Method and apparatus for fine grain memory protection

What is claimed is: 1. A method comprising: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages. 2. The method as in claim 1 wherein performing the first lookup operation comprises retrieving the physical address from a page table stored in a memory. 3. The method as in claim 1 wherein performing the first lookup operation comprises retrieving the physical address from a translation lookaside buffer. 4. The method as in claim 1 wherein the memory page is 4 k in size and wherein each of the sub-pages are 128 B in size. 5. The method as in claim 1 wherein determining whether sub-page permissions are enabled comprises: identifying an entry in a page table or translation lookaside buffer (TLB) associated with the memory page; and reading at least one sub-page permission enable bit associated with the entry, the sub-page permission enable bit having a first value if permissions are enabled and a second value if permissions are not enabled. 6. The method as in claim 5 wherein the second lookup comprises: determining a location for a sub-page protection table (SPPT); and querying the SPPT using the physical address associated with the memory page to identify at least one sub-page permission bit associated with at least one sub-page of the memory page. 7. The method as in claim 6 wherein implementing the permissions associated with the one or more sub-pages comprises: determining whether read, write and/or execute operations are permitted to a sub-page based on a value of the corresponding permission bits associated with the sub-page in the SPPT. 8. The method as in claim 7 wherein determining the location for the SPPT comprises reading a sub-page protection table pointer (SPPTP) stored in a virtual machine control structure (VMCS) of a virtual machine monitor (VMM), wherein at least a portion of the physical address of the memory page is combined with the SPPTP to locate the sub-page permission bit. 9. The method as in claim 6 wherein the SPPT comprises a hierarchical set of tables and wherein different portions of the physical address of the memory page are used to index each of the different tables in the hierarchical set of tables and wherein the hierarchical set of tables or portions thereof are internally cached to improved performance. 10. An apparatus comprising: a processor to execute program code and process data; address translation logic on the processor to perform a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; sub-page permission logic to determine whether sub-page permissions are enabled for the memory page; the sub-page permission logic to perform a second lookup operation if sub-page permissions are enabled, to determine permissions associated with one or more of the sub-pages of the memory page; and the sub-page permission logic to implement the permissions associated with the one or more sub-pages. 11. The apparatus as in claim 10 wherein performing the first lookup operation comprises retrieving the physical address from a page table stored in a memory. 12. The apparatus as in claim 10 wherein performing the first lookup operation comprises retrieving the physical address from a translation lookaside buffer. 13. The apparatus as in claim 10 wherein the memory page is 4 k in size and wherein each of the sub-pages are 128 B in size. 14. The apparatus as in claim 10 wherein determining whether sub-page permissions are enabled comprises: identifying an entry in a page table or translation lookaside buffer (TLB) associated with the memory page; and reading at least one sub-page permission enable bit associated with the entry, the sub-page permission enable bit having a first value if permissions are enabled and a second value if permissions are not enabled. 15. The apparatus as in claim 14 wherein the second lookup comprises: determining a location for a sub-page protection table (SPPT); and querying the SPPT using the physical address associated with the memory page to identify at least one sub-page permission bit associated with at least one sub-page of the memory page. 16. The apparatus as in claim 15 wherein implementing the permissions associated with the one or more sub-pages comprises: determining whether write operations are permitted to a sub-page based on a value of the permission bit associated with the sub-page in the SPPT. 17. The apparatus as in claim 16 wherein determining the location for the SPPT comprises reading a sub-page protection table pointer (SPPTP) stored in a virtual machine control structure (VMCS) of a virtual machine monitor (VMM), wherein at least a portion of the physical address of the memory page is combined with the SPPTP to locate the sub-page permission bit. 18. The apparatus as in claim 15 wherein the SPPT comprises a hierarchical set of tables and wherein different portions of the physical address of the memory page are used to index each of the different tables in the hierarchical set of tables and wherein the hierarchical set of tables or portions thereof are internally cached to improved performance. 19. A system comprising: a virtual machine monitor (VMM); one or more guest operating systems (OSs) executed within one or more virtual machines (VMs) supported by the VMM; sub-page permission logic implemented by the VMM to determine whether sub-page permissions are enabled for a memory page; the sub-page permission logic to perform a lookup operation if sub-page permissions are enabled, to determine permissions associated with one or more of the sub-pages of the memory page; and an application executed within one of the OSs implement the permissions associated with the one or more sub-pages. 20. The system as in claim 19 wherein determining whether sub-page permissions are enabled comprises: identifying an entry in a page table or translation lookaside buffer (TLB) associated with the memory page; and reading at least one sub-page permission enable bit associated with the entry, the sub-page permission enable bit having a first value if permissions are enabled and a second value if permissions are not enabled. 21. The system as in claim 20 wherein the lookup operation comprises: determining a location for a sub-page protection table (SPPT); and querying the SPPT using the physical address associated with the memory page to identify at least one sub-page permission bit associated with at least one sub-page of the memory page. 22. The system as in claim 21 wherein implementing the permissions associated with the one or more sub-pages comprises: determining whether write operations are permitted to a sub-page based on a value of the permission bit associated with the sub-page in the SPPT. 23. The system as in claim 22 wherein determining the location for the SPPT comprises reading a sub-page protection table pointer (SPPTP) stored in a virtual machine control structure (VMCS) of the VMM, wherein at least a portion of the physical a