USOO7716638B2
`
`(12) United States Patent
`Thornton
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,716,638 B2
`May 11, 2010
`
`(54) METHODS FOR DESCRIBING PROCESSOR
`FEATURES
`
`(75) Inventor: Andrew J. Thornton, Seattle, WA (US)
`
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 1245 days.
`
`(21) Appl. No.: 11/072.913
`
`(22) Filed:
`
`Mar. 4, 2005
`
`(65)
`
`Prior Publication Data
`US 2006/02O0663 A1
`Sep. 7, 2006
`
`(51) Int. Cl.
`G06F 9/44
`(2006.01)
`G06F 9/45
`(2006.01)
`G06F 5/76
`(2006.01)
`G06F 9/30
`(2006.01)
`G06F 7/38
`(2006.01)
`(52) ck ('s) 717/149.771ss.
`712/15: 712/43; 712/228; 712/229; 718/108
`(58) Field of Classification Search ............... ... None
`See application file for complete search history.
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`5,825,649 A * 10/1998 Yoshimura ................... TOO/82
`
`5,961,642 A * 10, 1999 Lewis ............................ T13/1
`6,061,709 A * 5/2000
`... 718,103
`6.253,317 B1* 6/2001 Knapp et al. ................ T12/244
`6,981,135 B1
`12/2005 Trask ............................ T13/1
`7,076,647 B2* 7/2006 Roth et al. .....
`... 713,100
`7,130,977 B1 * 10/2006 Christie et al. ........
`... 711,163
`7,478,394 B1* 1/2009 de Dinechin et al. ........ T18, 108
`2005/0049985 A1* 3/2005 Mangasarian et al. ......... TO6/45
`2005/007618.6 A1* 4/2005 Traut ............................. 712/1
`2005, 01499.19 A1* 7, 2005 Rothman et al. ..
`... 717,162
`2005/0273571 A1* 12/2005 Lyon et al. ........
`... 711,203
`2006/0031060 A1
`2/2006 Weissmann .................. 703/27
`2006/0069878 A1* 3/2006 Aguilar et al. .............. T11 147
`2006/0101470 A1* 5/2006 Swanberg ......
`... T18, 105
`2006/0136653 A1* 6/2006 Traut et al. ..................... T11 ?6
`2007/0244941 A1* 10, 2007 Reed et al. .................. 707,205
`
`* cited by examiner
`
`Primary Examiner Tuan Q Dam
`Assistant Examiner—Isaac T Tecklu
`(74) Attorney, Agent, or Firm Woodcock Washburn LLP
`
`(57)
`
`ABSTRACT
`
`A machine readable description of a new feature of a proces
`sor is provided by a processor vendor. Control code executing
`on a processor, such as a traditional operating system kernel,
`apartitioning kernel, or the like can be programmed to receive
`the description of the feature and to use information provided
`by the description to detect, enable and manage operation of
`the new feature.
