Systems and methods for configuration vulnerability checking and remediation are provided. The systems provided herein identify risk based upon service indications of a particular configuration, such that automated risk analysis may be facilitated.

A memory device includes a memory array configured with a plurality of memory planes, and control logic, operatively coupled with the memory array. The control logic receives, from a requestor, a plurality of cache read commands requesting first data from the memory array spread across the plurality of memory planes and receives, from the requestor, a cache read context switch command and a snap read command requesting second data from one of the plurality of memory planes of the memory array. Responsive to receiving the cache read context switch command, the control logic suspends processing of the plurality of cache read commands and processes the snap read command to read the second data from the memory array and return the second data to the requestor.

A computing device is provided, including memory storing an instruction storage location. The computing device may further include a processor system including a plurality of processor threads. The processor system may suspend execution of one or more respective processor threads of the plurality of processor threads. The processor system may store one or more respective processor thread contexts of the one or more processor threads in the memory. The processor system may enter a system management mode (SMM). The processor system may determine that the instruction storage location includes a code update instruction. The processor system may perform a code update based on the code update instruction. The processor system may exit the SMM. The processor system may retrieve the one or more processor thread contexts from the memory and resume execution of the one or more processor threads without rebooting the computing device.

Aspects of the present disclosure relate to apparatus comprising execution circuitry comprising at least one execution unit to execute program instructions, and control circuitry. The control circuitry receives a stream of processing instructions, and issues each received instruction to one of said at least one execution unit. Responsive to determining that a first type of context switch is to be performed from an initial context to a new context, issuing continues until a pre-emption point in the stream of processing instructions is reached. Responsive to reaching the pre-emption point, state information is stored, and the new context is switched to. Responsive to determining that a context switch is to be performed to return from the new context to the initial context, the processing status is restored from the state information, and the stream of processing instructions is continued.

A computing device is provided, including memory storing an instruction storage location. The computing device may further include a processor system including a plurality of processor threads. The processor system may suspend execution of one or more respective processor threads of the plurality of processor threads. The processor system may store one or more respective processor thread contexts of the one or more processor threads in the memory. The processor system may enter a system management mode (SMM). The processor system may determine that the instruction storage location includes a code update instruction. The processor system may perform a code update based on the code update instruction. The processor system may exit the SMM. The processor system may retrieve the one or more processor thread contexts from the memory and resume execution of the one or more processor threads without rebooting the computing device.

A computer system provides dynamic support containers for containerized applications. A pod is instantiated comprising one or more containers and a sidecar container, wherein execution of the sidecar container is temporarily suspended after initialization. It is determined that a container of the one or more containers requires additional computing resources. In response to determining that the container requires additional computing resources, execution of the sidecar container is resumed and the sidecar container is provided with instructions to perform a computing task of the container. In response to determining that the computing task is complete, execution of the sidecar container is suspended. Embodiments of the present invention further include a method and program product for providing dynamic support containers for containerized applications in substantially the same manner described above.

Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

A task management method and device where the method includes determining, according to a foreground task, a first scenario corresponding to the foreground task, searching for at least one background task corresponding to the first scenario when the first scenario corresponding to the foreground task is in a first list, where the first list includes a scenario in which task limitation is allowed, and performing limitation processing on the at least one background task corresponding to the first scenario, where the limitation processing refers to processing for reducing system resource usage.

Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

A parallel processing unit (PPU) can be divided into partitions. Each partition is configured to operate similarly to how the entire PPU operates. A given partition includes a subset of the computational and memory resources associated with the entire PPU. Software that executes on a CPU partitions the PPU for an admin user. A guest user is assigned to a partition and can perform processing tasks within that partition in isolation from any other guest users assigned to any other partitions. Because the PPU can be divided into isolated partitions, multiple CPU processes can efficiently utilize PPU resources.