SECURE MEMORY ACCESS IN A VIRTUALIZED COMPUTING ENVIRONMENT
First Claim
Patent Images
1. A method comprising:
- receiving at an input/output memory management unit (IOMMU) a first memory access request from a bus device, the first memory access request comprising a first memory address and a first request identifier indicating a first virtual machine (VM) associated with the first memory access request; and
in response to determining at the IOMMU, based on mapping a virtual memory identifier (VMID) to a virtual function identifier (VFID), that the first virtual machine is authorized to access a first region of memory associated with first memory address, satisfying the first memory access request at a memory.
2 Assignments
0 Petitions
Accused Products
Abstract
A processor supports secure memory access in a virtualized computing environment by employing requestor identifiers at bus devices (such as a graphics processing unit) to identify the virtual machine associated with each memory access request. The virtualized computing environment uses the requestor identifiers to control access to different regions of system memory, ensuring that each VM accesses only those regions of memory that the VM is allowed to access. The virtualized computing environment thereby supports efficient memory access by the bus devices while ensuring that the different regions of memory are protected from unauthorized access.
9 Citations
20 Claims
-
1. A method comprising:
-
receiving at an input/output memory management unit (IOMMU) a first memory access request from a bus device, the first memory access request comprising a first memory address and a first request identifier indicating a first virtual machine (VM) associated with the first memory access request; and in response to determining at the IOMMU, based on mapping a virtual memory identifier (VMID) to a virtual function identifier (VFID), that the first virtual machine is authorized to access a first region of memory associated with first memory address, satisfying the first memory access request at a memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
in response to receiving an interrupt from a bus device, identifying a memory region based on mapping a virtual machine identifier (VMID associated with the interrupt to a virtual function; and storing a payload of the interrupt at the memory region. - View Dependent Claims (11)
-
-
12. A processor, comprising:
-
a bus device to execute workloads on behalf of a first virtual machine (VM); and an input/output memory management unit (IOMMU) configured to; receive a first memory access request from a bus device, the first memory access request comprising a first memory address and a first request identifier indicating the first VM; and in response to determining at the IOMMU, based on mapping a virtual machine identifier (VMID) to a virtual function identifier (VFID), that the first virtual machine is authorized to access a first region of memory associated with first memory address, satisfy the first memory access request at a memory. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification