-
公开(公告)号:US11379385B2
公开(公告)日:2022-07-05
申请号:US15444350
申请日:2017-02-28
申请人: VMWARE, INC.
发明人: Alok Nemchand Kataria , Wei Xu , Radu Rugina , Jeffrey W. Sheldon , James S. Mattson , Rakesh Agarwal , David Dunn
摘要: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.
-
公开(公告)号:US10678909B2
公开(公告)日:2020-06-09
申请号:US15818783
申请日:2017-11-21
申请人: VMWARE, INC.
发明人: Alok Nemchand Kataria , Doug Covelli , Jeffrey W. Sheldon , Frederick Joseph Jacobs , David Dunn
摘要: Techniques for securely supporting a global view of system memory in a physical/virtual computer system comprising a plurality of physical/virtual CPUs are provided. In one set of embodiments, the physical/virtual computer system can receive an interrupt indicating that a first physical/virtual CPU should enter a privileged CPU operating mode. The physical/virtual computer system can further determine that none of the plurality of physical/virtual CPUs are currently in the privileged CPU operating mode. In response to this determination, the physical/virtual computer system can modify the global view of system memory to include a special memory region comprising program code to be executed while in the privileged CPU operating mode; communicate, to the other physical/virtual CPUs, a signal to enter a stop state in which execution is halted but interrupts are accepted for entering the privileged CPU operating mode; and cause the first physical/virtual CPU to enter the privileged CPU operating mode.
-
公开(公告)号:US10120738B2
公开(公告)日:2018-11-06
申请号:US15192642
申请日:2016-06-24
申请人: VMware, Inc.
摘要: Guest memory data structures are read by one or more read operations which are set up to handle page faults and general protection faults generated during the read in various ways. If such a fault occurs while performing the one or more read operations, the fault is handled and the one or more read operation is terminated. The fault is handled by either dropping the fault and reporting an error instead of the fault, by dropping the fault and invoking an error handler that is set up prior to performing the read operations, or by forwarding the fault to a fault handler that is setup prior to performing the read operations. If no fault occurs, the read operations complete successfully. Thus, under normal circumstances, no fault is incurred in a read operation on guest memory data structures.
-
公开(公告)号:US20170351537A1
公开(公告)日:2017-12-07
申请号:US15172946
申请日:2016-06-03
申请人: VMware, Inc.
发明人: Salim AbiEzzi , Jeffrey W. Sheldon
IPC分类号: G06F9/455 , G06F3/0482 , G06F17/21 , H04L29/08
CPC分类号: G06F9/45558 , G06F3/14 , G06F3/1423 , G06F9/452 , G06F2009/45595 , H04L67/025 , H04L67/10 , H04L67/38
摘要: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for changing virtual machine user interfaces. One of the methods includes receiving a first request from a first client device to initiate a first remote session, detecting, for the first remote session, a first display property of the first client device in response to receiving the first request, configuring, for the first remote session, a virtual display device for the virtual machine to be a display device having the first display property, receiving a second request from a second client device to initiate a second remote session, detecting, for the second remote session, a second display property of the second client device in response to receiving the second request, and configuring, for the second remote session, the virtual display device for the virtual machine to be a display device having the second display property.
-
公开(公告)号:US20230229609A1
公开(公告)日:2023-07-20
申请号:US17578290
申请日:2022-01-18
申请人: VMware, Inc.
发明人: Alexander Dean Gotsis , Jiajun Cao , Radu Rugina , James Eugene Chow , Srihari Venkatesan , Jeffrey W. Sheldon , Kalaiselvi Sengottuvel
CPC分类号: G06F13/28 , G06F9/45558 , G06F2009/4557
摘要: Techniques for implementing IOMMU-based DMA tracking for enabling live migration of VMs that use passthrough physical devices are provided. In one set of embodiments, these techniques leverage an IOMMU feature known as dirty bit tracking which is available in most, if not all, modern IOMMU implementations. The use of this feature allows for the tracking of passthrough DMA in a manner that is device/vendor/driver agnostic, resulting in a solution that is universally applicable to all passthrough physical devices.
-
公开(公告)号:US09785506B2
公开(公告)日:2017-10-10
申请号:US14050322
申请日:2013-10-09
申请人: VMware, Inc.
