公开(公告)号：US11132450B2

公开(公告)日：2021-09-28

申请号：US15054550

申请日：2016-02-26

申请人： Red Hat, Inc.

发明人： Vivek Goyal ,  Daniel Walsh ,  Huamin Chen ,  Mrunal Patel

IPC分类号： G06F21/62 ,  G06F9/455 ,  G06F16/188

摘要： An access control engine can enable a host operating system to propagate a private resource of an isolated virtual environment, such as a container, running on the host operating system outside of the isolated virtual environment. The private resource can include, for example, a file system mounted within the isolated virtual environment. The access control engine can receive a command and launch the isolated virtual environment in response to the command. Also, in response to the command, the access control engine can interface with a kernel of the host operating system to configure the isolated virtual environment so that the private resource is accessible outside the isolated virtual environment.

公开(公告)号：US10776267B2

公开(公告)日：2020-09-15

申请号：US15837902

申请日：2017-12-11

申请人： Red Hat, Inc.

发明人： Jeffrey E. Moyer ,  Vivek Goyal

IPC分类号： G06F12/0804 ,  G06F3/06 ,  G06F11/20

摘要： Mirrored byte addressable storage is disclosed. For example, first and second persistent memories store first and second pluralities of pages, both associated with a plurality of page states in a mirror state log in a third persistent memory. A mirror engine executing on a processor with a processor cache detects a write fault associated with the first page of the first plurality of pages and in response, updates a first page state to a dirty-nosync state. A notice of a flush operation of the processor cache associated with first data is received. The first data becomes persistent in the first page of the first plurality of pages after the flush operation; then the first page state is updated to a clean-nosync state. The first data is then copied to the first page of the second plurality of pages; then the first page state is updated to a clean-sync state.

公开(公告)号：US20200242264A1

公开(公告)日：2020-07-30

申请号：US16259595

申请日：2019-01-28

申请人： Red Hat, Inc.

发明人： Stefan Hajnoczi ,  Vivek Goyal ,  David Alan Gilbert ,  Steven John Whitehouse ,  Miklos Szeredi

IPC分类号： G06F21/62 ,  G06F21/53 ,  G06F21/60 ,  G06F12/1009 ,  G06F12/0804 ,  G06F9/54 ,  G06F9/455

摘要： Direct access to host memory for guests is disclosed. For example, a system includes a processor, a host memory, a filesystem daemon, a guest including a storage controller, and a filesystem queue accessible to the filesystem daemon and the storage controller. The storage controller receives a file retrieval request associated with a file stored in the host memory and forwards the file retrieval request to the filesystem daemon by adding the file retrieval request to the filesystem queue. The filesystem daemon retrieves the file retrieval request from the filesystem queue, determines a host memory address (HMA) associated with the file, and causes the HMA to be mapped to a guest memory address (GMA). The guest accesses the file in the host memory with the GMA, and later terminates access to the file, where the filesystem daemon is then configured cause the GMA to be unmapped.

公开(公告)号：US10452538B2

公开(公告)日：2019-10-22

申请号：US14602109

申请日：2015-01-21

申请人： Red Hat, Inc.

发明人： Henri Han van Riel ,  Vivek Goyal

IPC分类号： G06F12/02 ,  G06F9/48 ,  G06F11/34 ,  G06F12/0813

摘要： Disclosed are systems and methods for determining task scores reflective of memory access statistics in NUMA systems. An example method may comprise: determining, by a processing device, a first memory access score of a task with respect to a first node of a Non-Uniform Memory Access (NUMA) system; adjusting the first memory access score using memory access scores of the task with respect to one or more nodes of the NUMA system; and migrating, in view of the adjusting, at least one of: the task or a memory page associated with the task.

公开(公告)号：US20190179750A1

公开(公告)日：2019-06-13

申请号：US15837902

申请日：2017-12-11

申请人： Red Hat, Inc.

发明人： Jeffrey E. Moyer ,  Vivek Goyal

IPC分类号： G06F12/0804 ,  G06F3/06 ,  G06F11/20

摘要： Mirrored byte addressable storage is disclosed. For example, first and second persistent memories store first and second pluralities of pages, both associated with a plurality of page states in a mirror state log in a third persistent memory. A mirror engine executing on a processor with a processor cache detects a write fault associated with the first page of the first plurality of pages and in response, updates a first page state to a dirty-nosync state. A notice of a flush operation of the processor cache associated with first data is received. The first data becomes persistent in the first page of the first plurality of pages after the flush operation; then the first page state is updated to a clean-nosync state. The first data is then copied to the first page of the second plurality of pages; then the first page state is updated to a clean-sync state.

公开(公告)号：US20200242263A1

公开(公告)日：2020-07-30

申请号：US16259590

申请日：2019-01-28

申请人： Red Hat, Inc.

