Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

Abstract: A system comprises a physical processor to execute a virtual machine manager to run, on a logical core, a virtual machine including a guest user application and a virtual CPU. Circuitry coupled to an external device is to receive an interrupt request from the external device for the guest user application, locate a first interrupt data structure associated with the guest user application, generate a first interrupt with the first interrupt data structure based on a first interrupt vector for the interrupt request, locate a second interrupt data structure associated with the virtual CPU, and generate a first notification interrupt for the virtual CPU with the second interrupt data structure based on a first notification vector in the first interrupt data structure. The circuitry may generate a second notification interrupt for the logical core using a second notification vector and a logical core identifier from the second interrupt data structure.

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.

Abstract: Processors, methods, and systems for user-level interprocessor interrupts are described. In an embodiment, a processing system includes a memory and a processing core. The memory is to store an interrupt control data structure associated with a first application being executed by the processing system. The processing core includes an instruction decoder to decode a first instruction, invoked by a second application, to send an interprocessor interrupt to the first application; and, in response to the decoded instruction, is to determine that an identifier of the interprocessor interrupt matches a notification interrupt vector associated with the first application; set, in the interrupt control data structure, a pending interrupt flag corresponding to an identifier of the interprocessor interrupt; and invoke an interrupt handler for the interprocessor interrupt identified by the interrupt control data structure.

Abstract: An apparatus and method for processing non-maskable interrupt source information. For example, one embodiment of a processor comprises: a plurality of cores comprising execution circuitry to execute instructions and process data; local interrupt circuitry comprising a plurality of registers to store interrupt-related data including non-maskable interrupt (NMI) data related to a first NMI; and non-maskable interrupt (NMI) processing mode selection circuitry, responsive to a request, to select between at least two NMI processing modes to process the first NMI including: a first NMI processing mode in which the plurality of registers are to store first data related to a first NMI, wherein no NMI source information related to a source of the NMI is included in the first data, and a second NMI processing mode in which the plurality of registers are to store both the first data related to the first NMI and second data comprising NMI source information indicating the NMI source.

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: In one embodiment, a processor comprises: a first configuration register to store a pointer to a process address space identifier (PASID) table; and an execution circuit coupled to the first configuration register. The execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, obtain a PASID table handle from the command data, access a first entry of the PASID table using the pointer from the first configuration register and the PASID table handle to obtain a PASID value, insert the PASID value into the command data, and send the command data to a device coupled to the processor. Other embodiments are described and claimed.

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

Abstract: In one embodiment, a processor includes: a front end circuit to fetch and decode a read list instruction, the read list instruction to cause storage to a memory of a software-provided list of processor state information; and an execution circuit coupled to the front end circuit. The execution circuit, in response to the decoded read list instruction, is to read the processor state information stored in the processor and store each datum of the processor state information into an entry of a data table in the memory. Other embodiments are described and claimed.

Abstract: A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload.

Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

Abstract: Embodiments of apparatuses, methods, and systems for virtualization of interprocessor interrupts are disclosed. In an embodiment, an apparatus includes a plurality of processor cores; an interrupt controller register; and logic to, in response to a write from a virtual machine to the interrupt controller register, record an interprocessor interrupt in a first data structure configured by a virtual machine monitor and send a notification of the interprocessor interrupt to at least one of the plurality of processor cores.

Abstract: In one embodiment, a processor comprises: a first configuration register to store a pointer to a process address space identifier (PASID) table; and an execution circuit coupled to the first configuration register. The execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, obtain a PASID table handle from the command data, access a first entry of the PASID table using the pointer from the first configuration register and the PASID table handle to obtain a PASID value, insert the PASID value into the command data, and send the command data to a device coupled to the processor. Other embodiments are described and claimed.

Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.

Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.

Abstract: Techniques for flexible return and event delivery are described. As an example, an exemplary apparatus includes decoder circuitry to decode a single instruction, the single instruction to include a field for an opcode; and execution circuitry to execute the decoded single instruction according to the opcode to cause a return from an event handler while staying in a most privileged level and establish a return context that was in effect before event delivery.

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.