Field of the Invention
This invention relates generally to the field of computer processors. More particularly, the invention relates to an apparatus and method for sub-page write protection.
Description of the Related Art
A virtual-machine system is a computer system that includes a virtual machine monitor (VMM) supporting one or more virtual machines (VMs). A Virtual Machine Monitor (VMM) is a software program that controls physical computer hardware and presents programs executing within a Virtual Machine (VM) with the illusion that they are executing on real physical computer hardware. Each VM typically functions as a self-contained platform, controlled by a “guest” operating system (OS), i.e., an OS hosted by the VMM, which executes as if it were running on a real machine instead of within a VM.
In some implementations, the virtual execution environment is supported by a “host” operating system (OS) which is natively executed on the computing hardware. The host OS may support multiple different “guest” OSs, each potentially running multiple different applications. In this implementation, non-native instructions executed by the applications are intercepted, decoded and translated to native instructions by logic within the host OS. The results of the native instructions are then provided back to the applications from the host OS. In addition to non-native general purpose instructions, non-native graphics instructions may also need to be intercepted, decoded and translated into native graphics instructions for execution on a graphics processing unit (GPU).
Extended Page Table (EPT)-based Sub-Page Protection allows VMMs to specify write-protection for guest physical memory at a sub-page (128 byte) granularity. When this capability is utilized, the CPU enforces write-access permissions for sub-page regions of 4K pages as specified by the VMM. EPT-based Sub-Page Protection is intended to enable fine-grained memory write enforcement by a VMM for security (guest OS monitoring) and usages such as device virtualization and memory checkpointing.