公开(公告)号：US5479627A

公开(公告)日：1995-12-26

申请号：US118398

申请日：1993-09-08

申请人： Yousef A. Khalidi ,  Glen R. Anderson ,  Stephen A. Chessin ,  Shing I. Kong ,  Charles E. Narad ,  Madhusudhan Talluri

发明人： Yousef A. Khalidi ,  Glen R. Anderson ,  Stephen A. Chessin ,  Shing I. Kong ,  Charles E. Narad ,  Madhusudhan Talluri

IPC分类号： G06F12/10

CPC分类号： G06F12/1027 ,  G06F2212/652

摘要： A method and apparatus for translating a virtual address to a physical address. A virtual address to be translated has a virtual page offset and a virtual page number. The virtual address to be translated addresses a page of memory. The size of this page is unknown. There are L different possible page sizes where L is a positive integer greater than one. Each of the L different page sizes is selected to be a test page size and a test is performed. During the test, a pointer into a translation storage buffer is calculated. The pointer is calculated from the virtual address to be translated by assuming that the virtual address to be translated corresponds to a mapping of the test page size. The pointer points to a candidate translation table entry of the translation storage buffer. The candidate translation table entry has a candidate tag and candidate data. The candidate tag identifies a particular virtual address and the candidate data identifies a particular physical address corresponding to the particular virtual address. A virtual address target tag is extracted from the virtual address to be translated. The virtual address target tag is calculated by assuming that the virtual address to be translated corresponds to a mapping of the test page size. The target tag and the candidate tag are then compared. If the target tag matches the candidate tag, the candidate data is provided as the physical address translation corresponding to the virtual address to be translated.

摘要翻译： 一种用于将虚拟地址翻译成物理地址的方法和装置。 要翻译的虚拟地址具有虚拟页面偏移量和虚拟页面编号。 要转换的虚拟地址可寻址内存页面。 此页面的大小是未知的。 有L个不同的可能的页面大小，其中L是大于1的正整数。 选择L个不同页面大小中的每一个作为测试页面大小并执行测试。 在测试期间，计算指向转换存储缓冲区的指针。 通过假设要转换的虚拟地址对应于测试页大小的映射，从要转换的虚拟地址计算指针。 指针指向翻译存储缓冲器的候选翻译表条目。 候选翻译表条目具有候选标签和候选数据。 候选标签识别特定的虚拟地址，并且候选数据标识对应于特定虚拟地址的特定物理地址。 从要翻译的虚拟地址中提取虚拟地址目标标签。 通过假设要转换的虚拟地址对应于测试页大小的映射来计算虚拟地址目标标签。 然后比较目标标签和候选标签。 如果目标标签与候选标签匹配，则将候选数据提供为与要翻译的虚拟地址相对应的物理地址转换。

公开(公告)号：US07996841B2

公开(公告)日：2011-08-09

申请号：US11301065

申请日：2005-12-12

申请人： Frederick J. Smith ,  Jeff L. Havens ,  Madhusudhan Talluri ,  Yousef A. Khalidi

发明人： Frederick J. Smith ,  Jeff L. Havens ,  Madhusudhan Talluri ,  Yousef A. Khalidi

IPC分类号： G06F9/46

CPC分类号： G06F21/53 ,  G06F21/6281 ,  G06F2221/2141 ,  H04L49/90

摘要： A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces by creating a new branch of an existing global system name space or by linking the sub-root level nodes of a new hierarchy to a subset of nodes in an existing global system name space.

摘要翻译： 遏制机制提供了使用单个操作系统实例在单个计算机上运行的多个进程的分组和隔离。 系统被划分为一个或多个并排和/或嵌套空间，通过创建现有全球系统名称空间的新分支，通过创建分层名称空间的不同视图来实现资源的分区和控制共享，或者通过链接 新层次结构的子根级别节点到现有全局系统名称空间中的节点子集。

公开(公告)号：US07447896B2

公开(公告)日：2008-11-04

申请号：US11301066

申请日：2005-12-12

申请人： Frederick J. Smith ,  Jeff L. Havens ,  Madhusudhan Talluri ,  Yousef A. Khalidi

发明人： Frederick J. Smith ,  Jeff L. Havens ,  Madhusudhan Talluri ,  Yousef A. Khalidi

IPC分类号： G06F9/24

CPC分类号： G06F9/4401 ,  Y10S707/99939

摘要： An intra-operating system isolation mechanism called a silo provides for the grouping and isolation of processes running on a single computer using a single instance of the operating system. The operating system enables the controlled sharing of resources by providing a view of a system name space to processes executing within an isolated application called a server silo. A server silo is created by performing a separate “mini-boot” of user-level services within the server silo. The single OS image serving the computer employs the mechanism of name space containment to constrain which server silos can use which resource(s). Restricting access to resources is therefore directly based on the process or application placed in the server silo rather than who is running the application because if a process or application is unable to resolve a name used to access a resource, it will be unable to use the resource.

