公开(公告)号：US20210132968A1

公开(公告)日：2021-05-06

申请号：US16671086

申请日：2019-10-31

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F9/30 ,  G06F9/54 ,  G06F13/42

Abstract: System and method for providing trusted execution environments uses a peripheral component interconnect (PCI) device of a computer system to receive and process commands to create and manage a trusted execution environment for a software process running in the computer system. The trusted execution environment created in the PCI device is then used to execute operations for the software process.

公开(公告)号：US20190258590A1

公开(公告)日：2019-08-22

申请号：US15898714

申请日：2018-02-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F13/10 ,  G06F9/455

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

公开(公告)号：US20190012179A1

公开(公告)日：2019-01-10

申请号：US15644670

申请日：2017-07-07

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Alexander FAINKICHEN ,  Ye LI

IPC: G06F9/44 ,  G06F3/06 ,  G06F12/1009 ,  G06F9/38 ,  G06F12/121 ,  G06F12/1027

CPC classification number: G06F9/4403 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/068 ,  G06F9/38 ,  G06F9/4405 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/121 ,  G06F2212/65 ,  G06F2212/68

Abstract: A method of initializing a secondary processor pursuant to a soft reboot of system software comprises storing code to be executed by the secondary processor in memory, building first page tables to map the code into a first address space and second page tables to identically map the code into a second address space, fetching a first instruction of the code based on a first virtual address in the first address space and the first page tables, and executing the code beginning with the first instruction to switch from the first to the second page tables. The method further comprises, fetching a next instruction of the code using a second virtual address, which is identically mapped to a corresponding machine address, turning off a memory management unit of the secondary processor, and executing a waiting loop until a predetermined location in the physical memory changes in value.

公开(公告)号：US20160291986A1

公开(公告)日：2016-10-06

申请号：US14675381

申请日：2015-03-31

Applicant: VMWARE, INC.

Inventor： Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Harvey TUCH

IPC: G06F9/44

CPC classification number: G06F9/4411

Abstract: A mapping table is passed to system software upon loading of the system software in a computer system. The mapping table is generated from a user-defined configuration file and maps device identifiers of various devices implemented in the computer system, as assigned by the device manufacturers, to device identifiers that are recognizable by the system software. The mapping is used by the system software when it performs binding of device drivers to devices so that devices that have been given generic and sometimes obscure names by the device manufacturers can still be associated with and bound to device drivers loaded by the system software.

Abstract translation: 在计算机系统中加载系统软件时，将映射表传递给系统软件。 映射表是从用户定义的配置文件生成的，并将在设备制造商分配的计算机系统中实现的各种设备的设备标识符映射到系统软件可识别的设备标识符。 当系统软件执行设备驱动程序到设备的绑定时，系统软件将使用该映射，以便设备制造商给予通用且有时是模糊的名称的设备仍然可以与系统软件加载的设备驱动程序相关联并绑定到设备驱动程序。

公开(公告)号：US20150370591A1

公开(公告)日：2015-12-24

申请号：US14312207

申请日：2014-06-23

Applicant: VMware, Inc.

Inventor： Harvey TUCH ,  Andrei WARKENTIN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45591

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract translation: 在可在多于两个分层特权级别中操作的虚拟化计算机系统中，包括虚拟机内核和虚拟机监视器（VMM）的管理程序的组件被分配给不同的权限级别。 虚拟机内核在低权限级别下运行，以便能够利用低权限级别提供的某些功能，并且VMM以高权限级别运行以支持虚拟机的执行。 在确定将要执行从虚拟机内核到VMM的上下文切换时，计算机系统退出低权限级别，并且进入高权限级别以执行支持到VMM的上下文切换的蹦床，例如状态改变， 然后是VMM。 执行控制切换到VMM后，蹦床停用。

公开(公告)号：US20210026648A1

公开(公告)日：2021-01-28

申请号：US16521434

申请日：2019-07-24

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F9/4401 ,  G06F16/22

Abstract: A method for generating boot tables for a device having access to device information. It is determined whether there exists at least one system boot table stored in a memory. If it is determined that a system boot table does not exist, the device information is retrieved, and the device information is converted to at least one boot table. The converting includes generating a first boot table by populating the first boot table with information of components of the device that have a correspondence to a computer system boot information standard. The generating also includes generating a second boot table for another component of the device that does not have a correspondence to the computer system boot information standard, by creating an entry in the second boot table that is populated with an identifier used to find a compatible component defined in the computer system boot standard.

