公开(公告)号：US07793286B2

公开(公告)日：2010-09-07

申请号：US10324591

申请日：2002-12-19

Applicant: Steven M. Bennett ,  Gilbert Neiger ,  Erik C. Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Richard A. Uhlig

Inventor： Steven M. Bennett ,  Gilbert Neiger ,  Erik C. Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael A. Kozuch ,  Richard A. Uhlig

IPC: G06F9/46 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557

Abstract: Methods and systems are provided to control transitions between a virtual machine (VM) and Virtual Machine Monitor (VMM). A processor uses state action indicators to load and/or store associated elements of machine state before completing the transition. The state action indicators may be stored in a Virtual Machine Control Structure (VMCS), predetermined, and/or calculated dynamically. In some embodiments, the values loaded can be directly acquired from the VMCS, predetermined and/or calculated dynamically. In some embodiments, the values stored may be acquired directly from machine state, predetermined and/or calculated dynamically.

Abstract translation: 提供了方法和系统来控制虚拟机（VM）和虚拟机监视器（VMM）之间的转换。 在完成转换之前，处理器使用状态动作指示器来加载和/或存储机器状态的相关元件。 状态动作指示符可以存储在虚拟机控制结构（VMCS）中，预定的和/或动态地计算。 在一些实施例中，可以从VMCS直接获取加载的值，预先确定和/或动态地计算。 在一些实施例中，存储的值可以直接从机器状态获取，预定和/或动态地计算。

公开(公告)号：US07757231B2

公开(公告)日：2010-07-13

申请号：US11008911

申请日：2004-12-10

Applicant: Andrew V. Anderson ,  Steven M. Bennett ,  Erik Cota-Robles ,  Alain Kägi ,  Gilbert Neiger ,  Rajesh S. Madukkarumukumana ,  Sebastian Schoenberg ,  Richard Uhlig ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Stalinselvaraj Jeyasingh

Inventor： Andrew V. Anderson ,  Steven M. Bennett ,  Erik Cota-Robles ,  Alain Kägi ,  Gilbert Neiger ,  Rajesh S. Madukkarumukumana ,  Sebastian Schoenberg ,  Richard Uhlig ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Stalinselvaraj Jeyasingh

IPC: G06F9/455 ,  G06F9/46

CPC classification number: G06F9/45533

Abstract: In some embodiments, the invention involves a system to deprivilege components of a virtual machine monitor and enable deprivileged service virtual machines (SVMs) to handle selected trapped events. An embodiment of the invention is a hybrid VMM operating on a platform with hardware virtualization support. The hybrid VMM utilizes features from both hypervisor-based and host-based VMM architectures. In at least one embodiment, the functionality of a traditional VMM is partitioned into a small platform-dependent part called a micro-hypervisor (MH) and one or more platform-independent parts called service virtual machines (SVMs). The micro-hypervisor operates at a higher virtual machine (VM) privilege level than any SVM, while the SVM and other VMs may still have access to any instruction set architecture (ISA) privilege level. Other embodiments are described and claimed.

Abstract translation: 在一些实施例中，本发明涉及一种剥夺虚拟机监视器组件的系统，并使得被剥夺虚拟机的虚拟机（SVM）能够处理选定的被捕获的事件。 本发明的实施例是在具有硬件虚拟化支持的平台上运行的混合VMM。 混合VMM利用基于虚拟机管理程序和基于主机的VMM架构的功能。 在至少一个实施例中，传统VMM的功能被划分为称为微管理程序（MH）的小平台相关部分和称为服务虚拟机（SVM）的一个或多个平台无关部件。 微型管理程序在比任何SVM更高的虚拟机（VM）权限级别运行，而SVM和其他VM可能仍然可以访问任何指令集体系结构（ISA）特权级别。 描述和要求保护其他实施例。

