Operation of a multi-slice processor that includes a plurality of execution slices, a plurality of load/store slices, and one or more translation caches, where operation includes: determining, at the load/store slice, a real address from a cache hit in the translation cache for an effective address for an instruction received at a load/store slice; determining, at the load/store slice, an error condition corresponding to an access of the real address; determining, at the load/store slice, a process type indicating a source of the instruction to be a guest process; and responsive to determining the error condition, initiating, in dependence upon the process type indicating a source of the instruction to be a guest process, an effective address translation corresponding to a cache miss in the translation cache for the effective address for the instruction.

A de-duplication is configured to cache data for access by a plurality of different storage clients, such as virtual machines. A virtual machine may comprise a virtual machine de-duplication module configured to identify data for admission into the de-duplication cache. Data admitted into the de-duplication cache may be accessible by two or more storage clients. Metadata pertaining to the contents of the de-duplication cache may be persisted and/or transferred with respective storage clients such that the storage clients may access the contents of the de-duplication cache after rebooting, being power cycled, and/or being transferred between hosts.

A computing system having memory components of different tiers. The computing system further includes a controller, operatively coupled between a processing device and the memory components, to: receive from the processing device first data access requests that cause first data movements across the tiers in the memory components; service the first data access requests after the first data movements; predict, by applying data usage information received from the processing device in a prediction model trained via machine learning, second data movements across the tiers in the memory components; and perform the second data movements before receiving second data access requests, where the second data movements reduce third data movements across the tiers caused by the second data access requests.

According to one or more embodiments of the present invention, a computer implemented method includes receiving, at a secure interface control of a computer system, an access request for a data structure related to a secure entity in a secure domain of the computer system. The secure interface control can check for a virtual storage address associated with a location of the data structure. The secure interface control can request an address translation using a virtual address space of a non-secure entity of the computer system based on determining that the location of the data structure is associated with the virtual storage address. The secure interface control can access the data structure based on a result of the address translation.

Embodiments are disclosed for recycling memory after a virtual machine reboots. Memory allocated to a rebooting virtual machine instance can be associated with the instance or otherwise marked as to be reserved for use after the virtual machine instance reboots. Subsequently, after the reboot process is initiated, the reserved memory can be reallocated to the virtual machine instance. Memory scrubbing can be ordinarily performed to avoid data leakage between customers, but scrubbing can be inhibited for memory that is returned to a rebooting virtual machine instance. Further features, such as API calls to configure memory recycling, indications to disable recycling, and the like can be supported.

A method for managing a memory of a virtual machine, a physical host, a PCIE device and a configuration method thereof are provided. The method executed by a virtual machine includes: allocating a memory to a service carried on a PCIE device, where the memory includes multiple memory blocks, the multiple memory blocks is used to save working information of the service; generating a base address table BAT and a chip logic address table CLAT, where the BAT includes a CLAT entry base address corresponding to the service, and the CLAT includes a first address of each memory block; and sending an address of the BAT and a function number corresponding to the virtual machine to the PCIE device. Therefore, the PCIE device can obtain, according to the address of the BAT and the function number, working information of a service from the virtual machine.

In one embodiment, a processor comprises: a first storage including a plurality of entries to store an address of a portion of a memory in which information has been modified; a second storage to store an identifier of a process for which information is to be stored into the first storage; and a first logic to identify a modification to a first portion of the memory and store a first address of the first portion of the memory in a first entry of the first storage, responsive to a determination that a current identifier of a current process corresponds to the identifier stored in the second storage. Other embodiments are described and claimed.

A hypervisor that allocates the computer resource of a physical computer to one or more logical partitions allocates the computer resource to be allocated to the logical partitions to the logical partitions; generates, as address conversion information, the relationship between a guest physical address and a host physical address with respect to a memory of the computer resource; enables a first address conversion portion of a processor using the address conversion information; disables the first address conversion portion after the starting of a guest OS is completed; and causes an application to be executed.

This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

A system and method of emulated input-output memory management units includes a management software associating a first device with a first input-output memory management unit having a first security designation, and associating a second device with a second input-output memory management unit having a second security designation different from the first security designation. A hypervisor constructs a table that describes associations between the plurality of devices and the plurality of input-output memory management units. The hypervisor provides the table to a guest virtual machine having a plurality of guest addresses including a first guest address and a second guest address. The first device accesses the first guest address through the first input-output memory management unit and the second device accesses the second guest address through the second input-output memory management unit.