Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.

Abstract: Aspects include apparatuses and methods for secure, fast and normal virtual interrupt direct assignment managing secure and non-secure, virtual and physical interrupts by processor having a plurality of execution environments, including a trusted (secure) and a non-secure execution environment. An interrupt controller may identify a security group value for an interrupt and direct secure interrupts to the trusted execution environment. The interrupt controller may identify a direct assignment value for the non-secure interrupts indicating whether the non-secure interrupt is owned by a high level operating system (HLOS) Guest or a virtual machine manager (VMM), and whether it is a fast or a normal virtual interrupt. The interrupt controller may direct the HLOS Guest owned interrupt to the HLOS Guest while bypassing the VMM. When the HLOS Guest in unavailable, the interrupt may be directed to the VMM to attempt to pass the interrupt to the HLOS Guest until successful.

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

Abstract: A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs.

Abstract: A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs.

Abstract: Various embodiments of methods and systems for hardware-based memory power management (“HMPM”) in a portable computing device (“PCD”) running secure and non-secure execution environments are disclosed. Hardware-based state machines are uniquely associated with, and under the control of, the non-secure execution environment, the secure execution environment and a virtual manager, respectively. The states of the state machines constitute votes by each of the execution environments and the virtual manager to control the power supply state to the memory component, such as a cache memory. The votes are monitored by a digital circuit that, based on a combination logic of the votes, generates an output signal to trigger a power management component to maintain, supply or remove power on a rail associated with the memory component. In this way, the power supply state to the memory component cannot be unilaterally changed by an application running in the non-secure execution environment.

Abstract: A portable computing device is arranged with one or more subsystems that include a processor and a memory management unit arranged to execute threads under a subsystem level operating system. The processor is in communication with a primary memory. A first area of the primary memory is used for storing time critical code and data. A second area is available for demand pages required by a thread executing in the processor. A secondary memory is accessible to a hypervisor. The processor generates an interrupt when a page fault is detected. The hypervisor, in response to the interrupt, initiates a direct memory transfer of information in the secondary memory to the second area available for demand pages in the primary memory. Upon completion of the transfer, the hypervisor communicates a task complete acknowledgement to the processor.

Abstract: A wireless mobile device includes a graphic processing unit (GPU) that has a system memory management unit (MMU) for saving and restoring system MMU translation contexts. The system MMU is coupled to a memory and the GPU. The system MMU includes a set of hardware resources. The hardware resources may be context banks, with each of the context banks having a set of hardware registers. The system MMU also includes a hardware controller that is configured to restore a hardware resource associated with an access stream of content issued by an execution thread of the GPU. The associated hardware resource may be restored from the memory into a physical hardware resource when the hardware resource associated with the access stream of content is not stored within one of the hardware resources.

Abstract: Systems and methods are disclosed for providing memory address translation for a memory management system. One embodiment of such a system comprises a memory device and an application processor in communication via a system interconnect. The application processor comprises test code for testing one or more of a plurality of hardware devices. Each of the hardware devices has a corresponding system memory management unit (SMMU) for processing memory requests associated with the hardware device to the memory device. The system further comprises a client-side address translation system in communication with the system interconnect and the plurality of SMMUs. The client-side address translation system is configured to selectively route stimulus traffic associated with the test code to a client port on one or more of the plurality of SMMUs for testing the corresponding hardware devices.

Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by translating virtual memory addresses into physical addresses on a computing system having hybrid memory. In a first stage of memory translation, an operating system translates virtual addresses to intermediate physical addresses. In a second stage of memory translation, a chip or virtualization software translates the intermediate physical address to physical addresses based on the characteristics of the physical memory and the characteristics of the processes associated with the physical memory.