公开(公告)号：US20100011187A1

公开(公告)日：2010-01-14

申请号：US12584138

申请日：2009-09-01

Applicant: Ioannis Schoinas ,  Gilbert Neiger ,  Rajesh Madukkarumukumana ,  Ku-Jei King ,  Richard Uhlig ,  Achmed Rumi Zahir ,  Koichi Yamada

Inventor： Ioannis Schoinas ,  Gilbert Neiger ,  Rajesh Madukkarumukumana ,  Ku-Jei King ,  Richard Uhlig ,  Achmed Rumi Zahir ,  Koichi Yamada

IPC: G06F12/10 ,  G06F12/00 ,  G06F13/28

CPC classification number: G06F12/1081 ,  G06F12/1036 ,  G06F12/109

Abstract: An embodiment of the present invention is a technique to enhance address translation performance. A register stores capability indicators to indicate capability supported by a circuit in a chipset for address translation of a guest physical address to a host physical address. A plurality of multi-level page tables is used for page walking in the address translation. Each of the page tables has page table entries. Each of the page table entries has at least an entry specifier corresponding to the capability indicated by the capability indicators.

Abstract translation: 本发明的一个实施例是一种增强地址转换性能的技术。 寄存器存储用于指示由芯片组中的电路支持的能力指示符，用于将客体物理地址地址转换为主机物理地址。 在地址转换中使用多个多级页表进行页面行走。 每个页表都有页表项。 每个页表条目至少具有与能力指示符指示的能力对应的条目说明符。

公开(公告)号：US20090248951A1

公开(公告)日：2009-10-01

申请号：US12483519

申请日：2009-06-12

Applicant: Jason W. Brandt ,  Sanjoy K. Mondal ,  Richard Uhlig ,  Gilbert Neiger ,  Robert T. George

Inventor： Jason W. Brandt ,  Sanjoy K. Mondal ,  Richard Uhlig ,  Gilbert Neiger ,  Robert T. George

IPC: G06F12/10 ,  G06F9/455

CPC classification number: G06F12/1036 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/4843 ,  G06F12/0292 ,  G06F12/0804 ,  G06F12/0891 ,  G06F12/1027 ,  G06F12/1063 ,  G06F12/109 ,  G06F12/12 ,  G06F12/123 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2212/1016 ,  G06F2212/152 ,  G06F2212/30 ,  G06F2212/50 ,  G06F2212/604 ,  G06F2212/657 ,  G06F2212/68 ,  G06F2212/683 ,  G06F2212/684 ,  G06F2212/69 ,  G06F2212/70

Abstract: In one embodiment of the present invention, a method includes switching between a first address space and a second address space, determining if the second address space exists in a list of address spaces; and maintaining entries of the first address space in a translation buffer after the switching. In such manner, overhead associated with such a context switch may be reduced.

Abstract translation: 在本发明的一个实施例中，一种方法包括在第一地址空间和第二地址空间之间切换，确定地址空间列表中是否存在第二地址空间; 并且在切换之后保持翻译缓冲器中的第一地址空间的条目。 以这种方式，可以减少与这种上下文切换相关联的开销。

公开(公告)号：US07555628B2

公开(公告)日：2009-06-30

申请号：US11504964

申请日：2006-08-15

Applicant: Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Richard Uhlig ,  Dion Rodgers ,  Rajesh Madukkarumukumana Sankaran ,  Camron Rust ,  Sebastian Schoenberg

Inventor： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Richard Uhlig ,  Dion Rodgers ,  Rajesh Madukkarumukumana Sankaran ,  Camron Rust ,  Sebastian Schoenberg

IPC: G06F12/10

CPC classification number: G06F12/1027 ,  G06F9/3004 ,  G06F9/30076 ,  G06F9/45558 ,  G06F12/0246 ,  G06F12/0875 ,  G06F12/1009 ,  G06F12/1036 ,  G06F12/1054 ,  G06F2009/45583 ,  G06F2212/152 ,  G06F2212/2022 ,  G06F2212/452 ,  G06F2212/50 ,  G06F2212/65 ,  G06F2212/657 ,  G06F2212/68 ,  G06F2212/683 ,  G06F2212/7201

Abstract: A processor including logic to execute an instruction to synchronize a mapping from a physical address of a guest of a virtualization based system (guest physical address) to a physical address of the host of the virtualization based system (host physical address), and stored in a translation lookaside buffer (TLB), with a corresponding mapping stored in an extended paging table (EPT) of the virtualization based system.

