Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: A data processing machine is configured to include one or more buried memory zones that are not intelligibly accessible to user software and to operating system software or hypervisor software within the data processing machine. At least one of hardware and firmware are configured to intelligibly access at least one of the buried memory zones so as to store therein, metadata defining one or more extents of a respective one or more protected regions (PR's) that are constituted in other memory areas of the data processing machine. The stored metadata defines constraints for the corresponding PR's including at least one of corresponding operational constraints and/or operational requirements that respectively constrain the operations performed by or on the data of the PR's.

Abstract: A data processing machine is configured to automatically keep track of hypervisor given pointers pointing to respective and newly allocated areas of memory and to automatically keep track of corresponding copies or derivatives of the given pointers. A unique allocation identifier is generated for each newly allocated area. The allocation identifier is appended to a valid ID's holding list. All pointers pointing to the allocated area are tracked by a protected pointers tracking table. Additionally, a multi-input associative cache stores entries for recently used ones of the protected pointers where the entries include the respective allocation identifiers of the pointers. All pointers to a given, de-allocated area can be invalidated by deleting their entries form the multi-input associative cache and by deleting the corresponding unique allocation identifier from the valid ID's holding list.

Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: A data processing machine is configured to include one or more buried memory zones that are not intelligibly accessible to user software and to operating system software or hypervisor software within the data processing machine. At least one of hardware and firmware are configured to intelligibly access at least one of the buried memory zones so as to store therein, metadata defining one or more extents of a respective one or more protected regions (PR's) that are constituted in other memory areas of the data processing machine. The stored metadata defines constraints for the corresponding PR's including at least one of corresponding operational constraints and/or operational requirements that respectively constrain the operations performed by or on the data of the PR's.

Abstract: Regions of system memory in a computer system are managed to maintain privacy and integrity of data. A system address space for memory is divided into a plurality of aliased addressed spaces. Each of the aliased address spaces is associated with its own unique encryption key. The system address space is managed using the aliased address spaces to provide data isolation and privacy for different system processes. One or more aliased address spaces can be provided with additional data integrity capabilities. Data associated with an integrity-checked aliased address space is subjected to data integrity checking, using authentication-based techniques such as hashing, for example. Additionally, a set of contiguous addresses in the aliased address space is defined, while being mapped to a set of non-contiguous addresses in the corresponding physical address space for additional data security.

Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: Versions of a multimedia computer system architecture are described which satisfy quality of service (QoS) guarantees for multimedia applications such as game applications while allowing platform resources, hardware resources in particular, to scale up or down over time. Computing resources of the computer system are partitioned into a platform partition and an application partition, each including its own central processing unit (CPU) and, optionally, graphics processing unit (GPU). To enhance scalability of resources up or down, the platform partition includes one or more hardware resources which are only accessible by the multimedia application via a software interface. Additionally, outside the partitions may be other resources shared by the partitions or which provide general purpose computing resources.

Abstract: A computer graphics processing system includes a graphics processor and a computer memory responsive to the graphics processor. The computer memory includes an image depth buffer and a hierarchical image depth buffer. The hierarchical image depth buffer contains data items that identify a nearest depth value and a farthest depth value for a plurality of image depth buffer entries associated with a plurality of corresponding pixels.

Abstract: The present invention relates to a computer graphics processing system, a memory and a method for use in connection with the computer graphics processing system. In one embodiment, the computer graphics processing system includes a graphics processor and a computer memory responsive to the graphics processor. The computer memory includes an image depth buffer and a hierarchical image depth buffer. The hierarchical image depth buffer contains data items that identify a nearest depth value and a farthest depth value for a plurality of image depth buffer entries associated with a plurality of corresponding pixels. In one embodiment, the method is for use in rendering a portion of an object onto a two-dimensional image plane.

Abstract: A method and mechanism for managing graphics data. A graphics unit is coupled to share a cache and a memory with a processor. The graphics unit is configured to partition rendered images into a plurality of subset areas. During the rendering of an image, data corresponding to subset areas of an image which require a relatively high number of accesses is deemed cacheable for a subsequent rendering. During a subsequent image rendering, if the graphics unit is required to evict data from a local buffer, the evicted data is only stored in the shared cache if a prior rendering indicated that the corresponding data is cacheable.

Abstract: A plurality of "snoop advisory" bits are maintained by snoop management circuitry externally to the processor structure. Each snoop advisory bit corresponds to a respective "snoop advisory page" of the memory address space. Three parallel processes take place with respect to these bits. First, in response to each read access by the processor structure, if the read access is of a predetermined type (such as a cache line fill operation with intent to modify), snoop management circuitry writes a "snoop yes" value into the snoop advisory cell corresponding to the snoop advisory page which includes the address of the processor's access. Second, in response to each access by another device which shares the address space with the processor structure, a snoop request is issued to the processor structure, but only if the snoop advisory cell corresponding to the snoop advisory page which includes the address of the device's access, contains the "snoop yes" value.