Abstract: Aspects include apparatuses and methods for secure, fast and normal virtual interrupt direct assignment managing secure and non-secure, virtual and physical interrupts by processor having a plurality of execution environments, including a trusted (secure) and a non-secure execution environment. An interrupt controller may identify a security group value for an interrupt and direct secure interrupts to the trusted execution environment. The interrupt controller may identify a direct assignment value for the non-secure interrupts indicating whether the non-secure interrupt is owned by a high level operating system (HLOS) Guest or a virtual machine manager (VMM), and whether it is a fast or a normal virtual interrupt. The interrupt controller may direct the HLOS Guest owned interrupt to the HLOS Guest while bypassing the VMM. When the HLOS Guest in unavailable, the interrupt may be directed to the VMM to attempt to pass the interrupt to the HLOS Guest until successful.

Abstract: A computer system and a method are provided that reduce the amount of time and computing resources that are required to perform a hardware table walk (HWTW) in the event that a translation lookaside buffer (TLB) miss occurs. If a TLB miss occurs when performing a stage 2 (S2) HWTW to find the PA at which a stage 1 (S1) page table is stored, the MMU uses the IPA to predict the corresponding PA, thereby avoiding the need to perform any of the S2 table lookups. This greatly reduces the number of lookups that need to be performed when performing these types of HWTW read transactions, which greatly reduces processing overhead and performance penalties associated with performing these types of transactions.

Abstract: A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs.

Abstract: Systems, methods, and computer programs are disclosed for providing secure access control to a graphics processing unit (GPU). One system includes a GPU, a plurality GPU programming interfaces, and a command processor. Each GPU programming interface is dynamically assigned to a different one of a plurality of security zones. Each GPU programming interface is configured to receive work orders issued by one or more applications associated with the corresponding security zone. The work orders comprise instructions to be executed by the GPU. The command processor is in communication with the plurality of GPU programming interfaces. The command processor is configured to control execution of the work orders received by the plurality of GPU programming interfaces using separate secure memory regions. Each secure memory region is allocated to one of the plurality of security zones.

Abstract: A wireless mobile device includes a graphic processing unit (GPU) that has a system memory management unit (MMU) for saving and restoring system MMU translation contexts. The system MMU is coupled to a memory and the GPU. The system MMU includes a set of hardware resources. The hardware resources may be context banks, with each of the context banks having a set of hardware registers. The system MMU also includes a hardware controller that is configured to restore a hardware resource associated with an access stream of content issued by an execution thread of the GPU. The associated hardware resource may be restored from the memory into a physical hardware resource when the hardware resource associated with the access stream of content is not stored within one of the hardware resources.

Abstract: Efficient techniques using a multi-port shared non-volatile memory are described that reduce latency in memory accesses from dedicated function specific processors, such as a modem control processor. The modem processor preempts a host processor that is accessing data from a multi-port shared non-volatile memory flash device allowing the modem processor to quickly access data in the flash device. The preemption process uses a doorbell interrupt initiated by a processor that seeks access and interrupts the processor being preempted. After preemption, the host processor may resume or restart the data access. Access control by the processors utilizes a hardware semaphore atomic control mechanism. Power control of the shared non-volatile memory modules includes at least one inactivity timer to indicate when a supply voltage to the shared non-volatile memory modules can be safely reduced or turned off. Power may be restarted by any of the processors sharing the memory, allowing fast access to the data.

Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

Abstract: A computer system and a method are provided that reduce the amount of time and computing resources that are required to perform a hardware table walk (HWTW) in the event that a translation lookaside buffer (TLB) miss occurs. If a TLB miss occurs when performing a stage 2 (S2) HWTW to find the PA at which a stage 1 (S1) page table is stored, the MMU uses the IPA to predict the corresponding PA, thereby avoiding the need to perform any of the S2 table lookups. This greatly reduces the number of lookups that need to be performed when performing these types of HWTW read transactions, which greatly reduces processing overhead and performance penalties associated with performing these types of transactions.

Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by translating virtual memory addresses into physical addresses on a computing system having hybrid memory. In a first stage of memory translation, an operating system translates virtual addresses to intermediate physical addresses. In a second stage of memory translation, a chip or virtualization software translates the intermediate physical address to physical addresses based on the characteristics of the physical memory and the characteristics of the processes associated with the physical memory.