Patent application number | Description | Published |
20090055571 | FORCING REGISTERED CODE INTO AN EXECUTION CONTEXT OF GUEST SOFTWARE - One embodiment of the present invention includes a method for: (a) executing guest computations in a virtual machine of the virtualization system; and (b) forcing execution of registered code into an execution context of the guest, wherein the forcing is performed from the virtualization system based on an execution trigger monitored without reliance on functionality of the guest software. | 02-26-2009 |
20090055693 | Monitoring Execution of Guest Code in a Virtual Machine - One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a guest in a virtual machine of the virtualization system; and (b) monitoring execution of code registered for monitored execution in an execution context of the guest, wherein the monitoring is performed by the virtualization system and is hidden from computations of the guest. | 02-26-2009 |
20090113110 | Providing VMM Access to Guest Virtual Memory - A virtual-machine-based system provides a mechanism for a virtual machine monitor (VMM) to process a hypercall received from an application running in the virtual machine (VM). A hypercall interface causes the virtual memory pages, needed by the VMM to process the hypercall, to be available to the VMM. In one embodiment, when virtual memory pages needed by the VMM to process the hypercall are not available to the VMM, the application is caused to access the needed pages, in response to which the required virtual memory becomes available to the VMM. | 04-30-2009 |
20090113111 | SECURE IDENTIFICATION OF EXECUTION CONTEXTS - A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource. | 04-30-2009 |
20090113216 | CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION - A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided. | 04-30-2009 |
20090113424 | Transparent VMM-Assisted User-Mode Execution Control Transfer - A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system. | 04-30-2009 |
20090113425 | Transparent Memory-Mapped Emulation of I/O Calls - A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process. | 04-30-2009 |
20090282404 | Provisioning of Computer Systems Using Virtual Machines - A provisioning server automatically configures a virtual machine (VM) according to user specifications and then deploys the VM on a physical host. The user may either choose from a list of pre-configured, ready-to-deploy VMs, or he may select which hardware, operating system and application(s) he would like the VM to have. The provisioning server then configures the VM accordingly, if the desired configuration is available, or it applies heuristics to configure a VM that best matches the user's request if it isn't. The invention also includes mechanisms for monitoring the status of VMs and hosts, for migrating VMs between hosts, and for creating a network of VMs. | 11-12-2009 |
20100049899 | MAINTAINING REVERSE MAPPINGS IN A VIRTUALIZED COMPUTER SYSTEM - For a virtual memory of a virtualized computer system in which a virtual page is mapped to a guest physical page which is backed by a machine page and in which a shadow page table entry directly maps the virtual page to the machine page, reverse mappings of guest physical pages are optimized by removing the reverse mappings of certain immutable guest physical pages. An immutable guest physical memory page is identified, and existing reverse mappings corresponding to the immutable guest physical page are removed. New reverse mappings corresponding to the identified immutable guest physical page are no longer added. | 02-25-2010 |
20100229173 | Managing Latency Introduced by Virtualization - A component manages and minimizes latency introduced by virtualization. The virtualization component determines that a currently scheduled guest process has executed functionality responsive to which the virtualization component is to execute a virtualization based operation, wherein the virtualization based operation is one that is not visible to the guest operating system. The virtualization component causes the guest operating system to de-schedule the currently scheduled guest process and schedule at least one separate guest process. The virtualization component then executes the virtualization based operation concurrently with the execution of the at least one separate guest process. Responsive to completing the execution of the virtualization based operation, the virtualization component causes the guest operating system to re-schedule the de-scheduled guest process. | 09-09-2010 |
20100274987 | MAINTAINING VALIDITY OF CACHED ADDRESS MAPPINGS - A method is provided for creating and maintaining the validity of a cache group including one or more cache elements. Each of the cache elements corresponds to a different address space in a virtual memory of a computer system. Each of the cache elements include one or more caches that store mappings from virtual addresses to data or values that are functions of or dependent upon physical addresses that correspond to the virtual addresses. When there is an address space switch from a first address space to a second address space, the cache group is searched to find the cache element corresponding to the second address space, and that found cache element is made the current cache element for virtual memory access through the cache element. Changes in the page tables are also detected and reflected in the caches of the cache group to maintain the caches up-to-date. | 10-28-2010 |
20110078361 | SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT - In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software. | 03-31-2011 |
20110167194 | Method and System for Frequent Checkpointing - A virtualization platform provides fault tolerance for a primary virtual machine by continuously transmitting checkpoint information of the primary virtual machine to a collector process, such as a backup virtual machine. When implemented on a hardware platform comprising a multi-processor that supports nested page tables, the virtualization platform leverages the nested page table support to quickly identify memory pages that have been modified between checkpoints. The backup virtual machine provides feedback information to assist the virtualization platform in identifying candidate memory pages for transmitting actual modifications to the memory pages rather than the entire memory page as part of the checkpoint information. The virtualization platform further maintains a modification history data structure to identify memory pages that can be transmitted simultaneous with the execution of the primary virtual machine rather than while the primary virtual machine has been stunned. | 07-07-2011 |
