公开(公告)号：US20100031254A1

公开(公告)日：2010-02-04

申请号：US12182971

申请日：2008-07-30

申请人： Yau Ning Chin ,  Rene Antonio Vega ,  John Te-Jui Sheu ,  Arun Kishan ,  Thomas Fahrig

发明人： Yau Ning Chin ,  Rene Antonio Vega ,  John Te-Jui Sheu ,  Arun Kishan ,  Thomas Fahrig

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F9/45533 ,  G06F9/526 ,  G06F2009/4557

摘要： Various aspects are disclosed herein for attenuating spin waiting in a virtual machine environment comprising a plurality of virtual machines and virtual processors. Selected virtual processors can be given time slice extensions in order to prevent such virtual processors from becoming de-scheduled (and hence causing other virtual processors to have to spin wait). Selected virtual processors can also be expressly scheduled so that they can be given higher priority to resources, resulting in reduced spin waits for other virtual processors waiting on such selected virtual processors. Finally, various spin wait detection techniques can be incorporated into the time slice extension and express scheduling mechanisms, in order to identify potential and existing spin waiting scenarios.

摘要翻译： 本文公开了用于在包括多个虚拟机和虚拟处理器的虚拟机环境中衰减自旋等待的各个方面。 选定的虚拟处理器可以被给定时间片扩展，以防止这种虚拟处理器变得不被调度（并且因此导致其他虚拟处理器必须旋转等待）。 也可以明确地调度所选择的虚拟处理器，使得它们可以被赋予更高的资源优先级，从而减少等待这些所选择的虚拟处理器的其他虚拟处理器的旋转等待。 最后，各种旋转等待检测技术可以被并入到时间片扩展中并且表达调度机制，以便识别潜在的和现有的旋转等待场景。

公开(公告)号：US20080155168A1

公开(公告)日：2008-06-26

申请号：US11644502

申请日：2006-12-22

申请人： John Te-Jui Sheu ,  Ernest S. Cohen ,  Matthew D. Hendel ,  Landy Wang ,  Rene Antonio Vega ,  Sharvil A. Nanavati

发明人： John Te-Jui Sheu ,  Ernest S. Cohen ,  Matthew D. Hendel ,  Landy Wang ,  Rene Antonio Vega ,  Sharvil A. Nanavati

IPC分类号： G06F12/10

CPC分类号： G06F12/1027

摘要： Various operations are provided that improve the scalability of virtual TLBs in multi-processor virtual machines, and they include: implicitly locking SPTs using per-processor generation counters; waiting for pending fills on other virtual processors to complete before servicing a GVA invalidation using the counters; write-protecting or unmaping guest pages in a deferred two-stage process or reclaiming SPTs in a deferred two-stage process; periodically coalescing two SPTs that shadow the same GPT with the same attributes; sharing SPTs between two SASes only at a specified level in a SPTT; flushing the entire virtual TLB using a generation counter; allocating a SPT to GPT from a NUMA node on which the GPT resides; having an instance for each NUMA node on which a virtual machine runs; and, correctly handling the serializing instructions executed by a guest in a virtual machine with more than one virtual processor sharing the virtual TLB.

摘要翻译： 提供了提高多处理器虚拟机中虚拟TLB可扩展性的各种操作，包括：使用每处理器生成计数器隐式锁定SPT; 在使用计数器服务GVA无效之前等待其他虚拟处理器上的待处理填充; 在延迟的两阶段过程中写入保护或取消映射访客页面或在延迟的两阶段过程中回收SPT; 定期合并两个具有相同属性的相同GPT的SPT; 在SPTT之间仅在指定级别共享两个SAS之间的SPT; 使用生成计数器刷新整个虚拟TLB; 从GPT所在的NUMA节点向GPT分配SPT; 具有运行虚拟机的每个NUMA节点的实例; 并且正确地处理由具有多个共享虚拟TLB的虚拟处理器的虚拟机中的来宾执行的序列化指令。

公开(公告)号：US20080141277A1

公开(公告)日：2008-06-12

申请号：US11635455

申请日：2006-12-06

申请人： Eric P. Traut ,  Shuvabrata Ganguly ,  Rene Antonio Vega

发明人： Eric P. Traut ,  Shuvabrata Ganguly ,  Rene Antonio Vega

IPC分类号： G06F13/24 ,  G06F13/38

CPC分类号： G06F9/45533 ,  G06F9/4812 ,  G06F13/24

摘要： Various operations are disclosed for improving the operational efficiency of interrupt handling in a virtualized environment. A virtualized interrupt controller may obviate the need for an explicit end-of-interrupt command by providing an automatic EOI capability even when a physical interrupt controller offers no such mechanism. The use of a message pending bit for inter-partition communications facilitates avoiding an EOI command of inter-processor interrupts used in inter-partition communications whenever no further messages are cued for a particular message slot. A virtualized interrupt controller facilitates the selective EOI of an interrupt even when it is not the highest priority in-service interrupt irrespective of whether a physical interrupt controller provides such functionality.

