公开(公告)号：US11080189B2

公开(公告)日：2021-08-03

申请号：US16256726

申请日：2019-01-24

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Christoph Klee ,  Adrian Drzewiecki ,  Christos Karamanolis ,  Richard P. Spillane ,  Maxime Austruy

IPC: G06F12/0815 ,  G06F12/1027

Abstract: The present disclosure provides techniques for managing a cache of a computer system using a cache management data structure. The cache management data structure includes a cold queue, a ghost queue, and a hot queue. The techniques herein improve the functioning of the computer because management of the cache management data structure can be performed in parallel with multiple cores or multiple processors, because a sequential scan will only pollute (i.e., add unimportant memory pages) cold queue, and to an extent, ghost queue, but not hot queue, and also because the cache management data structure has lower memory requirements and lower CPU overhead on cache hit than some prior art algorithms.

公开(公告)号：US10853126B2

公开(公告)日：2020-12-01

申请号：US16046585

申请日：2018-07-26

Applicant: VMware, Inc.

Inventor： Gabriel Tarasuk-Levin ,  Chi-Hsiang Su ,  Christoph Klee ,  Robert Bosch

IPC: G06F9/455 ,  G06F9/48 ,  H04L29/12

Abstract: The disclosure provides an approach for dynamically reprogramming network and network infrastructure in response to VM mobility. The approach provides a hypervisor layer that can observe changes in VM-host relationships and reprogram the associated network and network infrastructure to maintain network communication. The hypervisor layer notifies an elastic network interface of a new IP address to include within its whitelist in response to VM migration to that elastic network interface.

公开(公告)号：US10747594B1

公开(公告)日：2020-08-18

申请号：US16256713

申请日：2019-01-24

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Christoph Klee ,  Adrian Drzewiecki ,  Christos Karamanolis ,  Richard P. Spillane ,  Maxime Austruy

IPC: G06F9/54

Abstract: The disclosure provides an approach for performing an operation by a first process on behalf of a second process, the method comprising: obtaining, by the first process, a memory handle from the second process, wherein the memory handle allows access, by the first process, to at least some of the address space of the second process; dividing the address space of the memory handle into a plurality of sections; receiving, by the first process, a request from the second process to perform an operation; determining, by the first process, a section of the plurality of sections that is to be mapped from the address space of the memory handle to the address space of the first process for the performance of the operation by the first process; mapping the section from the address space of the memory handle to the address space of the first process; and performing the operation by the first process on behalf of the second process.

公开(公告)号：US10025606B2

公开(公告)日：2018-07-17

申请号：US14686558

申请日：2015-04-14

Applicant: VMware, Inc.

Inventor： Christoph Klee ,  Adrian Drzewiecki

IPC: G06F3/00 ,  G06F5/00 ,  G06F13/00 ,  G06F9/455 ,  G06F3/06 ,  G06F9/54

Abstract: Techniques for enabling filter-level access to a virtual disk (VMDK) are provided. In one set of embodiments, an application can invoke a first application programming interface (API) for opening the VMDK, the invoking of the first API causing an ordered group of filters associated with the VMDK to be instantiated. The application can further coordinate with a target filter in the ordered group of filters to establish a communication channel with the target filter and can receive, from the target filter, a handle to the target filter via the communication channel. The application can then issue an I/O request to the VMDK via the target filter using the handle, the issuing causing data associated with the I/O request to be filtered by other filters that are downstream from the target filter in the ordered group.

公开(公告)号：US09875184B2

公开(公告)日：2018-01-23

申请号：US14645733

申请日：2015-03-12

Applicant: VMware, Inc.

Inventor： Adrian Drzewiecki ,  Christoph Klee

IPC: G06F12/00 ,  G06F12/0802

CPC classification number: G06F12/0802 ,  G06F3/06 ,  G06F12/0868 ,  G06F2212/224

Abstract: A method for processing a read request comprises intercepting a read request that includes a logical block address (LBA) of the storage device by an IO filter driver and retrieving a disk identifier (ID) associated with the LBA from a metadata file associated with the storage device. The method further comprises sending the LBA and the disk ID to a daemon configured to read and write to a cache. If the daemon returns cached data associated with the LBA and the disk ID, the method returns the cached data in response to the read request. If the daemon does not return cached data associated with the LBA and the disk ID, the method transmits the read request to the storage device.

公开(公告)号：US09575658B2

公开(公告)日：2017-02-21

申请号：US14656152

申请日：2015-03-12

Applicant: VMware, Inc.