发明人： Stefan Hajnoczi ,  Vivek Goyal ,  David Alan Gilbert ,  Steven John Whitehouse ,  Miklos Szeredi

IPC分类号： G06F21/62 ,  G06F21/53 ,  G06F21/60 ,  G06F12/1009 ,  G06F9/50 ,  G06F9/54 ,  G06F9/455

摘要： Secure and efficient access to host memory for guests is disclosed. For example, a system includes (i) a processor, (ii) a host memory, (iii) a hypervisor including a filesystem daemon, (iv) a guest including a storage controller, and (v) a first filesystem queue. The storage controller is configured to receive a file request, translate the file request, and add the translated file request to a filesystem queue. The filesystem daemon is configured to retrieve the translated file request from the filesystem queue and provide access to a file in the host memory identified in the file request to the guest.

公开(公告)号：US09483341B2

公开(公告)日：2016-11-01

申请号：US14146102

申请日：2014-01-02

申请人： Red Hat, Inc.

发明人： Vivek Goyal ,  RuiRui Yang

IPC分类号： G06F11/22 ,  G06F11/07 ,  G06F21/57

CPC分类号： G06F11/0778 ,  G06F11/0706 ,  G06F21/57

摘要： A system for applying security label on a kernel core crash file is disclosed. A method of the disclosure includes accessing, by a processing device, a crash recovery configuration file, parsing the crash recovery configuration file to determine a storage location of a core file, the core file comprising an image of a kernel of an operating system (OS), the image being captured when the OS fails, locating the core file at the determined storage location, and upon determining that a security label is not associated with the core file, sending a command to apply the security label to the core file.

摘要翻译： 公开了一种在内核核心崩溃文件上应用安全标签的系统。 本公开的方法包括：通过处理设备访问崩溃恢复配置文件，解析崩溃恢复配置文件以确定核心文件的存储位置，所述核心文件包括操作系统的内核（OS ），当OS失败时捕获的图像，将核心文件定位在确定的存储位置，并且在确定安全标签与核心文件不相关联时，发送将安全标签应用于核心文件的命令。

公开(公告)号：US20160210049A1

公开(公告)日：2016-07-21

申请号：US14602109

申请日：2015-01-21

申请人： Red Hat, Inc.

发明人： Henri Han van Riel ,  Vivek Goyal

IPC分类号： G06F3/06

摘要： Disclosed are systems and methods for determining task scores reflective of memory access statistics in NUMA systems. An example method may comprise: determining, by a processing device, a first memory access score of a task with respect to a first node of a Non-Uniform Memory Access (NUMA) system; adjusting the first memory access score using memory access scores of the task with respect to one or more nodes of the NUMA system; and migrating, in view of the adjusting, at least one of: the task or a memory page associated with the task.

摘要翻译： 公开了用于确定反映NUMA系统中的存储器访问统计的任务分数的系统和方法。 示例性方法可以包括：由处理设备确定相对于非均匀存储器访问（NUMA）系统的第一节点的任务的第一存储器访问分数; 使用所述任务的存储器访问分数相对于所述NUMA系统的一个或多个节点来调整所述第一存储器访问分数; 并且考虑到所述调整，迁移与所述任务相关联的所述任务或存储器页面中的至少一个。

公开(公告)号：US11221780B2

公开(公告)日：2022-01-11

申请号：US16543939

申请日：2019-08-19

申请人： RED HAT, INC.

发明人： Daniel J. Walsh ,  Vivek Goyal ,  Shishir Mahajan

IPC分类号： G06F3/00 ,  G06F3/06

摘要： Implementations of the disclosure provide for size adjustable volumes for containers. A method of the disclosure includes determining, by a processing device of a Platform-as-a-Service (PaaS) system, a size limitation of a container, where the size limitation is associated with disk space usage of a storage volume group. The amount of disk space used by applications of the container is monitored in view of the size limitation of the container. Responsive to determining that the amount of the disk space used by the applications of the container satisfies a threshold, a storage volume of the storage volume group is allocated to the container in view of the size limitation of the container.

公开(公告)号：US20200250092A1

公开(公告)日：2020-08-06

申请号：US16265551

申请日：2019-02-01

申请人： Red Hat, Inc.

发明人： Miklos Szeredi ,  Stefan Hajnoczi ,  Vivek Goyal ,  David Alan Gilbert

IPC分类号： G06F12/0806 ,  G06F16/172

摘要： Shared filesystem metadata caching is disclosed. For example, a system includes a guest with a storage controller (SC) and a metadata cache on a host with a filesystem daemon (FSD), and a host memory storing a registration table (RT). The SC receives a first metadata request associated with a file stored in the host memory. A first version identifier (VID) of metadata associated with the file is retrieved from the metadata cache and validated against a corresponding second VID in the RT. Upon determining the first VID matches the second VID, the SC responds to the first metadata request based on the metadata. Upon determining the first VID fails to match the second VID, the SC requests the FSD to update the metadata. The first VID is updated to match the second VID and the SC responds to the first metadata request based on the updated metadata.