发明人: Ole Agesen , Michael Cohen , Jeffrey W. Sheldon
CPC分类号: G06F11/1402 , G06F9/45516 , G06F11/004 , G06F2201/815 , G06F2201/82
摘要: A system and method for reducing the likelihood of concurrency errors by identifying vulnerable segments of computer code and stalling other virtual machine threads of execution. According to one embodiment of the present invention, the vulnerable segment is identified at runtime, for example in a dynamic translator. According to another embodiment of the present invention, the vulnerable segment is identified ahead of time, for example in a static translator. According to yet another embodiment of the present invention, the vulnerable segment is identified in the binary translator of a virtual machine monitor.
-
公开(公告)号:US11507477B2
公开(公告)日:2022-11-22
申请号:US16801096
申请日:2020-02-25
申请人: VMware, Inc.
发明人: Ganesh Venkitachalam , Rohit Jain , Boris Weissman , Daniel J. Scales , Vyacheslav Vladimirovich Malyugin , Jeffrey W. Sheldon , Min Xu
摘要: System and method for providing fault tolerance in virtualized computer systems use a first guest and a second guest running on virtualization software to produce outputs, which are produced when a workload is executed on the first and second guests. An output of the second guest is compared with an output of the first guest to determine if there is an output match. If there is no output match, the first guest is paused and a resynchronization of the second guest is executed to restore a checkpointed state of the first guest on the second guest. After the resynchronization of the second guest, the paused first guest is caused to resume operation.
-
公开(公告)号:US10592267B2
公开(公告)日:2020-03-17
申请号:US15402243
申请日:2017-01-10
申请人: VMWARE, INC.
发明人: David Dunn , Alok Nemchand Kataria , Wei Xu , Jeffrey W. Sheldon
摘要: Mechanisms to protect the integrity of a data structure that is traversed to locate protected memory pages are provided. Leaf nodes of the data structure store mappings that indicate which memory pages are protected. Both the pages indicated by the mappings and the pages that store the data structure are monitored by a tracing service that sends a notification to the hypervisor when a write to a traced page occurs. When system software receives such a notification, the system software traverses the data structure to determine whether any of the memory pages of the data structure is the traced page that was written to. If so, the alert action for that page is performed. If not, the system software determines whether any of the mappings in the leaf nodes include such a page and, if so, the alert action for that page is performed.
-
公开(公告)号:US20170024291A1
公开(公告)日:2017-01-26
申请号:US15284465
申请日:2016-10-03
申请人: VMware, Inc.
发明人: Ganesh Venkitachalam , Rohit Jain , Boris Weissman , Daniel J. Scales , Vyacheslav Vladimirovich Malyugin , Jeffrey W. Sheldon , Min Xu
CPC分类号: G06F11/1658 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/0712 , G06F11/0766 , G06F11/079 , G06F2009/45579 , G06F2009/45591 , G06F2201/805 , G06F2201/815 , G06F2201/82
摘要: In a computer system running at least a first virtual machine (VM) and a second VM on virtualization software, a computer implemented method for the second VM to provide quasi-lockstep fault tolerance for the first VM includes executing a workload on the first VM and the second VM that involves producing at least one externally visible output and comparing an externally visible output of the second VM with an externally visible output of the first VM to determine if there is an output match. In response to a determination that the externally visible output of the second VM does not match the externally visible output of the first VM, a resynchronization of the second VM is executed. The externally visible output of the first VM is kept from being output externally until completion of the resynchronization.
摘要翻译: 在运行虚拟化软件上的至少第一虚拟机(VM)和第二VM的计算机系统中,用于第二VM为第一虚拟机提供准锁步骤容错的计算机实现方法包括执行第一虚拟机上的工作负载,以及 所述第二VM涉及产生至少一个外部可见的输出并将所述第二VM的外部可见的输出与所述第一VM的外部可见的输出进行比较,以确定是否存在输出匹配。 响应于确定第二VM的外部可见输出与第一VM的外部可见的输出不匹配,则执行第二VM的重新同步。 第一个VM的外部可见的输出保持不被外部输出,直到重新同步完成。
-
公开(公告)号:US09513954B2
公开(公告)日:2016-12-06
申请号:US15069366
申请日:2016-03-14
申请人: VMware, Inc.
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/45533 , G06F2009/45566 , G06F2009/45583 , G06F2009/45591
摘要: Autonomous selection between multiple virtualization techniques implemented in a virtualization layer of a virtualized computer system. The virtual machine monitor implements multiple virtualization support processors that each provide for the comprehensive handling of potential virtualization exceptions. A virtual machine monitor resident virtualization selection control is operable to select between use of first and second virtualization support processors dependent on identifying a predetermined pattern of temporally local privilege dependent instructions within a portion of an instruction stream as encountered in the execution of a guest operating system.
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.018 秒)
