公开(公告)号：US20140109090A1

公开(公告)日：2014-04-17

申请号：US13836628

申请日：2013-03-15

Applicant: Steven M. Bennett ,  Andrew V. Anderson ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Xiang Zou ,  Lawrence Smith ,  Scott Rodgers

Inventor： Steven M. Bennett ,  Andrew V. Anderson ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Xiang Zou ,  Lawrence Smith ,  Scott Rodgers

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F2009/45583

Abstract: In one embodiment, a predefined behavior of a virtual machine monitor (VMM) with respect to one or more virtual machines (VMs) is identified, and processor-managed resources associated with the one or more VMs are utilized based on the predefined behavior of the VMM.

Abstract translation: 在一个实施例中，识别相对于一个或多个虚拟机（VM）的虚拟机监视器（VMM）的预定义行为，并且基于所述一个或多个虚拟机（VM）的预定义行为来利用与所述一个或多个VM相关联的处理器管理的资源 VMM。

公开(公告)号：US20130198853A1

公开(公告)日：2013-08-01

申请号：US13802272

申请日：2013-03-13

Applicant: Francis X. McKEEN ,  Carlos V. ROZAS ,  Uday R. SAVAGAONKAR ,  Simon P. JOHNSON ,  Vincent SCARLATA ,  Michael A. GOLDSMITH ,  Ernie BRICKELL ,  Jiang Tao LI ,  Howard C. HERBERT ,  Prashant DEWAN ,  Stephen J. TOLOPKA ,  Gilbert NEIGER ,  David DURHAM ,  Gary GRAUNKE ,  Bernard LINT ,  Don A. VAN DYKE ,  Joseph CIHULA ,  Stalinselvaraj JEYASINGH ,  Stephen R. VAN DOREN ,  Dion RODGERS ,  John GARNEY ,  Asher ALTMAN

Inventor： Francis X. McKEEN ,  Carlos V. ROZAS ,  Uday R. SAVAGAONKAR ,  Simon P. JOHNSON ,  Vincent SCARLATA ,  Michael A. GOLDSMITH ,  Ernie BRICKELL ,  Jiang Tao LI ,  Howard C. HERBERT ,  Prashant DEWAN ,  Stephen J. TOLOPKA ,  Gilbert NEIGER ,  David DURHAM ,  Gary GRAUNKE ,  Bernard LINT ,  Don A. VAN DYKE ,  Joseph CIHULA ,  Stalinselvaraj JEYASINGH ,  Stephen R. VAN DOREN ,  Dion RODGERS ,  John GARNEY ,  Asher ALTMAN

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US20120079481A1

公开(公告)日：2012-03-29

申请号：US13290798

申请日：2011-11-07

Applicant: STEVEN M. BENNETT ,  Andrew V. Anderson ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Xiang Zou ,  Lawrence Smith ,  Scott Rodgers

Inventor： STEVEN M. BENNETT ,  Andrew V. Anderson ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Xiang Zou ,  Lawrence Smith ,  Scott Rodgers

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F2009/45583

Abstract: In one embodiment, a predefined behavior of a virtual machine monitor (VMM) with respect to one or more virtual machines (VMs) is identified, and processor-managed resources associated with the one or more VMs are utilized based on the predefined behavior of the VMM.

Abstract translation: 在一个实施例中，识别相对于一个或多个虚拟机（VM）的虚拟机监视器（VMM）的预定义行为，并且基于所述一个或多个虚拟机（VM）的预定义行为来利用与所述一个或多个VM相关联的处理器管理的资源 VMM。

公开(公告)号：US07886293B2

公开(公告)日：2011-02-08

申请号：US10886422

申请日：2004-07-07

Applicant: Andrew V. Anderson ,  Steven M. Bennett ,  Erik C. Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kägi ,  Michael A. Goldsmith ,  Sebastian Schoenberg ,  Richard Uhlig

Inventor： Andrew V. Anderson ,  Steven M. Bennett ,  Erik C. Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kägi ,  Michael A. Goldsmith ,  Sebastian Schoenberg ,  Richard Uhlig

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F11/0712 ,  G06F11/0766

Abstract: In one embodiment, the present invention includes a method of transitioning control to guest software in a virtual machine from a virtual machine monitor, receiving control following a transition from the virtual machine to the virtual machine monitor upon an event, and determining whether to modify a state of the guest code, a state of the virtual machine monitor or a state of controls. If such a determination is made, the state may be modified and control is transitioned back to the guest software.