公开(公告)号：US20190026118A1

公开(公告)日：2019-01-24

申请号：US15654206

申请日：2017-07-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE

IPC: G06F9/44 ,  G06F9/445

Abstract: A method of providing software support of an input/output (TO) device of a computing system having an advanced configuration and power interface (ACPI) subsystem executing therein is described. The method includes: processing an ACPI namespace to determine first and second identifiers of the IO device; determining absence of a device driver for the IO device based on the first identifier; and loading a first fallback device driver portion based on the second identifier, the first fallback device driver portion providing an interface to a control method in the ACPI namespace, the control method executable by the ACPI subsystem to implement a second fallback device driver portion that supports at least a portion of functionality for the IO device.

公开(公告)号：US20170364379A1

公开(公告)日：2017-12-21

申请号：US15184455

申请日：2016-06-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F11/36

CPC classification number: G06F9/45558 ,  G06F9/3861 ,  G06F9/4812 ,  G06F11/362 ,  G06F13/24 ,  G06F2009/45591 ,  G06F2209/481

Abstract: A method of providing a backdoor interface between software executing in a virtual machine and a hypervisor executing on a computing system that supports the virtual machine includes trapping, at the hypervisor, an exception generated in response to execution of a debug instruction on a central processing unit (CPU) by the software; identifying, by an exception handler of the hypervisor handling the exception, an equivalence between an immediate operand of the debug instruction and a predefined value; and invoking, in response to the equivalence, a backdoor service of the hypervisor using state of at least one register of the CPU as parametric input, the state being set by the software prior to executing the debug instruction.

公开(公告)号：US20170060613A1

公开(公告)日：2017-03-02

申请号：US14982837

申请日：2015-12-29

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/45562

Abstract: In an example, a computer system includes a hardware platform and a hypervisor executing on the hardware platform. The hypervisor includes a kernel and a plurality of user-space instances within a user-space above the kernel. Each user-space instance is isolated from each other user-space instance through namespaces. Each user-space instance includes resources confined by hierarchical resource groups. The computer system includes a plurality of virtual hypervisors, where each virtual hypervisor executes in a respective user-space instance of the plurality of user-space instances.

Abstract translation: 在一个示例中，计算机系统包括在硬件平台上执行的硬件平台和管理程序。 管理程序包括内核和内核之上的用户空间中的多个用户空间实例。 每个用户空间实例通过命名空间与其他用户空间实例隔离。 每个用户空间实例包括由分层资源组限制的资源。 计算机系统包括多个虚拟管理程序，其中每个虚拟管理程序在多个用户空间实例的相应用户空间实例中执行。

公开(公告)号：US20160170912A1

公开(公告)日：2016-06-16

申请号：US14572511

申请日：2014-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH

IPC: G06F12/14 ,  G06F9/455 ,  G06F13/24

CPC classification number: G06F13/24 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: In a computer system operable at multiple hierarchical privilege levels, a “wait-for-event” (WFE) communication channel between components operating at different privilege levels is established. Initially, a central processing unit (CPU) is configured to to “trap” WFE instructions issued by a client, such as an operating system, operating at one privilege level to an agent, such as a hypervisor, operating at a more privileged level. After storing a predefined special sequence in a storage component (e.g., a register), the client executes a WFE instruction. As part of trapping the WFE instruction, the agent reads and interprets the special sequence from the storage component and may respond to the special sequence by storing another special sequence in a storage component that is accessible to the client. Advantageously, a client may leverage this WFE communication channel to safely and reliably detect whether an agent is present.

Abstract translation: 在可操作于多个分级特权级别的计算机系统中，建立以不同权限级别操作的组件之间的“等待事件”（WFE）通信信道。 最初，中央处理单元（CPU）被配置为“以特殊级别操作的代理（例如虚拟机管理程序）”捕获由某个特权级别操作的诸如操作系统的客户端发出的WFE指令。 在将预定义的特殊序列存储在存储组件（例如，寄存器）中之后，客户机执行WFE指令。 作为捕获WFE指令的一部分，代理从存储组件读取和解释特殊序列，并且可以通过将另一个特殊序列存储在客户端可访问的存储组件中来响应特殊序列。 有利地，客户端可以利用该WFE通信信道来安全和可靠地检测代理是否存在。