`
`17 Claims, 10 Drawing Sheets
`
`2OO -
`
`
`
`OS 1
`204
`
`OS2
`
`OS3
`208
`
`PARTITIONING KERNEL 202
`
`CPU
`120
`
`MEMORY
`130
`
`INTERRUPTS
`210
`
`I/O PORTS
`212
`
`MSRS
`214
`
`APPLE 1019
`
`1
`
`

`

`U.S. Patent
`
`May11, 2010
`
`Sheet 1 of 10
`
`US 7,716,638 B2
`
`
`
`
`
`ALOWSY
`
`YALAdWOO
`
`
`
`WIOMISNBallySpIA\\
`
`fi
`
`|
`
`
`
`setSWVWYSOud
`
`!\|LZLI1|\
`
`
`
`soeparuy06r.Soeayu¢“PELA[96Jayk-—jesaydiuagHeyl!velWwaysrs
`
`
`
`
`
`
`YIOMISNaoeyayuj@deH9}U]NowayyKiowayywesBosdJaYIO
`
`
`
`
`
`Ballye907)YIOMANyndy|sasna[}EJOA-UONJINE|IOA-UON
`OztoorOSTaoeyayu)pLaoepayu}9ELsainpoyy
`
`
`NOILVOIddVL"©)i4JLOWSY
`S61
`
`indinoOaplABuissao01gBuneedoBulssa00lg
`
`LOLZpcraShr|—asnolvivaNoo3|Sivsooud
`
`|sellms
`
`alqeaowayBIGEAOWAY-UON
`
`sorydessyjequagZeb(WVY)
`WYY9O0udYSHLONOILVOIMNddV|ONILVWYSdO
`
`
`
`
`
`
`L6}JoWUOW
`
`[Stssayeadssuyayeadsk——
`
`
`
`LZL|SNGWa}SAS
`
`Tjawey
`
`
`
`SELswesBosq
`
`uoneaddy
`
`weiBoid
`
`ejeq
`
`
`
`vel(Woy
`
`2
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 2 of 10
`
`US 7,716,638 B2
`
`2OO -
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`OS1
`204
`
`OS2
`206
`
`OS3
`208
`
`PARTITIONING KERNEL 202
`
`CPU
`120
`
`MEMORY
`130
`
`INTERRUPTS
`210
`
`I/O PORTS
`212
`
`MSRS
`214
`
`FIG. 2
`
`MEMORY
`306
`
`
`
`SECURE
`MEMORY
`
`SECURE
`LOADER
`304
`
`SECURE
`LOADER
`304"
`
`FIG. 3
`
`3
`
`

`

`U.S. Patent
`U.S. Patent
`
`May 11, 2010
`May11, 2010
`
`Sheet 3 of 10
`Sheet 3 of 10
`
`US 7,716,638 B2
`US 7,716,638 B2
`
`ff ©
`
`402
`
`404
`
`406
`406
`
`402 404
`
`
` 408
`
` 412
`
`4.08
`
`410
`410
`
`412
`
`414
`414
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FG. 4
`FIG. 4
`
`4
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 4 of 10
`
`US 7,716,638 B2
`
`typedef struct FEATURE BLOB
`
`UINT32 Version;
`UINT32 Size;
`
`UCHAR vendor String 12); // as returned by CPUIDCO). EBX: ECX: EDX
`UINT32 Model Count;
`PROCESSOR-ID MATCH Model);
`
`FEATURE BLOB, *PFEATURE BLOB;
`FIG. 5a
`
`typedef struct PROCESSOR-ID MATCH
`UINT32 FamilyModel Stepping;
`UINT32 FamilyModel Stepping Mask;
`UINT32 FamilyModel SteppingMatch;
`
`// as returned by CPUID (1). EAX
`
`PROCESSORID MATCH, *PPROCESSOR ID MATCH;
`FIG. 5b
`
`typedef struct FEATURE-HEADER
`{
`
`FEATURESECTION TYPE Type;
`UINT32 version;
`UINT32 Size;
`
`FEATURE-HEADER, *PFEATURE-HEADER;
`
`typedef enum FEATURESECTION TYPE
`{
`FeatureDiscovery,
`Feature Enable,
`FeatureDisable,
`Feature Registers,
`FeatureSignature,
`FeatureAdvertise,
`
`} FEATURE SECTION TYPE, PFEATURESECTION TYPE;
`F.G. 6
`
`5
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 5 of 10
`
`US 7,716,638 B2
`
`typedef struct CPUID MATCH
`{
`
`UINT32 Leaf; - value in EAX when CPUID issued
`
`// Mask and Match values over CPUID CLeaf). EAX, EBX ECX, EDX
`
`UINT32 EaxMask;
`UINT32 EaxMatch;
`UINT32 EbXMask;
`UINT32 EbXMatch;
`UINT32 ECXMask;
`UINT32 EcxMatch;
`UINT32 EdixMask,
`UINT32 ECXMatch;
`
`CPUID. MATCH, PCPUID MATCH;
`
`FIG. 7a
`
`typedef enum ADDRESS-SPACE
`{
`Control Registers,
`Model SpecificRegisters,
`Local ApicRegisters
`// Memory offsets relative to APIC BASEMSR
`
`ADDRESS SPACE, *PADDRESS-SPACE;
`
`typedef struct BITS64
`{
`
`UINT64 Mask;
`UINT64. Match;
`BITS64, “PBITS64;
`
`FIG. 7b
`
`FIG. 7C
`
`typedef struct REGISTER-BITS64
`{
`ADDRESS-SPACE Address Space;
`UINT32 Register Number;
`BITS64 Bits;
`
`} REGISTERBITS64, *PREGISTER BITS64;
`
`G
`F
`7d
`
`6
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 6 of 10
`
`US 7,716,638 B2
`
`typedef struct FEATURE DISCOVERY
`{
`
`FEATURE HEADER Feature;
`
`CPUID. MATCH CpuidMatch;
`
`UINT32 Register Count;
`REGISTER BITS64 Registers (); // Registers will be checked in this order
`
`FEATURE DISCOVERY., PFEATURE DISCOVERY;
`F.G. 8
`
`typedef struct FEATURE-ENABE
`
`FEATURE-HEADER Feature;
`UINT32 EnableRegisterCount;
`REGISTER BITS64 EnableRegisters); // Registers will be enabled
`A? in this order and will be
`f/ disabled in reverse order
`A/ of no disable section is present.