Inventor： Christoph Klee ,  Adrian Drzewiecki ,  Jesse Pool ,  Nishant Yadav

IPC: G06F12/00 ,  G06F3/06 ,  G06F17/30

CPC classification number: G06F3/0604 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/0673 ,  G06F17/30171 ,  G06F17/30233

Abstract: A method for opening a virtual disk comprises reading information from a metadata file that identifies the current owner of the virtual disk. The method further includes sending a release request to the current owner of the virtual disk to release the virtual disk, writing information to the metadata file identifying the new owner, and then opening the virtual disk.

Abstract translation: 用于打开虚拟磁盘的方法包括从识别虚拟磁盘的当前所有者的元数据文件读取信息。 该方法还包括向虚拟磁盘的当前所有者发送释放请求以释放虚拟磁盘，向识别新所有者的元数据文件写入信息，然后打开虚拟磁盘。

公开(公告)号：US20160306578A1

公开(公告)日：2016-10-20

申请号：US14686527

申请日：2015-04-14

Applicant: VMware, Inc.

Inventor： Adrian Drzewiecki ,  Christoph Klee ,  Mounesh Badiger

IPC: G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0659 ,  G06F3/0673 ,  G06F12/14 ,  G06F12/1416 ,  G06F13/1663

Abstract: Techniques for enabling secure cross-process memory sharing are provided. In one set of embodiments, a first user process executing on a computer system can create a memory handle representing a memory space of the first user process. The first user process can further define one or more access restrictions with respect to the memory handle. The first user process can then transmit the memory handle to a second user process executing on the computer system, the memory handle enabling the second user process to access at least a portion of the first process' memory space, subject to the one or more access restrictions.

Abstract translation: 提供了用于实现安全的跨进程内存共享的技术。 在一组实施例中，在计算机系统上执行的第一用户进程可以创建表示第一用户进程的存储器空间的存储器句柄。 第一用户进程可以进一步定义关于存储器句柄的一个或多个访问限制。 然后，第一用户进程可以将存储器句柄传送到在计算机系统上执行的第二用户进程，存储器句柄使得第二用户进程能够访问第一进程的存储器空间的至少一部分，受到一个或多个访问 限制

公开(公告)号：US09311475B2

公开(公告)日：2016-04-12

申请号：US14297044

申请日：2014-06-05

Applicant: VMware, Inc.

Inventor： Mukund Gunti ,  Christoph Klee

IPC: G06F9/00 ,  G06F21/51 ,  G06F21/57

CPC classification number: G06F21/51 ,  G06F21/57

Abstract: A computer system mechanism is provided that restricts execution of binaries, such as applications, kernel modules, shared libraries, on the computing system to only those that have been installed by an approved mechanism. The approved mechanism acts as a single entry point on the computing for installing new binaries. Any change in file content or metadata taints an executable file and prevents execution by the kernel. Files copied over and not installed via, the approved mechanism will not be executed.

Abstract translation: 提供了一种计算机系统机制，其将在计算系统上的二进制文件（例如应用程序，内核模块，共享库）的执行限制为仅由经批准的机制安装的那些。 已批准的机制作为安装新二进制文件的计算的单个入口点。 文件内容或元数据的任何更改都会影响可执行文件，并阻止内核执行。 文件复制并未安装，经批准的机制将不会执行。

公开(公告)号：US20150212867A1

公开(公告)日：2015-07-30

申请号：US14304477

申请日：2014-06-13

Applicant: VMware, Inc.

Inventor： Christoph Klee ,  Mukund Gunti ,  Adrian Drzewiecki

IPC: G06F9/54 ,  G06F3/06 ,  G06F9/50

CPC classification number: G06F9/50 ,  G06F3/0605 ,  G06F3/0659 ,  G06F3/0673 ,  G06F9/5005 ,  G06F9/52 ,  G06F9/545

Abstract: The approaches described herein implement execution of a user space operation from a kernel context. A thread, executing on a computing device, initializes a second kernel stack based on a first kernel stack. The computing device executes an operating system having a user space and a kernel space. The thread, executing in kernel space, performs a non-blocking call (e.g., an upcall) to execute an upcall function in user space, such as filtering input/output (I/O) requests. The upcall function may further call other user space functions or system calls. The system calls are performed using the second kernel stack. Upon termination of the upcall function, the thread continues execution on the first kernel stack in kernel space. For example, the thread handles the filtered I/O commands.

Abstract translation: 本文描述的方法实现了从内核上下文执行用户空间操作。 在计算设备上执行的线程基于第一内核栈初始化第二内核栈。 计算设备执行具有用户空间和内核空间的操作系统。 在内核空间中执行的线程执行非阻塞调用（例如，上调）来执行用户空间中的上调功能，例如过滤输入/输出（I / O）请求。 上调功能可以进一步调用其他用户空间功能或系统调用。 使用第二个内核堆栈执行系统调用。 在上调功能终止后，线程将继续执行内核空间中的第一个内核栈。 例如，线程处理过滤的I / O命令。