DATA CACHE SEGREGATION FOR SPECTRE MITIGATION

US 20190317903A1
Filed: 04/12/2018
Published: 10/17/2019
Est. Priority Date: 04/12/2018
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

at least one central processing unit (CPU) core comprising;

at least a first CPU thread;

at least a first L1 cache accessible to the first CPU thread;

plural signal lines for communicating data between the first CPU thread and the first L1 cache, the CPU thread being configured to expose a binary value on at least a mode signal line of the plural signal lines, a first binary value on the mode signal line indicating a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicating a memory address associated only with user mode cache, wherein data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The data cache of a processor is segregated by execution mode, eliminating the danger of certain malware by no longer sharing the resource. Kernel-mode software can adjust the relative size of the two portions of the data cache, to dynamically accommodate the data-cache needs of varying workloads.

0 Citations

20 Claims

1. A device comprising:
- at least one central processing unit (CPU) core comprising;
  
  at least a first CPU thread;
  
  at least a first L1 cache accessible to the first CPU thread;
  
  plural signal lines for communicating data between the first CPU thread and the first L1 cache, the CPU thread being configured to expose a binary value on at least a mode signal line of the plural signal lines, a first binary value on the mode signal line indicating a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicating a memory address associated only with user mode cache, wherein data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein data associated with a kernel mode application can be written to and read from only kernel mode cache.
  - 3. The device of claim 1, wherein the user mode cache and kernel mode cache are virtual partitions of the first L1 cache.
  - 4. The device of claim 1, comprising a second L1 cache, wherein the user mode cache and kernel mode cache are established by the first L1 cache and second L1 cache, respectively.
  - 5. The device of claim 1, comprising L2 cache, wherein data associated with a user mode application can be written to and read from only user mode cache of the L2 cache such that no user mode application can detect operations in the kernel mode with the L2 cache.
  - 6. The device of claim 3, wherein respective sizes of the user mode cache and kernel mode cache change during CPU operation.
  - 7. The device of claim 6, wherein the sizes change according to at least one parameter under control of kernel mode software.
  - 8. The device of claim 6, wherein the sizes change according to data storage amount in at least one of the user mode cache and kernel mode cache.
  - 9. The device of claim 6, wherein the sizes change according to data input/output rate in at least one of the user mode cache and kernel mode cache.
  - 10. The device of claim 1, wherein the CPU core is a first CPU core and the device comprises at least a second CPU core in a CPU package, and the first and second CPU cores share an L3 cache.

11. An apparatus comprising:
- at least one central processing unit (CPU) core comprising;
  
  at least a first CPU thread; and
  
  an L1 cache assembly accessible to the first CPU thread;
  
  the L1 cache assembly being partitioned into user mode cache and kernel mode cache.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The apparatus of claim 11, wherein the L1 cache assembly comprises a single physical L1 cache portioned into the user mode cache and kernel mode cache.
  - 13. The apparatus of claim 11, wherein the L1 cache assembly comprises a first physical L1 cache establishing only the user mode cache and a second physical L1 cache establishing only the kernel mode cache.
  - 14. The apparatus of claim 11, wherein during CPU operation in a user mode, all user mode applications are allowed to execute input/output operations only to the user mode cache, with user mode applications being disallowed from accessing or otherwise “
    - seeing”
      
      kernel mode cache including data eviction from kernel mode cache.
  - 15. The apparatus of claim 14, wherein programs operating in a kernel mode are allowed to access only kernel mode cache for writing kernel mode data.
  - 16. The apparatus of claim 11, comprising:
    - plural signal lines for communicating data between the first CPU thread and the L1 cache assembly, the CPU thread being configured to expose a binary value on at least a mode signal line of the plural signal lines, a first binary value on the mode signal line indicating a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicating a memory address associated only with user mode cache, wherein data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.
  - 17. The apparatus of claim 11, comprising L2 cache, wherein data associated with a user mode application can be written to and read from only user mode cache of the L2 cache such that no user mode application can detect operations in the kernel mode with the L2 cache.
  - 18. The apparatus of claim 11, wherein the CPU core is a first CPU core and the apparatus comprises at least a second CPU core in a CPU package, and the first and second CPU cores share an L3 cache.

19. A method, comprising:
- segregating data cache of a processor according to execution mode, execution mode comprising kernel mode and user mode; and
  
  writing user mode application data only to user mode cache, eliminating possibility of malware discerning operation in kernel mode cache by not sharing kernel mode cache with user mode software.
- View Dependent Claims (20)
- - 20. The method of claim 19, comprising using kernel-mode software to adjust relative sizes of the kernel mode cache and user mode cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Interactive Entertainment Inc. (Sony Group Corp.)
Original Assignee
Sony Interactive Entertainment Inc. (Sony Group Corp.)
Inventors
Robinson, Paul T.

Granted Patent

US 10,691,621 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/084   with a shared cache

G06F 12/0848   Partitioned cache, e.g. sep...

G06F 12/0897   with two or more cache hier...

G06F 12/1458   by checking the subject acc...

G06F 21/52   during program execution, e...

G06F 21/74   operating in dual or compar...

G06F 2212/1052   Security improvement

G06F 2212/603   of operating mode, e.g. cac...

DATA CACHE SEGREGATION FOR SPECTRE MITIGATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA CACHE SEGREGATION FOR SPECTRE MITIGATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links