公开(公告)号：US20170364365A1

公开(公告)日：2017-12-21

申请号：US15183192

申请日：2016-06-15

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/44

Abstract: An example method of initializing a plurality of processors in a hardware platform of computing device for use by system software executing on the hardware platform includes: parsing a descriptor table that has been loaded into memory from firmware to identify an original boot protocol for initializing at least one secondary processor of the plurality of processors; creating at least one mailbox structure in the memory associated with the at least one secondary processor; causing the at least one secondary processor to execute secondary processor initialization code stored in the memory, the secondary processor initialization code implementing a mailbox-based boot protocol that uses the at least one mailbox structure to initialize the at least one secondary processor; and modifying the descriptor table to identify the mailbox-based boot protocol for initializing the at least one secondary processor in place of the original boot protocol.

公开(公告)号：US20160170679A1

公开(公告)日：2016-06-16

申请号：US14572505

申请日：2014-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH

IPC: G06F3/06

CPC classification number: G06F3/0632 ,  G06F3/0604 ,  G06F3/0673 ,  G06F9/4401 ,  G06F9/4403 ,  G06F11/00

Abstract: In a computer system with multiple central processing units (CPUs), initialization of a memory management unit (MMU) for a secondary CPU is performed using an exception generated by the MMU. In general, this technique leverages the exception handling features of the secondary CPU to switch the CPU from executing secondary CPU initialization code with the MMU “off” to executing secondary CPU initialization code with the MMU “on.” Advantageously, in contrast to conventional techniques for MMU initialization, this exception-based technique does not require identity mapping of the secondary CPU initialization code to ensure proper execution of the secondary CPU initialization code.

Abstract translation: 在具有多个中央处理单元（CPU）的计算机系统中，使用由MMU生成的异常来执行用于辅助CPU的存储器管理单元（MMU）的初始化。 一般来说，这种技术利用辅助CPU的异常处理功能，将CPU从执行辅助CPU初始化代码的MMU“关闭”切换到执行次级CPU初始化代码，MMU“打开”。有利的是，与传统技术 对于MMU初始化，这种基于异常的技术不需要辅助CPU初始化代码的身份映射，以确保辅助CPU初始化代码的正确执行。

公开(公告)号：US20150371036A1

公开(公告)日：2015-12-24

申请号：US14312249

申请日：2014-06-23

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH

IPC: G06F21/53 ,  G06F9/455

CPC classification number: G06F9/45516 ,  G06F9/45533 ,  G06F21/74

Abstract: A secure mode of a computer system is used to provide simulated devices. In operation, if an instruction executing in a non-secure mode accesses a simulated device, then a resulting exception is forwarded to a secure monitor executing in the secure mode. Based on the address accessed by the instruction, the secure monitor identifies the device and simulates the instruction. The secure monitor executes independently of other applications included in the computer system, and does not rely on any hardware virtualization capabilities of the computer system.

Abstract translation: 使用计算机系统的安全模式来提供模拟设备。 在操作中，如果以非安全模式执行的指令访问模拟设备，则将产生的异常转发到以安全模式执行的安全监视器。 根据指令访问的地址，安全监视器识别设备并模拟指令。 安全监视器独立于计算机系统中包括的其他应用程序执行，并且不依赖于计算机系统的任何硬件虚拟化功能。

公开(公告)号：US20150370592A1

公开(公告)日：2015-12-24

申请号：US14312225

申请日：2014-06-23

Applicant: VMware, Inc.

Inventor： Harvey TUCH ,  Andrei WARKENTIN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract translation: 在可在多于两个分层特权级别中操作的虚拟化计算机系统中，包括虚拟机内核和虚拟机监视器（VMM）的管理程序的组件被分配给不同的权限级别。 虚拟机内核在低权限级别下运行，以便能够利用低权限级别提供的某些功能，并且VMM以高权限级别运行以支持虚拟机的执行。 在确定将要执行从虚拟机内核到VMM的上下文切换时，计算机系统退出低权限级别，并且进入高权限级别以执行支持到VMM的上下文切换的蹦床，例如状态改变， 然后是VMM。 执行控制切换到VMM后，蹦床停用。

公开(公告)号：US20170364379A1

公开(公告)日：2017-12-21

申请号：US15184455

申请日：2016-06-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F11/36

CPC classification number: G06F9/45558 ,  G06F9/3861 ,  G06F9/4812 ,  G06F11/362 ,  G06F13/24 ,  G06F2009/45591 ,  G06F2209/481

Abstract: A method of providing a backdoor interface between software executing in a virtual machine and a hypervisor executing on a computing system that supports the virtual machine includes trapping, at the hypervisor, an exception generated in response to execution of a debug instruction on a central processing unit (CPU) by the software; identifying, by an exception handler of the hypervisor handling the exception, an equivalence between an immediate operand of the debug instruction and a predefined value; and invoking, in response to the equivalence, a backdoor service of the hypervisor using state of at least one register of the CPU as parametric input, the state being set by the software prior to executing the debug instruction.

