公开(公告)号：US07555592B1

公开(公告)日：2009-06-30

申请号：US11463339

申请日：2006-08-09

申请人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk

发明人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk

IPC分类号： G06F21/00

CPC分类号： G06F9/45558 ,  G06F2009/45587

摘要： A system, method and computer program product for optimizing handling of guest code in a Virtual Machine include code for identifying, in the guest code, a predetermined pattern that includes privileged but unsafe instructions and an instruction that raises an exception; code for executing the guest code in a native mode; code for, upon encountering the instruction that raise the exception, transferring control to a Virtual Machine Monitor; code for emulating the pattern in the Virtual Machine Monitor; and code for rolling back the effects of privileged but unsafe instructions and any intervening instructions to ensure correct Virtual Machine Monitor context. The pattern can include, for example, a privileged but unsafe instruction, followed by safe instructions, followed by an exception raising instruction, followed by safe instructions, followed by a privileged but unsafe instruction. Optionally, the most frequently occurring patterns can be placed in a cache, for use by the Virtual Machine Monitor to verify their presence in the guest code.

摘要翻译： 一种用于优化虚拟机中的访客代码处理的系统，方法和计算机程序产品包括用于在访客代码中识别包括特权但不安全的指令和引发异常的指令的预定模式的代码; 用于以纯模式执行访客代码的代码; 代码在遇到引发异常的指令时，将控制权转移到虚拟机监视器; 在虚拟机监视器中模拟模式的代码; 以及用于回滚特权但不安全指令的影响的代码以及任何介入指令，以确保正确的虚拟机监视器上下文。 该模式可以包括例如特权但不安全的指令，然后是安全指令，然后是异常提升指令，然后是安全指令，然后是特权但不安全的指令。 可选地，最频繁出现的模式可以放置在高速缓存中，供虚拟机监视器用于验证其在访客代码中的存在。

公开(公告)号：US07506096B1

公开(公告)日：2009-03-17

申请号：US11538444

申请日：2006-10-04

申请人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov ,  Stanislav S. Protassov

发明人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov ,  Stanislav S. Protassov

IPC分类号： G06F12/00

CPC分类号： G06F12/1036 ,  G06F9/45558 ,  G06F12/109 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2212/1004

摘要： A method of emulating segment addressing by a processor that includes initiating a Virtual Machine Monitor in a kernel mode; initiating a Virtual Machine in a user mode; forming a dynamically mapped table in Virtual Machine Monitor space, the dynamically mapped table corresponding to a table of segment descriptors of the Virtual Machine; populating the dynamically mapped table with descriptors that raise exceptions upon an attempt by the Virtual Machine to address a corresponding segment; and mapping a descriptor to the dynamically mapped table upon the Virtual Machine's use of that descriptor.

摘要翻译： 一种由处理器模拟段寻址的方法，包括以内核模式启动虚拟机监视器; 以用户模式启动虚拟机; 在虚拟机监视器空间中形成动态映射表，动态映射表对应于虚拟机的段描述符表; 使用描述符填充动态映射表，该虚拟机尝试通过虚拟机寻址对应的段来引发异常; 并在虚拟机使用该描述符时将描述符映射到动态映射表。

公开(公告)号：US07788593B1

公开(公告)日：2010-08-31

申请号：US12028816

申请日：2008-02-10

申请人： Alexander V. Grechishkin ,  Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

发明人： Alexander V. Grechishkin ,  Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

IPC分类号： G06F3/048 ,  G06F9/445

CPC分类号： G09G5/14 ,  G06F9/451 ,  G06F9/45537

摘要： A method, system and computer program product recorded on a computer-readable medium for execution on at least one processor, for seamless integration of a non-native application into a host OS, including launching a first Virtual Execution Environment (VEE) on a computing system that has a host operating system and a host desktop displayed to a user; displaying a window corresponding to the VEE on the host desktop; upon a user invoking a user application that is non-native to both the host OS and the first VEE, (a) installing a second VEE that is compatible with the user application, (b) installing the user application into the second VEE, (c) launching the application inside the second VEE, and (d) displaying the non-native application window within a window of the second VEE. The VEE can be a Virtual Private Server or a Virtual Machine.

