Methods and apparatuses related to access to data stored in quarantined memory media are described. Memory systems can include multiple types of memory media (e.g., volatile and/or non-volatile) and data (e.g., information included in) stored in the memory media often are subject to risks of the data being undesirably exposed to the public. For example, requests to write data in the memory media can often be made and accepted without a user's awareness, which can lead to the undesirable exposure of the data. According to embodiments of the present disclosure, a particular portion and/or location in the memory media can provide a data protection scheme such that data stored in the particular location can be refrained from being transferred out of the computing system.

A system, method and apparatus to facilitate data exchange via pointers. For example, in a computing system having a first processor and a second processor that is separate and independent from the first processor, the first processor can run a program configured to use a pointer identifying a virtual memory address having an ID of an object and an offset within the object. The first processor can use the virtual memory address to store data at a memory location in the computing system and/or identify a routine at the memory location for execution by the second processor. After the pointer is communicated from the first processor to the second processor, the second processor can access the same memory location identified by the virtual memory address. The second processor may operate on the data stored at the memory location or load the routine from the memory location for execution.

A method and system for memory attack mitigation in a memory device includes receiving, at a memory controller, an allocation of a page in memory. One or more device controllers detects an aggressor-victim set within the memory. Based upon the detection, an address of the allocated page is identified for further action.

A system and method of handling data access demands in a processor virtual cache that includes: determining if a virtual cache data access demand missed because of a difference in the context tag of the data access demand and a corresponding entry in the virtual cache with the same virtual address as the data access demand; in response to the virtual cache missing, determining whether the alias tag valid bit is set in the corresponding entry of the virtual cache; in response to the alias tag valid bit not being set, determining whether the virtual cache data access demand is a synonym of the corresponding entry in the virtual cache; and in response to the virtual access demand being a synonym of the corresponding entry in the virtual cache with the same virtual address but a different context tag, updating information in a tagged entry in an alias table.

An apparatus has memory management circuitry to control access to a memory system based on access control information defined in table entries of a table structure comprising at least two levels of access control table. Table accessing circuitry accesses the table structure to obtain the access control information corresponding to a target address. For a given access control table at a given level of the table structure other than a starting level, the table accessing circuitry selects a selected table entry of the given access control table corresponding to the target address, based on an offset portion of the target address. A size of the offset portion is selected based on a variable nesting control parameter specified in a table entry of a higher-level access control table at a higher level of the table structure than the given access control table.

Encrypted memory access using page table attributes is disclosed. One example is a memory system including a memory controller at a memory interface. The memory controller includes an encryptor to control a plurality of memory access keys respectively associated with memory regions, where each memory region is allocated to a respective client, and an access manager to receive an access request from a client, the access request including a client access key to access a memory element. The access manager looks up a memory access key from a page table attribute associated with a physical address of the memory element, and determines if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element. Based on the determination and a mode of operation, the access manager provides a response to the access request.

An apparatus comprises address translation circuitry (70) to perform a translation of a virtual address (80) comprising a virtual tag portion (88) and a virtual address portion (86) into a physical address (82) comprising a physical tag portion (92) and a physical address portion (90). The address translation circuitry comprises address tag translation circuitry (72) to perform a translation of the virtual tag portion into the physical tag portion and the address translation to be performed is selected in dependence on the virtual address.

Provided is a method for reading a block in a database system. Provided is a method for reading data recorded in a persistent storage medium by a first node among a plurality of nodes, including: receiving a reading request for a plurality of blocks among blocks recorded in the persistent storage medium; determining respective master nodes of the plurality of blocks; querying, of the master nodes of the plurality of respective blocks, whether a lock for reading the data recorded in each of the plurality of blocks is required; skipping an operation of obtaining the lock and reading the data, with respect to at least some blocks of which the lock is not required among the plurality of blocks, based on the query result; and reading the data after obtaining the lock with respect to at least some blocks of which the lock is required among the plurality of blocks, based on the query result.

Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

Methods and apparatus to set guest physical address mapping attributes for a trusted domain In one embodiment, the method includes executing a first one or more of instructions to establish a trusted domain and executing a second one or more of the instructions to add a first memory page to the trusted domain, where the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, where the first set of page attributes indicates how the first memory page is mapped in a secure extended page table. The method further includes storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.