Operation of a multi-slice processor that includes a plurality of execution slices, a plurality of load/store slices, and one or more translation caches, where operation includes: determining, at the load/store slice, a real address from a cache hit in the translation cache for an effective address for an instruction received at a load/store slice; determining, at the load/store slice, an error condition corresponding to an access of the real address; determining, at the load/store slice, a process type indicating a source of the instruction to be a guest process; and responsive to determining the error condition, initiating, in dependence upon the process type indicating a source of the instruction to be a guest process, an effective address translation corresponding to a cache miss in the translation cache for the effective address for the instruction.

A semiconductor device including: a first slave device; a first master device outputting a first request control signal and a first access address signal; a second master device outputting a second request control signal and a second access address signal; a system bus connected to the first slave device, the first master device and the second master device, and selecting and outputting either the first request control signal or the second request control signal when the first request control signal is outputted from the first master device and the second request control signal is outputted from the second master device; and a range setting register holding an address range of which an access of the first master device is permitted, wherein the system bus blocks the first request control signal if the first access address signal is out of the address range.

Global synchrony changes the way computers can be programmed. A new class of ISA level instructions (the globally-synchronous load-store) of the present invention is presented. In the context of multiple load-store machines, the globally synchronous load-store architecture allows the programmer to think about a collection of independent load-store machines as a single load-store machine. These ISA instructions may be applied to a distributed matrix transpose or other data that exhibit a high degree of data non-locality and difficulty in efficiently parallelizing on modern computer system architectures. Included in the new ISA instructions are a setup instruction and a synchronous coalescing access instruction (“sca”). The setup instruction configures a head processor to set up a global map that corresponds processor data contiguously to the memory. The “sca” instruction configures processors to block processor threads until respective times on a global clock, derived from the global map, to access the memory.

Methods and apparatus for a secure memory controller. The secure memory controller includes circuitry and logic that is programmed to prevent malicious code from overwrite protected regions of system memory. The memory controller observes memory access patterns and trains itself to identify thread stacks and addresses relating to the thread stacks including stack-frame pointers and return addresses. In one aspect, the memory controller prevents a return address from being overwritten until a proper return from a function call is detected. The memory controller is also configured to prevent malicious code from overwriting page table entries (PTEs) in page tables. Pages containing PTEs are identified, and access is prevented to the PTEs from user-mode code. The PTEs are also scanned to detect corrupted PTEs resulting from bit manipulation by malicious code.

Aspects of the present disclosure relate to techniques for minimizing the effects of RowHammer and induced charge leakage. In examples, systems and methods for preventing access pattern attacks in random-access memory (RAM) are provided. In aspects, a data request associated with a page table may be determined to be a potential security risk and such potential security risk may be mitigated by randomly selecting a memory region from a subset of memory regions, copying data stored in a memory region associated with a page table entry in the page table to the second memory region, disassociating the second memory region from the subset of memory regions and associating the memory region associated with the page table to the second memory region, and updating the page table entry in the page table to refer to the second memory region.

An electronic apparatus includes a flash memory, a memory protection unit, a random access memory, and a central processing unit. The flash memory is configured to store at least one first application program/datum. The memory protection unit is configured to store a plurality of address region data. The random access memory has at least one memory bank. The central processing unit is configured to execute/access the first application program/datum in the flash memory through the random access memory according to at least one address datum. If the address datum matches one of the address region data, the memory protection unit generates an error signal to the central processing unit. The central processing unit loads the first application program/datum stored in the flash memory into the memory bank of the random access memory according to a positioning condition of a matched address region datum.

A method of protecting software for embedded applications against unauthorized access is disclosed. Software to be protected is loaded into a protected memory area and access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area only either from within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.

A processor is provided with a first memory protection unit applying a first set of permissions and a second memory protection unit applying a second set of permissions. A memory access will only be permitted if both the first set of permissions and the second set of permissions are satisfied. The processor also includes a memory management unit which serves to translate from virtual addresses VA to physical addresses PA. A selectable one of the first memory protection unit and the memory management unit is active at any given time under control of a selection bit set by a hypervisor program executing at an exception level with higher privilege than the exception level at which the guest operating systems execute.

An image processing apparatus includes: a central processing unit (CPU) configured to process data; a random access memory (RAM) which includes a first storage area which stores the data processed by the CPU and a second storage area different from the first storage area; and a RAM controller configured to authorize the CPU to access the first storage area and block the CPU from accessing the second storage area so that the data loaded to the second storage area can be prevented from being copied by the CPU.

Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.