Secure support for I/O in software cryptoprocessor

US 9,734,092 B2
Filed: 03/19/2015
Issued: 08/15/2017
Est. Priority Date: 03/19/2014
Status: Active Grant

First Claim

Patent Images

1. A computing system for preventing pessimistic evictions from a cache as a result of a direct memory access (“

DMA”

) write by an input/output (“

I/O”

) device to main memory, the computing system comprising;

a processor having a cache;

main memory; and

a software component that when executed by the processorallocates a buffer in the main memory for the DMA write; and

leaves a portion of the cache unused to suppress a pessimistic eviction that would occur during a DMA write to the buffer if the entire cache were used.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory.

103 Citations

View as Search Results

20 Claims

1. A computing system for preventing pessimistic evictions from a cache as a result of a direct memory access (“
- DMA”
  
  ) write by an input/output (“
  
  I/O”
  
  ) device to main memory, the computing system comprising;
  
  a processor having a cache;
  
  main memory; and
  
  a software component that when executed by the processorallocates a buffer in the main memory for the DMA write; and
  
  leaves a portion of the cache unused to suppress a pessimistic eviction that would occur during a DMA write to the buffer if the entire cache were used.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computing system of claim 1 wherein the software component is part of a software cryptoprocessor.
  - 3. The computing system of claim 1 wherein the software component is stored in the cache.
  - 4. The computing system of claim 3 wherein the software component configures an I/O protection mechanism of the computing system to prevent a DMA write to trusted cache by an I/O device.
  - 5. The computing system of claim 1 wherein the buffer is allocated at memory addresses that map to the unused cache.
  - 6. The computing system of claim 5 wherein a mapping of the memory addresses to the cache is determined at boot time.

7. A method performed by a computing system for preventing access to sensitive data by an input/output (“
- I/O”
  
  ) device of the computing system, the sensitive data being secured by a software cryptoprocessor executing on the computing system, the computing system having memory that includes main memory and a cache, the method comprising;
  
  configuring an I/O protection mechanism of the computing system to prevent direct memory access (“
  
  DMA”
  
  ) by the I/O device to cacheable main memory that maps to a trusted cache that stores the sensitive data, wherein the I/O device cannot access the trusted cache via DMA;
  
  allocating a bounce buffer in untrusted memory, to which DMA by the I/O device is allowed, and a device driver buffer in the trusted cache;
  
  when the I/O device completes a DMA write to the bounce buffer, copying device data from the bounce buffer to the device driver buffer; and
  
  when the I/O device initiates a DMA read from the bounce buffer, copying the device data from the device driver buffer to the bounce buffer.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7 further comprising preventing evictions from trusted cache to main memory.
  - 9. The method of claim 8 wherein the preventing of evictions includes leaving a portion of the cache unused so that a DMA write to main memory will not result in a pessimistic eviction.
  - 10. The method of claim 7 wherein the I/O protection mechanism is based on I/O page tables of an I/O memory management unit.
  - 11. The method of claim 7 wherein the I/O protection mechanism is based on protected memory regions of an I/O memory management unit.
  - 12. The method of claim 7 wherein the allocating of the bounce buffer is from a page of main memory that is not accessible to another I/O device.
  - 13. The method of claim 12 further comprising, when the bounce buffer is no longer needed by a DMA, overwriting the bounce buffer to prevent unauthorized access to the device data.
  - 14. The method of claim 12 further comprising configuring a page table entry for the page to indicate that the page is not accessible to another I/O device.

15. A computer-readable storage medium storing computer-executable instructions for controlling a computing system to prevent access to sensitive data by an input/output (“
- I/O”
  
  ) device of the computing system, the computing system having memory that includes main memory and a cache, the computer-executable instructions comprising instructions that;
  
  configure an I/O protection mechanism of the computing system to prevent direct memory access (“
  
  DMA”
  
  ) by the I/O device to cacheable main memory that maps to a trusted cache that stores the sensitive data, wherein the I/O device cannot access the trusted cache via DMA;
  
  allocate a bounce buffer in the main memory and a device driver buffer in the trusted cache wherein DMA by the I/O device to the bounce buffer is enabled;
  
  copy data between the bounce buffer and the device driver buffer to maintain coherency between the bounce buffer and the device driver buffer; and
  
  prevent evictions from the trusted cache to the main memory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15 wherein the instructions that prevent evictions leave a portion of the cache unused so that a DMA write to main memory will not result in a pessimistic eviction.
  - 17. The computer-readable storage medium of claim 16 wherein the DMA write is to cacheable main memory that maps to untrusted cache.
  - 18. The computer-readable storage medium of claim 15 wherein the computer-executable instructions further comprise instructions that configure the cache with a write-back model.
  - 19. The computer-readable storage medium of claim 15 wherein the bounce buffer is allocated from a page of main memory that is not accessible to another I/O device.
  - 20. The computer-readable storage medium of claim 15 wherein the computer-executable instructions further comprise instructions that register to receive notifications of initiation of a DMA read from the bounce buffer and completion of a DMA write to the bounce buffer to initiate the copying of the data between the bounce buffer and the device driver buffer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Horovitz, Oded, Rihan, Sahil, Weis, Stephen A., Waldspurger, Carl A.
Primary Examiner(s)
Bataille, Pierre-Michel

Application Number

US14/663,217
Publication Number

US 20150269091A1
Time in Patent Office

880 Days
Field of Search

711103, 711170, 711133
US Class Current
CPC Class Codes

G06F 12/0888   using selective caching, e....

G06F 12/1081   for peripheral access to ma...

G06F 12/126   with special data handling,...

G06F 12/1408   by using cryptography for d...

G06F 12/1425   the protection being physic...

G06F 12/145   the protection being virtua...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

G06F 2212/6042   Allocation of cache space t...

G06F 2212/621   Coherency control relating ...

Secure support for I/O in software cryptoprocessor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure support for I/O in software cryptoprocessor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others