Abstract translation: 一种处理器，包括执行指令以使来自基于虚拟化的系统的客户机的物理地址（客户物理地址）到基于虚拟化系统的主机的物理地址（主机物理地址）的映射同步的指令，并且存储在 翻译后备缓冲器（TLB），其中相应的映射存储在基于虚拟化的系统的扩展分页表（EPT）中。

公开(公告)号：US20090007103A1

公开(公告)日：2009-01-01

申请号：US11771806

申请日：2007-06-29

Applicant: Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Barry E. Huntley ,  Lawrence O. Smith

Inventor： Steven M. Bennett ,  Andrew V. Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Barry E. Huntley ,  Lawrence O. Smith

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45566

Abstract: Embodiments of apparatuses, methods, and systems for injecting virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes virtual machine entry logic, recognition logic, and evaluation logic. The virtual machine entry logic is to initiate a transfer of control of the apparatus from a host to a guest running on a virtual machine. The recognition logic is to recognize a request from the host to inject a virtualization event into the virtual machine. The evaluation logic is to identify an intervening monitor to handle the virtualization event.

Abstract translation: 公开了用于在分层虚拟化架构中注入虚拟化事件的装置，方法和系统的实施例。 在一个实施例中，装置包括虚拟机入口逻辑，识别逻辑和评估逻辑。 虚拟机入口逻辑是启动将设备的控制从主机传送到在虚拟机上运行的客户端。 识别逻辑是识别主机向虚拟机注入虚拟化事件的请求。 评估逻辑是识别一个干预的监视器来处理虚拟化事件。

公开(公告)号：US20080162762A1

公开(公告)日：2008-07-03

申请号：US11618456

申请日：2006-12-29

Applicant: Gilbert Neiger ,  Rajesh Sankaran Modukkarumukumana ,  Sridhar Muthrasanallur ,  Sebastian Schoenberg ,  Richard A. Uhlig

Inventor： Gilbert Neiger ,  Rajesh Sankaran Modukkarumukumana ,  Sridhar Muthrasanallur ,  Sebastian Schoenberg ,  Richard A. Uhlig

IPC: G06F13/24

CPC classification number: G06F13/24 ,  G06F9/45533 ,  G06F9/4812

Abstract: Embodiments of apparatuses, methods, and systems for interrupt remapping based on requestor identification are disclosed. In one embodiment, an apparatus includes look-up logic, and comparison logic. The look-up logic is to look-up an entry associated with an interrupt request in a data structure. The comparison logic is to compare an identifier of the requestor to a source value in the entry.

Abstract translation: 公开了基于请求者识别的用于中断重映射的装置，方法和系统的实施例。 在一个实施例中，一种装置包括查找逻辑和比较逻辑。 查找逻辑是查找与数据结构中的中断请求相关联的条目。 比较逻辑是将请求者的标识符与条目中的源值进行比较。

公开(公告)号：US07334107B2

公开(公告)日：2008-02-19

申请号：US10956206

申请日：2004-09-30

Applicant: Ioannis Schoinas ,  Rajesh Madukkarumukumana ,  Gilbert Neiger ,  Richard Uhlig ,  Balaji Vembu

Inventor： Ioannis Schoinas ,  Rajesh Madukkarumukumana ,  Gilbert Neiger ,  Richard Uhlig ,  Balaji Vembu

IPC: G06F12/00 ,  G06F13/28

CPC classification number: G06F12/1027 ,  G06F12/1081 ,  G06F2212/151 ,  G06F2212/683

Abstract: An embodiment of the present invention is a technique to provide cache support for direct memory access address translation. A cache structure stores cached entries used in address translation of a guest physical address to a host physical address. The guest physical address corresponds to a guest domain identified by a guest domain identifier in an input/output (I/O) transaction requested by an I/O device. A register stores an invalidating domain identifier identifying an invalidating domain and an indicator indicating invalidating an entry in the cached entries having a tag.

