公开(公告)号：US20190213033A1

公开(公告)日：2019-07-11

申请号：US16355497

申请日：2019-03-15

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Cyprien Laplace ,  Regis Duchesne ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455 ,  G06F9/50 ,  G06F1/3287 ,  G06F11/34 ,  G06F1/3234

CPC classification number: G06F9/45558 ,  G06F1/3234 ,  G06F1/3287 ,  G06F9/5077 ,  G06F11/3423

Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

公开(公告)号：US10331556B2

公开(公告)日：2019-06-25

申请号：US14838541

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Cyprien Laplace ,  Harvey Tuch ,  Andrei Warkentin ,  Adrian Drzewiecki

IPC: G06F12/02 ,  G06F12/06 ,  G06F12/04 ,  G06F9/455

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

公开(公告)号：US09489211B2

公开(公告)日：2016-11-08

申请号：US14675381

申请日：2015-03-31

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Alexander Fainkichen ,  Harvey Tuch

IPC: G06F13/00 ,  G06F9/44

CPC classification number: G06F9/4411

Abstract: A mapping table is passed to system software upon loading of the system software in a computer system. The mapping table is generated from a user-defined configuration file and maps device identifiers of various devices implemented in the computer system, as assigned by the device manufacturers, to device identifiers that are recognizable by the system software. The mapping is used by the system software when it performs binding of device drivers to devices so that devices that have been given generic and sometimes obscure names by the device manufacturers can still be associated with and bound to device drivers loaded by the system software.

Abstract translation: 在计算机系统中加载系统软件时，将映射表传递给系统软件。 映射表是从用户定义的配置文件生成的，并将在设备制造商分配的计算机系统中实现的各种设备的设备标识符映射到系统软件可识别的设备标识符。 当系统软件执行设备驱动程序到设备的绑定时，系统软件将使用该映射，以便设备制造商给予通用且有时是模糊的名称的设备仍然可以与系统软件加载的设备驱动程序相关联并绑定到设备驱动程序。

公开(公告)号：US09465617B1

公开(公告)日：2016-10-11

申请号：US14753720

申请日：2015-06-29

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Harvey Tuch

IPC: G06F9/48 ,  G06F9/38 ,  G06F13/26 ,  G06F9/30 ,  G06F9/46 ,  G06F9/54 ,  G06F9/455

CPC classification number: G06F9/3865 ,  G06F9/30145 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/461 ,  G06F9/4812 ,  G06F9/545 ,  G06F13/26 ,  G06F2009/45579

Abstract: A computer system that does not natively support non-maskable interrupts (NMIs) implements NMI-like functionality in a secure monitor. The computer system detects a high priority interrupt and determines whether or not interrupts are enabled or disabled. If interrupts are enabled, the computer system injects an exception into a currently executing thread of system software operating at the second privilege level, and an exception handler processes the exception like a standard exception. If interrupts are disabled, the computer system saves the current system state (e.g., the current program counter and CPU state) and values of one or more exception handling registers in temporary storage and injects an exception into the currently executing thread of the system software, and the exception handler processes the exception in a special manner.

Abstract translation: 本机不支持不可屏蔽中断（NMI）的计算机系统在安全监视器中实现类似NMI的功能。 计算机系统检测到高优先级中断，并确定中断是否被使能或禁止。 如果启用了中断，则计算机系统将在第二个权限级别的系统软件当前正在执行的线程中注入异常，并且异常处理程序像标准异常一样处理异常。 如果中断被禁用，计算机系统将临时存储器中的当前系统状态（例如当前程序计数器和CPU状态）以及一个或多个异常处理寄存器的值保存在系统软件当前正在执行的线程中， 异常处理程序以特殊方式处理异常。

公开(公告)号：US11954198B2

公开(公告)日：2024-04-09

申请号：US16671106

申请日：2019-10-31

Applicant: VMware, Inc.

Inventor： Ye Li ,  David Ott ,  Cyprien Laplace ,  Andrei Warkentin ,  Regis Duchesne

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F21/604 ,  G06F2009/45591 ,  G06F2221/033

Abstract: System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those available in the computer system. The module ensures the enclave operation for the software process is executed by the particular hardware TEE mechanism, or the TEE scheme based on a particular hardware TEE mechanism.

