公开(公告)号：US20210311764A1

公开(公告)日：2021-10-07

申请号：US16838690

申请日：2020-04-02

Applicant: VMware, Inc.

Inventor： Jared Sean ROSOFF ,  Mark Russell JOHNSON ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F9/445 ,  G06F9/48 ,  G06F9/54

Abstract: An example virtualized computing system includes a host cluster having a virtualization layer directly executing on hardware platforms of hosts, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs, the pod VMs including container engines supporting execution of containers in the pod VMs; an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server and pod VM controllers, the pod VM controllers executing in the virtualization layer external to the VMs, the pod VM controllers configured as agents of the master server to manage the pod VMs; pod VM agents, executing in the pod VMs, configured as agents of the pod VM controllers to manage the containers executing in the pod VMs.

公开(公告)号：US20210311757A1

公开(公告)日：2021-10-07

申请号：US16838432

申请日：2020-04-02

Applicant: VMware, Inc.

Inventor： Daniel MUELLER ,  Abhishek SRIVASTAVA ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  H04L29/08 ,  H04L12/46 ,  H04L29/06

Abstract: Introspection into containers running in virtual machines (VMs) that are instantiated on a host computer is achieved. A method of processing an introspection command for a container, funning in a virtual machine, is carried out by a VM management process, and includes the steps of receiving a first request that is formulated according to a first protocol, e.g., transmission control protocol, and includes the introspection command, identifying the virtual machine from the first request, formulating a second request that includes the introspection command, according to a second protocol (e.g., virtual socket protocol), and transmitting the second request to a container management process running in the virtual machine for the container management process to execute the introspection command.

公开(公告)号：US20200034310A1

公开(公告)日：2020-01-30

申请号：US16046829

申请日：2018-07-26

Applicant: VMware Inc.

Inventor： Adrian DRZEWIECKI

IPC: G06F12/1009

Abstract: The present disclosure relates to handling page faults in a constant time. In particular, a data structure of a fixed height is used to store the page tables, allowing for a constant look up time for a particular page. Further, a virtual address descriptor corresponding to the page is used to obtain and load the data into the corresponding instruction data into the page. The virtual address descriptor is directly accessible from the page obtained from walking the page table. This allows page faults to be handled more efficiently in constant time.

公开(公告)号：US20170060765A1

公开(公告)日：2017-03-02

申请号：US14838541

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Harvey TUCH ,  Andrei WARKENTIN ,  Adrian DRZEWIECKI

IPC: G06F12/10

CPC classification number: G06F12/0292 ,  G06F12/04 ,  G06F12/06 ,  G06F2212/151 ,  G06F2212/656

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

Abstract translation: 计算机系统提供一种用于确保对属于CPU的专用数据区（PRDA）的安全的，不可抢占的访问的机制。 PRDA访问通常包括获得PRDA的地址并使用获得的地址对PRDA执行操作。 对PRDA的安全，不可抢占的访问通常确保上下文访问上下文正在执行的CPU的PRDA，而不是另一个CPU的PRDA。 当上下文在第一个CPU上执行时，上下文获取PRDA的地址。 在将上下文迁移到第二CPU之后，上下文使用在第一CPU上执行的上下文获得的地址对属于第二CPU的PRDA执行一个或多个操作。 在另一个实施例中，上下文从一个CPU到另一个CPU的抢占和可能的迁移被延迟，而上下文执行不可抢占的代码。

公开(公告)号：US20170060483A1

公开(公告)日：2017-03-02

申请号：US14838200

申请日：2015-08-27

Applicant: VMware, Inc.

Inventor： Christoph KLEE ,  Adrian DRZEWIECKI ,  Aman NIJHAWAN

IPC: G06F3/06 ,  G06F12/08

CPC classification number: G06F12/0802 ,  G06F3/061 ,  G06F3/0659 ,  G06F3/0683 ,  G06F9/5077 ,  G06F2212/1016 ,  G06F2212/50

Abstract: Exemplary methods, apparatuses, and systems include a first input/output (I/O) filter receiving, from a first filter module within a virtualization stack of a host computer, an input/output (I/O) request originated by a virtual machine and directed to a first virtual disk. The first I/O filter determines to redirect the I/O request to a second virtual disk and, in response, forwards the I/O request to a second I/O filter associated with the second virtual disk. The first I/O filter is a part of a first instance of a filter framework within the host computer and the second I/O filter is part of a second, separate instance of the filter framework.

Abstract translation: 示例性方法，装置和系统包括从主计算机的虚拟化堆栈内的第一过滤器模块接收由虚拟机发起的输入/输出（I / O）请求的第一输入/输出（I / O） 并定向到第一个虚拟磁盘。 第一个I / O过滤器确定将I / O请求重定向到第二个虚拟磁盘，作为响应，将I / O请求转发到与第二个虚拟磁盘相关联的第二个I / O过滤器。 第一个I / O过滤器是主机中过滤器框架的第一个实例的一部分，第二个I / O过滤器是过滤器框架的第二个独立实例的一部分。