DATA CACHE SEGREGATION FOR SPECTRE MITIGATION
1. A device comprising:
- at least one central processing unit (CPU) core comprising;
at least a first CPU thread;
at least a first L1 cache accessible to the first CPU thread;
plural signal lines for communicating data between the first CPU thread and the first L1 cache, the CPU thread being configured to expose a binary value on at least a mode signal line of the plural signal lines, a first binary value on the mode signal line indicating a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicating a memory address associated only with user mode cache, wherein data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.
The data cache of a processor is segregated by execution mode, eliminating the danger of certain malware by no longer sharing the resource. Kernel-mode software can adjust the relative size of the two portions of the data cache, to dynamically accommodate the data-cache needs of varying workloads.
- 1. A device comprising:
at least one central processing unit (CPU) core comprising; at least a first CPU thread; at least a first L1 cache accessible to the first CPU thread; plural signal lines for communicating data between the first CPU thread and the first L1 cache, the CPU thread being configured to expose a binary value on at least a mode signal line of the plural signal lines, a first binary value on the mode signal line indicating a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicating a memory address associated only with user mode cache, wherein data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- 11. An apparatus comprising:
at least one central processing unit (CPU) core comprising; at least a first CPU thread; and an L1 cache assembly accessible to the first CPU thread; the L1 cache assembly being partitioned into user mode cache and kernel mode cache.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- 19. A method, comprising:
segregating data cache of a processor according to execution mode, execution mode comprising kernel mode and user mode; and writing user mode application data only to user mode cache, eliminating possibility of malware discerning operation in kernel mode cache by not sharing kernel mode cache with user mode software.
- View Dependent Claims (20)
The application relates generally to technically inventive, non-routine solutions that are necessarily rooted in computer technology and that produce concrete technical improvements.
A processor in a computer has at least two different operational modes. The first is typically referred to as “kernel mode” and the second may be referred to as “user mode”, although other terms have been used, e.g., instead of “user mode” the mode may be referred to as an “application mode”. The kernel mode is employed for core operating system (O.S.) functions, whereas the use mode is employed when the processor executes applications, i.e., computer programs directed to specific tasks that in turn rely on the O.S. Some device driver software may also be executed in the kernel mode.
Essentially, in the kernel mode the processor can access substantially all of the assets available to it. In contrast, in the user mode the processor is permitted to access only some, but not all, of the assets available to it. Limiting access in the user mode prevents an application executed by the processor from altering, and possibly damaging, critical operating system data.
Another feature of modern processors is cache memory, which is loaded with copies of selected data from main memory. Cache memory is faster than main memory, therefore accessing data in cache memory improves performance. In most cases, when the central processing unit (CPU) reads or writes main memory, a portion of the data cache (sometimes called a “cache block”) is automatically allocated to contain copies of data from a corresponding portion of main memory. The data cache records the corresponding main memory address for each cache block, so that future access to the same memory address will read or write the data cache rather than directly accessing main memory, thus improving performance. Various means may be used to associate portions of data cache with portions of memory. As a simple example, given a 32-bit memory address, where the least significant bit is numbered 0, an implementation could use address bits 15-8 to select one of 256 possible data cache blocks.
Because the faster cache memory is more expensive than main memory, it is generally smaller than main memory. As the CPU accesses different parts of main memory, the copies in the data cache may be “evicted” and those portions of the data cache may be reallocated to contain more recently accessed parts of main memory. If the CPU then accesses a memory address that has been evicted from the data cache, the access is slower, because that portion of memory must have a portion of the data cache reallocated and the data must be reloaded from main memory. This difference in performance can be detected by software executing in the CPU.
Cache memory, like main memory, is generally treated as a resource shared by kernel-mode and user-mode software. User-mode software generally cannot directly read kernel-mode data from the data cache. However, user-mode software can indirectly determine which portions of the data cache have been evicted and loaded with kernel-mode data by detecting the performance difference mentioned above.
It is also a feature of modern processors to speculatively execute some tasks out of order, before they are otherwise required, to promote efficiency. As a simple example, a calculation that depends on a condition may be executed ahead of time while the processor determines whether the condition is satisfied. If the condition eventually is determined to be satisfied, the calculation already has been done and the results can be used, shortening processing time. If the condition eventually is determined not to be satisfied, the speculative calculation can simply be discarded without loss of processing time, since it was done speculatively during the wait period to determine whether the condition is satisfied.
Recent malware known as “Spectre” and “Meltdown” seeks to exploit a combination of speculative execution and data cache behavior. Fundamentally, these “exploits” influence kernel-mode software to speculatively execute instructions that ultimately evict a portion of the data cache. By using performance characteristics to determine which portion was evicted, the “exploits” can indirectly derive values of protected kernel-mode data. Variants of Spectre and Meltdown may use different means to influence speculative execution, but they all derive values of kernel-mode data by detecting differences in data cache performance.
With the above in mind, present principles segregate the data cache of a processor by execution mode, eliminating the danger of certain malware by no longer sharing the cache resource between kernel mode and user mode. If desired, kernel-mode software can adjust the relative size of the two portions of the data cache, to dynamically accommodate the data-cache needs of varying workloads.