Abstract translation: 在一个实施例中，本发明包括一种从虚拟机监视器向虚拟机中的客户软件转换控制的方法，在事件之后从虚拟机向虚拟机监视器转换后接收控制，并且确定是否修改 客户代码的状态，虚拟机监视的状态或控制状态。 如果做出这样的决定，则可以修改状态并将控制转换回客户软件。

公开(公告)号：US07272831B2

公开(公告)日：2007-09-18

申请号：US09823482

申请日：2001-03-30

Applicant: Erik Cota-Robles ,  Stephen Chou ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Erik Cota-Robles ,  Stephen Chou ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F9/455 ,  G06F13/10 ,  G06F9/54

CPC classification number: G06F9/45558 ,  G06F2009/45579

Abstract: A method and apparatus for constructing host processor soft devices independent of the host processor operating system are provided. In one embodiment, a driver of a soft device is implemented in a virtual machine monitor (VMM), and the soft device is made available for use by one or more virtual machines coupled to the VMM. In an alternative embodiment, a software component of a soft device is implemented in a first virtual machine that is coupled to a VMM, and the soft device is made available for use by a second virtual machine coupled to the VMM.

Abstract translation: 提供了用于构建独立于主机处理器操作系统的主处理器软设备的方法和装置。 在一个实施例中，软质装置的驱动器在虚拟机监视器（VMM）被实现，并且软设备由耦合到VMM的一个或多个虚拟机提供使用。 在一个替代实施例中，柔软的装置的软件组件在被耦合到VMM的第一虚拟机中实现，并且软设备由耦合到VMM的第二虚拟机提供使用。

公开(公告)号：US20060010440A1

公开(公告)日：2006-01-12

申请号：US10886422

申请日：2004-07-07

Applicant: Andrew Anderson ,  Steven Bennett ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alani Kagi ,  Michael Goldsmith ,  Sebastian Schoenberg ,  Richard Uhlig

Inventor： Andrew Anderson ,  Steven Bennett ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alani Kagi ,  Michael Goldsmith ,  Sebastian Schoenberg ,  Richard Uhlig

IPC: G06F9/46

CPC classification number: G06F9/45533 ,  G06F11/0712 ,  G06F11/0766

Abstract: In one embodiment, the present invention includes a method of transitioning control to guest software in a virtual machine from a virtual machine monitor, receiving control following a transition from the virtual machine to the virtual machine monitor upon an event, and determining whether to modify a state of the guest code, a state of the virtual machine monitor or a state of controls. If such a determination is made, the state may be modified and control is transitioned back to the guest software.

Abstract translation: 在一个实施例中，本发明包括一种从虚拟机监视器向虚拟机中的客户软件转换控制的方法，在事件之后从虚拟机向虚拟机监视器转换后接收控制，并且确定是否修改 客户代码的状态，虚拟机监视的状态或控制状态。 如果做出这样的决定，则可以修改状态并将控制转换回客户软件。

公开(公告)号：US20050080934A1

公开(公告)日：2005-04-14

申请号：US10676584

申请日：2003-09-30

Applicant: Erik Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Erik Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F12/10 ,  G06F3/00

CPC classification number: G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

公开(公告)号：US09087200B2

公开(公告)日：2015-07-21

申请号：US13527547

申请日：2012-06-19

Applicant: Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/72 ,  G06F21/60 ,  G06F21/53 ,  G06F12/14

CPC classification number: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：US20130212313A1

公开(公告)日：2013-08-15

申请号：US13837648

申请日：2013-03-15

Applicant: Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Eric C. Cota-Robles ,  Andy Glew ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F12/10

CPC classification number: G06F12/1027 ,  G06F9/30076 ,  G06F12/1036 ,  G06F2212/151

Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.

Abstract translation: 本发明的一个实施例是使翻译后备缓冲器（TLB）中的条目无效的技术。 处理器中的TLB具有多个TLB条目。 当执行无效操作时，每个TLB条目与虚拟机扩展（VMX）标签字相关联，指示相关联的TLB条目是否根据处理器模式而无效。 处理器模式是虚拟机（VM）中的执行之一，而不是虚拟机中的执行。 无效操作属于一个无效的无效操作集合，它由（1）可能为空的操作集合组合，使一组可变数量的TLB条目无效，（2）一组可能的空白操作，使一个TLB无效 条目，（3）使多个TLB条目无效的可能的一组操作，（4）启用和禁用虚拟存储器的使用的可能的一组可能的空操作，以及（5）配置物理的可能的一组操作 地址大小，页面大小或其他虚拟内存系统行为，以改变物理机器解释TLB条目的方式。

公开(公告)号：US20130159726A1

公开(公告)日：2013-06-20

申请号：US13527547

申请日：2012-06-19

Applicant: Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

Inventor： Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/72

CPC classification number: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。