccessible to said VM guests. 17 . The method of claim 12 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further permits said page walk processor to access said guest page table. 18 . The method of claim 12 , wherein one of said plurality of restricted accessibility states prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 19 . The method of claim 12 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further prohibits said page walk processor from accessing said guest page table. 20 . The method of claim 12 , wherein one of said plurality of restricted accessibility states permits said VM guest to read from said guest page table, prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 21 . The method of claim 12 , wherein one of said plurality of restricted accessibility states permits said VM guest to read from said guest page table, prohibits said VM guest from writing to said guest page table and further permits said page walk processor to access said guest page table. 22 . At least one computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for controlling access by virtual machine (VM) guests to guest page tables, said operations comprising: maintaining a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); identifying entries of said guest page tables that map GLAs associated with said policy to a first GPA; verifying that said mapping conforms to said policy; and placing said guest page table into one of a plurality of restricted accessibility states based on said verification, said restricted accessibility enforced by Extended Page Table (EPT) permissions and applied to said VM guests and to a page walk processor. 23 . The computer-readable storage medium of claim 22 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further permits said page walk processor to access said guest page table. 24 . The computer-readable storage medium of claim 22 , wherein one of said plurality of restricted accessibility states prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 25 . The computer-readable storage medium of claim 22 , wherein one of said plurality of restricted accessibility states permits said VM guest to read and write from said guest page table and further prohibits said page walk processor from accessing said guest page table. 26 . The computer-readable storage medium of claim 22 , wherein one of said plurality of restricted accessibility states permits said VM guest to read from said guest page table, prohibits said VM guest from writing to said guest page table and further prohibits said page walk processor from accessing said guest page table. 27 . The computer-readable storage med

Assignees

Intel Corp

Inventors

Classifications

G06F2009/45587
Isolation or security of virtual machine instances · CPC title
G06F2212/68
Details of translation look-aside buffer [TLB] · CPC title
G06F21/53
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
G06F2221/2141
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
G06F2212/1052
Security improvement · CPC title

Patent family

Related publications grouped by family.

View patent family 57602357

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016378678A1 cover?: Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or mo…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification G06F12/1009. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Dec 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).