In an implementation, the processor exposes one more signal line to cache indicating the operating mode, with the cache storing memory in a partition correlated to the mode indicated by the signal line.
Accordingly, a device includes at least one central processing unit (CPU) core that in turn includes at least a first CPU thread and at least a first L1 cache accessible to the first CPU thread. Plural signal lines communicate data between the first CPU thread and the first L1 cache. The CPU thread is configured to expose a binary value on at least a mode signal line of the plural signal lines. A first binary value on the mode signal line indicates a memory address associated only with kernel mode cache, a second binary value on the mode signal line indicates a memory address associated only with user mode cache. With this technique, data associated with a user mode application can be written to and read from only user mode cache such that no user mode application can detect operations of the kernel mode cache.
In some examples, data associated with a kernel mode application can be written to and read from only kernel mode cache.
In example implementations, the user mode cache and kernel mode cache are virtual partitions of the first L1 cache. In other examples, the device includes a second L1 cache, and the user mode cache and kernel mode cache are established by the first L1 cache and second L1 cache, respectively.
In some implementations, the device may include an L2 cache, and as with the L1 cache, data associated with a user mode application can be written to and read from only user mode cache of the L2 cache such that no user mode application can detect operations in the kernel mode with the L2 cache.
When user mode and kernel mode caches are established virtually, respective sizes of the user mode cache and kernel mode cache can change during CPU operation. The size change can be according to at least one parameter under control of kernel mode software. The size change in some examples may be according to data storage amount in at least one of the user mode cache and kernel mode cache. In some implementations the sizes change according to data input/output rate in at least one of the user mode cache and kernel mode cache.
The CPU core may be a first CPU core and the device may include at least a second CPU core in a CPU package, and the first and second CPU cores share an L3 cache.
In another aspect, an apparatus includes at least one central processing unit (CPU) core that in turn includes at least a first CPU thread and an L1 cache assembly accessible to the first CPU thread. The L1 cache assembly is partitioned into user mode cache and kernel mode cache.
In another aspect, a method includes segregating data cache of a processor according to execution mode, with execution mode being either kernel mode or user mode. The method includes writing user mode application data only to user mode cache, eliminating the possibility of malware discerning operation in kernel mode cache by not sharing kernel mode cache with user mode software.
The details of the present application, both as to its structure and operation, can best be understood in reference to the accompanying drawings, in which like reference numerals refer to like parts, and in which:
This disclosure relates generally to computer ecosystems including aspects of consumer electronics (CE) device networks such as but not limited to distributed computer game networks, video broadcasting, content delivery networks, virtual machines, and machine learning applications. Note that many embodiments of the segregated data cache are envisioned, with several, including computer servers and mobile telephones, described and shown herein.
A system herein may include server and client components, connected over a network such that data may be exchanged between the client and server components. The client components may include one or more computing devices including game consoles such as Sony PlayStation® and related motherboards, portable televisions (e.g. smart TVs, Internet-enabled TVs), portable computers such as laptops and tablet computers, and other mobile devices including smart phones and additional examples discussed below. These client devices may operate with a variety of operating environments. For example, some of the client computers may employ, as examples, Orbis or Linux operating systems, operating systems from Microsoft, or a Unix operating system, or operating systems produced by Apple, Inc. or Google. These operating environments may be used to execute one or more user-mode programs, such as but not limited to a browser, computer game, web or smart phone application, personal computing applications such as financial or word processing programs, control programs for devices such as automobiles and manufacturing equipment, and any other application.
Servers and/or gateways may include one or more processors executing instructions that configure the servers to receive and transmit data over a network such as the Internet. Or, a client and server can be connected over a local intranet or a virtual private network. A server or controller may be instantiated by a game console and/or one or more motherboards thereof such as a Sony PlayStation®, a personal computer, etc.
Information may be exchanged over a network between the clients and servers. To this end and for security, servers and/or clients can include firewalls, load balancers, temporary storages, and proxies, and other network infrastructure for reliability and security. One or more servers may form an apparatus that implement methods of providing a secure community such as an online social website to network members.
As used herein, instructions refer to computer-implemented steps for processing information in the system. Instructions can be implemented in software, firmware or hardware and include any type of programmed step undertaken by components of the system.
A processor may be any conventional general-purpose single- or multi-chip processor that can execute logic by means of various lines such as address lines, data lines, and control lines and registers and shift registers.
Software modules described by way of the flow charts and user interfaces herein can include various sub-routines, procedures, etc. Without limiting the disclosure, logic stated to be executed by a particular module can be redistributed to other software modules and/or combined together in a single module and/or made available in a shareable library.
Present principles described herein can be implemented as hardware, software, firmware, or combinations thereof; hence, illustrative components, blocks, modules, circuits, and steps are set forth in terms of their functionality.
Further to what has been alluded to above, logical blocks, modules, and circuits described below can be implemented or performed with a general-purpose processor, a digital signal processor (DSP), a field programmable gate array (FPGA) or other programmable logic device such as an application specific integrated circuit (ASIC), discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A processor can be implemented by a controller or state machine or a combination of computing devices.
