公开(公告)号：US11055402B2

公开(公告)日：2021-07-06

申请号：US16142611

申请日：2018-09-26

Applicant: QUALCOMM Incorporated

Inventor： Can Acar ,  Robert Turner ,  Alexander Gantman

IPC: G06F21/53 ,  G06F21/52 ,  G06F12/14 ,  G06F21/56 ,  G06F9/455

Abstract: A method is provided for safely executing dynamically generated code to avoid the possibility of an attack in unprotected memory space. Upon ascertaining that dynamically generated code is to be executed, a processing circuit and/or operating system kernel restrict the dynamically generated code to use a first memory region within an unprotected memory space, where the first memory region is distinct (e.g., reserved) from other memory regions used by other processes executed by the processing circuit. A first processing stack is maintained for the dynamically generated code within the first memory region. This first processing stack is separate from a general processing stack used by other processes executed by the processing circuit. A stack pointer is switched/pointed to the first processing stack when the dynamically generated code is executed and the stack pointer is switched/pointed to the general processing stack when the dynamically generated code ends.

公开(公告)号：US11386012B1

公开(公告)日：2022-07-12

申请号：US17201247

申请日：2021-03-15

Applicant: QUALCOMM incorporated

Inventor： Arvind Krishnaswamy ,  Richard Senior ,  Sundeep Kushwaha ,  Can Acar

IPC: G06F12/00 ,  G06F12/0882 ,  G06F12/0871 ,  G06F9/32 ,  G06F12/02

Abstract: Various embodiments include methods and devices for generating a memory map configured to map virtual addresses of pages to physical addresses, in which pages of a same size are grouped into regions. The embodiments may include adding a first entry for a first additional page to a first region in the memory map, shifting virtual addresses of the first region to accommodate a shift of virtual addresses of the first region allocated for code by a sub-page granular shift amount, mapping shifted virtual addresses of the first entry for the first additional page to physical address mapped to a first lowest shifted virtually addressed page of the first region, and shifting the virtual addresses of the first region allocated for code by a sub-page granular shift amount, in which the virtual addresses of the first region allocated for code partially shift into the first entry for the first additional page.

公开(公告)号：US20160313938A1

公开(公告)日：2016-10-27

申请号：US14696229

申请日：2015-04-24

Applicant: QUALCOMM Incorporated

Inventor： Alexander Gantman ,  Can Acar ,  Billy Brumley ,  Brian Rosenberg

IPC: G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0673 ,  G06F12/1425 ,  G06F21/79

Abstract: A way is provided to protect memory blocks from unauthorized access from executable instructions by defining various sets of instructions that are specifically bound to operate on defined memory blocks and inhibited from operating in other memory blocks. For instance, executable code may include a plurality of distinct read and write instructions where each read and/or write instruction is specific to one memory access tag from a plurality of different memory access tags. Memory blocks are also established and each memory block is associated with one of the plurality of different memory access tags. Consequently, if a first read and/or write instruction, associated with a first memory access tag, attempts to access a memory block associated with a different memory access tag, then execution of the first read and/or write instruction is inhibited or aborted.

Abstract translation: 提供了一种方式来通过限定特定绑定以对定义的存储器块进行操作并禁止在其他存储器块中操作的各种指令集来保护存储器块免受未经授权的访问。 例如，可执行代码可以包括多个不同的读取和写入指令，其中每个读取和/或写入指令是特定于来自多个不同存储器访问标签的一个存储器访问标签。 还建立了存储器块，并且每个存储器块与多个不同的存储器访问标签中的一个相关联。 因此，如果与第一存储器访问标签相关联的第一读取和/或写入指令尝试访问与不同存储器访问标签相关联的存储器块，则禁止或中止第一读取和/或写入指令的执行。

公开(公告)号：US20200097646A1

公开(公告)日：2020-03-26

申请号：US16142353

申请日：2018-09-26

Applicant: QUALCOMM Incorporated

Inventor： Robert Emanuel Buhren ,  Liang Cai ,  Can Acar

IPC: G06F21/44 ,  G06F9/50

Abstract: Techniques for managing resources on computing device are provided. An example processor according to these techniques includes a resource management module (RMM) configured to be executed by the processor as an only privileged application on the processor such that the RMM has exclusive control over the allocation of memory resources utilized by the other applications executed by the processor and assignment of access permissions to the memory resources. The RMM is configured to manage the memory resources used by other applications executed by the processor, to group applications into logical compartments, and to enforce separation between the compartments such that resources associated with one compartment are inaccessible to another compartment. The processor may include a memory protection unit (MPU) configured to provide memory protection for memory utilized by the processor, and the RMM can be configured to dynamically configure the MPU regions to enforce separation between compartments.

公开(公告)号：US09672351B2

公开(公告)日：2017-06-06

申请号：US14612067

申请日：2015-02-02

Applicant: QUALCOMM Incorporated

Inventor： Arvind Krishnaswamy ,  Can Acar ,  Robert Turner

IPC: G06F11/00 ,  H04L9/32 ,  G06F21/52 ,  G06F21/44 ,  G06F21/51 ,  G06F12/0875 ,  G06F15/78 ,  G06F11/10

CPC classification number: G06F21/52 ,  G06F11/10 ,  G06F12/0875 ,  G06F15/7846 ,  G06F21/44 ,  G06F21/51 ,  G06F2212/451

Abstract: A method of producing a control stack includes: writing a plurality of control information entries into a control stack buffer that is internal to a processor in response to one or more function calls; and in response to the control stack buffer being full and receiving a further function call, writing: the plurality of control information entries to an external memory that is external to the processor; and a further control information entry, corresponding to the further function call, to the control stack buffer.

公开(公告)号：US09514305B2

公开(公告)日：2016-12-06

申请号：US14517572

申请日：2014-10-17

Applicant: QUALCOMM Incorporated

Inventor： Can Acar ,  Arvind Krishnaswamy ,  Robert Turner

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/52

CPC classification number: G06F21/56 ,  G06F21/52 ,  G06F21/554

Abstract: Techniques for enforcing flow control of a software program in a processor are provided. An example method according to these techniques includes analyzing program code of the software program to identify a code pointer in the program code, generating an authentication tag based on the code pointer, and modifying the code pointer in the program code with the authentication tag to generate a tagged code pointer.

Abstract translation: 提供了用于在处理器中执行软件程序的流控制的技术。 根据这些技术的示例性方法包括分析软件程序的程序代码以识别程序代码中的代码指针，基于代码指针生成认证标签，并用认证标签修改程序代码中的代码指针以产生 一个标记的代码指针。