公开(公告)号：US20190391814A1

公开(公告)日：2019-12-26

申请号：US16013263

申请日：2018-06-20

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Alexander FAINKICHEN ,  Ye LI ,  Regis DUCHESNE

IPC: G06F9/38 ,  G06F9/455 ,  G06F12/10

Abstract: An example method of implementing firmware runtime services in a computer system having a processor with a plurality of hierarchical privilege levels, the method including: calling, from software executing at a first privilege level of the processor, a runtime service stub in a firmware of the computer system; executing, by the runtime service stub, an upcall instruction from the first privilege level to a second privilege level of the processor that is more privileged than the first privilege level; and executing, by a handler, a runtime service at the second privilege level in response to execution of the upcall instruction.

公开(公告)号：US20190213095A1

公开(公告)日：2019-07-11

申请号：US15865770

申请日：2018-01-09

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Ye LI ,  Alexander FAINKICHEN

IPC: G06F11/30 ,  G06F13/10 ,  G06F9/455

Abstract: A method of detecting virtualization in a computing system, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level, is described. The method includes: executing a program on the processor at a privilege level less privileged than the third privilege level, the program including a load-exclusive instruction of the processor, followed by at least one instruction of the processor capable of being trapped to the third privilege level, followed by a store-exclusive instruction of the processor; and determining presence or absence of virtualization software at least a portion of which executes at the third privilege level in response to a return status of the store-exclusive instruction.

公开(公告)号：US20190026232A1

公开(公告)日：2019-01-24

申请号：US15655182

申请日：2017-07-20

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Cyprien LAPLACE ,  Ye LI ,  Regis DUCHESNE

IPC: G06F12/1036 ,  H04L12/801 ,  H04L12/755 ,  H04L12/24

Abstract: An example method of scanning a guest virtual address (GVA) space generated by a guest operating system executing in a virtual machine of a virtualized computing system includes setting, in a scan of the GVA space by a hypervisor that manages the virtual machine, a current GVA to a first GVA in the GVA space; executing, on a processor allocated to the virtual machine, an address translation instruction, which is in an instruction set of the processor, to perform a first address translation of the current GVA; reading a register of the processor to determine a first error resulting from the first address translation; determining, in response to the first error, a level of a faulting page table in a first page table hierarchy generated by the guest operating system; and setting the current GVA to a second GVA based on the level of the faulting page table.

公开(公告)号：US20190004965A1

公开(公告)日：2019-01-03

申请号：US15639800

申请日：2017-06-30

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Alexander FAINKICHEN ,  Ye LI

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F9/44

Abstract: A method of re-mapping a boot loader image from a first to a second address space includes: determining a difference in a virtual address of the boot loader image in the first and second address spaces; building page tables for a third address space that maps a code section within the boot loader image at first and second address ranges separated by the difference and the code section causes execution to jump from a first instruction in the first address range to a second instruction in the second address range; executing an instruction of the code section in the first address space using pages tables for the first address space; executing the first instruction and then the second instruction using the page tables for the third address space; and executing an instruction of the boot loader image in the second address space using page tables for the second address space.

公开(公告)号：US20180173646A1

公开(公告)日：2018-06-21

申请号：US15383572

申请日：2016-12-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI

IPC: G06F12/14 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/1009

CPC classification number: G06F12/1491 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1027 ,  G06F2009/45583 ,  G06F2212/1052 ,  G06F2212/65 ,  G06F2212/68

Abstract: An example method of memory management in a virtualized computing system includes: generating a page table hierarchy that includes address translations to first pages of memory that store kernel software and second pages of the memory that store user software; configuring a processor to: 1) implement a first address translation scheme, which uses a first virtual address width, for a hypervisor privilege level; 2) implement a second address translation scheme, which uses a second virtual address width, for supervisor and user privilege levels, where the first virtual address width is larger than the second virtual address width; and 3) use the page table hierarchy for each of the first and second address translation schemes; and executing the kernel software at the hypervisor privilege level and the user software at the user privilege level.

公开(公告)号：US20170060765A1

公开(公告)日：2017-03-02

申请号：US14838541

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Harvey TUCH ,  Andrei WARKENTIN ,  Adrian DRZEWIECKI

IPC: G06F12/10

CPC classification number: G06F12/0292 ,  G06F12/04 ,  G06F12/06 ,  G06F2212/151 ,  G06F2212/656

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

Abstract translation: 计算机系统提供一种用于确保对属于CPU的专用数据区（PRDA）的安全的，不可抢占的访问的机制。 PRDA访问通常包括获得PRDA的地址并使用获得的地址对PRDA执行操作。 对PRDA的安全，不可抢占的访问通常确保上下文访问上下文正在执行的CPU的PRDA，而不是另一个CPU的PRDA。 当上下文在第一个CPU上执行时，上下文获取PRDA的地址。 在将上下文迁移到第二CPU之后，上下文使用在第一CPU上执行的上下文获得的地址对属于第二CPU的PRDA执行一个或多个操作。 在另一个实施例中，上下文从一个CPU到另一个CPU的抢占和可能的迁移被延迟，而上下文执行不可抢占的代码。