Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

A memory expansion device operable with a host computer system (host) comprises a non-volatile memory (NVM) subsystem, cache memory, and control logic configurable to receive a submission from the host including a read command and specifying a payload in the NVM subsystem and demand data in the payload. The control logic is configured to request ownership of a set of cache lines corresponding to the payload, to indicate completion of the submission after acquiring ownership of the cache lines, and to load the payload to the cache memory. The set of cache lines correspond to a set of cache lines in a coherent destination memory space accessible by the host. The control logic is further configured to, after indicating completion of the submission and in response to a request from the host to read demand data in the payload, return the demand data after determining that the demand data is in the cache memory.

A coherent memory system. In some embodiments, the coherent memory system includes a first memory device. The first memory device may include a cache coherent controller; a volatile memory controller; a volatile memory; a nonvolatile memory controller; and a nonvolatile memory. The first memory device may be configured to receive a quality of service requirement and to selectively enable a first feature in response to the quality of service requirement.

The disclosed computer-implemented method may include (1) receiving, at a storage device via a cache-coherent interconnect, a first request to access data at one or more host addresses of a coherent memory space of an external host processor, (2) updating, in response to the first request, one or more statistics associated with accessing the data at the one or more host addresses, (3) receiving, at the storage device via the cache-coherent interconnect, a second request to perform an operation associated with the one or more statistics, and (4) using the one or more statistics to perform the operation. Various other methods, systems, and computer-readable media are also disclosed.

Techniques to improve performance of matrix multiply operations are described in which a compute kernel can specify one or more element-wise operations to perform on output of the compute kernel before the output is transferred to higher levels of a processor memory hierarchy.

An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.

Embodiments of the present disclosure generally relate to an NVMe storage device having a controller memory manager and a method of accessing an NVMe storage device having a controller memory manager. In one embodiment, a storage device comprises a non-volatile memory, a volatile memory, and a controller memory manager. The controller memory manager is operable to store one or more NVMe data structures within the non-volatile memory and the volatile memory.

Embodiments herein describe memories in a processor system in an integrated circuit (IC) that can be assigned to either a cache coherent domain or an I/O domain, rather than being statically assigned by a designer of the IC. That is, the user or customer can assign the memories to domain that best suits their desires. Further, the memories can be reassigned to a different domain if the user later changes her mind.

A system and method for omission of probes when requesting data stored in memory where the omission includes creating a coherence directory entry, determining whether cache line data for the coherence directory entry is a trackable pattern, and setting an indication indicating that one or more reads for the cache line data can be serviced without sending probes. A system and method for providing extra data storage capacity in a coherence directory where the extra data storage capacity includes actively tracking cache lines, invalidating the cache line and informing the coherence directory, determining whether data is a trackable pattern, updating the coherence directory that the cache line is no longer in cache, updating the coherence directory to indicate cache line data is zero, and servicing reads to the cache line from the coherence directory and supplying the specified data.