`
`FEATURE ENABLE, *PFEATURE ENABLE;
`
`FIG. 9a
`
`typedef struct FEATURE DISABLE
`{
`
`FEATURE-HEADER Feature;
`UINT32 DisableRegisterCount;
`REGISTER-BITS64 Disable Registers (); // Registers will be disabled
`A/ in this order
`
`FEATURE DISABLE * PFEATURE DISABLE
`
`FG.9b
`
`7
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 7 of 10
`
`US 7,716,638 B2
`
`typedef struct -FEATURE-REGISTERS
`{
`
`FEATURE HEADER Feature;
`UINT32 RegisterCount;
`FEATURE REGISTER Registers); // Saves are done in the order specified,
`// restores in the reverse order
`FEATURE REGISTERS, *PFEATURE REGISTERS;
`
`FIG. 10a
`
`typedef struct FEATURE REGISTER
`ADDRESS-SPACE AddressSpace;
`UINT32 RegisterNumber;
`
`UINT64 Register BitsMask;
`
`// Indicates bits of the register
`// related to feature
`UINT64. UntrustedReadMask; // Indicates bits untrusted code
`// shouldn't read
`UINT64. UntrustedwriteMask; // Indicates bits untrusted code
`// shouldn't write
`
`// Indicates the register state should
`UINT32 SwitchWithThread: 1;
`// be context switched with the thread
`UINT32 SwitchWith Processor:l; // or partition.
`// Thread switch implies partition
`// switch.
`UINT32 LazyProcessorSwitchok: 1; // Indicates registers have no run time
`// side effects and can be lazily
`// switched when accessed.
`
`3 FEATURE REGISTER, *PFEATURE REGISTER;
`
`FIG. 1 Ob
`
`8
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 8 of 10
`
`US 7,716,638 B2
`
`typedef struct FEATURE ADVERTISE
`//
`// Globally Unique ID used by software to identify the feature.
`// It could also be used to find an internationalized friendly
`// name.
`//
`GUID FeatureGUID;
`
`//
`// NUL terminated string used to describe the feature in UI if
`// a locale specific one can't be found.
`//
`UCHAR Feature FriendlyName 256);
`
`FEATURE ADVERTISE, *PFEATURE ADVERTISE;
`
`FIG. 11
`
`9
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 9 of 10
`
`US 7,716,638 B2
`
`//
`// All errors are reported using Get LastError C)
`//
`
`BOOL
`CheckFor Processor Feature (
`IN GUID FeatureGuid,
`OUT PBOOL Feature Present
`
`//
`// Enable and Disable apply to the current thread
`//
`BOOL
`Enable Processor Feature (
`IN GUID FeatureGuid
`D;
`
`BOOL
`Disable Processor Feature C
`IN GUID FeatureGuid
`D;
`
`F.G. 12
`
`NTSTATUS
`KeCheckForProcessor Feature C
`// Threads are 32 or 64 bit and
`IN PKTHREAD Thread,
`// some features may also be.
