公开(公告)号：US20220019456A1

公开(公告)日：2022-01-20

申请号：US17013727

申请日：2020-09-07

Applicant: VMware, Inc.

Inventor： MOUNESH BADIGER ,  Wenguang Wang ,  Adrian Drzewiecki ,  Maxime Austruy ,  Satish Pudi

IPC: G06F9/455 ,  G06F12/1036 ,  G06F12/02

Abstract: Examples provide a method of communication between a client driver and a filesystem server. The client driver executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client driver, shared memory in an address space of the VM for the communication; sending identification information for the shared memory from the client driver to the filesystem server through an inter-process communication channel between the client driver and the filesystem server; identifying, by the filesystem server in cooperation with a kernel of the hypervisor, the shared memory within an address space of the hypervisor, based on the identification information, to create a shared memory channel; sending commands from the client driver to the filesystem server through the shared memory channel; and receiving completion messages for the commands from the filesystem server to the client driver through the shared memory channel.

公开(公告)号：US11182196B2

公开(公告)日：2021-11-23

申请号：US16681990

申请日：2019-11-13

Applicant: VMware, Inc.

Inventor： Sahan Gamage ,  Benjamin J. Corrie ,  Adrian Drzewiecki ,  Pranshu Jain ,  Mark Johnson ,  Zhelong Pan ,  Rajesh Venkatasubramanian

IPC: G06F9/455 ,  G06F9/50 ,  G06F9/48

Abstract: Various aspects are disclosed for unified resource management of containers and virtual machines. A podVM resource configuration for a pod virtual machine (podVM) is determined using container configurations. The podVM comprising a virtual machine (VM) that provides resource isolation for a pod based on the podVM resource configuration. A host selection for the podVM is received from a VM scheduler. The host selection identifies hardware resources for the podVM. A container scheduler is limited to bind the podVM to a node corresponding to the hardware resources of the host selection from the VM scheduler. The podVM is created in a host corresponding to the host selection. Containers are started within the podVM. The containers correspond to the container configurations.

公开(公告)号：US20210011855A1

公开(公告)日：2021-01-14

申请号：US16551761

申请日：2019-08-27

Applicant: VMware, Inc.

Inventor： KAMAL JEET CHARAN ,  Adrian Drzewiecki ,  Mounesh Badiger ,  Pushpesh Sharma ,  Wenguang Wang ,  Maxime Austruy ,  Richard P. Spillane

IPC: G06F12/1009 ,  G06F16/182 ,  G06F9/455

Abstract: A system and method for transferring data between a user space buffer in the address space of a user space process running on a virtual machine and a storage system are described The user space buffer is represented as a file with a file descriptor in the method, a file system proxy receives a request for I/O read or write from the user space process without copying data to be transferred. The file system proxy then sends the request to a file system server without copying data to be transferred. The file system server then requests that the storage system perform the requested I/O directly between the storage system and the user space buffer, the only transfer of data being between the storage system and the user space buffer.

公开(公告)号：US10795813B2

公开(公告)日：2020-10-06

申请号：US16420549

申请日：2019-05-23

Applicant: VMware, Inc.

Inventor： Cyprien Laplace ,  Harvey Tuch ,  Andrei Warkentin ,  Adrian Drzewiecki

IPC: G06F12/02 ,  G06F12/04 ,  G06F12/06 ,  G06F9/455

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

公开(公告)号：US20180203730A1

公开(公告)日：2018-07-19

申请号：US15921822

申请日：2018-03-15

Applicant: VMware, Inc.

Inventor： Christoph Klee ,  Mukund Gunti ,  Adrian Drzewiecki

IPC: G06F9/50 ,  G06F3/06 ,  G06F9/54 ,  G06F9/52

Abstract: The approaches described herein implement synchronous execution of a user space operation from a kernel context. A thread, executing on a computing device, initializes a second kernel stack based on a first kernel stack. The computing device executes an operating system having a user space and a kernel space. The thread, executing in kernel space, performs a non-blocking call (e.g., an upcall) to execute an upcall function in user space. The upcall function may further call other user space functions or system calls. The system calls are performed using the second kernel stack. Upon termination of the upcall function, the thread continues execution on the first kernel stack.

公开(公告)号：US11799670B2

公开(公告)日：2023-10-24

申请号：US17119068

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455

CPC classification number: H04L9/3268 ,  G06F9/45558 ,  H04L9/3247 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

公开(公告)号：US11709700B2

公开(公告)日：2023-07-25

申请号：US17148445

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David A. Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

公开(公告)号：US11593149B2

公开(公告)日：2023-02-28

申请号：US17527399

申请日：2021-11-16

Applicant: VMware, Inc.

Inventor： Sahan Gamage ,  Benjamin J. Corrie ,  Adrian Drzewiecki ,  Pranshu Jain ,  Mark Johnson ,  Zhelong Pan ,  Rajesh Venkatasubramanian

IPC: G06F9/455 ,  G06F9/50 ,  G06F9/48

Abstract: Various aspects are disclosed for unified resource management of containers and virtual machines. A podVM resource configuration for a pod virtual machine (podVM) is determined using container configurations. The podVM comprising a virtual machine (VM) that provides resource isolation for a pod based on the podVM resource configuration. A host selection for the podVM is received from a VM scheduler. The host selection identifies hardware resources for the podVM. A container scheduler is limited to bind the podVM to a node corresponding to the hardware resources of the host selection from the VM scheduler. The podVM is created in a host corresponding to the host selection. Containers are started within the podVM. The containers correspond to the container configurations.

公开(公告)号：US11567754B2

公开(公告)日：2023-01-31

申请号：US17336398

申请日：2021-06-02

Applicant: VMWARE, INC.

Inventor： Tobias Franz Rolf Stumpf ,  Ashish Kaila ,  Adrian Drzewiecki ,  Vishnu Mohan Sekhar ,  Stanley Zhang

IPC: G06F8/656 ,  G06F9/48 ,  G06F9/455 ,  G06F21/60 ,  G06F12/0815 ,  G06F9/4401

Abstract: The disclosure provides an approach for a non-disruptive system upgrade. Embodiments include installing an upgraded version of an operating system (OS) on a computing system while a current version of the OS continues to run. Embodiments include entering a maintenance mode on the computing system, including preventing the addition of new applications and modifying the handling of storage operations on the computing system for the duration of the maintenance mode. Embodiments include, during the maintenance mode, configuring the upgraded version of the OS. Embodiments include, after configuring the upgraded version of the OS, suspending a subset of applications running on the computing system, transferring control over resources of the computing system to the upgraded version of the OS, and resuming the subset of the applications running on the computing system. Embodiments include exiting the maintenance mode on the computing system.

公开(公告)号：US11334498B2

公开(公告)日：2022-05-17

申请号：US16551761

申请日：2019-08-27

Applicant: VMware, Inc.

Inventor： Kamal Jeet Charan ,  Adrian Drzewiecki ,  Mounesh Badiger ,  Pushpesh Sharma ,  Wenguang Wang ,  Maxime Austruy ,  Richard P Spillane

IPC: G06F12/1009 ,  G06F16/182 ,  G06F9/455

Abstract: A system and method for transferring data between a user space buffer in the address space of a user space process running on a virtual machine and a storage system are described. The user space buffer is represented as a file with a file descriptor. In the method, a file system proxy receives a request for I/O read or write from the user space process without copying data to be transferred. The file system proxy then sends the request to a file system server without copying data to be transferred. The file system server then requests that the storage system perform the requested I/O directly between the storage system and the user space buffer, the only transfer of data being between the storage system and the user space buffer.