-
11.发明授权Switching between multiple software entities using different operating modes of a processor 有权使用处理器的不同操作模式切换多个软件实体公开(公告)号:US08266628B2
公开(公告)日:2012-09-11
申请号:US12339778
申请日:2008-12-19
CPC分类号: G06F9/45554
摘要: The computer program includes a virtualization software that is executable on the new processor in the legacy mode. The new processor includes a legacy instruction set for a legacy operating mode and a new instruction set for a new operation mode. The switching includes switching from the new instruction set to the legacy instruction set and switching paging tables. Each of the new operating mode and the legacy operating mode has separate paging tables. The switch routine is incorporated in a switch page that is locked in physical memory. The switch page has a first section to store a part of switching instructions conforming to the new instruction set and a second section to store another part of the switching instructions conforming to the legacy instruction set.
摘要翻译: 该计算机程序包括在传统模式下可在新处理器上执行的虚拟化软件。 新处理器包括用于传统操作模式的遗留指令集和用于新操作模式的新指令集。 切换包括从新指令集切换到传统指令集和切换寻呼表。 每个新的操作模式和传统操作模式都有独立的分页表。 开关程序被并入被锁定在物理存储器中的开关页面中。 开关页面具有存储符合新指令集的切换指令的一部分的第一部分和存储符合传统指令集的切换指令的另一部分的第二部分。
-
公开(公告)号:US20110131388A1
公开(公告)日:2011-06-02
申请号:US13023356
申请日:2011-02-08
申请人: Xiaoxin CHEN , Alberto J. MUNOZ
发明人: Xiaoxin CHEN , Alberto J. MUNOZ
IPC分类号: G06F12/10
CPC分类号: G06F12/1036 , G06F12/109
摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.
摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。
-
公开(公告)号:US07490216B1
公开(公告)日:2009-02-10
申请号:US11521632
申请日:2006-09-14
申请人: Xiaoxin Chen , Alberto J. Munoz
发明人: Xiaoxin Chen , Alberto J. Munoz
CPC分类号: G06F12/1036 , G06F12/109
摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.
摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。
-
14.发明授权公开(公告)号:US07111145B1
公开(公告)日:2006-09-19
申请号:US10397030
申请日:2003-03-25
申请人: Xiaoxin Chen , Alberto J. Munoz
发明人: Xiaoxin Chen , Alberto J. Munoz
CPC分类号: G06F12/1036 , G06F12/109
摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.
摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。
-
15.发明申请METHOD AND SYSTEM TO SECURELY MIGRATE AND PROVISION VIRTUAL MACHINE IMAGES AND CONTENT 有权安全移植和提供虚拟机图像和内容的方法和系统公开(公告)号:US20140089658A1
公开(公告)日:2014-03-27
申请号:US13629128
申请日:2012-09-27
申请人: Yeluri Raghuram , Steve Orrin , Alberto J. Munoz
发明人: Yeluri Raghuram , Steve Orrin , Alberto J. Munoz
CPC分类号: H04L9/0825 , G06F9/45533 , H04L9/083 , H04L9/3234 , H04L63/0442 , H04L63/062 , H04L2463/062
摘要: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.
摘要翻译: 公开了一种用于将虚拟机映像安全迁移并提供给云服务提供商环境(CSPE)的主机设备的方法,设备和系统。 客户设备加密虚拟机映像(VMI)并将VMI存储在CSPE中。 主机设备从对象存储中检索加密的VMI,并向密钥管理服务器发送主机信任数据(包括从加密的VMI提取的对称密钥,用客户公钥加密的对称密钥)到信任认证的密钥管理服务器。 如果密钥管理服务器成功验证主机设备,则密钥管理服务器使用客户私钥解密加密对称密钥,并使用主机公钥对对称密钥进行重新加密。 主机设备从密钥管理服务器接收重新加密的对称密钥,使用主机私钥对其进行解密,并使用对称密钥解密加密的VMI。
-
16.发明授权公开(公告)号:US07908646B1
公开(公告)日:2011-03-15
申请号:US11865670
申请日:2007-10-01
IPC分类号: G06F7/04
CPC分类号: G06F12/1466 , G06F9/45537
摘要: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.
摘要翻译: 在虚拟计算机系统中,本发明使用独立于硬件特权级别的次级保护机制来虚拟化主保护机制,其基于尝试的访问类型和当前硬件特权级别来限制存储器访问。 本发明可以用于虚拟化Intel IA-64架构的保护机制。 在该实施例中,虚拟TLB中的虚拟访问权限设置被转换为硬件TLB中的影子访问权限设置,而虚拟PKR高速缓存中的虚拟保护密钥设置被部分地转换为硬件PKR高速缓存中的影子保护密钥设置 对虚拟访问权限设置。 影子保护键设置取决于访客权限级别,但影子访问权限设置不是。
-
公开(公告)号:US20090106524A1
公开(公告)日:2009-04-23
申请号:US12345866
申请日:2008-12-30
申请人: Xiaoxin Chen , Alberto J. Munoz
发明人: Xiaoxin Chen , Alberto J. Munoz
IPC分类号: G06F12/06
CPC分类号: G06F12/1036 , G06F12/109
摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.
摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。
-
18.发明授权Switching between multiple software entities using different operating modes of a processor in a computer system 有权在计算机系统中使用处理器的不同操作模式在多个软件实体之间切换公开(公告)号:US07478388B1
公开(公告)日:2009-01-13
申请号:US10829780
申请日:2004-04-21
IPC分类号: G06F9/455
CPC分类号: G06F9/45554
摘要: A processor has multiple operating modes, such as the long/compatibility mode, the long/64-bit mode and the legacy modes of the x86-64 microprocessor. Different software entities execute in different ones of these operating modes. A switching routine is implemented to switch from one operating mode to another and to transfer control from one software entity to another. The software entities may be, for example, a host operating system and a virtual machine monitor. Thus, for example, a virtual computer system may comprise a 64-bit host operating system and a 32-bit virtual machine monitor, executing on an x86-64 microprocessor in long mode and legacy mode, respectively, with the virtual machine monitor supporting an x86 virtual machine. The switching routine may be implemented partially or completely in an identity-mapped memory page. Execution of the switching routine may be initiated by a driver that is installed in the host operating system of a virtual computer system.
摘要翻译: 处理器具有多种操作模式,例如长/兼容性模式,长/ 64位模式和x86-64微处理器的传统模式。 不同的软件实体在不同的这些操作模式下执行。 实现切换例程以从一种操作模式切换到另一种操作模式,并将控制从一个软件实体转移到另一个软件实体。 软件实体可以是例如主机操作系统和虚拟机监视器。 因此,例如,虚拟计算机系统可以包括64位主机操作系统和32位虚拟机监视器,分别以长模式和传统模式在x86-64微处理器上执行,虚拟机监视器支持 x86虚拟机。 切换例程可以部分地或完全地实现在身份映射的存储器页面中。 可以由安装在虚拟计算机系统的主机操作系统中的驱动程序启动切换例程的执行。
-
公开(公告)号:US20080163255A1
公开(公告)日:2008-07-03
申请号:US11648111
申请日:2006-12-29
申请人: Alberto J. Munoz , Sorin Iacobovici
发明人: Alberto J. Munoz , Sorin Iacobovici
IPC分类号: G06F9/44
CPC分类号: G06F11/2028 , G06F11/2051
摘要: Methods and apparatus to provide core sparing on multi-core platforms are described. In an embodiment, stored core state information of a target core (e.g., a core that has detected a fault condition (e.g., within its circuitry) or a request to offload operations from the target core (e.g., to enable run-time diagnostics without interfering with system software)) may be read by a spare core which is to operationally replace the target core. Other embodiments are also described.
摘要翻译: 描述了在多核平台上提供核心备用的方法和设备。 在一个实施例中,存储目标核心的核心状态信息(例如,已经检测到故障状况的核心(例如,在其电路内)或从目标核心卸载操作的请求(例如,以启用运行时诊断而没有 干扰系统软件))可以由备用核心读取,备用核心在运行上替代目标核心。 还描述了其它实施例。
-
20.发明授权System and method for recovering from memory failures in computer systems 有权用于从计算机系统中的内存故障中恢复的系统和方法公开(公告)号:US06851074B2
公开(公告)日:2005-02-01
申请号:US09845469
申请日:2001-04-30
申请人: Dejan S. Miloiicic , Thomas Wylegala , Fong Pong , Stephen Hoyle , Lance W. Russell , Lu Xu , Alberto J. Munoz
发明人: Dejan S. Miloiicic , Thomas Wylegala , Fong Pong , Stephen Hoyle , Lance W. Russell , Lu Xu , Alberto J. Munoz
CPC分类号: G06F11/0772 , G06F11/073 , G06F11/0793 , G06F11/141
摘要: The present invention is a system and method for recovering from memory failures in computer systems. The method of the present invention includes the steps of: identifying a predetermined instruction sequence; monitoring for memory access errors in response to the request; logging a memory access error in an error logging register; polling the register for any logged memory access error during execution of the instruction sequence; and raising exceptions, if the memory access error is logged. Within the system of the present invention, memory access errors are stored in an error logging register, machine check abort handles are masked, and memory controllers are under full control of the software so that memory access errors can be intercepted and responded to without necessitating a system reboot or application restart. The present invention is particularly applicable to O/S code which can not otherwise recover from memory errors except by rebooting.
摘要翻译: 本发明是一种用于从计算机系统中的存储器故障中恢复的系统和方法。 本发明的方法包括以下步骤:识别预定指令序列; 根据请求监视内存访问错误; 在错误记录寄存器中记录存储器访问错误; 在执行指令序列期间轮询寄存器中任何记录的存储器访问错误; 并且如果记录了内存访问错误,则引发异常。 在本发明的系统内,存储器访问错误存储在错误记录寄存器中,机器检查中止处理被屏蔽,并且存储器控制器在软件的完全控制下,从而可以拦截和响应存储器访问错误而不需要 系统重新启动或应用程序重启。 本发明特别适用于除了重新启动之外不能从存储器错误中恢复的O / S代码。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.025 秒)