摘要翻译： 公开了用于提高虚拟化环境中的中断处理的操作效率的各种操作。 即使当物理中断控制器不提供这样的机制时，虚拟化中断控制器也可以通过提供自动EOI功能来消除对显式终止中断命令的需要。 使用消息等待位进行分区间通信有助于避免在分组间通信中使用的处理器间中断的EOI命令，无论对于特定消息时隙没有进一步的消息被提示。 即使虚拟中断控制器不是最高优先级的在役中断，无论物理中断控制器是否提供这样的功能，虚拟中断控制器便于中断的选择性EOI。

公开(公告)号：US20070271560A1

公开(公告)日：2007-11-22

申请号：US11437142

申请日：2006-05-18

申请人： Brian M. Wahlert ,  Rene Antonio Vega ,  Robert Gibson ,  Robert M. Fries ,  William L. Scheidel ,  Pavel A. Dournov ,  John Morgan Oslake

发明人： Brian M. Wahlert ,  Rene Antonio Vega ,  Robert Gibson ,  Robert M. Fries ,  William L. Scheidel ,  Pavel A. Dournov ,  John Morgan Oslake

IPC分类号： G06F9/455

CPC分类号： G06F9/455 ,  G06F8/61 ,  G06F9/5005

摘要： To determine whether to deploy a candidate VM to a candidate host, taking into consideration resources available from the candidate host and resources required by the candidate VM, a sub-rating is calculated for each of several resources available from the candidate host, where the sub-rating for the resource corresponds to an amount of the resource that is free after the candidate VM is deployed to the candidate host. Thereafter, a rating is calculated from the calculated sub-ratings to characterize how well the candidate host can accommodate the candidate VM. The rating for the candidate host are presented to a selector that determines whether to deploy the candidate VM to the candidate host based on the rating thereof.

摘要翻译： 为了确定是否将候选VM部署到候选主机，考虑到候选主机可用的资源和候选VM所需的资源，针对从候选主机可用的几种资源中的每一个计算子分级，其中子 - 资源对应于将候选VM部署到候选主机之后的空闲资源量。 此后，根据计算的子评级计算评级，以表征候选主机能够容纳候选VM的程度。 候选主机的评级被提供给选择器，该选择器基于其等级来确定是否将候选VM部署到候选主机。

公开(公告)号：US09183030B2

公开(公告)日：2015-11-10

申请号：US13095671

申请日：2011-04-27

申请人： Andrew Nicholas ,  Rene Antonio Vega ,  Shuvabrata Ganguly ,  Ellsworth Davis Walker ,  Manish Chablani

发明人： Andrew Nicholas ,  Rene Antonio Vega ,  Shuvabrata Ganguly ,  Ellsworth Davis Walker ,  Manish Chablani

IPC分类号： G06F9/455 ,  G06F9/46

CPC分类号： G06F9/45558 ,  G06F2009/45562

摘要： One or more virtual processors can be added or removed from a virtual machine based on CPU pressure measured within the virtual machine. In addition to the foregoing, CPU pressure can also be used to determine whether to remove a virtual processor from a virtual machine, which may cause the computer system to consume less power. In the alternative, virtual processors can be parked and/or unparked in order to reduce the amount of power consumed by the virtual machine. In addition, virtual processors can be forcibly parked during a migration operation.