摘要翻译： 一种记录在计算机可读介质上用于在至少一个处理器上执行的方法，系统和计算机程序产品，用于将非本机应用程序无缝集成到主机OS中，包括在计算机上启动第一虚拟执行环境（VEE） 系统，其具有向用户显示的主机操作系统和主机桌面; 在主机桌面上显示对应于VEE的窗口; 在用户调用对主机OS和第一VEE都是非本地的用户应用程序时，（a）安装与用户应用程序兼容的第二VEE，（b）将用户应用程序安装到第二VEE中（ c）在第二VEE内启动应用程序，以及（d）在第二VEE的窗口内显示非本地应用程序窗口。 VEE可以是虚拟专用服务器或虚拟机。

公开(公告)号：US07581085B1

公开(公告)日：2009-08-25

申请号：US11530080

申请日：2006-09-08

申请人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Maxim A. Kuzkin ,  Alexander G. Tormasov ,  Serguei M. Beloussov ,  Stanislav S. Protassov

发明人： Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Maxim A. Kuzkin ,  Alexander G. Tormasov ,  Serguei M. Beloussov ,  Stanislav S. Protassov

IPC分类号： G06F7/38 ,  G06F9/00 ,  G06F9/44 ,  G06F15/00

CPC分类号： G06F9/45533 ,  G06F9/45504

摘要： A method and system for handling of potential unsafe instructions and/or for handling transfers of control in a Virtual Machine, that includes generating a frame composed of pages of analyzed code based on original guest code; identifying instructions within the frame that transfer control (or are otherwise unsafe); replacing instructions that transfer the control with an interrupt that transfers control to a stub in non-privileged code; wherein the stub checks whether the control transfer (or instruction) is safe or unsafe, and (i) for unsafe control transfers/unsafe instructions, switches the context to Virtual Machine Monitor; and (ii) for safe control transfers, executes the control transfer in non-privileged mode. The instructions that transfer control can include any of JMP, CALL, RET and RET(n). The instructions that transfer control can also include interrupts.

摘要翻译： 一种用于处理潜在不安全指令和/或用于处理虚拟机中的控制传输的方法和系统，其包括基于原始访客代码生成由分析代码页面组成的帧; 识别框架内的传递控制（或其他不安全）的指令; 替换使用非特权代码将控制转移到存根的中断来传送控制的指令; 其中存根检查控制传输（或指令）是否安全或不安全，以及（i）对于不安全的控制传输/不安全指令，将上下文切换到虚拟机监视器; 和（ii）为了安全控制传输，以非特权模式执行控制传输。 传输控制的指令可以包括JMP，CALL，RET和RET（n）中的任何一个。 传输控制的指令也可以包括中断。

公开(公告)号：US07757034B1

公开(公告)日：2010-07-13

申请号：US11558498

申请日：2006-11-10

申请人： Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexey B. Koryakin ,  Anna L. Vorobyova ,  Alexander G. Tormasov ,  Serguei M. Beloussov

发明人： Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexey B. Koryakin ,  Anna L. Vorobyova ,  Alexander G. Tormasov ,  Serguei M. Beloussov

IPC分类号： G06F12/00

CPC分类号： G06F9/45533 ,  G06F9/5016 ,  G06F12/08 ,  G06F2009/45583 ,  G06F2212/152

摘要： A system, method and computer program product for virtualizing a processor and its memory, including a host operating system (OS); and virtualization software that maintains a virtualization environment for running a Virtual Machine (VM) without system level privileges and having a guest operating system running within the Virtual Machine. A plurality of processes are running within the host OS, each process having its own virtual memory, wherein the virtualization software is one of the processes. An image file is stored in persistent storage and maintained by the host operating system. The image file represents virtualized physical memory of the VM. A plurality of memory pages are aggregated into blocks, the blocks being stored in the image file and addressable in block form. The virtualization software manages the blocks so that blocks can be mapped to the virtualization software process virtual memory and released when the blocks are no longer necessary. The host OS swaps the blocks between the image file and physical memory when a block that is not in physical memory is accessed by the VM. The image file size is not subject to limitation on virtual process memory size. A user of the VM can access a larger virtual process memory than the host OS permits.