20110167195 | Method and System for Frequent Checkpointing - A virtualization platform provides fault tolerance for a primary virtual machine by continuously transmitting checkpoint information of the primary virtual machine to a collector process, such as a backup virtual machine. When implemented on a hardware platform comprising a multi-processor that supports nested page tables, the virtualization platform leverages the nested page table support to quickly identify memory pages that have been modified between checkpoints. The backup virtual machine provides feedback information to assist the virtualization platform in identifying candidate memory pages for transmitting actual modifications to the memory pages rather than the entire memory page as part of the checkpoint information. The virtualization platform further maintains a modification history data structure to identify memory pages that can be transmitted simultaneous with the execution of the primary virtual machine rather than while the primary virtual machine has been stunned. | 07-07-2011 |
20110167196 | Method and System for Frequent Checkpointing - A virtualization platform provides fault tolerance for a primary virtual machine by continuously transmitting checkpoint information of the primary virtual machine to a collector process, such as a backup virtual machine. When implemented on a hardware platform comprising a multi-processor that supports nested page tables, the virtualization platform leverages the nested page table support to quickly identify memory pages that have been modified between checkpoints. The backup virtual machine provides feedback information to assist the virtualization platform in identifying candidate memory pages for transmitting actual modifications to the memory pages rather than the entire memory page as part of the checkpoint information. The virtualization platform further maintains a modification history data structure to identify memory pages that can be transmitted simultaneous with the execution of the primary virtual machine rather than while the primary virtual machine has been stunned. | 07-07-2011 |
20110258625 | GENERATING AND USING CHECKPOINTS IN A VIRTUAL COMPUTER SYSTEM - To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file. | 10-20-2011 |
20110276741 | MAINTAINING REVERSE MAPPINGS IN A VIRTUALIZED COMPUTER SYSTEM - For a virtual memory of a virtualized computer system in which a virtual page is mapped to a guest physical page which is backed by a machine page and in which a shadow page table entry directly maps the virtual page to the machine page, reverse mappings of guest physical pages are optimized by removing the reverse mappings of certain immutable guest physical pages. An immutable guest physical memory page is identified, and existing reverse mappings corresponding to the immutable guest physical page are removed. New reverse mappings corresponding to the identified immutable guest physical page are no longer added. | 11-10-2011 |
20110289345 | METHOD AND SYSTEM FOR ENABLING CHECKPOINTING FAULT TOLERANCE ACROSS REMOTE VIRTUAL MACHINES - A checkpointing fault tolerance network architecture enables a backup computer system to be remotely located from a primary computer system. An intermediary computer system is situated between the primary computer system and the backup computer system to manage the transmission of checkpoint information to the backup VM in an efficient manner. The intermediary computer system is networked to the primary VM through a high bandwidth connection but is networked to the backup VM through a lower bandwidth connection. The intermediary computer system identifies updated data corresponding to memory pages that have been least recently modified by the primary VM and transmits such updated data to the backup VM through the low bandwidth connection. In such manner, the intermediary computer system economizes the bandwidth capacity of the low bandwidth connection, holding back updated data corresponding to more recently modified memory pages, since such memory pages may be more likely to be updated again in the future. | 11-24-2011 |
20120204061 | METHOD AND SYSTEM FOR ENABLING CHECKPOINTING FAULT TOLERANCE ACROSS REMOTE VIRTUAL MACHINES - A checkpointing fault tolerance network architecture enables a backup computer system to be remotely located from a primary computer system. An intermediary computer system is situated between the primary computer system and the backup computer system to manage the transmission of checkpoint information to the backup VM in an efficient manner. The intermediary computer system is networked to the primary VM through a first connection and is networked to the backup VM through a second connection. The intermediary computer system identifies updated data corresponding to memory pages that have been least recently modified by the primary VM and transmits such updated data to the backup VM through the first connection. In such manner, the intermediary computer system holds back updated data corresponding to more recently modified memory pages, since such memory pages may be more likely to be updated again in the future. | 08-09-2012 |
20130060919 | PROVISIONING OF COMPUTER SYSTEMS USING VIRTUAL MACHINES - A provisioning server automatically configures a virtual machine (VM) according to user specifications and then deploys the VM on a physical host. The user may either choose from a list of pre-configured, ready-to-deploy VMs, or he may select which hardware, operating system and application(s) he would like the VM to have. The provisioning server then configures the VM accordingly, if the desired configuration is available, or it applies heuristics to configure a VM that best matches the user's request if it isn't. The invention also includes mechanisms for monitoring the status of VMs and hosts, for migrating VMs between hosts, and for creating a network of VMs. | 03-07-2013 |
20130097359 | SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT - In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software. | 04-18-2013 |
20130097398 | GENERATING AND USING CHECKPOINTS IN A VIRTUAL COMPUTER SYSTEM - To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file. | 04-18-2013 |
20140068614 | SECURE IDENTIFICATION OF EXECUTION CONTEXTS - A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource. | 03-06-2014 |
20140149792 | METHOD AND SYSTEM FOR FREQUENT CHECKPOINTING - A virtualization platform provides fault tolerance for a primary virtual machine by continuously transmitting checkpoint information of the primary virtual machine to a collector process, such as a backup virtual machine. When implemented on a hardware platform comprising a multi-processor that supports nested page tables, the virtualization platform leverages the nested page table support to quickly identify memory pages that have been modified between checkpoints. The backup virtual machine provides feedback information to assist the virtualization platform in identifying candidate memory pages for transmitting actual modifications to the memory pages rather than the entire memory page as part of the checkpoint information. The virtualization platform further maintains a modification history data structure to identify memory pages that can be transmitted simultaneous with the execution of the primary virtual machine rather than while the primary virtual machine has been stunned. | 05-29-2014 |
20150019827 | GENERATING AND USING CHECKPOINTS IN A VIRTUAL COMPUTER SYSTEM - To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file. | 01-15-2015 |
20150046924 | TRANSPARENT MEMORY-MAPPED EMULATION OF I/O CALLS - A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process. | 02-12-2015 |