摘要翻译： 称为仓库的操作系统隔离机制提供了使用单个操作系统实例在单个计算机上运行的进程的分组和隔离。 操作系统通过提供系统名称空间的视图来实现资源的受控共享，以便在被称为服务器仓的隔离应用程序内执行的进程进行处理。 通过在服务器仓内执行用户级服务的单独“微引导”来创建服务器仓库。 服务于计算机的单个OS映像使用名称空间容纳的机制来约束哪个服务器孤岛可以使用哪个资源。 因此，限制对资源的访问直接基于放置在服务器仓中的进程或应用程序，而不是运行应用程序的用户，因为如果进程或应用程序无法解析用于访问资源的名称，则无法使用 资源。

公开(公告)号：US07434228B2

公开(公告)日：2008-10-07

申请号：US11129847

申请日：2005-05-16

申请人： Jose M. Bernabeu-Auban ,  Jeff L. Havens ,  Yousef A. Khalidi ,  Frank V. Peschel-Gallee ,  Madhusudhan Talluri

发明人： Jose M. Bernabeu-Auban ,  Jeff L. Havens ,  Yousef A. Khalidi ,  Frank V. Peschel-Gallee ,  Madhusudhan Talluri

IPC分类号： G06F13/00

CPC分类号： G06F9/547

摘要： An operating system architecture is based on a service model in which active entities (services) are containers for objects having a number of interfaces specified through a contract language that is a subset of the language in which the service is coded. Services may reside in the same address space or may reside in separate address spaces, without changing the programming model or compiled binaries. The location of a service is independent of the location of the service's clients and of services the service calls.

摘要翻译： 操作系统架构基于服务模型，其中活动实体（服务）是具有通过作为服务被编码的语言的子集的合同语言指定的多个接口的对象的容器。 服务可能驻留在相同的地址空间中，或者可能驻留在单独的地址空间中，而不改变编程模型或编译的二进制文件。 服务的位置独立于服务的客户端和服务调用的服务的位置。

公开(公告)号：US20080109394A1

公开(公告)日：2008-05-08

申请号：US11555745

申请日：2006-11-02

申请人： Jeffrey L. Havens ,  Frederick J. Smith ,  Yousef A. Khalidi ,  Madhusudhan Talluri

发明人： Jeffrey L. Havens ,  Frederick J. Smith ,  Yousef A. Khalidi ,  Madhusudhan Talluri

IPC分类号： G06F17/30

CPC分类号： G06F17/30365 ,  G06F17/30117

摘要： An element of a file system is virtually deleted by creating a deletion marker for the element. Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of file system access requests, including: enumeration, open, create, rename or delete.

摘要翻译： 通过创建元素的删除标记，虚拟地删除文件系统的元素。 将两个或多个单独的物理文件系统目录作为一个合并的（虚拟）文件系统目录呈现给在筒仓中运行的进程。 操作系统通过监视由计算机或计算机系统上的孤岛中的进程产生的文件系统请求并过滤出与删除标记相关的元素，来提供文件系统目录的合并视图。 响应检测某些类型的文件系统访问请求，调用特殊处理，包括：枚举，打开，创建，重命名或删除。

公开(公告)号：US20080022385A1

公开(公告)日：2008-01-24

申请号：US11479458

申请日：2006-06-30

申请人： Zachary Thomas Crowell ,  Yousef A. Khalidi ,  Madhusudhan Talluri

发明人： Zachary Thomas Crowell ,  Yousef A. Khalidi ,  Madhusudhan Talluri

IPC分类号： G06F15/16

CPC分类号： H04L63/0263

摘要： Each virtualized environment on a computer has its own set of firewall rules. The virtualized environments share a single instance of the operating system image, a filter engine and a single network stack. A virtualized environment may be a compartment or a server silo. A virtualized environment is a network isolation mechanism and may be used to prevent use of a computer to traverse network boundaries by creating a separate virtualized environment for each network, enabling a separate set of rules to be applied to each virtualized environment and the network interfaces within it. Virtualized environments may also be used to assign different trust levels to the same physical network. Firewall rules are applied by virtualized environment identifier (ID), enabling separate filters to be applied to each virtualized environment on a computer. A virtualized environment may include or be associated with one or more network interfaces.