摘要翻译： 一种用于虚拟化处理器及其存储器的系统，方法和计算机程序产品，包括主机操作系统（OS）; 以及维护虚拟化环境的虚拟化软件，用于运行虚拟机（VM），而无需系统级权限，并在虚拟机中运行客户机操作系统。 多个进程在主机OS内运行，每个进程都有自己的虚拟内存，其中虚拟化软件是其中一个进程。 图像文件存储在永久存储器中并由主机操作系统维护。 映像文件表示VM的虚拟物理内存。 多个存储器页面被聚合成块，这些块被存储在图像文件中并以块的形式可寻址。 虚拟化软件管理块，以便块可以映射到虚拟化软件进程虚拟内存，并且在不再需要块时释放。 当虚拟机访问不在物理内存中的块时，主机OS会在图像文件和物理内存之间交换块。 图像文件大小不受虚拟进程内存大小的限制。 虚拟机的用户可以访问比主机操作系统允许的更大的虚拟进程内存。

公开(公告)号：US07647589B1

公开(公告)日：2010-01-12

申请号：US11139787

申请日：2005-05-31

申请人： Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Stanislav S. Protassov ,  Serguei M. Beloussov

发明人： Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Stanislav S. Protassov ,  Serguei M. Beloussov

IPC分类号： G06F9/455 ,  G06F13/24 ,  G06F11/00 ,  G06F9/44

CPC分类号： G06F9/45545 ,  G06F9/45558 ,  G06F11/3644 ,  G06F21/52 ,  G06F2009/4557 ,  G06F2009/45587

摘要： Methods and systems for safe execution of guest code in virtual machine context are presented. A method for running a virtual machine in a computing system includes (a) launching a virtual machine monitor (VMM) that uses a software debugger; (b) launching a virtual machine (VM) that can natively run safe instructions; (c) determining, at runtime, if the instruction is safe or potentially unsafe; (d) executing safe instructions in a native mode; and (e) activating control logic to process potentially unsafe instructions in the software debugger. The software debugger can bypass at least one of the potentially unsafe instructions. The potentially unsafe instructions include instructions that cannot be safely executed in the context of the VM, and instructions that can cause unpredictable results in the context of the VM.

摘要翻译： 介绍了在虚拟机环境下安全执行客户代码的方法和系统。 一种用于在计算系统中运行虚拟机的方法包括：（a）启动使用软件调试器的虚拟机监视器（VMM）; （b）启动可以本地运行安全指令的虚拟机（VM）; （c）在运行时确定指令是否安全或潜在不安全; （d）以纯模式执行安全指令; 和（e）激活控制逻辑以处理软件调试器中潜在的不安全指令。 软件调试器可以绕过至少一个潜在的不安全指令。 可能不安全的指令包括不能在VM的上下文中安全执行的指令，以及可能在VM的上下文中导致不可预测的结果的指令。

公开(公告)号：US20120311560A1

公开(公告)日：2012-12-06

申请号：US13339929

申请日：2011-12-29

申请人： NIKOLAY N. DOBROVOLSKIY ,  ANDREY A. OMELYANCHUK ,  ALEXANDER G. TORMASOV ,  SERGUEI M. BELOUSSOV

发明人： NIKOLAY N. DOBROVOLSKIY ,  ANDREY A. OMELYANCHUK ,  ALEXANDER G. TORMASOV ,  SERGUEI M. BELOUSSOV

IPC分类号： G06F9/44 ,  G06F9/46 ,  G06F9/445

CPC分类号： G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45579

摘要： A system, method and computer program for launching an application into a host OS, include storing a snapshot/image of a Virtual Execution Environment (VEE) on a portable device, wherein the VEE snapshot is packed into a self-extracting file; launching the VEE from the portable device on a computer; and starting a user application within the VEE. The VEE snapshot can be restricted in its use. The VEE can be a Virtual Private Server or a Virtual Machine. The user application is a non-native application for a host OS of the computer. The VEE is launched from an icon on the portable device. The portable device can be, e.g., an iPod, a flash memory card, a digital player, a mobile phone device, a portable gaming device, rewritable CD/DVD/HD DVD/Blu Ray disk, etc. Alternatively, some data can be stored on the portable device, while other data can be downloaded from a network.