`IN GUID Featured uid,
`OUT PBOOLEAN Feature Present
`D;
`
`NTSTATUS
`Kenable Processor Feature C
`IN PKTHREAD Thread,
`IN GUID FeatureGuid
`D;
`
`NESTATUS
`KeDisable Processor Feature C
`IN PKTHREAD Thread,
`IN GUID Featured uid
`);
`
`F.G. 13
`
`10
`
`

`

`U.S. Patent
`
`May 11, 2010
`
`Sheet 10 of 10
`
`US 7,716,638 B2
`
`
`
`1402
`
`OBTAIN FEATURE
`DESCRIPTION AND VERIFY
`SGNATURE
`
`1404
`
`VERIFY FEATURE APPLIES TO
`PROCESSOR USING INFORMATION
`IN PROCESSOR SECTION
`
`1406 - PROCESS DETECTSECTION
`TOVERIFY PRESENCE OF
`FEATURE
`
`1408
`
`PROCESS ENABLE SECTION
`TOENABLE FEATURE
`
`1410
`
`PROCESS CONTEXT SECTION TO
`DENTIFY PROCESSOR STATE
`ASSOCIATED WITH FEATURE
`
`1412
`
`MODIFY CONTEXT SWITCH
`CODE TO INCORPORATE
`IDENTIFIED STATE
`
`1414
`
`RETURN GUID AND TEXTUAL
`DESCRIPTION IN RESPONSE TO
`CLIENT OUERIES
`
`FIG. 14
`
`11
`
`

`

`US 7,716,638 B2
`
`1.
`METHODS FOR DESCRIBING PROCESSOR
`FEATURES
`
`FIELD OF THE INVENTION
`
`The present invention relates to processors used in com
`puting systems, and more particularly, to a method for pro
`viding a machine readable description of a new feature imple
`mented in a given model or family of processors to enable a
`computing system to detect, enable and manage operation of
`the new feature without any a priori knowledge of it.
`
`10
`
`BACKGROUND
`
`2
`processor available to a computing system so that the system
`can detect, enable and manage operation of the new feature.
`The present invention satisfies this need.
`SUMMARY OF THE INVENTION
`
`The present invention is directed to a machine readable
`description of a new feature of a processor, as embodied in a
`computer readable medium, a method of generating same,
`and a method of using the machine readable description to
`detect, enable and manage operation of the feature in a com
`puting system. Control code executing on a processor, such as
`a traditional operating system kernel, a partitioning kernel, or
`the like can be programmed to receive the description of the
`feature and to use information provided by the description to
`detect, enable and manage operation of the new feature. With
`the present invention, a processor Vendor can implement new
`features in Successive releases of a processor model without
`requiring a kernel Vendor to release a corresponding update to
`the kernel software with each new processor release. Instead,
`a machine readable description of a new feature can provide
`the information necessary for the kernel to support the fea
`ture.
`In one embodiment, the machine readable description of
`the feature comprises a section that stores information that
`identifies a type of processor in which the feature is imple
`mented and another section containing information that can
`be processed to detect presence of the feature within a pro
`cessor of the identified type. The description may also com
`prise another section that stores information that can be pro
`cessed to enable operation of the feature within a processor of
`the identified type. The description may further comprise
`another section that stores information that can be processed
`to disable operation of the feature within a processor of the
`identified type. The description may also comprise a section
`that stores information identifying state within a processor of
`the identified type that is associated with the feature. Such
`information may further identify whether the state must be
`saved prior to the processor Switching context between two
`threads of execution or switching context between two virtual
`processors in a system employing a partitioning kernel. The
`description may further comprise a section that stores an
`identifier associated with the feature and a textual description
`of the feature, as well as a section that stores a digital signa
`ture computed over at least a portion of the description. The
`signature can be processed to confirm the provenance of the
`description.
