公开(公告)号：US11573906B2

公开(公告)日：2023-02-07

申请号：US17157678

申请日：2021-01-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yevgeniy Bak ,  Mehmet Iyigun ,  Jonathan E. Lange

IPC: G06F12/10 ,  G06F12/1009 ,  G06F9/455

Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.

公开(公告)号：US11379579B2

公开(公告)日：2022-07-05

申请号：US16828089

申请日：2020-03-24

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jason Lin ,  Jin Lin ,  Gregory John Colombo ,  Niraj Majmudar ,  Mehmet Iyigun ,  Shayne Daniel Hiet-Block ,  Kenneth Dean Johnson

IPC: G06F21/00 ,  G06F21/54 ,  G06F9/445 ,  G06F9/48

Abstract: Enforcing shadow stack violations at module granularity, rather than at thread or process granularity. An exception is processed during execution of a thread based on code of an application binary, which is enabled for shadow stack enforcement, that calls an external module. The exception results from a mismatch between a return address popped from the thread's call stack and a return address popped from the thread's shadow stack. Processing the exception includes determining that the exception resulted from execution of an instruction in the external module, and determining whether or not the external module is enabled for shadow stack enforcement. Based at least on these determinations, execution of the thread is terminated when the external module is enabled for shadow stack enforcement, or the thread is permitted to continue executing when the external module is not enabled for shadow stack enforcement.

公开(公告)号：US10929167B2

公开(公告)日：2021-02-23

申请号：US16243938

申请日：2019-01-09

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jason Lin ,  Gregory John Colombo ,  Mehmet Iyigun ,  Yevgeniy Bak ,  Christopher Peter Kleynhans ,  Stephen Louis-Essman Hufnagel ,  Michael Ebersol ,  Ahmed Saruhan Karademir ,  Shawn Michael Denbow ,  Kevin Broas ,  Wen Jia Liu

IPC: G06F9/455 ,  G06F9/50

Abstract: Communicating a low-latency event across a virtual machine boundary. Based on an event signaling request by a first process running at a first virtual machine, the first virtual machine updates a shared register that is accessible by a second virtual machine. Updating the shared register includes updating a signal stored in the shared register. The first virtual machine sends an event signal message, which includes a register identifier, through a virtualization fabric to the second virtual machine. The second virtual machine receives the event signaling message and identifies the register identifier from the message. Based on the register identifier, the second virtual machine reads the shared register, identifying a value of the signal stored in the shared register. Based at least on the value of the signal comprising a first value, the second virtual machine signals a second process running at the second virtual machine.

公开(公告)号：US10908958B2

公开(公告)日：2021-02-02

申请号：US16361106

申请日：2019-03-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yevgeniy M. Bak ,  Mehmet Iyigun ,  Landy Wang

IPC: G06F3/06 ,  G06F9/50

Abstract: Multiple partitions can be run on a computing device, each partition running multiple processes referred to as a workload. Each of the multiple partitions, is isolated from one another, preventing the processes in each partition from interfering with the operation of the processes in the other partitions. Using the techniques discussed herein, some memory pages of a partition (referred to as a sharing partition) can be shared with one or more other partitions. The pages that are shared are file backed (e.g., image or data files) or pagefile backed memory pages. The sharing partition can be, for example, a separate partition that is dedicated to sharing memory pages.

公开(公告)号：US10416932B2

公开(公告)日：2019-09-17

申请号：US15954344

申请日：2018-04-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mehmet Iyigun ,  Yevgeniy M. Bak ,  Eric M. Bluestein ,  Robin A. Alexander ,  Andrew M. Herron ,  Xiaozhong Xing

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F3/06 ,  G06F12/08 ,  G06F12/02

Abstract: A hybrid drive includes multiple parts: a performance part (e.g., a flash memory device) and a base part (e.g., a hard disk drive). A drive access system, which is typically part of an operating system of a computing device, issues input/output (I/O) commands to the hybrid drive to store data to and retrieve data from the hybrid drive. Some data can be stored in one part but not the other, and this data can be synchronized with (e.g., copied to) the other part at various times. The drive access system provides indications to the hybrid drive of when to synchronize data in one part with the other part. These indications are made so that potential interference with use of the device by the user and/or power saving modes of the device due to the synchronization is reduced.

