Abstract: Embodiments include techniques for using a zone-SDID mapping for translation lookaside buffer (TLB) purges, the techniques include receiving a zone purge request, including zone attribute information, and searching for matching zone attribute information in a zone register using the zone purge request. The techniques also include computing, based at least in part on the search, a state descriptor identifier (SDID) vector for each matching zone of the zone register, and reading TLB entries referenced in the zone purge request. The techniques include comparing an SDID of the TLB entry against an SDID specified in the SDID vector, and purging the TLB entries based on the comparison.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: Methods and apparatuses for performing a quiesce operation in a multithread environment is provided. A processor receives a first thread quiesce request from a first thread executing on the processor. A processor sends a first processor quiesce request to a system controller to initiate a quiesce operation. A processor performs one or more operations of the first thread based, at least in part, on receiving a response from the system controller.

Abstract: A method, a computer program product, and a computer system for processing interrupt requests in a computer system. The computer system disables, for a processor, an interrupt request for threads other than an interrupt request handling thread. The computer system configures the processor to route the interrupt request to the interrupt request handling thread. The computer system determines, by the interrupt request handling thread, whether one of the threads needs to process the interrupt request. The computer presents, by the interrupt request handling thread, the interrupt request to the one of the threads, in response to determining that the one of the threads needs to process the interrupt request.

Abstract: A method, a computer program product, and a computer system for processing interrupt requests in a computer system. The computer system disables, for a processor, an interrupt request for threads other than an interrupt request handling thread. The computer system configures the processor to route the interrupt request to the interrupt request handling thread. The computer system determines, by the interrupt request handling thread, whether one of the threads needs to process the interrupt request. The computer presents, by the interrupt request handling thread, the interrupt request to the one of the threads, in response to determining that the one of the threads needs to process the interrupt request.

Abstract: Protecting contents of storage in a computer system from unauthorized access. The computer system includes one or more processing units sharing the storage. Each of the processing units has at least one processor cache. Each processing unit respectively encrypts or decrypts, with a protected section key, data transferred between its processor cache and the storage, when data relates to the protected section used by the hypervisor; and each processing unit respectively encrypts or decrypts, with a virtual machine key, data transferred between its processor cache and the storage, when data relates to storage areas used by a virtual machine.

Abstract: Protecting contents of storage in a computer system from unauthorized access. The computer system includes one or more processing units sharing the storage. Each of the processing units has at least one processor cache. Each processing unit respectively encrypts or decrypts, with a protected section key, data transferred between its processor cache and the storage, when data relates to the protected section used by the hypervisor; and each processing unit respectively encrypts or decrypts, with a virtual machine key, data transferred between its processor cache and the storage, when data relates to storage areas used by a virtual machine.

Abstract: Protecting contents of storage in a computer system from unauthorized access. The computer system comprises one or more processing units sharing the storage, the processing units each having at least one processor cache. Each processing unit respectively encrypts or decrypts, with a protected section key in the chip cache, data transferred between its processor cache and the protected section, and each processing unit respectively encrypts or decrypts, with a segment key, data transferred between the chip cache and the storage, when data relates to a specific segment of the storage.

Abstract: Protecting contents of storage in a computer system from unauthorized access. The computer system comprises one or more processing units sharing the storage, the processing units each having at least one processor cache. Each processing unit respectively encrypts or decrypts, with a protected section key in the chip cache, data transferred between its processor cache and the protected section, and each processing unit respectively encrypts or decrypts, with a segment key, data transferred between the chip cache and the storage, when data relates to a specific segment of the storage.

Abstract: A translation lookaside buffer coherency unit with Emulated Purge (TCUEP) translates a first virtual address for a first instruction into a first physical address. The TCUEP detects a multi-processor coherency operation that will cause hit suppression for certain entries in a TLB and purging of certain entries in the TLB. The TCUEP translates a second virtual address for a second instruction into a second physical address and stores the second physical address in a second entry in the TLB. The TCUEP configures a second marker in the second entry to indicate that the hit suppression is not allowed for the second entry, and that the purging is not allowed for the second entry. The TCUEP receives a first address translation request that indicates a hit in the second entry. The TCUEP resolves the first address translation request by returning the second physical address.

Abstract: Methods and apparatuses for performing a quiesce operation during a processor recovery action is provided. A processor performs a processor recovery action. A processor retrieves a quiesce status of a computer system from a shared cache with a second processor. A processor determines a quiesce status of the first processor based, a least in part, on the retrieved quiesce status of the computer system.

Abstract: Methods and apparatuses for performing a quiesce operation during a processor recovery action is provided. A processor performs a processor recovery action. A processor retrieves a quiesce status of a computer system from a shared cache with a second processor. A processor determines a quiesce status of the first processor based, a least in part, on the retrieved quiesce status of the computer system.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: Aspects include encrypting data exchanged between two computer systems. A method includes accessing content of a memory, via a memory address, by at least one processing unit of one of the computer systems. Based on the accessing being a write operation, the content of the memory is encrypted using a memory encryption key, the encrypting is by a crypto unit of the at least one of the processing units. Based on the accessing being a read operation, the content of the memory is decrypted using the same memory encryption key, the decrypting is by a crypto unit of the at least once of the processing units. Remote direct memory access is established via memory addresses between the computer systems, the establishing including at least one of the computer systems locally storing a respective network encryption key as memory encryption keys for memory areas used for the data exchange.

Abstract: A method, a computer program product, and a computer system for processing interrupt requests in a computer system. The computer system disables, for a processor, an interrupt request for threads other than an interrupt request handling thread. The computer system configures the processor to route the interrupt request to the interrupt request handling thread. The computer system determines, by the interrupt request handling thread, whether one of the threads needs to process the interrupt request. The computer presents, by the interrupt request handling thread, the interrupt request to the one of the threads, in response to determining that the one of the threads needs to process the interrupt request.

Abstract: Data collection is facilitated by a multi-threaded processor. One thread of the processor obtains data placed in a buffer by another thread of the processor. The thread placing the data in the buffer is an execution thread executing a customer application and the one thread obtaining the data from the buffer is an assist thread. The assist thread stores the data obtained from the buffer in a selected location, such as a cache, main memory, a measurement control block, a persistent storage device or a network.

Abstract: A method, a computer program product, and a computer system for processing interrupt requests in a computer system. The computer system disables, for a processor, an interrupt request for threads other than an interrupt request handling thread. The computer system configures the processor to route the interrupt request to the interrupt request handling thread. The computer system determines, by the interrupt request handling thread, whether one of the threads needs to process the interrupt request. The computer presents, by the interrupt request handling thread, the interrupt request to the one of the threads, in response to determining that the one of the threads needs to process the interrupt request.

Abstract: Data collection is facilitated by a multi-threaded processor. One thread of the processor obtains data placed in a buffer by another thread of the processor. The thread placing the data in the buffer is an execution thread executing a customer application and the one thread obtaining the data from the buffer is an assist thread. The assist thread stores the data obtained from the buffer in a selected location, such as a cache, main memory, a measurement control block, a persistent storage device or a network.