`Other features of the present invention will become evident
`hereinafter.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The foregoing Summary and the following detailed
`description of the invention are better understood when read
`in conjunction with the appended drawings. Exemplary
`embodiments of the invention are shown in the drawings,
`however it is understood that the invention is not limited to the
`specific methods and instrumentalities depicted therein. In
`the drawings:
`FIG. 1 is a block diagram of an exemplary computing
`system in which aspects of the present invention may be
`practiced;
`FIG. 2 is a block diagram of another exemplary computing
`system in which aspects of the present invention may be
`practice;
`FIG. 3 is a block diagram of yet another exemplary com
`puting system in which aspects of the present invention may
`be practiced;
`
`15
`
`Microprocessor vendors typically develop a family of pro
`cessors designed around a given processor architecture and
`then continuously evolve the architecture. For example, Intel
`Corporation has developed several generations of processors
`around its x86 architecture, the most recent being the PEN
`TIUM(R) family of microprocessors. Similarly, Advanced
`Micro Devices, Inc. has developed families of processors
`designed around its X64 architecture. Often a processor ven
`dor will add a feature to an existing model or family of
`processors. Examples of new features that have been added to
`a processor family include the Physical Address Extension
`(PAE), MMX instructions, and streaming SIMD extensions
`(SSE) features added to the PENTIUM(R) family of proces
`SOS.
`Features that add additional bits to existing registers within
`a processor, that add new registers to the processor, or that
`require additional processor State to be saved and restored
`across processor context switches can be problematic for both
`processor vendors and developers of operating systems
`designed to execute on Such a processor. In particular, in order
`for an operating system to use Such a feature or to make Such
`a feature available to application programs, the kernel of the
`operating system must be modified to Support the new fea
`ture. This is true of both traditional operating system kernels,
`such as the kernel of the WINDOWS(R) operating system
`available from Microsoft Corporation, and so-called parti
`tioning kernels that provide partitioned execution environ
`ments for multiple 'guest operating systems. Because these
`kinds of new features require Support in the kernel, the intro
`duction of such a feature by a processor vendor is effectively
`gated on the release of an updated version of the kernel.
`The existence of new features in a processor presents addi
`tional problems for partitioning kernels. A partitioning kernel
`provides a separate, partitioned execution environment for
`each of multiple 'guest operating systems running on a
`single computing system. While each operating system runs
`in a separate partition, it appears to each operating system that
`it has full control of the underlying processor and other sys
`tem components. In reality, the partitioning kernel presents
`one or more separate, virtualized processors to each operating
`system. It is important in Such a system to prevent secrets
`from leaking between partitions and to prevent one partition
`from corrupting the state of another partition. However, if a
`new feature has been implemented in a processor on which
`the partitioning kernel is running and that feature adds new
`registers or additional bits to existing registers or adds to the
`processor State that must be saved during a context Switch
`from one partition to another, the potential to leak secrets
`between partitions or for one partition to corrupt the state of
`another exists. Thus, it is particularly important for a parti
`tioning kernel to be aware of any such new feature.
`Thus, there is a need for a mechanism by which a processor
`Vendor can make information concerning a new feature of a
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`12
`
`

`

`US 7,716,638 B2
`
`3
`FIG. 4 graphically illustrates a machine readable descrip
`tion of a feature of a processor, in accordance with one
`embodiment of the present invention;
`FIGS. 5a and 5b describe one embodiment of a format of a
`section of the description of FIG. 4;
`FIG. 6 describes one embodiment of a format of a header
`that is included in various sections of the machine readable
`description of FIG. 4;
`FIGS. 7a through 7d together describe one embodiment of
`a format of certain fields of the sections illustrated in FIGS. 8
`and 9:
`FIG. 8 describes one embodiment of a format of yet
`another section of the description of FIG. 4;
`FIG. 9a describes one embodiment of a format of another
`section of the description of FIG. 4;
`FIG.9b describes one embodiment of yet another section
`of the description of FIG. 4;
`FIGS. 10a and 10b together describe one embodiment of a
`format of still another section of the description of FIG. 4;
`FIG. 11 describes one embodiment of a format of another
`section of the description of FIG. 4;
`FIG. 12 describes an exemplary application programming
`interface (API) that can be provided to expose a processor
`feature to an application program and to allow the application
`program to request that the feature be enabled;
`FIG. 13 describes a similar API that can be provided by an
`operating system kernel to expose a processor feature to
`drivers and other kernel mode program modules and to allow
`those modules to request that the feature be enabled; and
`FIG. 14 is a flow diagram illustrating one embodiment of a
`method of processing a description of a feature of a processor,
`in accordance with the present invention.