摘要翻译： 计算机上的每个虚拟化环境都有自己的防火墙规则集。 虚拟化环境共享操作系统映像，过滤器引擎和单个网络堆栈的单个实例。 虚拟化环境可能是隔离专区或服务器仓库。 虚拟化环境是网络隔离机制，可以用于防止计算机通过为每个网络创建单独的虚拟化环境来遍历网络边界，从而实现单独的一组规则应用于每个虚拟化环境和网络接口内的网络接口 它。 虚拟化环境也可用于将不同的信任级别分配给同一物理网络。 虚拟化环境标识符（ID）应用防火墙规则，可以将单独的过滤器应用于计算机上的每个虚拟化环境。 虚拟化环境可以包括或者与一个或多个网络接口相关联。

公开(公告)号：US5784707A

公开(公告)日：1998-07-21

申请号：US634956

申请日：1996-04-19

申请人： Yousef A. Khalidi ,  Vikram P. Joshi ,  Madhusudhan Talluri

发明人： Yousef A. Khalidi ,  Vikram P. Joshi ,  Madhusudhan Talluri

IPC分类号： G06F12/10

CPC分类号： G06F12/1009 ,  G06F12/1027 ,  G06F2212/652

摘要： A computer system having virtual memory that can be mapped using multiple page sizes onto logically addressable physical memory. An intermediate addressing scheme permits the mapping of several non-contiguous small pages in physical memory onto a bigger sized virtual memory page. Rather than translating a virtual address directly into a physical address, a virtual address is translated into an intermediate address that may or may not be a physical address. If the virtual page is backed by physical memory that is contiguous and aligned on a proper boundary for the page size, then the intermediate address will be the physical address and no second translation is required. If the intermediate address is not a physical address, it is then translated into a physical address. This is the case where a big page in virtual memory is backed by more than one smaller page in physical memory. Thus, non-contiguous small pages in physical memory can be mapped together using an intermediate translation to form a single big page thereby removing the requirement that a big page be mapped using a single contiguous portion of physical memory and further removing the requirement that the big page be big page boundary aligned within physical memory. Furthermore, several small pages can be promoted to a single big page simply by changing the virtual address to intermediate address mappings and also changing the intermediate address to physical address mappings to reflect the promotion thereby eliminating the need to move the contents of the small pages into a single contiguous, big page aligned region of physical memory. Furthermore, a big page sized region of virtual memory that has one or more smaller page sized holes within it can be treated as a single big virtual memory page and be backed in physical memory using only as many smaller pages as are required to back the non-hole regions of the virtual address space.

摘要翻译： 具有虚拟存储器的计算机系统，其可以使用多个页面大小映射到可逻辑寻址的物理存储器上。 中间寻址方案允许将物理存储器中的几个不连续的小页面映射到更大尺寸的虚拟存储器页面上。 虚拟地址不是将虚拟地址直接转换为物理地址，而是将虚拟地址转换为可能是或可能不是物理地址的中间地址。 如果虚拟页面由物理内存支持，该物理内存在页面大小的正确边界上是连续的并对齐，则中间地址将是物理地址，不需要第二个转换。 如果中间地址不是物理地址，则将其转换为物理地址。 这是虚拟内存中的大页面由物理内存中的多个较小页面支持的情况。 因此，物理存储器中的不连续的小页面可以使用中间翻译映射到一起，以形成单个大页面，从而消除使用物理内存的单个连续部分映射大页面的要求，并进一步消除大 页面是物理内存中大页边界对齐。 此外，只需将虚拟地址更改为中间地址映射，并将中间地址更改为物理地址映射即可将几个小页面提升为单个大页面，以反映升级，从而无需将小页面的内容移动到 一个连续的大页面对齐的物理内存区域。 此外，在其中具有一个或多个更小的页面大小的空间的虚拟存储器的大页面大小的区域可被视为单个大型虚拟存储器页面，并且仅使用与所需的数量相同的较小页面来支持物理存储器， 虚拟地址空间的空区域。

公开(公告)号：US5630087A

公开(公告)日：1997-05-13

申请号：US333487

申请日：1994-11-02

申请人： Madhusudhan Talluri ,  Yousef A. Khalidi

发明人： Madhusudhan Talluri ,  Yousef A. Khalidi

IPC分类号： G06F12/10 ,  G06F9/26 ,  G06F9/34 ,  G06F12/00 ,  G06F12/02

CPC分类号： G06F12/1027 ,  G06F12/10

摘要： A method and apparatus to share virtual memory translations in a computer is described. The apparatus includes an operating system that runs in conjunction with a central processing unit. The operating system is programmed to include an address identification routine to identify distinct virtual memory translation entries, associated with a plurality of distinct processes running on the computer, that map to one or more common physical memory page addresses. The operating system also includes a mask assignment routine to assign a first mask value to the distinct virtual memory translation entries, and a write routine to write, to a translation-lookaside buffer or a page table, the distinct virtual memory translation entries as a single address associated with the first mask value. A comparison mechanism is used to compare a second mask value of a translation-request virtual memory translation value to the first mask value to determine whether the second mask value corresponds to said first mask value. If the two mask values correspond, then the single address associated with the first mask value is used as a virtual memory translation address.

