Modern computing devices operate by executing computer-executable instructions from high-speed volatile memory in the form of random access memory (RAM), and the execution of such computer executable instructions often entails the reading of data from RAM. Due to cost, physical size limitations, power requirements, and other like constraints, computing devices typically comprise less RAM than is required by the processes that are typically executed on such computing devices. To accommodate such constraints, virtual memory is utilized, whereby the memory that appears to be available to processes executing on a computing device is greater than the physical memory circuitry provides for. The relationship between virtual memory and physical memory is typically managed by one or more memory managers, which implement, maintain, and/or reference a “page table” whose information delineates the relationship between one or more virtual memory addresses and the locations of corresponding data, either in physical memory, or on some form of storage media. To accommodate the quantities of memory relevant to modern computing devices and the processes executed thereon, a modern page table is typically comprised of multiple hierarchical levels of tables, with a hierarchically higher-level table having entries that each identify a different hierarchically lower-level table, and with the hierarchically lowest-level table comprising entries that do not identify a still further table, but rather identify the memory addresses themselves.
Among the processes that can be executed by computing devices are processes that virtualize, or abstract, the underlying hardware of the computing device. Such processes include virtual machines, which can simulate a complete underlying computing device to processes executed within the virtualized computing context provided by such virtual machines. A hypervisor, or similar set of computer-executable instructions, can facilitate the provision of a virtual machine by virtualizing, or abstracting, the underlying hardware of a physical computing device hosting such a hypervisor. A hypervisor can maintain a Second Layer Address Table (SLAT) which can also be hierarchically arranged in a manner analogous to the aforementioned page tables. The SLAT can maintain information that delineates the relationship between one or more memory addresses that appeared to be physical memory locations to processes executing on top of the hypervisor, including processes executing within the context of a virtual machine whose virtualization of underlying computing hardware is facilitated by the hypervisor, and the memory locations of actual physical memory itself.
When a process executing within the context of a virtual machine, for example, accesses memory, two different lookups can be performed. One lookup can be performed within the virtual machine context itself to correlate the virtual memory address requested with a physical memory address. Because such a lookup is performed within the virtual machine context itself, the identified physical memory address is only a physical memory address as perceived by processes executing within the context of the virtual machine. Such a lookup can be performed by a memory manager executing within the context of the virtual machine and can be made with reference to a page table that exists within the context of the virtual machine. A second lookup can then be performed outside of the context of the virtual machine. More specifically, the physical memory address (within the context of the virtual machine) identified by the first lookup, can be correlated to an actual physical memory address. Such a second lookup can entail one or more processing units of the computing device referencing the SLAT, which can correlate perceived physical memory addresses with actual physical memory addresses.
As indicated, both page tables and the SLAT can be hierarchical arrangements of different hierarchical levels of tables. Thus, the performance of a table lookup, whether performed by the memory manager with reference to the page table, or whether performed by the hypervisor with reference to the SLAT, can entail determining an appropriate table entry within a highest hierarchical table level, referencing a hierarchically lower-level table that is identified by that table entry, determining an appropriate table entry within that hierarchically lower-level table, referencing a hierarchically still lower-level table that is identified by that table entry, and so on, until a lowest hierarchical level table is reached, whereupon the individual entries of that lowest hierarchical level table identify one or more specific addresses, or ranges of addresses, of memory itself, as supposed to identifying a still further table. Each reference to a hierarchically lower-level table consumes processor cycles and increases the duration of a memory access.
In the case of a memory access from a process executing within the context of a virtual machine, for example, the duration of such a memory access can include both the traversing of the hierarchical levels of the page table, performed by the memory manager, in the context of the virtual machine, and, in addition, the traversing of the hierarchical levels of the SLAT performed by the hypervisor. The additional delay introduced by the lookup performed by the hypervisor, with reference to the SLAT, renders memory access from processes executing within the context of a virtual machine, or, indeed, any process that accesses memory through a hypervisor, more inefficient as compared with processes accessing memory more directly. Such inefficiencies can discourage users from achieving the security benefits, and other benefits conferred by accessing memory through a hypervisor.