摘要翻译： 一种用于将应用程序启动到主机OS中的系统，方法和计算机程序，包括将便携式设备上的虚拟执行环境（VEE）的快照/图像存储在其中，其中所述VEE快照被打包到自解压缩文件中; 在计算机上从便携式设备启动VEE; 并在VEE中启动用户应用程序。 可以限制VEE快照的使用。 VEE可以是虚拟专用服务器或虚拟机。 用户应用程序是计算机的主机OS的非本地应用程序。 VEE从便携式设备上的图标启动。 便携式设备可以是例如iPod，闪存卡，数字播放器，移动电话设备，便携式游戏设备，可重写CD / DVD / HD DVD /蓝光光盘等。或者，一些数据可以是 存储在便携式设备上，而可以从网络下载其他数据。

公开(公告)号：US07681134B1

公开(公告)日：2010-03-16

申请号：US12501420

申请日：2009-07-11

申请人： Alexander V. Grechishkin ,  Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

发明人： Alexander V. Grechishkin ,  Alexey B. Koryakin ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

IPC分类号： G06F3/00 ,  G06F15/16

CPC分类号： G09G5/14 ,  G06F9/451 ,  G06F9/45537

摘要： A method, system and computer program product recorded on a computer-readable medium for execution on at least one processor, for seamless integration of a non-host application into a host OS, including launching a first Virtual Execution Environment (VEE) on a computing system that has a host operating system and a host desktop displayed to a user; displaying a window corresponding to the VEE on the host desktop; upon a user invoking a user application that is non-native to both the host OS and the first VEE, (a) installing a second VEE that is compatible with the user application, (b) installing the user application into the second VEE, (c) launching the application inside the second VEE, and (d) displaying the non-host application window within a window of the second VEE. The VEE can be a Virtual Private Server or a Virtual Machine.

摘要翻译： 一种记录在计算机可读介质上用于在至少一个处理器上执行的方法，系统和计算机程序产品，用于将非主机应用程序无缝集成到主机OS中，包括在计算机上启动第一虚拟执行环境（VEE） 系统，其具有向用户显示的主机操作系统和主机桌面; 在主机桌面上显示对应于VEE的窗口; 在用户调用对主机OS和第一VEE都是非本地的用户应用程序时，（a）安装与用户应用程序兼容的第二VEE，（b）将用户应用程序安装到第二VEE中（ c）在第二VEE内启动应用程序，以及（d）在第二VEE的窗口内显示非主机应用程序窗口。 VEE可以是虚拟专用服务器或虚拟机。

公开(公告)号：US07596677B1

公开(公告)日：2009-09-29

申请号：US11671551

申请日：2007-02-06

申请人： Alexey B. Koryakin ,  Mikhail A. Ershov ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

发明人： Alexey B. Koryakin ,  Mikhail A. Ershov ,  Nikolay N. Dobrovolskiy ,  Andrey A. Omelyanchuk ,  Alexander G. Tormasov ,  Serguei M. Beloussov

IPC分类号： G06F12/08 ,  G06F12/10

CPC分类号： G06F12/1036

摘要： A system, method and computer program product for virtualizing a processor include a virtualization system running on a computer system and controlling memory paging through hardware support for maintaining real paging structures. A Virtual Machine (VM) is running guest code and has at least one set of guest paging structures that correspond to guest physical pages in guest virtualized linear address space. At least some of the guest paging structures are mapped to the real paging structures. For each guest physical page that is mapped to the real paging structures, paging means for handling a connection structure between the guest physical page and a real physical address of the guest physical page. A cache of connection structures represents cached paths to the real paging structures. Each path is described by guest paging structure descriptors and by tie descriptors. Each path includes a plurality of nodes connected by the tie descriptors. Each guest paging structure descriptor is in a node of at least one path. Each guest paging structure either points to other guest paging structures or to guest physical pages. Each guest paging structure descriptor represents guest paging structure information for mapping guest physical pages to the real paging structures.

摘要翻译： 用于虚拟化处理器的系统，方法和计算机程序产品包括在计算机系统上运行的虚拟化系统并且通过用于维护真实寻呼结构的硬件支持来控制存储器寻呼。 虚拟机（VM）正在运行访客代码，并且具有至少一组客体分页结构，对应于访客虚拟化线性地址空间中的访客物理页面。 至少一些客户寻呼结构被映射到真实的分页结构。 对于映射到真实分页结构的每个访客物理页面，寻呼意味着用于处理客体物理页面和客体物理页面的实际物理地址之间的连接结构。 连接结构的缓存表示到真实分页结构的缓存路径。 每个路径由访客分页结构描述符和连接描述符描述。 每个路径包括通过连接描述符连接的多个节点。 每个访客分页结构描述符都在至少一个路径的节点中。 每个访客分页结构都指向其他访客分页结构或访客物理页面。 每个访客分页结构描述符表示用于将访客物理页映射到真实分页结构的客户寻呼结构信息。