`
`10
`
`15
`
`25
`
`30
`
`4
`gram code' and “code” refer to any set of instructions that are
`executed or otherwise processed by a processor. The term
`“program module” refers to program code and/or data in the
`form of routines, programs, objects, components, data struc
`tures and the like that perform particular functions or imple
`ment particular data types. The term “data structure” refers to
`an organization of pieces of information or data. Examples of
`data structures include but are not limited to files, lists, arrays,
`records, trees, objects and tables. A data structure can com
`prise a single structure having a plurality of sections or fields
`of information or can comprise a collection of separate pieces
`of information organized in some manner. The term "kernel
`refers to any form of code executing on a processor to control
`the operation of a computing system, including without limi
`tation traditional operating system kernels, such as the ker
`nels of the WINDOWSR) family of operating systems avail
`able from Microsoft Corporation, the kernel of the
`MACINTOSHR) operating system available from Apple
`Computer, Inc. and the LINUX kernel, as well as partitioning
`kernels discussed below and illustrated in FIG. 2.
`Referring to FIG. 1, the exemplary computing system 100
`comprises a central processing unit 120, a graphics process
`ing unit 125, a system memory 130, and a system bus 121 that
`couples various system components including the system
`memory to the processing unit 120. The system bus 121 may
`be any of several types of bus structures including a memory
`bus or memory controller, a peripheral bus, and a local bus
`using any of a variety of bus architectures. By way of
`example, and not limitation, such architectures include Indus
`try Standard Architecture (ISA) bus, Micro Channel Archi
`tecture (MCA) bus, Enhanced ISA (EISA) bus, Video Elec
`tronics Standards Association (VESA) local bus, and
`Peripheral Component Interconnect (PCI) bus (also known as
`Mezzanine bus).
`Computing system 100 may include a variety of computer
`readable media. Computer readable media can be any avail
`able media that can be accessed by computing system 100 and
`includes both volatile and nonvolatile, removable and non
`removable media. By way of example, and not limitation,
`computer readable media may comprise both computer Stor
`age media and communication media. Computer storage
`media includes both volatile and nonvolatile, removable and
`non-removable media implemented in any method or tech
`nology for storage of information or data. Computer storage
`media includes, but is not limited to, random access memory
`(RAM), read-only memory (ROM), Electrically-Erasable
`Programmable Read-Only Memory (EEPROM), flash
`memory or other memory technology, memory cards,
`memory sticks, compact disc read-only memory (CDROM),
`digital versatile disks (DVD) or other optical disk storage,
`magnetic cassettes, magnetic tape, magnetic disk storage or
`other magnetic storage devices, or any other medium which
`can be used to store the desired information and which can be
`accessed by computing system 100. Communication media
`typically a carrier wave or other transport mechanism or
`signal that is modulated to transmit information, including
`program code and data, from one location to another. The
`term “modulated signal” means a signal that has one or more
`of its characteristics set or changed in Such a manner as to
`encode information in the signal. By way of example, and not
`limitation, communication media includes wired media Such
`as a wired network or direct-wired connection, and wireless
`media Such as acoustic, radio frequency (RF), infrared, and
`other wireless media. Combinations of any of the above are
`also be included within the scope of computer readable
`media.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`35
`
`40
`
`The present invention is directed to a machine readable
`description of a new feature of a processor, a method of
`generating same, and a method of using the machine readable
`description to detect, enable and manage operation of the
`feature in a computing system. An operating system kernel, a
`partitioning kernel, or the like can be programmed to receive
`the description of the feature and to use information provided
`by the description to detect, enable and manage operation of
`the new feature. With the present invention, a processor ven
`45
`dor can implement new features in Successive releases of a
`processor model without requiring a kernel Vendor to release
`a corresponding update to the kernel software with each new
`processor release. Instead, a machine readable description of
`a new feature can provide the information necessary for the
`kernel to support the feature.
