Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.

Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.

Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines are provided. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.

Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.

Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: Hardware based isolation for secure execution of virtual machines (VMs). At least one virtual machine is executed via operation of a hypervisor and an ultravisor. A first memory component is configured for access by the hypervisor and the ultravisor, and a second memory component is configured for access by the ultravisor and not by the hypervisor. A first mode of operation is operated, such that the virtual machine is executed using the hypervisor, wherein the first memory component is accessible to the virtual machine and the second memory component is not accessible to the virtual machine. A second mode of operation is operated, such that the virtual machine is executed using the ultravisor, wherein the first memory component and the second memory component are accessible to the virtual machine, thereby executing application code and operating system code using the second memory component without code changes.

Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: Hardware based isolation for secure execution of virtual machines (VMs). At least one virtual machine is executed via operation of a hypervisor and an ultravisor. A first memory component is configured for access by the hypervisor and the ultravisor, and a second memory component is configured for access by the ultravisor and not by the hypervisor. A first mode of operation is operated, such that the virtual machine is executed using the hypervisor, wherein the first memory component is accessible to the virtual machine and the second memory component is not accessible to the virtual machine. A second mode of operation is operated, such that the virtual machine is executed using the ultravisor, wherein the first memory component and the second memory component are accessible to the virtual machine, thereby executing application code and operating system code using the second memory component without code changes.

Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.

Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.

Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.

Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.

Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.

Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.

Abstract: For a current context in control of a processor requesting access to a particular address, a translation lookaside buffer (TLB) controller specifies a virtual address with a logical partition identifier value indicating a privilege setting of the current context, a process identifier value indicating whether the address is within shared address space, and an effective address comprising at least a portion of the particular address.

Abstract: In response to a current context, with a particular process currently in control of a processor requesting access to a shared address space, a translation lookaside buffer (TLB) controller sets a process identifier field in a virtual address to be looked up in a TLB to a clamped value different from an identifier for the process, wherein the virtual address comprises at least the process identifier field and an effective address field set to an address in the requested shared address space. In response to the TLB controller comparing the virtual address for the current context to a particular entry of at least one entry within the TLB comprising the at least one entry stored for a previous translation of a previous virtual address, the TLB controller only indicates a match between the process identifier field and a translation process identifier field within the particular entry of the TLB if the translation process identifier field is also set to the clamped value.