Patent attributes
A method for controlling access of a processor to a resource, wherein the processor has an instruction set including a virtualization extension, may include executing a resource access instruction by the processor using the virtualization extension, whereby the resource access instruction conveys a virtual address (VA) and a virtual machine identifier. The method may also include translating the virtual address to a physical address based on the virtual machine identifier, and looking-up an access control rule table using the physical address as a search key. Each entry of the rule table includes a virtual machine identifier. The method further includes controlling access to the resource based on the output of the rule table and a match between the virtual machine identifier returned by the table and the virtual machine identifier conveyed in the resource access instruction.
