公开(公告)号：US20220035543A1

公开(公告)日：2022-02-03

申请号：US17358415

申请日：2021-06-25

Applicant: VMware, Inc.

Inventor： Carl A. WALDSPURGER

IPC: G06F3/06 ,  G06F9/48 ,  G06F9/50 ,  H04L12/26 ,  H04L12/917 ,  H04L12/24

Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.

公开(公告)号：US20190004850A1

公开(公告)日：2019-01-03

申请号：US16102411

申请日：2018-08-13

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM

IPC: G06F9/46 ,  G06F9/448 ,  G06F9/48 ,  G06F9/455 ,  G06F11/14

Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

公开(公告)号：US20170185531A9

公开(公告)日：2017-06-29

申请号：US14048515

申请日：2013-10-08

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM ,  Tal GARFINKEL ,  Dan BONEH

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1491 ,  G06F21/6218 ,  G06F2212/151

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

公开(公告)号：US20150128138A1

公开(公告)日：2015-05-07

申请号：US14508685

申请日：2014-10-07

Applicant: VMware, Inc.

Inventor： Ajay GULATI ,  Irfan AHMAD ,  Ganesha SHANMUGANATHAN ,  Carl A. WALDSPURGER

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/5088 ,  G06F11/3433 ,  G06F2201/815 ,  H04L67/1008

Abstract: One or more embodiments of the present invention provide a technique for effectively managing virtualized computing systems with an unlimited number of hardware resources. Host systems included in a virtualized computer system are organized into a scalable, peer-to-peer (P2P) network in which host systems arrange themselves into a network overlay to communicate with one another. The network overlay enables the host systems to perform a variety of operations, which include dividing computing resources of the host systems among a plurality of virtual machines (VMs), load balancing VMs across the host systems, and performing an initial placement of a VM in one of the host systems.

Abstract translation: 本发明的一个或多个实施例提供了一种用于以无限数量的硬件资源有效地管理虚拟化计算系统的技术。 包括在虚拟化计算机系统中的主机系统被组织成可扩展的对等（P2P）网络，其中主机系统将其自身布置成网络覆盖以便彼此通信。 网络覆盖使得主机系统能够执行各种操作，其包括在多个虚拟机（VM）中划分主机系统的计算资源，跨主机系统负载平衡VM，以及执行VM的初始放置 其中一个主机系统。

公开(公告)号：US20130254612A1

公开(公告)日：2013-09-26

申请号：US13893465

申请日：2013-05-14

Applicant: VMware, Inc.

Inventor： Carl A. WALDSPURGER ,  Dilpreet BINDRA ,  Gregory HARM ,  Patrick TULLMANN

IPC: G06F11/08

CPC classification number: G06F11/08 ,  G06F11/141

Abstract: A method is provided for recovering from an uncorrected memory error located at a memory address as identified by a memory device. A stored hash value for a memory page corresponding to the identified memory address is used to determine the correct data. Because the memory device specifies the location of the corrupted data, and the size of the window where the corruption occurred, the stored hash can be used to verify memory page reconstruction. With the known good part of the data in hand, the hashes of the pages using possible values in place of the corrupted data are calculated. It is expected that there will be a match between the previously stored hash and one of the computed hashes. As long as there is one and only one match, then that value, used in the place of the corrupted data, is the correct value. The corrupt data, once replaced, allows operation of the memory device to continue without needing to interrupt or otherwise affect a system's operation.

Abstract translation: 提供一种用于从由存储器件识别的存储器地址处的未校正的存储器错误中恢复的方法。 用于与所识别的存储器地址相对应的存储器页的存储的散列值用于确定正确的数据。 由于内存设备指定损坏的数据的位置以及发生损坏的窗口的大小，因此可以使用存储的散列来验证内存页重建。 利用手头已知的很好的部分数据，可以计算使用可能值代替已损坏数据的页面散列。 预期在先前存储的散列和所计算的散列之一将存在匹配。 只要有一个只有一个匹配，那么在损坏的数据的位置使用的值是正确的值。 损坏的数据一旦被更换，就允许存储设备的操作继续进行，而不需要中断或以其他方式影响系统的操作。

公开(公告)号：US20180045431A1

公开(公告)日：2018-02-15

申请号：US15662071

申请日：2017-07-27

Applicant: VMware, Inc.

Inventor： Carl A. WALDSPURGER ,  Michael NELSON ,  Daniel J. SCALES ,  Pratap SUBRAHMANYAM

IPC: F24H1/14

CPC classification number: F24H1/142 ,  F16L53/32

Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.

公开(公告)号：US20170344496A1

公开(公告)日：2017-11-30

申请号：US15682056

申请日：2017-08-21

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM ,  Tal GARFINKEL ,  Dan BONEH

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1491 ,  G06F21/6218 ,  G06F2212/151

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

公开(公告)号：US20160246533A1

公开(公告)日：2016-08-25

申请号：US15142031

申请日：2016-04-29

Applicant: VMware, Inc.

Inventor： Carl A. WALDSPURGER

IPC: G06F3/06 ,  H04L12/26 ,  H04L12/24

CPC classification number: G06F3/0631 ,  G06F3/0604 ,  G06F3/0653 ,  G06F3/0683 ,  G06F9/4881 ,  G06F9/5016 ,  H04L41/5054 ,  H04L43/04 ,  H04L43/08 ,  H04L47/76

Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.

公开(公告)号：US20160179564A1

公开(公告)日：2016-06-23

申请号：US15055468

申请日：2016-02-26

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F12/109 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657

Abstract: Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.

Abstract translation: 虚拟化软件在虚拟机内建立多个执行环境，其中在一个环境中执行的软件模块不能访问另一环境的专用内存。 为每个执行环境维护一组单独的影子内存地址映射。 例如，可以为每个执行环境维护单独的影子页表。 虚拟化软件确保一个执行环境的影子地址映射不映射到包含其他执行环境的私有代码或数据的物理内存页面。 当执行从一个执行环境切换到另一个执行环境时，虚拟化软件会激活新执行环境的影子地址映射。 使用单独映射的类似方法也可用于防止一个执行环境中的软件模块访问另一个执行环境的专用磁盘空间或其他辅助存储。

公开(公告)号：US20140245304A1

公开(公告)日：2014-08-28

申请号：US14273022

申请日：2014-05-08

Applicant: VMWARE, INC.

Inventor： Haoqiang ZHENG ,  Carl A. WALDSPURGER

IPC: G06F9/455 ,  G06F9/46

CPC classification number: G06F9/45533 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/46 ,  G06F9/485 ,  G06F9/4881 ,  G06F9/522 ,  G06F2009/4557 ,  G06F2009/45575

Abstract: Techniques for implicit coscheduling of CPUs to improve corun performance of scheduled contexts are described. One technique minimizes skew by implementing corun migrations, and another technique minimizes skew by implementing a corun bonus mechanism. Skew between schedulable contexts may be calculated based on guest progress, where guest progress represents time spent executing guest operating system and guest application code. A non-linear skew catch-up algorithm is described that adjusts the progress of a context when the progress falls far behind its sibling contexts.

Abstract translation: 描述了用于CPU的隐式调谐以提高调度上下文的corun性能的技术。 一种技术通过实施corun迁移来最小化偏差，另一种技术通过实施corun奖励机制来最大限度地减少偏差。 可调度上下文之间的偏差可以基于访客进度来计算，客户进度表示执行访客操作系统和访客应用程序代码所花费的时间。 描述了一种非线性偏移追赶算法，当算法的进度远远落后于其同级上下文时，调整上下文的进度。