`Exemplary Computing Systems
`FIG. 1 illustrates the functional components of one
`example of a computing system 100 in which aspects of the
`present invention may be embodied or practiced. As used
`herein, the terms “computing system.” “computer system.”
`and “computer refer to any machine, system or device that
`comprises a processor capable of executing or otherwise pro
`cessing program code and/or data. Examples of computing
`systems include, without any intended limitation, personal
`computers (PCs), minicomputers, mainframe computers, thin
`clients, network PCs, servers, workStations, laptop comput
`ers, hand-held computers, programmable consumer electron
`ics, multimedia consoles, game consoles, satellite receivers,
`set-top boxes, automated teller machines, arcade games,
`mobile telephones, personal digital assistants (PDAs) and any
`other processor-based system or machine. The terms “pro
`
`50
`
`55
`
`60
`
`65
`
`13
`
`

`

`5
`The system memory 130 includes computer storage media
`in the form of volatile and/or nonvolatile memory such as
`ROM 131 and RAM 132. A basic input/output system 133
`(BIOS), containing the basic routines that help to transfer
`information between elements within computing system 100,
`such as during start-up, is typically stored in ROM 131. RAM
`132 typically contains data and/or program modules that are
`immediately accessible to and/or presently being operated on
`by processing unit 120. By way of example, and not limita
`tion, FIG. 1 illustrates operating system 134, application pro
`grams 135, other program modules 136, and program data
`137. The operating system may comprise a kernel 139. RAM
`132 may contain other data and/or program code as well.
`The computing system 100 may also include other remov
`able/non-removable, Volatile/nonvolatile computer storage
`media. By way of example only, FIG. 1 illustrates a hard disk
`drive 141 that reads from or writes to non-removable, non
`Volatile magnetic media, a magnetic disk drive 151 that reads
`from or writes to a removable, nonvolatile magnetic disk 152,
`and an optical disk drive 155 that reads from or writes to a
`removable, nonvolatile optical disk 156, such as a CD ROM,
`DVD or other optical media. The computing system 100 may
`also incorporate various means for writing to and reading
`from any of the other forms of computer readable media
`described above. The hard disk drive 141 is typically con
`nected to the system bus 121 through a non-removable
`memory interface Such as interface 140, and magnetic disk
`drive 151 and optical disk drive 155 are typically connected to
`the system bus 121 by a removable memory interface, such as
`interface 150.
`The drives and their associated computer storage media
`discussed above and illustrated in FIG. 1 provide storage of
`program code, data structures, program modules and other
`data for the computing system 100. In FIG. 1, for example,
`hard disk drive 141 is illustrated as storing operating system
`144, application programs 145, other program modules 146.
`and program data 147. Note that these components can either
`be the same as or different from operating system 134, appli
`cation programs 135, other program modules 136, and pro
`gram data 137. Operating system 144, application programs
`145, other program modules 146, and program data 147 are
`given different numbers here to illustrate that, at a minimum,
`they are different copies. A user may enter commands and
`information into the computing system 100 through input
`devices such as a keyboard 162 and pointing device 161,
`commonly referred to as a mouse, trackball or touch pad.
`Other input devices (not shown) may include a microphone,
`joystick, game pad, satellite receiver, Scanner, or the like.
`These and other input devices are often connected to the
`processing unit 120 through a user input interface 160 that is
`coupled to the system bus 121, but may be connected by other
`interfaces and bus structures, such as a parallel port, game
`port or a universal serial bus (USB).
`A monitor 191 or other type of display device is also
`connected to the system bus 121 via an interface. Such as a
`video interface 190. In addition to monitor 191, computers
`may also include other peripheral output devices such as
`speakers 197 and printer 196, which may be connected
`through an output peripheral interface 195.