公开(公告)号：US10275169B2

公开(公告)日：2019-04-30

申请号：US15409267

申请日：2017-01-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yevgeniy M. Bak ,  Mehmet Iyigun ,  Landy Wang

IPC: G06F3/06

Abstract: Multiple partitions can be run on a computing device, each partition running multiple processes referred to as a workload. Each of the multiple partitions, is isolated from one another, preventing the processes in each partition from interfering with the operation of the processes in the other partitions. Using the techniques discussed herein, some memory pages of a partition (referred to as a sharing partition) can be shared with one or more other partitions. The pages that are shared are file backed (e.g., image or data files) or pagefile backed memory pages. The sharing partition can be, for example, a separate partition that is dedicated to sharing memory pages.

公开(公告)号：US10268487B2

公开(公告)日：2019-04-23

申请号：US15214383

申请日：2016-07-19

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Mehmet Iyigun ,  Yevgeniy Bak ,  Emily N. Wilson ,  Kirsten V. Stark ,  Sushu Zhang ,  Patrick L. Stemen ,  Brian E. King ,  Vasilios Karagounis ,  Neel Jain

IPC: G06F1/32 ,  G06F9/4401

Abstract: Fast computer startup is provided by, upon receipt of a shutdown command, recording state information representing a target state. In this target state, the computing device may have closed all user sessions, such that no user state information is included in the target state. However, the operating system may still be executing. In response to a command to startup the computer, this target state may be quickly reestablished from the recorded target state information. Portions of a startup sequence may be performed to complete the startup process, including establishing user state. To protect user expectations despite changes in response to a shutdown command, creation and use of the file holding the recorded state information may be conditional on dynamically determined events. Also, user and programmatic interfaces may provide options to override creation or use of the recorded state information.

公开(公告)号：US20180314821A1

公开(公告)日：2018-11-01

申请号：US15498234

申请日：2017-04-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kyle Thomas Brady ,  John C. Gordon ,  Benjamin M. Schultz ,  Ali Hajy ,  Morakinyo Korede Olugbade ,  Hari R. Pulapaka ,  Paul McAlpin Bozzay ,  Frederick Justus Smith ,  Mehmet Iyigun

IPC: G06F21/53 ,  G06F21/44

CPC classification number: G06F21/6218 ,  G06F9/45558 ,  G06F21/31 ,  G06F2009/45587 ,  G06F2221/2141

Abstract: A container comprising an isolated computing session is associated with a project. One or more users associated with the container can access the container across multiple usage sessions as the container keeps data, applications, and so on for the project together. The container can comprise multiple layers that require user authentication to access.

公开(公告)号：US20180165133A1

公开(公告)日：2018-06-14

申请号：US15638894

申请日：2017-06-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mehmet Iyigun ,  Matthew David Kurjanowicz ,  Martijn de Kort ,  Kevin M. Broas ,  Yevgeniy M. Bak

IPC: G06F9/50 ,  G06F9/455 ,  G06F12/1036 ,  G06F9/48 ,  H04L29/08 ,  G06F12/14

Abstract: A computing device runs a host on which multiple guests (e.g., virtual machines run via a virtual machine monitor such as a hypervisor) can run. The guest is used for isolation as well as hardware resource partitioning. The guest and the host agree on a name and a size for shared memory. Both the guest and the host map to the shared memory, and both the guest and the host to access the shared memory. The access allowed to the shared memory can be the same for both the host and the guest (e.g., both may be allowed read/write access) or different (e.g., the guest may be allowed write only access and the host may be allowed read only access).

公开(公告)号：US20180114034A1

公开(公告)日：2018-04-26

申请号：US15299107

申请日：2016-10-20

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kyle Thomas Brady ,  John C. Gordon ,  Benjamin M. Schultz ,  Ali Hajy ,  Morakinyo Korede Olugbade ,  Hari R. Pulapaka ,  Paul Bozzay ,  Frederick J. Smith ,  Mehmet Iyigun

IPC: G06F21/62 ,  G06F9/455

CPC classification number: G06F21/6245 ,  G06F9/4451 ,  G06F9/44594 ,  G06F9/455

Abstract: Different containers are used for different usage sessions, a container referring to a virtualization layer for a computing device and used for isolation as well as hardware resource partitioning. A usage session refers to the time span beginning when one or more users begin to use the computing device, and ending when the one or more users cease using the computing device. During a particular usage session that uses a container, all interaction with the computing device is maintained in the container. The container is deleted when the usage session ends, leaving no data from the usage session behind after the usage session ends. Additionally, some usage sessions need not be run in containers, so data generated during such usage sessions is maintained after usage session ends. The host operating system automatically determines which usage sessions to run in containers and which usage sessions to run separate from any containers.