A system includes a memory and a processor. The memory is in communication with the processor and configured to initialize a secure interface configured to provide access to a virtual machine (VM) from a device, where the VM is associated with a level of security. A buffer is allocated and associated with the secure interface, where the level of security of the VM indicates whether the device has access to guest memory of the VM via the buffer. The buffer is then provided to the device. Inputs/outputs (I/Os) are sent between the device and the VM using the secure interface.

A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

An apparatus and method for tagged memory management. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request having a first address pointer; and address translation circuitry to determine whether to translate the first address pointer with or without metadata processing, wherein if the first address pointer is to be translated with metadata processing, the address translation circuitry to: perform a lookup in a memory metadata table to identify a memory metadata value, determine a pointer metadata value associated with the first address pointer, and compare the memory metadata value with the pointer metadata value, the comparison to generate a validation of the memory access request or a fault condition, wherein if the comparison results in a validation of the memory access request, then accessing a set of one or more address translation tables to translate the first address pointer to a first physical address and to return the first physical address responsive to the memory access request.

According to one embodiment, a memory system includes a nonvolatile memory and a controller. The controller manages first account information to be used for authentication of a first account and second account information to be used for authentication of a second account. The controller receives third account information from a host device. When the third account information matches the first account information, the controller permits access to at least a partial storage area of the nonvolatile memory based on a request from the host device and transmits first data that includes the second account information to a first memory system.

Described herein are method and apparatus for servicing software components of nodes of a cluster storage system. During data-access sessions with clients, client IDs and file handles for accessing files are produced and stored to clients and stored (as session data) to each node. A serviced node is taken offline, whereby network connections to clients are disconnected. Each disconnected client is configured to retain its client ID and file handles and attempt reconnections. Session data of the serviced node is made available to a partner node (by transferring session data to the partner node). After clients have reconnected to the partner node, the clients may use the retained client IDs and file handles to continue a data-access session with the partner node since the partner node has access to the session data of the serviced node and thus will recognize and accept the retained client ID and file handles.

A system, method and apparatus to facilitate data exchange via pointers. For example, in a computing system having a first processor and a second processor that is separate and independent from the first processor, the first processor can run a program configured to use a pointer identifying a virtual memory address having an ID of an object and an offset within the object. The first processor can use the virtual memory address to store data at a memory location in the computing system and/or identify a routine at the memory location for execution by the second processor. After the pointer is communicated from the first processor to the second processor, the second processor can access the same memory location identified by the virtual memory address. The second processor may operate on the data stored at the memory location or load the routine from the memory location for execution.

A system on a chip, including a first domain having a first processor, a first local memory coupled to the first processor, wherein the first local memory having a first memory format and a first sub-network coupled to the first processor, a second domain having a second processor, a second local memory coupled to the second processor and a second sub-network coupled to the second processor, wherein the second local memory having a second memory format which differs from the first memory format, a multi-tier network coupled to the first sub-network and the second sub-network, a global memory coupled to the multi-tier network and a multi-port DDR controller coupled to the global memory to receive, transmit and share the first local memory having the first memory format and the second local memory having the second memory format based on a predetermined criteria.

Methods and apparatus relating to zero-redundancy tag storage for bucketed allocators are described. In some embodiments, memory stores a memory page. The memory page includes a metadata page and a plurality of slots. The metadata page includes information corresponding to the plurality of slots. Decode circuitry decodes an instruction that includes a source operand. Execution circuitry executes the decoded instruction according to the source operand to load a first tag for a first slot of the plurality of slots in response to a memory access request directed at the first slot of the plurality of slots. The memory access request is allowed to proceed in response to a match between the first tag and a second tag of a pointer of the memory access request. The memory page stores a separate tag in proximity to each of the plurality of slots. Other embodiments are also disclosed and claimed.

In an embodiment, an apparatus includes a memory access controller to be coupled to a memory and a memory management unit (MMU) coupled to the memory access controller. The MMU is to receive a memory transaction comprising an original transaction security attribute from a first device; responsive to the memory transaction comprising a first physical address of the memory, transmit the memory transaction to the memory access controller; and responsive to the memory transaction comprising a virtual address, generate a translated memory transaction comprising a translated physical address of the memory based on the virtual address and a translated transaction security attribute and transmit the translated memory transaction to the memory access controller, the translated physical address and the translated transaction security attribute associated with an operating system (OS) memory region of the memory associated with an OS. Other embodiments are described and claimed.

Aspects of the present disclosure relate to encrypted data processing (EDAP). A processor includes a register file configured to store ciphertext data, an instruction fetch and decode unit configured to fetch and decode instructions, and a functional unit configured to process the stored ciphertext data. The functional unit further includes a decryption module configured to decrypt ciphertext data from the register file to receive cleartext data using an encryption key stored within the functional unit. The functional unit further includes a local buffer configured to store the cleartext data. The functional unit further includes an arithmetic logical unit configured to generate cleartext computation results using the cleartext data The functional unit further includes an encryption module configured to encrypt the cleartext computation results to generate ciphertext computation results for storage back into the register file.