The functions and methods described below, when implemented in software, can be written in an appropriate language such as but not limited to Java, C# or C++, and can be stored on or transmitted through a computer-readable storage medium such as a random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), compact disk read-only memory (CD-ROM) or other optical disk storage such as digital versatile disc (DVD), magnetic disk storage or other magnetic storage devices including removable thumb drives, etc. A connection may establish a computer-readable medium. Such connections can include, as examples, hard-wired cables including fiber optics and coaxial wires and digital subscriber line (DSL) and twisted pair wires. Such connections may include wireless communication connections including infrared and radio.
Components included in one embodiment can be used in other embodiments in any appropriate combination. For example, any of the various components described herein and/or depicted in the Figures may be combined, interchanged or excluded from other embodiments.
“A system having at least one of A, B, and C” (likewise “a system having at least one of A, B, or C” and “a system having at least one of A, B, C”) includes systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.
As shown in
The example chipset 10 in
The CPU package 200 may include one or more interfaces 16 such as a low-voltage differential signaling interface (LVDS), PCI-express interface, etc. that establish communication between the CPU package 200 and various peripheral devices such as a display device 18, a graphics device, a high definition multimedia interface (HDMI) device, etc.
The I/O hub controller 12 also can include various interface 18 such as but not limited to one or more of a serial ATA (SATA) interface, a low-pin count (LPC) interface, a PCI-E interface, a universal serial bus (USB) interface, a general purpose I/O interface (GPIO), a local area network (LAN) interface and other network interfaces, a power management interface, a clock generator interface, a system management bus interface (e.g., a multi-master serial computer bus interface), a serial peripheral flash memory/controller interface (SPI Flash), the latter interface for accessing boot code of a basic input output system (BIOS) 20.
The interface(s) 18 of the I/O hub controller 12 may provide for communication with, in addition to BIOS 20, input/output devices including networks. For example, the I/O controller 12 may communicate with one or more disk drives 22, audio speakers 24, Wi-Fi or other wireless transceivers 26, and input devices 28 such as keyboards, mice, microphones (for voice input), cameras, etc. The methods herein may be implemented as software instructions executed by a processor, suitably configured application specific integrated circuits (ASIC) or field programmable gate array (FPGA) modules, or any other convenient manner as would be appreciated by those skilled in those art. Where employed, the software instructions may be embodied in a non-transitory device such as a CD ROM or Flash drive. The software code instructions may alternatively be embodied in a transitory arrangement such as a radio or optical signal, or via a download over the internet.
Now referring to
Additionally, each CPU core 202 may include one or more cache memories 206, labeled “L1” and “L2” in
As also shown in
On the other hand, user applications 312 and attendant operating system application programming interfaces (API) 314 may operate in the user mode. User mode drivers 316 may also operate in the user mode through the API 314. These user mode drivers 316 may be permitted to communicate with the other kernel mode drivers 308.
Note that while the example shown assumes two operational modes, namely, user mode and kernel mode, some processors may employ more than two operational modes. For example, some architectures may include four operational modes which may be referred to as “rings” and generally pictured as nested circles, the innermost ring being the most privileged and most protected. In such a case, instead of using a single mode signal line to indicate a binary partition between two modes, two mode signal lines (totaling four binary values) can be used to indicate which one of four cache partitions is indicated. In such cases, four cache partitions (virtual or physical) are provided.
When physical cache partitioning is used as shown in
Moving to block 402, during CPU operation in the user mode, all user mode applications are allowed to execute read/write operations only to the user mode cache. Block 404 essentially emphasizes that user mode applications are disallowed from accessing or otherwise “seeing” kernel mode cache including data operations such as data eviction from kernel mode cache.
In some examples, block 406 indicates that programs operating in the kernel mode may be likewise allowed to access only kernel mode cache at least in terms of storing (writing) and if desired also retrieving (reading) kernel mode data, although kernel mode programs such as the O.S. typically may be allowed to access user mode cache on behalf of user mode applications to read and write user mode data from and to user mode cache on behalf of such user mode programs.
During operation, the sizes of the user mode cache 502 and kernel mode cache 500 may change, i.e., conceptually moving the line 504 up or down to grow the size of one of the mode caches at the expense of the other. In an example, one or more parameters under the control of kernel-mode software can be used for this purpose.
In the alternative implementation of
Now referring to
Additionally, each CPU core 802 may include two physical level one (L1) caches 806, 808. A first L1 cache 806 is for user mode operation and a second L1 cache 808 for kernel mode operation only. When greater than two operational modes are employed, a concomitant number of physical L1 caches may be provided. Operation of the L1 caches in
As also shown in
Note that a combination of virtual and physical cache partitioning may be used. For example, the L1 cache may be virtually partitioned according to, e.g.,
It will be appreciated that whilst present principals have been described with reference to some example embodiments, these are not intended to be limiting, and that various alternative arrangements may be used to implement the subject matter claimed herein.