An apparatus has processing circuitry 4 supporting a number of security domains, and within each domain supporting a number of modes including a handler mode for exception processing and a thread mode for background processing. For an exception entry transition from secure thread mode to secure handler mode, a transition disable indicator 42 is set. For at least one type of exception return transition to processing in the secure domain and the thread mode when the transition disable indicator 42 is set, a fault is signaled. This can protect against some security attacks.

Processing circuitry (8) processes software processes at one of a plurality of exception levels and in one of a plurality of realms, each realm corresponding to a portion of at least one software process and being associated with a boundary exception level indicating a most privileged exception level at which the realm can be processed by the processing circuitry (8). In response to a realm exiting exception condition during processing of a given realm, where the exception condition is to be handled by an exception handler at a more privileged exception level than the boundary exception level of the given realm, the processing circuitry (8) performs state masking to make inaccessible, to software processes processed at a more privileged exception level than the boundary exception level, architectural state of a subset of registers selected depending on the boundary exception level of the given realm.

An apparatus comprises: processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, and memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicating which domain is associated with a target address. In response to a given change of program flow from processing in the less secure domain to a target instruction having an address associated with the secure domain: a fault is triggered when the target instruction is an instruction other than a gateway instruction indicating a valid entry point to the secure domain. When the target instruction is said gateway instruction, a stack pointer verifying action is triggered to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register.

A computer system includes a dispatch stage configured to dispatch a plurality of instructions in a program order, and an issue stage configured to issue at least one instruction among the plurality of instructions. The computer system further includes an execution stage configured to execute the at least one instruction to generate a finish report and to determine the at least one instruction is one of an exception-free instruction or an exception instruction. In response to determining the exception-free instruction, a first finish report associated with the exception-free instruction is output to a completion stage. In response to determining the exception instruction, a second finish report associated with the exception instruction is output to an exception unit so as to halt output of the second finish report to the completion stage.

A processor having a plurality of protection rings and comprising a protection ring management system in which the attributions of exceptions or privileged resources to protection rings are defined by a programmable table.

Systems and methods for selective stack trace generation during Java exception handling are disclosed. In embodiments, a method includes determining, by a Java virtual machine (JVM) of a computing device, that an exception object escapes a catch block of Java bytecodes; setting, by the JVM of the computing device, an escaped flag based on the determining that the exception object escapes the catch block; walking, by the JVM of the computing device, a call stack to locate an applicable catch block for the exception object, wherein the applicable catch block is the catch block; determining, by the JVM of the computing device, that the escaped flag is set in response to locating the applicable catch block; and creating, by the JVM of the computing device, a stack trace based on the determining that the escaped flag is set.

A memory system includes: a memory device including a memory block, a page buffer, and first and second memory dies; a write buffer suitable for temporarily storing first and second data; a program managing unit suitable for controlling the memory device to sequentially perform first and second program operations on the memory block with the first and second data; a buffer managing unit suitable for managing the write buffer based on a scatter-gather scheme; a failure processing unit suitable for forcing the second program operation to fail, when the first program operation is a failure; and an error handling unit suitable for controlling the program managing unit to perform the first and second program operations again for the first and second data that are temporarily stored in the write buffer when the second program operation is forced to fail.

A computer system includes a dispatch stage configured to dispatch a plurality of instructions in a program order, and an issue stage configured to issue at least one instruction among the plurality of instructions. The computer system further includes an execution stage configured to execute the at least one instruction to generate a finish report and to determine the at least one instruction is one of an exception-free instruction or an exception instruction. In response to determining the exception-free instruction, a first finish report associated with the exception-free instruction is output to a completion stage. In response to determining the exception instruction, a second finish report associated with the exception instruction is output to an exception unit so as to halt output of the second finish report to the completion stage.

An apparatus and method for processing non-maskable interrupt source information. For example, one embodiment of a processor comprises: a plurality of cores comprising execution circuitry to execute instructions and process data; local interrupt circuitry comprising a plurality of registers to store interrupt-related data including non-maskable interrupt (NMI) data related to a first NMI; and non-maskable interrupt (NMI) processing mode selection circuitry, responsive to a request, to select between at least two NMI processing modes to process the first NMI including: a first NMI processing mode in which the plurality of registers are to store first data related to a first NMI, wherein no NMI source information related to a source of the NMI is included in the first data, and a second NMI processing mode in which the plurality of registers are to store both the first data related to the first NMI and second data comprising NMI source information indicating the NMI source.

Example implementations relate to method and system for storing and applying updates to a firmware at runtime of a processor-based system. The processor-based system includes a system management (SM) memory, a platform hardware, a main processor, the firmware, and a hotfix-framework. The hotfix-framework includes a hotfix dispatcher module and a service driver module having one or more boot time resources. The firmware and the hotfix-framework are pre-executed in the SM memory. The platform hardware stores a hotfix-firmware including updates to the firmware into a memory of the processor-based system, and generates an interrupt to direct the main processor into an SM mode and get the hotfix-framework notification about the hotfix-firmware. The hotfix dispatcher module loads the hotfix-firmware from the memory into the SM memory, and executes the hotfix-firmware by utilizing the one or more boot time resources to apply the updates to the firmware at runtime of the processor-based system.