公开(公告)号：US11150933B2

公开(公告)日：2021-10-19

申请号：US16355497

申请日：2019-03-15

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Regis Duchesne ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455 ,  G06F11/34 ,  G06F1/3287 ,  G06F1/3234 ,  G06F9/50 ,  G06F11/30 ,  G06F1/329 ,  G06F9/48

Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

公开(公告)号：US11042485B2

公开(公告)日：2021-06-22

申请号：US16013263

申请日：2018-06-20

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Alexander Fainkichen ,  Ye Li ,  Regis Duchesne

IPC: G06F12/10 ,  G06F9/455

Abstract: An example method of implementing firmware runtime services in a computer system having a processor with a plurality of hierarchical privilege levels, the method including: calling, from software executing at a first privilege level of the processor, a runtime service stub in a firmware of the computer system; executing, by the runtime service stub, an upcall instruction from the first privilege level to a second privilege level of the processor that is more privileged than the first privilege level; and executing, by a handler, a runtime service at the second privilege level in response to execution of the upcall instruction.

公开(公告)号：US20190213033A1

公开(公告)日：2019-07-11

申请号：US16355497

申请日：2019-03-15

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Regis Duchesne ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455 ,  G06F9/50 ,  G06F1/3287 ,  G06F11/34 ,  G06F1/3234

CPC classification number: G06F9/45558 ,  G06F1/3234 ,  G06F1/3287 ,  G06F9/5077 ,  G06F11/3423

Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

公开(公告)号：US09489211B2

公开(公告)日：2016-11-08

申请号：US14675381

申请日：2015-03-31

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Alexander Fainkichen ,  Harvey Tuch

IPC: G06F13/00 ,  G06F9/44

CPC classification number: G06F9/4411

Abstract: A mapping table is passed to system software upon loading of the system software in a computer system. The mapping table is generated from a user-defined configuration file and maps device identifiers of various devices implemented in the computer system, as assigned by the device manufacturers, to device identifiers that are recognizable by the system software. The mapping is used by the system software when it performs binding of device drivers to devices so that devices that have been given generic and sometimes obscure names by the device manufacturers can still be associated with and bound to device drivers loaded by the system software.

Abstract translation: 在计算机系统中加载系统软件时，将映射表传递给系统软件。 映射表是从用户定义的配置文件生成的，并将在设备制造商分配的计算机系统中实现的各种设备的设备标识符映射到系统软件可识别的设备标识符。 当系统软件执行设备驱动程序到设备的绑定时，系统软件将使用该映射，以便设备制造商给予通用且有时是模糊的名称的设备仍然可以与系统软件加载的设备驱动程序相关联并绑定到设备驱动程序。

公开(公告)号：US20160127321A1

公开(公告)日：2016-05-05

申请号：US14994383

申请日：2016-01-13

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

公开(公告)号：US20150033324A1

公开(公告)日：2015-01-29

申请号：US14513783

申请日：2014-10-14

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F9/445 ,  G06F9/455

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

Abstract translation: 本发明的一个实施例提供了一种用于提供对授权应用的虚拟专用网（VPN）连接的独占访问的系统。 在操作期间，系统创建一个不同于主机系统的默认网络命名空间的唯一网络命名空间。 然后，系统将与VPN连接相关联的伪网络接口放置到唯一的网络命名空间中。 此外，系统将至少一个用于授权应用程序的套接字放置到唯一网络命名空间中。 该系统还防止主机上的未经授权的应用程序访问唯一的网络命名空间，从而有助于授权应用程序对VPN连接的独占访问。

公开(公告)号：US12118362B2

公开(公告)日：2024-10-15

申请号：US17559346

申请日：2021-12-22

Applicant: VMware, Inc.

Inventor： Cyprien Laplace ,  Sunil Kumar Kotian ,  Andrei Warkentin ,  Regis Duchesne ,  Alexander Fainkichen ,  Shruthi Muralidhara Hiriyuru ,  Ye Li

IPC: G06F9/30 ,  G06F9/38 ,  G06F9/455

CPC classification number: G06F9/3861 ,  G06F9/45558

Abstract: An example method of exception handling in a computer system is described. The computer system includes a physical central processing unit (PCPU) and a system memory, the system memory storing a first stack, a second stack, and a double fault stack associated with the PCPU. The method includes: storing, by an exception handler executing in the computer system, an exception frame on the double fault stack in response to a stack overflow condition of the first stack; switching, by the exception handler, a first stack pointer of the PCPU from pointing to the first stack to pointing to the double fault stack; setting a current stack pointer of the PCPU to the first stack pointer; and executing software on the PCPU with the current stack pointer pointing to the double fault stack.

公开(公告)号：US20240163260A1

公开(公告)日：2024-05-16

申请号：US17984419

申请日：2022-11-10

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Adithya Uligere Narasimhamurthy ,  Alexander Fainkichen ,  Jared McNeil

IPC: H04L9/40 ,  G06F21/57

CPC classification number: H04L63/0428 ,  G06F21/572 ,  G06F2221/034

Abstract: Systems and methods are described for secure management of a data processing unit (“DPU”). In an example, a baseboard management controller (“BMC”) can provision a DPU. Provisioning can include configuring a local storage device for DPU storage and locking access to the DPU storage with an encrypted access key. To boot the DPU, the BMC can initiate DPU firmware on the DPU. The DPU firmware can retrieve the access key from the BMC and unlock the DPU storage with the access key. The DPU firmware can be configured to then delete the access key. Once the DPU storage is unlocked, the DPU firmware can load an operating system of the DPU. The BMC can be the only entity that retains the access key. To perform a secure wipe, instructions can be provided to the BMC to delete the access key, which renders the DPU storage and all data therein inaccessible.

公开(公告)号：US11726852B2

公开(公告)日：2023-08-15

申请号：US17577627

申请日：2022-01-18

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Sunil Kotian ,  Jared McNeill ,  Shruthi Hiriyuru ,  Alexander Fainkichen

IPC: G06F11/00 ,  G06F11/07 ,  G06F9/455 ,  G06F11/14

CPC classification number: G06F11/0757 ,  G06F9/45541 ,  G06F11/0772 ,  G06F11/1417 ,  G06F11/1484

Abstract: A hardware-assisted paravirtualized hardware watchdog is described that is used to detect and recover from computer malfunctions. A computing device determines that a hardware-implemented watchdog of the computing device does not comply with predetermined watchdog criteria, where the hardware-implemented watchdog is configured to send a reset signal when a first predetermined amount of time elapses without receipt of a first refresh signal. If the hardware-implemented watchdog does not comply with the predetermined watchdog criteria, a runtime watchdog service is initialized using a second predetermined amount of time. The runtime watchdog service is directed to periodically send the refresh signal to the hardware-implemented watchdog before an expiration of the first predetermined amount of time that causes the hardware-implemented watchdog to expire. The hardware-implemented watchdog is directed to send the reset signal when the second predetermined amount of time elapses without receipt of a second refresh signal.

公开(公告)号：US11561894B2

公开(公告)日：2023-01-24

申请号：US17142980

申请日：2021-01-06

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Alexander Fainkichen ,  Ye Li ,  Regis Duchesne ,  Cyprien Laplace ,  Shruthi Hiriyuru ,  Sunil Kotian

IPC: G06F12/06 ,  G06F9/455 ,  G06F13/16 ,  G06F13/42

Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.