摘要翻译： 可以根据在虚拟机内测量的CPU压力从虚拟机添加或移除一个或多个虚拟处理器。 除了上述之外，还可以使用CPU压力来确定是否从虚拟机移除虚拟处理器，这可能导致计算机系统消耗较少的功率。 在替代方案中，可以将虚拟处理器停放和/或未停机，以便减少虚拟机消耗的功率量。 此外，虚拟处理器可以在迁移操作期间被强制停放。

公开(公告)号：US08612633B2

公开(公告)日：2013-12-17

申请号：US12752014

申请日：2010-03-31

申请人： Lawrence R. Cleeton ,  Andrei Warkentin ,  Andrew Nicholas ,  Rene Antonio Vega ,  Jacob Oshins ,  John A. Starks

发明人： Lawrence R. Cleeton ,  Andrei Warkentin ,  Andrew Nicholas ,  Rene Antonio Vega ,  Jacob Oshins ,  John A. Starks

IPC分类号： G06F3/00 ,  G06F9/455

CPC分类号： G06F9/45558 ,  G06F2009/45579

摘要： Techniques for reducing virtual machine input/output emulation overhead and decreasing the attack surface of a virtual machine architecture are disclosed.

摘要翻译： 公开了用于减少虚拟机输入/输出仿真开销和减少虚拟机架构的攻击面的技术。

公开(公告)号：US07987497B1

公开(公告)日：2011-07-26

申请号：US10794898

申请日：2004-03-05

申请人： Aaron Giles ,  Eric P. Traut ,  Rene Antonio Vega

发明人： Aaron Giles ,  Eric P. Traut ,  Rene Antonio Vega

IPC分类号： G06F7/04 ,  G06F17/30 ,  G06F11/30 ,  G06F12/14 ,  G06F13/00 ,  G06F13/28 ,  H04N7/16 ,  H04L29/06 ,  B41K3/38

CPC分类号： G06F13/385 ,  G06F9/45537 ,  G06F21/53 ,  G06F2213/0058 ,  G06F2213/3802

摘要： Several embodiments of the present invention provide a means for improving data access security in computer systems to support high-security applications, and certain of these embodiments are specifically directed to providing sector-level encryption of a virtual hard disk in a virtual machine environment. More specifically, certain embodiments are directed to providing sector-level encryption by using plug-ins in a virtual machine environment, thereby providing improved data access security in a computer system that supports high-security applications. Certain embodiments also use encryption plug-ins associated with standard encryption software for exchanging data between a virtual machine (VM) and its associated virtual hard drive(s) (VHDs). Moreover, several embodiments of the present invention are directed to the use of plug-in encryption services that interface with, and provide services for, a VM via a VM Encryption API (or its equivalent).

摘要翻译： 本发明的几个实施例提供了一种用于改善计算机系统中的数据访问安全性以支持高安全性应用的手段，并且这些实施例中的某些具体涉及在虚拟机环境中提供虚拟硬盘的扇区级加密。 更具体地，某些实施例旨在通过在虚拟机环境中使用插件来提供扇区级加密，从而在支持高安全性应用的计算机系统中提供改进的数据访问安全性。 某些实施例还使用与标准加密软件相关联的加密插件来在虚拟机（VM）及其相关联的虚拟硬盘驱动器（VHD）之间交换数据。 此外，本发明的若干实施例涉及使用通过VM加密API（或其等价物）与VM接口并为VM提供服务的插件加密服务。

公开(公告)号：US07788464B2

公开(公告)日：2010-08-31

申请号：US11644502

申请日：2006-12-22

申请人： John Te-Jui Sheu ,  Ernest S. Cohen ,  Matthew D. Hendel ,  Landy Wang ,  Rene Antonio Vega ,  Sharvil A. Nanavati

发明人： John Te-Jui Sheu ,  Ernest S. Cohen ,  Matthew D. Hendel ,  Landy Wang ,  Rene Antonio Vega ,  Sharvil A. Nanavati

IPC分类号： G06F12/10

CPC分类号： G06F12/1027

摘要： Various operations are provided that improve the scalability of virtual TLBs in multi-processor virtual machines, and they include: implicitly locking SPTs using per-processor generation counters; waiting for pending fills on other virtual processors to complete before servicing a GVA invalidation using the counters; write-protecting or unmaping guest pages in a deferred two-stage process or reclaiming SPTs in a deferred two-stage process; periodically coalescing two SPTs that shadow the same GPT with the same attributes; sharing SPTs between two SASes only at a specified level in a SPTT; flushing the entire virtual TLB using a generation counter; allocating a SPT to GPT from a NUMA node on which the GPT resides; having an instance for each NUMA node on which a virtual machine runs; and, correctly handling the serializing instructions executed by a guest in a virtual machine with more than one virtual processor sharing the virtual TLB.