摘要翻译： 描述了在计算机中共享虚拟存储器转换的方法和装置。 该装置包括与中央处理单元一起运行的操作系统。 操作系统被编程为包括地址识别例程，以识别与在计算机上运行的多个不同进程相关联的映射到一个或多个公共物理存储器页地址的不同虚拟内存转换条目。 该操作系统还包括一个掩模分配程序，用于将第一掩码值分配给不同的虚拟存储器转换条目，以及写入例程，以将翻译后备缓冲器或页表写入不同的虚拟存储器转换条目作为单个 与第一个掩码值相关联的地址。 比较机制用于将翻译请求虚拟存储器转换值的第二掩码值与第一掩码值进行比较，以确定第二掩码值是否对应于所述第一掩码值。 如果两个掩码值对应，则将与第一掩码值相关联的单个地址用作虚拟存储器转换地址。

公开(公告)号：US5446854A

公开(公告)日：1995-08-29

申请号：US139549

申请日：1993-10-20

申请人： Yousef A. Khalidi ,  Madhusudhan Talluri ,  Dock G. Williams ,  Vikram P. Joshi

发明人： Yousef A. Khalidi ,  Madhusudhan Talluri ,  Dock G. Williams ,  Vikram P. Joshi

IPC分类号： G06F12/02 ,  G06F12/10

CPC分类号： G06F12/1018 ,  G06F2212/652

摘要： A method and apparatus for providing address translations for a computer system having a virtual memory that is mapped onto physical memory. The apparatus has at least one page frame descriptor (PFD) for describing a contiguous portion of physical memory, at least one translation block (TB) for describing a contiguous portion of virtual memory and a hash list. Each PFD has a base physical address (PA), a PA range beginning at the base PA and a translation entry pointer. Each TB has a base virtual address (VA), a VA range beginning at the base VA, and a page size used to map the VA range of the TB. Each TB also has a header and at least one translation entry. Each header has a TB pointer and each translation entry has a backward pointer. Each translation entry of the TB corresponds to a different equalsized translation range of the VA range of the TB. If the translation range of a translation entry is backed by a physical memory page frame, then the backward pointer of the translation entry points to a describing PFD that describes the corresponding page frame and the translation entry pointer of the describing PFD points to the translation entry. The hash list has a plurality of hash entries. Each hash entry has a translation header pointer and an associated hash index unique to the hash entry.

摘要翻译： 一种用于为具有映射到物理存储器上的虚拟存储器的计算机系统提供地址转换的方法和装置。 该装置具有用于描述物理存储器的连续部分的至少一个页面帧描述符（PFD），用于描述虚拟存储器的连续部分和散列列表的至少一个转换块（TB）。 每个PFD具有基本物理地址（PA），从基本PA开始的PA范围和翻译条目指针。 每个TB具有基本虚拟地址（VA），从VA开始的VA范围以及用于映射TB的VA范围的页面大小。 每个TB也有一个标题和至少一个翻译条目。 每个标题都有一个TB指针，每个翻译条目都有一个反向指针。 TB的每个翻译条目对应于TB的VA范围的不同的等于平移的范围。 如果翻译条目的翻译范围由物理存储器页面帧支持，则翻译条目的反向指针指向描述相应页面帧的描述PFD，并且描述PFD的转换条目指针指向翻译条目 。 哈希列表具有多个哈希条目。 每个哈希条目具有翻译标题指针和哈希条目唯一的关联散列索引。

公开(公告)号：US07581051B2

公开(公告)日：2009-08-25

申请号：US11129802

申请日：2005-05-16

申请人： Madhusudhan Talluri ,  Frederick J. Smith, IV ,  Jeff L. Havens

发明人： Madhusudhan Talluri ,  Frederick J. Smith, IV ,  Jeff L. Havens

IPC分类号： G06F13/24

CPC分类号： G06F13/24

摘要： Systems and methods for providing a framework within which device drivers may run at a user-mode level. A platform (e.g., APIC) or bus (PCI bus) generic feature is used to take the CPU out of interrupt mode without having to wait for a user-level driver to clear the device interrupt. This allows writing the complete device driver in user space. The device driver still get notifications on interrupts but not at interrupt priority. The same scheme can be extended to shared interrupts, where multiple devices share a single interrupt line.

摘要翻译： 用于提供设备驱动程序可以以用户模式级别运行的框架的系统和方法。 使用平台（例如APIC）或总线（PCI总线）通用特征将CPU从中断模式中取消，而不必等待用户级驱动程序清除设备中断。 这允许在用户空间中写入完整的设备驱动程序。 设备驱动程序仍然在中断时收到通知，但不会中断优先级。 相同的方案可以扩展到共享中断，其中多个设备共享一个中断线。