公开(公告)号：US20170060613A1

公开(公告)日：2017-03-02

申请号：US14982837

申请日：2015-12-29

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/45562

Abstract: In an example, a computer system includes a hardware platform and a hypervisor executing on the hardware platform. The hypervisor includes a kernel and a plurality of user-space instances within a user-space above the kernel. Each user-space instance is isolated from each other user-space instance through namespaces. Each user-space instance includes resources confined by hierarchical resource groups. The computer system includes a plurality of virtual hypervisors, where each virtual hypervisor executes in a respective user-space instance of the plurality of user-space instances.

Abstract translation: 在一个示例中，计算机系统包括在硬件平台上执行的硬件平台和管理程序。 管理程序包括内核和内核之上的用户空间中的多个用户空间实例。 每个用户空间实例通过命名空间与其他用户空间实例隔离。 每个用户空间实例包括由分层资源组限制的资源。 计算机系统包括多个虚拟管理程序，其中每个虚拟管理程序在多个用户空间实例的相应用户空间实例中执行。

公开(公告)号：US20160170912A1

公开(公告)日：2016-06-16

申请号：US14572511

申请日：2014-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH

IPC: G06F12/14 ,  G06F9/455 ,  G06F13/24

CPC classification number: G06F13/24 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: In a computer system operable at multiple hierarchical privilege levels, a “wait-for-event” (WFE) communication channel between components operating at different privilege levels is established. Initially, a central processing unit (CPU) is configured to to “trap” WFE instructions issued by a client, such as an operating system, operating at one privilege level to an agent, such as a hypervisor, operating at a more privileged level. After storing a predefined special sequence in a storage component (e.g., a register), the client executes a WFE instruction. As part of trapping the WFE instruction, the agent reads and interprets the special sequence from the storage component and may respond to the special sequence by storing another special sequence in a storage component that is accessible to the client. Advantageously, a client may leverage this WFE communication channel to safely and reliably detect whether an agent is present.

Abstract translation: 在可操作于多个分级特权级别的计算机系统中，建立以不同权限级别操作的组件之间的“等待事件”（WFE）通信信道。 最初，中央处理单元（CPU）被配置为“以特殊级别操作的代理（例如虚拟机管理程序）”捕获由某个特权级别操作的诸如操作系统的客户端发出的WFE指令。 在将预定义的特殊序列存储在存储组件（例如，寄存器）中之后，客户机执行WFE指令。 作为捕获WFE指令的一部分，代理从存储组件读取和解释特殊序列，并且可以通过将另一个特殊序列存储在客户端可访问的存储组件中来响应特殊序列。 有利地，客户端可以利用该WFE通信信道来安全和可靠地检测代理是否存在。

公开(公告)号：US20190286558A1

公开(公告)日：2019-09-19

申请号：US16420549

申请日：2019-05-23

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Harvey TUCH ,  Andrei WARKENTIN ,  Adrian DRZEWIECKI

IPC: G06F12/02 ,  G06F12/06 ,  G06F12/04 ,  G06F9/455

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

公开(公告)号：US20160170816A1

公开(公告)日：2016-06-16

申请号：US14572516

申请日：2014-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH

IPC: G06F9/54 ,  G06F9/455

CPC classification number: G06F9/544 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45591

Abstract: In a computer system operable at multiple hierarchical privilege levels, a “wait-for-event” (WFE) communication channel between components operating at different privilege levels is established. Initially, a central processing unit (CPU) is configured to to “trap” WFE instructions issued by a client, such as an operating system, operating at one privilege level to an agent, such as a hypervisor, operating at a more privileged level. After storing a predefined special sequence in a storage component (e.g., a register), the client executes a WFE instruction. As part of trapping the WFE instruction, the agent reads and interprets the special sequence from the storage component and may respond to the special sequence by storing another special sequence in a storage component that is accessible to the client. Advantageously, the client may leverage this WFE communication channel to establish low-overhead watchdog functionality for the client.

Abstract translation: 在可操作于多个分级特权级别的计算机系统中，建立以不同权限级别操作的组件之间的“等待事件”（WFE）通信信道。 最初，中央处理单元（CPU）被配置为“以特殊级别操作的代理（例如虚拟机管理程序）”捕获由诸如操作系统的客户端发出的WFE指令。 在将预定义的特殊序列存储在存储组件（例如，寄存器）中之后，客户机执行WFE指令。 作为捕获WFE指令的一部分，代理从存储组件读取和解释特殊序列，并且可以通过将另一个特殊序列存储在客户端可访问的存储组件中来响应特殊序列。 有利地，客户端可以利用该WFE通信信道为客户端建立低开销看门狗功能。

公开(公告)号：US20160028720A1

公开(公告)日：2016-01-28

申请号：US14807187

申请日：2015-07-23

Applicant: VMware, Inc.

Inventor： Harvey TUCH ,  Mark ZEREN ,  Craig F. NEWELL

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/33 ,  G06F21/6218 ,  G06F21/6281 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/168

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.

Abstract translation: 运行在无线通信设备上的应用管理代理限制对设备功能的访问（例如，应用和设备特征），除非应用管理代理已经确定特定配置简档已经安装在设备上（之后应用管理代理允许访问 到设备功能，并且设备的操作系统实施配置简档中指定的策略设置）。 应用程序管理代理通过启动与配置配置文件中嵌入的客户端SSL证书的客户端证书请求的SSL握手来确认配置配置文件的存在。 对嵌入式客户端SSL证书的验证隐含地确认配置配置文件的存在并验证配置配置文件的内容。