The challenges to be met are these:
Use the same memory mappings for all privilege levels. (This prevents TLB flushes which kill performance.)
Allow speculative execution.
Allow speculative execution across privilege changes.
Detect and stall when speculative execution violates memory privileges.
Detect this with no table lookups or address decoding. (For speed. The privilege checks will occur inside pipeline stages, so any delay kills the clock speed.)
Divide the virtual memory addresses into privilege selector bits and index bits.
|Privilege selector bits [63:56]
||Index bits [55:0]
||AAA ... AAA
Only one selector bit will be set to one. The others will be cleared to zero. Which one is set to one will determine the privilege level needed to access that memory mapping.
Access will be validated by a privilege mask. If any bit is set in both the privilege mask and the selector bits, speculative execution is allowed. This will be very fast, since it uses only AND gates followed by an OR gate.
||Internal processor functions
||System management mode
||Hypervisor ring 1
||Hypervisor ring 2
||Hypervisor ring 3
||Guest ring 1
||Guest ring 2
||Guest ring 3
More bits can be added to provide more isolation levels. Privilege masks can omit less-privileged memory mappings to create a special management task that cannot snoop.