`The computing system 100 may operate in a networked
`environment using logical connections to one or more remote
`computers, such as a remote computer 180. The remote com
`puter 180 may be a personal computer, a server, a router, a
`network PC, a peer device or any other type of computing
`system, and typically includes many or all of the elements
`described above relative to the computing system 100,
`although only a memory storage device 181 has been illus
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 7,716,638 B2
`
`10
`
`15
`
`6
`trated in FIG. 1. The logical connections depicted in FIG. 1
`include a local area network (LAN) 171 and a wide area
`network (WAN) 173, but may also include other networks.
`Such networking environments are commonplace in offices,
`enterprise-wide computer networks, intranets and the Inter
`net.
`When used in a LAN networking environment, the com
`puting system 100 is connected to the LAN 171 through a
`network interface or adapter 170. When used in a WAN net
`working environment, the computing system 100 typically
`includes a modem 172 or other means for establishing com
`munications over the WAN 173, such as the Internet. The
`modem 172, which may be internal or external, may be con
`nected to the system bus 121 via the user input interface 160,
`or other appropriate mechanism. In a networked environ
`ment, program modules depicted relative to the computing
`system 100, or portions thereof, may be stored in the remote
`memory storage device. By way of example, and not limita
`tion, FIG. 1 illustrates remote application programs 185 as
`residing on memory device 181. It will be appreciated that the
`network connections shown are exemplary and other means
`ofestablishing a communications link between the computers
`may be used.
`FIG. 2 is a block diagram illustrating another exemplary
`computing system 200 in which aspects of the present inven
`tion may be embodied or practiced. The computing system
`200 comprises a partitioning kernel 202 that provides a sepa
`rate, partitioned execution environment for each of multiple
`'guest' operating systems (e.g., 204, 206 and 208) running on
`the same processor 120. Each guest operating system can be
`a different operating system or can be a different instance of
`the same operating system. Other than the partitioning kernel
`202, the computing system 200 may generally comprise the
`same system components as the computing system 100 of
`FIG.1. While each guest operating system runs in a separate
`partition, it appears to each operating system that it has full
`control of the underlying processor 120 and other compo
`nents of the system, such as the memory 130, interrupts 210,
`input/output ports 212, and model specific registers (MSRs)
`214 which are shown separately but which are part of the
`processor 120. In reality, the partitioning kernel presents one
`or more separate, virtualized processors together with some
`or all of the computing environment described in FIG. 1 to
`each operating system 204, 206 and 208. It is important in
`Such a system to prevent Secrets from leaking between parti
`tions and to prevent one partition from corrupting the state of
`another partition. However, as mentioned above, if a new
`feature has been implemented in new release of the processor
`120 on which the partitioning kernel is running and that
`feature adds new registers or additional bits to existing reg
`isters or adds to the processor state that must be saved during
`a context Switch from one partition to another, the potential to
`leak secrets between partitions or for one partition to corrupt
`the State of another exists. Thus the partitioning kernel is
`forced to disallow guest access to any registers orbits within
`registers that are not defined when it is written. It is therefore
`particularly important for a partitioning kernel to be aware of
`any such new feature as it gates their availability to any guest
`operating system.
`FIG. 3 is a block diagram illustrating at least a portion of
`yet another exemplary computing system 300 in which
`aspects of the present invention may be embodied or prac
`ticed. Again, although not shown in FIG. 3, the computing
`system 300 may generally comprise all or some of the same
`components as the computing systems 100, 200 shown in
`FIGS. 1 and 2. As shown, in this system, program code that
`implements a loader function 304 may be executed from
`
`14
`
`

`

`7
`within secure storage in the processor 302 itself. Alterna
`tively, a secure loader 304 (shown in dashed lines) may be
`executed from a secure region 308 of the system memory that
`is protected from modification. In either case, the secure
`loader (304 or 304) cannot be tampered with and is consid
`ered part of the trusted computing base. The secure loader
`(304 or 304") functions to load other code from a memory 306
`during boot-up of the computing system, Such as code to carry
`out the boot-up process or code comprising all or part of an
`operating system, so that the loaded code can be executed by
`the processor. As described hereinafter, the process of loading
`a machine readable description of a new processor feature and
`confirming its provenance inaccordance with an aspect of the
`present invention may be implemented as part of a secure
`loader, such as secure loader 304.
`Machine Readable Description of a Feature of a Proc