A microprocessor includes a physically-indexed-and-tagged second-level set-associative cache. Each cache entry is uniquely identified by a set index and a way number. Each entry of a write-combine buffer (WCB) holds write data to be written to a write physical memory address, a portion of which is a write physical line address. Each WCB entry also holds a write physical address proxy (PAP) for the write physical line address. The write PAP specifies the set index and the way number of the cache entry into which a cache line specified by the write physical line address is allocated. In response to receiving a store instruction that is being committed and that specifies a store PAP, the WCB compares the store PAP with the write PAP of each WCB entry and requires a match as a necessary condition for merging store data of the store instruction into a WCB entry.

A host may use address translation to convert virtual addresses to physical addresses for endpoints, which may then submit memory access requests for physical addresses. The host may incorporate the physical address and a signature of the physical address generated using a private key into a translated address field of a response to a translation request. An endpoint may treat the combination as a translated address by storing it in an entry of a translation cache, and accessing the entry for inclusion in a memory access request. The host may generate a signature of the translated address from the request using the private key, with the result being compared to the signature from the request. The memory access request may be verified when the compared values match, and the memory access may be performed using the translated address.

In an embodiment, a system may support programmable hashing of address bits at a plurality of levels of granularity to map memory addresses to memory controllers and ultimately at least to memory devices. The hashing may be programmed to distribute pages of memory across the memory controllers, and consecutive blocks of the page may be mapped to physically distant memory controllers. In an embodiment, address bits may be dropped from each level of granularity, forming a compacted pipe address to save power within the memory controller. In an embodiment, a memory folding scheme may be employed to reduce the number of active memory devices and/or memory controllers in the system when the full complement of memory is not needed.

A computing device including executable processes may determine that a future likelihood of access for virtual memory pages of an executable process are below a threshold likelihood of access based on an execution status of the executable process or a tracking of memory accesses to the virtual memory pages of the executable process. Responsive to this determination, memory pages found to store contents matching that of memory pages mapped to other processes may be unmapped from the process and released for reuse by the computing device. The virtual memory pages may then be marked as being shared with the similar memory pages mapped to the other processes. At a later time, the memory pages of the process may be configured to be non-shared, the configuring including either copying respective shared pages to non-shared pages or enabling a processor exception on access to the memory pages.

A converter module is described which handles memory requests issued by a cache (e.g. an on-chip cache), where these memory requests include memory addresses defined within a virtual memory space. The converter module receives these requests, issues each request with a transaction identifier and uses that identifier to track the status of the memory request. The converter module sends requests for address translation to a memory management unit and where there the translation is not available in the memory management unit receives further memory requests from the memory management unit. The memory requests are issued to a memory via a bus and the transaction identifier for a request is freed once the response has been received from the memory. When issuing memory requests onto the bus, memory requests received from the memory management unit may be prioritized over those received from the cache.

An electronic device includes a plurality of processors for executing one or more virtual machines. A processor of the plurality of processors is associated with a translation cache and one or more filters corresponding to the translation cache. The one or more filters include a virtual machine identifier filter, and the processor is configured to receive a translation invalidation instruction to invalidate one or more entries in the translation cache. In accordance with a determination that the translation invalidation specifies a respective virtual machine identifier, the processor queries the virtual machine identifier filter associated with the translation cache to determine whether the respective virtual machine identifier is stored in the virtual machine identifier filter. In accordance with a determination that the virtual machine identifier filter indicates that the respective virtual machine identifier is not stored in the virtual machine identifier filter, the processor forgoes executing the translation invalidation instruction.

A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

A method for monitoring memory access behavior of a sample process is provided. A processing unit of a computer device determines a page table of the sample process based on a page directory base address of the sample process, where each entry of the page table includes first information, the first information indicates whether the entry has been assigned a guest physical address, the entry that has been assigned the guest physical address includes second information that is used to indicate an access permission of the assigned guest physical address; determines a target entry from the page table, the target entry has been assigned a guest physical address, and an access permission is execution allowed; determines a target host physical address corresponding to the target guest physical address that is assigned to the target entry; and monitors behavior of accessing memory space indicated by the target host physical address.

Implementations of the disclosure provide a processing device comprising an address translation circuit to intercept a work request from an I/O device. The work request comprises a first ASID to map to a work queue. A second ASID of a host is allocated for the first ASID based on the work queue. The second ASID is allocated to at least one of: an ASID register for a dedicated work queue (DWQ) or an ASID translation table for a shared work queue (SWQ). Responsive to receiving a work submission from the SVM client to the I/O device, the first ASID of the application container is translated to the second ASID of the host machine for submission to the I/O device using at least one of: the ASID register for the DWQ or the ASID translation table for the SWQ based on the work queue associated with the I/O device.

A data cache memory mitigates side channel attacks in a processor that comprises the data cache memory and that includes a translation context (TC). A first input receives a virtual memory address. A second input receives the TC. Control logic, with each allocation of an entry of the data cache memory, uses the received virtual memory address and the received TC to perform the allocation of the entry. The control logic also, with each access of the data cache memory, uses the received virtual memory address and the received TC in a correct determination of whether the access hits in the data cache memory. The TC includes a virtual machine identifier (VMID), or a privilege mode (PM) or a translation regime (TR), or both the VMID and the PM or the TR.