Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

An apparatus and method are provided for controlling memory accesses. The apparatus has memory access circuitry for performing a tag-guarded memory access operation in response to a target address, the tag-guarded memory access operation by default comprising: comparing an address tag associated with the target address with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address; and generating an indication of whether a match is detected between the guard tag and the address tag. Further, the apparatus has control tag storage for storing, for each of a plurality of memory regions, configuration control information used to control how the tag-guarded memory access operation is performed by the memory access circuitry when the target address is within that memory region. Each memory region corresponds to multiple of the blocks. This provides a very flexible and efficient mechanism for performing tag-guarded memory access operations.

Methods, systems and computer program products are provided for managing protection domains (PDs) for files at a file-level or a page-level. PDs may be allocated for multiple purposes, e.g., to protect processes, files, buffers, etc. Files stored in nonvolatile memory (NVM) subject to direct access (DAX) may be protected by file-level or page-level PDs. PDs may comprise protection keys (PKEYs) with user-configurable read and write access control registers (PKRUs). NVM files may be protected from corruption (e.g. by stray writes) by leaving write access disabled except for temporary windows of time for valid writes. File PDs may be managed by a file manager while buffer PDs may be managed by a buffer pool manager. File associations between PDs, files and file address space may be maintained in a file object. Buffer associations between PDs, buffers and buffer address space may be maintained in a buffer descriptor.

TLB poisoning attacks take advantage of security issues of translation lookaside buffer (TLB) management on SEV processors in Secure Encrypted Virtualization (SEV) virtual machines (VMs). In various embodiments, a hypervisor may poison TLB entries between two processes of a SEV VM to compromise the integrity and confidentiality of the SEV VM. Variants of TLB poisoning attacks and end-to-end attacks are shown to be successful on both Advanced Micro Devices (AMD) SEV and SEV-Encrypted State (SEV-ES). Countermeasures for thwarting TLB poisoning attacks include hardware-enforced TLB flush processes and re-exec schemes that, among other things, prevent attackers from manipulating TLB entries and causing a privileged victim process to execute malicious code in an attempt to bypass a password authentication.

A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.

According to one or more embodiments of the present invention, a computer implemented method includes enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear. The secure interface control can verify that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page. The secure interface control can provide a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page.

Example implementations include a system of secure decryption by virtualization and translation of physical encryption keys, the system having a key translation memory operable to store at least one physical mapping address corresponding to at least one virtual key address, a physical key memory operable to store at least one physical encryption key at a physical memory address thereof; and a key security engine operable generate at least one key address translation index, obtain, from the key translation memory, the physical mapping address based on the key address translation index and the virtual key address, and retrieve, from the physical key memory, the physical encryption key stored at the physical memory address.

Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.

To provide a memory protection circuit and a memory protection method suitable for quick data transfer between a plurality of virtual machines via a common memory, according to an embodiment, a memory protection circuit includes a first ID storing register that stores therein an ID of any of a plurality of virtual machines managed by a hypervisor, an access determination circuit that permits the virtual machine having the ID stored in the first ID storing register to access a memory, a second ID storing register that stores therein an ID of any of the virtual machines, and an ID update control circuit that permits the virtual machine having the ID stored in the second ID storing register to rewrite the ID stored in the first ID storing register.