Methods and apparatus to set guest physical address mapping attributes for a trusted domain In one embodiment, the method includes executing a first one or more of instructions to establish a trusted domain and executing a second one or more of the instructions to add a first memory page to the trusted domain, where the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, where the first set of page attributes indicates how the first memory page is mapped in a secure extended page table. The method further includes storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.

A system and method of translation bypass includes a hypervisor reserving a range of host virtual addresses. The hypervisor detects that a guest address is unmapped. The hypervisor determines a host virtual address. Determining the host virtual address includes adding the guest address to a host virtual address base offset. The host virtual address is within the range of host virtual addresses. The hypervisor maps the guest address to the host virtual address.

Various systems and methods for computer memory overcommitment management are described herein. A system for computer memory management includes a memory device to store data and a mapping table; and a memory overcommitment circuitry to: receive a signal to move data in a first block from a memory reduction area in the memory device to a non-memory reduction area in the memory device, the memory reduction area to store data using a memory reduction technique, and the non-memory reduction area to store data without any memory reduction techniques; allocate a second block in the non-memory reduction area; copy the data in the first block to the second block; and update the mapping table to revise a pointer to point to the second block, the mapping table used to store pointers to memory device in the memory reduction area and the non-memory reduction area.

A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table’s entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.

A processing device of a host machine detects a read access of a memory address by a guest executing on the host machine, and causes a memory page to be provided to the guest responsive to detecting the read access. The memory address is associated with a device slot of a communication bus that is not associated with at least one hardware device, and the memory page has a page table entry, mapped to the memory address, that indicates that the memory page is a read-only memory page for the guest.

Utilizing a storage replica data structure includes receiving, at a hyper-kernel running on a computing node in a plurality of interconnected computing nodes, an indication of an operation pertaining to at least one of a guest physical memory address or a stable storage address. A guest operating system is run on a virtual environment that is defined by a set of hyper-kernels running on the plurality of interconnected computing nodes. It further includes updating a storage replica data structure. The storage replica data structure comprises a set of entries. The set of entries in the storage replica data structure comprises associations among guest physical memory addresses, physical memory addresses, and stable storage addresses

Systems and methods for data storage management technology that enables a guest module of a virtual machine to indicate an order in which a host module should write data from physical memory to a secondary storage. An example method may comprise: identifying, by a processing device executing a host module, a plurality of modifications to physical memory made by a plurality of direct access operations executed by a guest module of a virtual machine; determining, by the host module, an order of the plurality of modifications to physical memory; receiving, by the host module, a synchronization request from the guest module; and responsive to the synchronization request, copying, by the host module, data from the physical memory to a secondary storage in view of the order of the plurality of modifications.

Memory scanning methods and apparatus are disclosed. An example apparatus includes a walker to traverse a paging structure of an address translation system; a bit analyzer to determine whether a bit associated with an entry of the paging structure is indicative of the entry being recently accessed; an address identifier to, when the bit analyzer determines that the bit associated with the entry of the paging structure is indicative of the entry being recently accessed, determine an address associated with the entry; and an outputter to provide the determined address to a memory scanner.

Utilizing a storage replica data structure includes receiving, at a hyper-kernel running on a computing node in a plurality of interconnected computing nodes, an indication of an operation pertaining to at least one of a guest physical memory address or a stable storage address. A guest operating system is run on a virtual environment that is defined by a set of hyper-kernels running on the plurality of interconnected computing nodes. It further includes updating a storage replica data structure. The storage replica data structure comprises a set of entries. The set of entries in the storage replica data structure comprises associations among guest physical memory addresses, physical memory addresses, and stable storage addresses.