摘要:
Systems, especially operating systems, are becoming more complex to the point where maintaining them by humans is becoming nearly impossible. Many corporations have recognized this trend and have begun investing in autonomic technology. Autonomic technology allows a piece of software to monitor, diagnose, and repair itself. This can be used for improved performance, reliability, maintainability, security, etc. Disclosed herein is a mechanism to allow operating systems to hot swap a piece of operating system code, while continuing to offer to the user the service which that code is providing. This can be used, for examples, to increase the performance of an application or to fix a detected security hole live without bringing the machine down. Some autonomic ability will be mandatory in next generation operating system for without it they will collapse under their own complexity. The invention offers a key component of being able to achieve autonomic computing.
摘要:
To dynamically update an operating system, a new factory object may have one or more new and/or updated object instances. A corresponding old factory object is then located and its version is checked for compatibility. A dynamic update procedure is then executed, which includes (a) changing a factory reference pointer within the operating system from the old factory object to the new factory object. For the case of updated object instances, (b) hot swapping each old object instance for its corresponding updated object instance, and (c) removing the old factory object. This may be performed for multiple updated object instances in the new factory object, preferably each separately. For the case of new object instances, they are created by the new factory and pointers established to invoke them. A single factory object may include multiple updated objects from a class, and/or new object instances from different classes, and the update may be performed without the need to reboot the operating system.
摘要:
A system, method and computer program product for enhancing a real-time operating system (RTOS) with functionality normally associated with a general purpose operating system (GPOS). A hypervisor that is adapted to perform a real-time scheduling function supports concurrent execution of an RTOS and a GPOS on a system of shared hardware resources. The RTOS or its applications can utilize services provided by the GPOS. Such services may include one or more of file system organization, network communication, network management, database management, security, user-interface support and others. To enhance operational robustness and security, the hypervisor can be placed in read-only storage while maintaining the ability to update scheduling mechanisms. A programmable policy manager that is maintained in read-write storage can be used to dictate scheduling policy changes to the hypervisor as required to accommodate current needs.
摘要:
A method, system and computer program product for managing requests for deferred updates to shared data elements while minimizing grace period detection overhead associated with determining whether pre-existing references to the data elements have been removed. Plural update requests that are eligible for grace period detection are buffered without performing grace period detection processing. One or more conditions that could warrant commencement of grace period detection processing are monitored while the update requests are buffered. If warranted by such a condition, grace period detection is performed relative to the update requests so that they can be processed. In this way, grace period detection overhead can be amortized over plural update requests while being sensitive to conditions warranting prompt grace period detection.
摘要:
A method and apparatus for restricting access of an application to computer hardware. The apparatus includes both an authentication module and a validation module. The authentication module is within the trusted firmware layer. The purpose of the authentication module is to verify a cryptographic key presented by an application. The validation module is responsive to the authentication module and limits access of the application to the computer hardware. The authentication modules may be implemented in software through a firmware call, or through a hardware register of the computer.
摘要:
Methods, systems, and media for reducing memory latency seen by processors by providing a measure of control over on-chip memory (OCM) management to software applications, implicitly and/or explicitly, via an operating system are contemplated. Many embodiments allow part of the OCM to be managed by software applications via an application program interface (API), and part managed by hardware. Thus, the software applications can provide guidance regarding address ranges to maintain close to the processor to reduce unnecessary latencies typically encountered when dependent upon cache controller policies. Several embodiments utilize a memory internal to the processor or on a processor node so the memory block used for this technique is referred to as OCM.
摘要:
A system, method and computer program product for efficient sharing of memory between first and second applications running under first and second operating systems on a shared hardware system. The hardware system runs a hypervisor that supports concurrent execution of the first and second operating systems, and further includes a region of shared memory managed on behalf of the first and second applications. Techniques are used to avoid preemption when the first application is accessing the shared memory region. In this way, the second application will not be unduly delayed when attempting to access the shared memory region due to delays stemming from the first application's access of the shared memory region. This is especially advantageous when the second application and operating system are adapted for real-time processing. Additional benefits can be obtained by taking steps to minimize memory access faults.
摘要:
Utilizing a software locking approach to execute a code section, upon failure of a hardware transactional approach, is disclosed. A method is disclosed that includes utilizing a hardware approach to transactional memory to execute a code section relating to memory. Where utilizing the hardware approach fails a threshold in executing the code section, the software approach is instead utilized to execute the code section relating to the memory. The threshold may include the hardware approach aborting execution of the code section a predetermined one or more times. The hardware approach includes starting a transaction inclusive of the code section, conditionally executing the transaction, and upon successfully completing the transaction, committing execution to memory. The software locking approach includes placing a lock on memory, executing the code section, committing execution of the code section to the memory as the code section is executed, and then removing the lock from the memory.
摘要:
A processing device comprises a processor coupled to a memory and implements a refresh-and-rotation process to protect a system comprising information technology infrastructure from a persistent security threat. The processing device is configured to replace one or more identified resources of a resource pool of the information technology infrastructure with one or more corresponding refreshed resources so as to provide a refreshed resource pool, and to remap elements of a set of workloads running on the information technology infrastructure to elements of the refreshed resource pool in order to deter the persistent security threat. The processing device may maintain within the resource pool a set of reserve resource pool elements that have no workload elements mapped to them, and can add resource pool elements to and remove resource pool elements from the set of reserve resource pool elements in conjunction with the remapping of workload elements to resource pool elements.
摘要:
Memory Access Coloring provides architecture support that allows software to classify memory accesses into different congruence classes by specifying a color for each memory access operation. The color information is received and recorded by the underlying system with appropriate granularity. This allows hardware to monitor color-based cache monitoring information and provide such feedback to the software to enable various runtime optimizations. It also enables enforcement of different memory consistency models for memory regions with different colors at the same time.