Secure migratable architecture having improved performance features
First Claim
1. A computing system comprising:
- a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including;
an operating system; and
a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process,the software executable to perform a method including;
allocating a portion of the memory for use by the process;
associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process;
receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor, including a common tag value associated with all memory locations within the first memory area, the request being associated with a plurality of memory addresses within the first memory area;
in response to the request, performing a check on a tag associated with the first memory area and stored in the area descriptor; and
upon completion of the check, storing the data within the memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory area;
wherein each of the area descriptors includes a token defining to the firmware environment a base address at which the corresponding memory area is located, the base address translated to an address in the memory managed by the operating system.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for implementing a secure migratable architecture having improved performance features over existing virtualization systems are disclosed. One method includes allocating a portion of a memory for use by a process, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed. The method includes associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process, and receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor of the area descriptors, the request being associated with a plurality of memory addresses within the first memory area. The method includes, in response to the request, performing a check on a tag associated with the first memory area and stored in the first area descriptor. The method further includes, upon completion of the check, storing the data within the first memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory area.
-
Citations
16 Claims
-
1. A computing system comprising:
-
a programmable circuit configured to execute instructions according to a first computing architecture; a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including; an operating system; and a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process, the software executable to perform a method including; allocating a portion of the memory for use by the process; associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process; receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor, including a common tag value associated with all memory locations within the first memory area, the request being associated with a plurality of memory addresses within the first memory area; in response to the request, performing a check on a tag associated with the first memory area and stored in the area descriptor; and upon completion of the check, storing the data within the memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory area; wherein each of the area descriptors includes a token defining to the firmware environment a base address at which the corresponding memory area is located, the base address translated to an address in the memory managed by the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
- allocating a portion of a memory for use by a process, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process;
receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor including a common tag value associated with all memory locations within the first memory area, the request being associated with a plurality of memory addresses within the first memory area;
in response to the request, performing a check on a tag associated with the first memory area and stored in the first area descriptor; and
upon completion of the check, storing the data within the first memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory areawherein each of the area descriptors includes a token defining to the firmware environment a base address at which the corresponding memory area is located, the base address translated to an address in the memory managed by the operating system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- allocating a portion of a memory for use by a process, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
-
16. A non-transitory computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a computing system, cause the computing system to perform a method comprising:
- allocating a portion of a memory for use by a process, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process;
receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor including a common tag value associated with all memory locations within the first memory area, the request being associated with a plurality of memory addresses within the first memory area;
in response to the request, performing a check on a tag associated with the first memory area and stored in the first area descriptor; and
upon completion of the check, storing the data within the first memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory areawherein each of the area descriptors includes a token defining to the firmware environment a base address at which the corresponding memory area is located, the base address translated to an address in the memory managed by the operating system.
- allocating a portion of a memory for use by a process, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
Specification