公开(公告)号：US11693952B2

公开(公告)日：2023-07-04

申请号：US16177258

申请日：2018-10-31

Applicant: VMware, Inc.

Inventor： Ye Li ,  David Ott ,  Andrei Warkentin ,  Cyprien Laplace ,  Alexander Fainkichen

IPC: G06F21/53 ,  G06F21/51 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F21/51 ,  G06F2009/45587

Abstract: System and method for providing secure execution environments in a computer system uses an enclave virtual computing instance to create a secure execution environment, which is deployed in response to a request for such a secure execution environment for content from a software process running in the computer system.

公开(公告)号：US20220214968A1

公开(公告)日：2022-07-07

申请号：US17142980

申请日：2021-01-06

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Alexander Fainkichen ,  Ye Li ,  Regis Duchesne ,  Cyprien Laplace ,  Shruthi Hiriyuru ,  Sunil Kotian

IPC: G06F12/06 ,  G06F9/455 ,  G06F13/16 ,  G06F13/42

Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.

公开(公告)号：US20220004420A1

公开(公告)日：2022-01-06

申请号：US17476090

申请日：2021-09-15

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Regis Duchesne ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455 ,  G06F11/34 ,  G06F1/3287 ,  G06F1/3234 ,  G06F9/50 ,  G06F11/30

Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

公开(公告)号：US11182303B2

公开(公告)日：2021-11-23

申请号：US15387332

申请日：2016-12-21

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyrien Laplace ,  Alexander Fainkichen ,  Ye Li ,  Regis Duchesne

IPC: G06F12/1009 ,  G06F9/4401 ,  G06F12/14 ,  G06F12/109

Abstract: Examples construct a bootloader address space using a page fault exception. A bootloader executing in machine address (MA) space determines the MA at which the bootloader has been loaded into memory. The bootloader calculates a difference between an expected virtual address (VA) and the loaded MA. The bootloader defines a page table mapping the bootloader MA to an expected VA, and sets an exception handling vector to point to the expected VA. When a memory management unit (MMU) utilizing the defined page table for address translation is enabled, a page fault exception occurs. The page fault exception handling resumes execution of the bootloader at the expected VA via an exception handling vector pointing thereto.

公开(公告)号：US11169838B2

公开(公告)日：2021-11-09

申请号：US16744351

申请日：2020-01-16

Applicant: VMware, Inc.

Inventor： Cyprien Laplace ,  Regis Duchesne ,  Andrei Warkentin ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

公开(公告)号：US10552172B2

公开(公告)日：2020-02-04

申请号：US15880964

申请日：2018-01-26

Applicant: VMware, Inc.

Inventor： Ye Li ,  Cyprien Laplace ,  Andrei Warkentin ,  Alexander Fainkichen ,  Regis Duchesne

IPC: G06F9/44 ,  G06F9/455 ,  G06F16/11 ,  G06F9/4401 ,  G06F9/445

Abstract: An example method of provisioning a virtual appliance to a virtualized computing system, comprising: deploying the virtual appliance to the virtualized computing system, the virtual appliance including a system partition, one or more disk images, and configuration data, the configuration data defining a virtual machine executable on each of a plurality of processor architectures, the system partition configured to boot on any one of the plurality of processor architectures; and booting the virtual appliance from the system partition.

公开(公告)号：US10534732B2

公开(公告)日：2020-01-14

申请号：US14754569

申请日：2015-06-29

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Harvey Tuch ,  Alexander Fainkichen

IPC: G06F15/00 ,  G06F9/30 ,  G06F13/16 ,  G06F13/42

Abstract: Devices are emulated as PCI devices so that existing PCI drivers can be used for the devices. This is accomplished by creating a shim PCI device with a emulated PCI configuration space, accessed via a emulated PCI Extended Configuration Access Mechanism (ECAM) space which is emulated by accesses to trapped unbacked memory addresses. When system software accesses the PCI ECAM space to probe for PCI configuration data or program base address registers of the PCI ECAM space, an exception is raised and the exception is handled by a secure monitor that is executing at a higher privilege level than the system software. The secure monitor in handling the exception emulates the PCI configuration space access of the emulated PCI device corresponding to the ECAM address accessed, such that system software may discover the device and bind and appropriately configure a PCI driver to it with the right IRQ and memory base ranges.

公开(公告)号：US10185664B1

公开(公告)日：2019-01-22

申请号：US15639800

申请日：2017-06-30

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Regis Duchesne ,  Alexander Fainkichen ,  Ye Li

IPC: G06F9/4401 ,  G06F12/1027 ,  G06F12/1009 ,  G06F9/445

Abstract: A method of re-mapping a boot loader image from a first to a second address space includes: determining a difference in a virtual address of the boot loader image in the first and second address spaces; building page tables for a third address space that maps a code section within the boot loader image at first and second address ranges separated by the difference and the code section causes execution to jump from a first instruction in the first address range to a second instruction in the second address range; executing an instruction of the code section in the first address space using pages tables for the first address space; executing the first instruction and then the second instruction using the page tables for the third address space; and executing an instruction of the boot loader image in the second address space using page tables for the second address space.

公开(公告)号：US10067784B2

公开(公告)日：2018-09-04

申请号：US15184455

申请日：2016-06-16

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Harvey Tuch ,  Cyprien Laplace ,  Alexander Fainkichen

IPC: G06F9/455 ,  G06F9/38 ,  G06F11/36 ,  G06F13/24 ,  G06F9/48

Abstract: A method of providing a backdoor interface between software executing in a virtual machine and a hypervisor executing on a computing system that supports the virtual machine includes trapping, at the hypervisor, an exception generated in response to execution of a debug instruction on a central processing unit (CPU) by the software; identifying, by an exception handler of the hypervisor handling the exception, an equivalence between an immediate operand of the debug instruction and a predefined value; and invoking, in response to the equivalence, a backdoor service of the hypervisor using state of at least one register of the CPU as parametric input, the state being set by the software prior to executing the debug instruction.

公开(公告)号：US20160378543A1

公开(公告)日：2016-12-29

申请号：US14876831

申请日：2015-10-07

Applicant: VMWARE, INC.

Inventor： ANDREI WARKENTIN ,  Irfan Ulla Khan ,  Cyprien Laplace ,  Harvey Tuch ,  Alexander Fainkichen

IPC: G06F9/48 ,  G06F13/26

CPC classification number: G06F9/4818 ,  G06F13/26

Abstract: A method is provided for handling interrupts in a processor, the interrupts including regular interrupts having a range of priorities and a pseudo non-maskable interrupt (PNMI) that is of a higher priority than any of the regular interrupts. The method includes the steps of obtaining an interrupt vector corresponding to a received interrupt, and if the received interrupt is a regular interrupt, enabling interrupts in the processor so that a PNMI can be received while handling the regular interrupt, executing a regular interrupt handler using the interrupt vector, and disabling interrupts in the processor. On the other hand, if the received interrupt is a PNMI, a PNMI interrupt handler is executed using the interrupt vector as an input thereto.

Abstract translation: 提供了一种用于处理处理器中断的方法，所述中断包括具有优先级范围的规则中断和比任何常规中断更高优先级的伪不可屏蔽中断（PNMI）。 该方法包括获得与接收到的中断相对应的中断向量的步骤，并且如果接收到的中断是常规中断，则允许处理器中的中断，使得在处理常规中断时可以接收PNMI，执行常规中断处理程序使用 中断向量和禁用处理器中断。 另一方面，如果接收到的中断是PNMI，则使用中断向量作为其输入来执行PNMI中断处理程序。