Technology for managing memory tags

What is claimed is: 1. A data processing system with support for sub-page granular memory tags, the data processing system comprising: at least one core that is configured to automatically maintain a memory tag map (MTM) that identifies a single memory tag value for each physical line of tagged memory that has been mapped to a virtual page by an operating system (OS) in the data processing system; a memory controller responsive to the core; random access memory (RAM) responsive to the memory controller; and a memory protection module in the memory controller; wherein the memory protection module enables the memory controller to use memory tag values supplied as parts of memory addresses to protect data stored at locations that are based on location values supplied as other parts of the memory addresses, wherein to use memory tag values to protect data comprises: (a) to use a first memory tag value to obtain a first key and (b) to use the first key to encrypt a first line for a page of data before storing the encrypted first line in the RAM; and (a) to use a second memory tag value to obtain a second key and (b) to use the second key encrypt a second line for the page of data before storing the encrypted second line in the RAM, wherein the first and second lines reside in one page of data; wherein the memory protection module enables an application to obtain a decrypted version of the encrypted first line by (a) including the first memory tag value as part of a virtual address for the first line, and (b) also including a first location value as part of the virtual address for the first line; wherein the memory protection module enables the application to obtain a decrypted version of the encrypted second line by (a) including the second memory tag value as part of a virtual address for the second line, and (b) also including a second location value as part of the virtual address for the second line; and wherein the memory controller enables the OS to swap the page of data out of the RAM to non-volatile storage (NVS) by: using the MTM to obtain memory tag values for lines within the page, the memory tag values to comprise the first and second memory tag values; (a) using the first memory tag value to obtain the first key, and (b) using the first key to decrypt the first line before storing the first line to the NVS; and (a) using the second memory tag value to obtain the second key, and (b) using the second key decrypt the second line before storing the second line to the NVS. 2. A data processing system according to claim 1 , wherein the memory controller enables the OS to swap the page of data back into RAM by applying memory tag values to respective lines within the page being swapped back in. 3. A data processing system according to claim 1 , wherein the memory controller enables the OS to manage copy-on-write (COW) by: in response to a determination that COW has been triggered for a shared page of data in RAM, wherein the shared page is shared by a first process and a second process, using memory tag values associated with respective lines within the shared page of data to copy the data to a new page in RAM; and updating a page table for the first processes to map the new page to a virtual address space for the first process. 4. A data processing system according to claim 1 , further comprising: sequestered memory responsive to the memory controller, wherein the sequestered memory is not directly accessible to the OS; and wherein the memory controller is configured to store the MTM in the sequestered memory. 5. A data processing system according to claim 4 , wherein the sequestered memory comprises error-correcting code (ECC) memory. 6. A data processing system according to claim 4 , wherein the core supports a privileged read_memory_metadata instruction which, when executed, enables the core to obtain, from the MTM in the sequestered memory, a memory tag value for a particular line in RAM, in response to supplying the read_memory_metadata instruction with the physical address of that particular line. 7. A data processing system according to claim 1 , wherein the core supports a read_tagged_page instruction which, when executed, enables the core to: use memory tag values to read data from multiple lines of tagged memory within a specified source page; and copy that data to a specified destination page. 8. A data processing system according to claim 7 , wherein: the memory tag values comprise at least one key identifier (KeyID); the operation of using memory tag values to read data from multiple lines of tagged memory within the specified source page comprises using a key corresponding to the KeyID to decrypt the data; and the operation of copying that data to the specified destination page comprises copying the decrypted data to the specified destination page. 9. At least one non-transitory machine-accessible medium comprising computer instructions for supporting sub-page granular memory tags, wherein the computer instructions, in response to being executed on a data processing system, enable the data processing system to: maintain a memory tag map (MTM) that identifies a single memory tag value for each physical line of tagged memory that has been mapped to a virtual page by an operating system (OS) in the data processing system; use memory tag values supplied as parts of memory addresses to protect data stored at locations within a page of data in random access memory (RAM) of the data processing system, wherein the locations are based on location values supplied as other parts of the memory addresses, wherein the RAM is responsive to a memory controller in the data processing system, and wherein a memory protection module in the memory controller enables the memory controller to protect the data in RAM, based on the memory tag values, wherein to protect the data in RAM based on the memory tag values comprises: (a) to use a first memory tag value to obtain a first key and (b) to use the first key to encrypt a first line for a page of data before storing the encrypted first line in the RAM; and (a) to use a second memory tag value to obtain a second key and (b) to use the second key encrypt a second line for the page of data before storing the encrypted second line in the RAM, wherein the first and second lines reside in one page of data; by an application, obtain a decrypted version of the encrypted first line by (a) including the first memory tag value as part of a virtual address for the first line, and (b) also including a first location value as part of the virtual address for the first line; by the application, obtain a decrypted version of the encrypted second line by (a) including the second memory tag value as part of a virtual address for the second line, and (b) also including a second location value as part of the virtual address for the second line; by the OS, swap the page of data out of the RAM to non-volatile storage (NVS) of the data processing system by: using the MTM to obtain memory tag values for lines within the page, the memory tag values to comprise the first and second memory ta values; (a) using the first memory tag value to obtain the first key, and (b) using the first key to decrypt the first line before storing the first line to the NVS; and (a) using the second memory tag value to obtain the second key, and (b) using the second key decrypt the second line before storing the second line to the NVS. 10. At least one machine-accessible medium according to claim 9 , wherein the instructions, when executed, further enable the data processing system to swap the page of data back into RAM by applying memory tag values to respective lines within the pa