公开(公告)号：US11847015B2

公开(公告)日：2023-12-19

申请号：US17582055

申请日：2022-01-24

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Sunil Kotian ,  Jared McNeill ,  Cyprien Laplace ,  Shruthi Hiriyuru

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/22 ,  G06F11/24

CPC classification number: G06F11/0772 ,  G06F11/0778 ,  G06F11/0793 ,  G06F11/2284 ,  G06F11/24

Abstract: A combined data processing unit (DPU) and server solution with DPU operating system (OS) integration is described. A DPU OS is executed on a DPU or other computing device, where the DPU OS exercises secure calls provided by a DPU's trusted firmware component, that may be invoked by DPU OS components to abstract DPU vendor-specific and server vendor-specific integration details. An invocation of one of the secure calls made on the DPU to communicate with its associated server computing device is identified. In an instance in which the one of the secure calls is invoked, the secure call invoked is translated into a call or request specific to an architecture of the server computing device and the call is performed, which may include sending a signal to the server computing device in a format interpretable by the server computing device.

公开(公告)号：US11803445B2

公开(公告)日：2023-10-31

申请号：US17577714

申请日：2022-01-18

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Jared McNeill ,  Sunil Kotian ,  Alexander Fainkichen ,  Shruthi Hiriyuru

IPC: G06F11/14 ,  G06F9/455 ,  G06F11/07

CPC classification number: G06F11/1417 ,  G06F9/45541 ,  G06F11/0757 ,  G06F11/1441 ,  G06F11/1484

Abstract: Boot failure protection on smartNICs and other computing devices is described. During a power-on stage of a booting process for a computing device, a boot loading environment is directed to install an application programming interface (API) able to be invoked to control operation of a hardware-implemented watchdog. During an operating system loading stage of the booting process, the application programming interface is invoked to enable the hardware-implemented watchdog. During an operating system hand-off stage of the booting process, a last watchdog refresh of the hardware-implemented watchdog is performed, and execution of the boot loading environment is handed off to a kernel boot loader of an operating system. The application programming interface may not be accessible after the hand off to the kernel boot loader.

公开(公告)号：US20230325220A1

公开(公告)日：2023-10-12

申请号：US17715283

申请日：2022-04-07

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Sunil Kotian ,  Cyprien Laplace ,  Shruthi Hiriyuru ,  Regis Duchesne ,  Ye Li ,  Alexander Fainkichen

IPC: G06F9/455

CPC classification number: G06F9/45537

Abstract: Disclosed are various examples of hosting a data processing unit (DPU) management operating system using an operating system software stack of a preinstalled DPU operating system. The preinstalled DPU operating system of the DPU is leveraged to provide a virtual machine environment. A DPU management operating system is executed within the virtual machine environment of the preinstalled DPU operating system. A third-party DPU function or a management service function is provided using the DPU hardware resources accessed through the DPU management operating system and the virtual machine environment.

公开(公告)号：US20230229538A1

公开(公告)日：2023-07-20

申请号：US17577627

申请日：2022-01-18

Applicant: VMware, Inc.

Inventor： Andrei Warkentin ,  Sunil Kotian ,  Jared McNeill ,  Shruthi Hiriyuru ,  Alexander Fainkichen

IPC: G06F11/07 ,  G06F11/14 ,  G06F9/455

CPC classification number: G06F11/0757 ,  G06F11/0772 ,  G06F11/1417 ,  G06F11/1484 ,  G06F9/45541

Abstract: A hardware-assisted paravirtualized hardware watchdog is described that is used to detect and recover from computer malfunctions. A computing device determines that a hardware-implemented watchdog of the computing device does not comply with predetermined watchdog criteria, where the hardware-implemented watchdog is configured to send a reset signal when a first predetermined amount of time elapses without receipt of a first refresh signal. If the hardware-implemented watchdog does not comply with the predetermined watchdog criteria, a runtime watchdog service is initialized using a second predetermined amount of time. The runtime watchdog service is directed to periodically send the refresh signal to the hardware-implemented watchdog before an expiration of the first predetermined amount of time that causes the hardware-implemented watchdog to expire. The hardware-implemented watchdog is directed to send the reset signal when the second predetermined amount of time elapses without receipt of a second refresh signal.

公开(公告)号：US11693952B2

公开(公告)日：2023-07-04

申请号：US16177258

申请日：2018-10-31

Applicant: VMware, Inc.

Inventor： Ye Li ,  David Ott ,  Andrei Warkentin ,  Cyprien Laplace ,  Alexander Fainkichen

IPC: G06F21/53 ,  G06F21/51 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F21/51 ,  G06F2009/45587

Abstract: System and method for providing secure execution environments in a computer system uses an enclave virtual computing instance to create a secure execution environment, which is deployed in response to a request for such a secure execution environment for content from a software process running in the computer system.