Supporting oversubscription of guest enclave memory pages
First Claim
1. A method comprising:
- identifying a target memory page in memory, wherein the target memory page is associated with a secure enclave of a virtual machine (VM);
receiving, by a processing device, a data structure comprising context information corresponding to the target memory page;
determining, by the processing device, that the target memory page is associated with one or more child memory pages;
identifying, by the processing device, a count of the one or more child memory pages based on the data structure;
determining, by the processing device, a state of the target memory page based on the data structure, the state indicating whether the target memory page comprises a parent memory page of the secure enclave of the VM that is linked to an active child memory page of the one or more child memory pages; and
generating an instruction to evict the target memory page from the secure enclave based on the state.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.
-
Citations
20 Claims
-
1. A method comprising:
-
identifying a target memory page in memory, wherein the target memory page is associated with a secure enclave of a virtual machine (VM); receiving, by a processing device, a data structure comprising context information corresponding to the target memory page; determining, by the processing device, that the target memory page is associated with one or more child memory pages; identifying, by the processing device, a count of the one or more child memory pages based on the data structure; determining, by the processing device, a state of the target memory page based on the data structure, the state indicating whether the target memory page comprises a parent memory page of the secure enclave of the VM that is linked to an active child memory page of the one or more child memory pages; and generating an instruction to evict the target memory page from the secure enclave based on the state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A processing device comprising:
-
a memory controller unit to access a secure enclave; and a processor core, operatively coupled to the memory controller unit, to; identify a target memory page to restore in a secure enclave of a virtual machine (VM); determine that the target memory page is associated with one or more child memory pages; receive a data structure comprising context information related to a parent memory page of the VM, wherein the parent memory page is present in the secure enclave; identify a count of the one or more child memory pages based on the data structure; determine, based on the data structure, whether the parent memory page is linked to an active child memory page, of the one or more child memory pages, within the secure enclave; and map, responsive to a determination that the parent memory page is linked to the active child memory page, the target memory page to the parent memory page. - View Dependent Claims (9)
-
-
10. A processing device comprising:
-
a memory controller unit; and a processor core, operatively coupled to the memory controller unit, to; identify a target memory page in memory, wherein the target memory page is associated with a secure enclave of a virtual machine (VM); receive a data structure comprising context information corresponding to the target memory page; determine that the target memory page is associated with one or more child memory pages; identify a count of the one or more child memory pages based on the data structure; determine a state of the target memory page based on the data structure, the state indicating whether the target memory page comprises a parent memory page of the secure enclave of the VM that is linked to an active child memory page of the one or more child memory pages; and generate an instruction to evict the target memory page from the secure enclave based on the state. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine-readable storage medium including instructions that, when executed by a processing device, cause the processing device to:
-
identify, by the processing device, a target memory page in memory, wherein the target memory page is associated with a secure enclave of a virtual machine (VM); receive a data structure comprising context information corresponding to the target memory page; determine that the target memory page is associated with one or more child memory pages; identify a count of the one or more child memory pages based on the data structure; determine a state of the target memory page based on the data structure, the state indicating whether the target memory page comprises a parent memory page of the secure enclave of the VM that is linked to an active child memory page of the one or more child memory pages; and generate an instruction to evict the target memory page from the secure enclave based on the state. - View Dependent Claims (18, 19, 20)
-
Specification