Abstract translation: 本发明的实施例是提供用于直接存储器访问地址转换的高速缓存支持的技术。 高速缓存结构将客户物理地址的地址转换中使用的缓存条目存储到主机物理地址。 访客物理地址对应于由I / O设备请求的输入/输出（I / O）事务中的来宾域标识符标识的访客域。 寄存器存储标识无效域的无效域标识符和指示使具有标签的缓存条目中的条目无效的指示符。

公开(公告)号：US07194634B2

公开(公告)日：2007-03-20

申请号：US09672602

申请日：2001-02-26

Applicant: Carl M. Ellison ,  Roger A. Golliver ,  Howard C. Herbert ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

Inventor： Carl M. Ellison ,  Roger A. Golliver ,  Howard C. Herbert ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

IPC: G06F11/30

CPC classification number: G06F12/1491 ,  G06F21/57 ,  G06F2221/2105

Abstract: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.

Abstract translation: 在本发明的实施例中，提供了用于远程证明的技术。 接口将设备通过总线映射到安全环境中的芯片组的地址空间，用于隔离执行模式。 安全环境与由至少一个处理器可访问的隔离存储器区域相关联。 所述至少一个处理器以正常执行模式和隔离执行模式之一进行操作。 对应于地址空间的通信存储器允许设备在远程证明中以隔离执行模式与至少一个处理器交换安全信息。

公开(公告)号：US07191440B2

公开(公告)日：2007-03-13

申请号：US09931072

申请日：2001-08-15

Applicant: Erik Cota-Robles ,  Sebastian Schoenberg ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Erik Cota-Robles ,  Sebastian Schoenberg ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Michael Kozuch ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F9/48 ,  G06F9/50 ,  G06F9/455

CPC classification number: G06F9/4881 ,  G06F9/45541 ,  G06F9/45558 ,  G06F11/3466 ,  G06F2009/45566 ,  G06F2009/45591 ,  G06F2201/805 ,  G06F2201/86 ,  G06F2201/88

Abstract: Transitions among schedulable entities executing in a computer system are tracked in computer hardware or in a virtual machine monitor. In one aspect, the schedulable entities are operating system processes and threads, virtual machines, and instruction streams executing on the hardware. In another aspect, the schedulable entities are processes or threads executing within the virtual machines under the control of the virtual machine monitor. The virtual machine monitor derives scheduling information from the transitions to enable a virtual machine system to guarantee adequate scheduling quality of service to real-time applications executing in virtual machines that contain both real-time and non-real-time applications. In still another aspect, a parent virtual machine monitor in a recursive virtualization system can use the scheduling information to schedule a child virtual machine monitor that controls multiple virtual machines.

Abstract translation: 在计算机系统中执行的可调度实体之间的转换在计算机硬件或虚拟机监视器中进行跟踪。 在一个方面，可调度实体是在硬件上执行的操作系统进程和线程，虚拟机和指令流。 在另一方面，可调度实体是在虚拟机监视器的控制下在虚拟机内执行的进程或线程。 虚拟机监视器从转换中导出调度信息，以使虚拟机系统能够保证对包含实时应用程序和非实时应用程序的虚拟机中执行的实时应用程序的适当调度服务质量。 在另一方面，递归虚拟化系统中的父虚拟机监视器可以使用调度信息来调度控制多个虚拟机的子虚拟机监视器。