摘要翻译： 提供了提高多处理器虚拟机中虚拟TLB可扩展性的各种操作，包括：使用每处理器生成计数器隐式锁定SPT; 在使用计数器服务GVA无效之前等待其他虚拟处理器上的待处理填充; 在延迟的两阶段过程中写入保护或取消映射访客页面或在延迟的两阶段过程中回收SPT; 定期合并两个具有相同属性的相同GPT的SPT; 在SPTT之间仅在指定级别共享两个SAS之间的SPT; 使用生成计数器刷新整个虚拟TLB; 从GPT所在的NUMA节点向GPT分配SPT; 具有运行虚拟机的每个NUMA节点的实例; 并且正确地处理由具有多个共享虚拟TLB的虚拟处理器的虚拟机中的来宾执行的序列化指令。

公开(公告)号：US20080215848A1

公开(公告)日：2008-09-04

申请号：US12098766

申请日：2008-04-07

申请人： John Te-Jui Sheu ,  David S. Bailey ,  Eric P. Traut ,  Rene Antonio Vega

发明人： John Te-Jui Sheu ,  David S. Bailey ,  Eric P. Traut ,  Rene Antonio Vega

IPC分类号： G06F12/10

CPC分类号： G06F12/1036 ,  G06F2212/151 ,  G06F2212/683

摘要： A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.

摘要翻译： 通过影像页表虚拟化存储器的方法，其缓存来自虚拟机中的多个访客地址空间的转换，包括硬件标记的翻译后备缓冲器的软件版本。 通过拦截向客户页面表创建客户机可写映射，并通过缓存在阴影页表中的翻译来检测访客页面表的编辑。 受影响的缓存翻译被标记为陈旧，并被清除在地址空间开关或客人不加区别地翻译翻译。 因此，非陈旧的翻译仍保持高速缓存，但是陈旧的翻译将被丢弃。 该方法包括跟踪访客页面表的访客可写映射，将此类映射的发现推迟到访客页面表，直到当未跟踪的访客页面表的数量超过阈值时清除所有缓存的翻译，并共享阴影 阴影地址空间和虚拟处理器之间的页表。

公开(公告)号：US07260702B2

公开(公告)日：2007-08-21

申请号：US10883496

申请日：2004-06-30

申请人： Rene Antonio Vega ,  Eric P. Traut

发明人： Rene Antonio Vega ,  Eric P. Traut

IPC分类号： G06F12/00 ,  G06F9/44 ,  G06F9/46

CPC分类号： G06F12/10 ,  G06F9/45554 ,  G06F12/1009 ,  G06F2212/1004

摘要： The present invention provides a virtualized computing systems and methods for transitioning in real time between LONG SUPER-MODE and LEGACY SUPER-MODE in the x86-64 architecture. In doing so, a virtual machine, which relies on the traditional 32-bit modes, i.e., REAL MODE and PROTECTED MODE (V86 SUB-MODE, RING-0 SUB-MODE, and RING-3 SUB-MODE), is able to run alongside other applications on x86-64 computer hardware (i.e., 64-bit). The method of performing a temporary processor mode context switch includes the steps of the virtual machine monitor's setting up a “virtual=real” page, placing the transition code for performing the processor mode context switch on this page, jumping to this page, disabling the memory management unit (MMU) of the x86-64 computer hardware, modifying the mode control register to set either the LONG SUPER-MODE bit or LEGACY SUPER-MODE bit, loading a new page table, and reactivating the MMU of the x86-64 computer hardware.

摘要翻译： 本发明提供了一种用于在x86-64架构中的LONG SUPER-MODE和LEGACY SUPER-MODE之间实时转换的虚拟化计算系统和方法。 这样做，依靠传统的32位模式，即REAL模式和PROTECTED MODE（V86 SUB-MODE，RING-0 SUB-MODE和RING-3 SUB-MODE）的虚拟机能够 与x86-64计算机硬件（即64位）上的其他应用程序一起运行。 执行临时处理器模式上下文切换的方法包括虚拟机监视器设置“虚拟=真实”页面的步骤，将用于执行处理器模式上下文切换的转换代码放置在该页面上，跳转到该页面，禁用 x86-64计算机硬件的存储器管理单元（MMU），修改模式控制寄存器以设置LONG SUPER-MODE位或LEGACY SUPER-MODE位，加载新的页表，并重新激活x86-64的MMU 电脑硬件。