Abstract: A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system.

Abstract: A virtual-machine-based system provides a mechanism for a virtual machine monitor (VMM) to process a hypercall received from an application running in the virtual machine (VM). A hypercall interface causes the virtual memory pages, needed by the VMM to process the hypercall, to be available to the VMM. In one embodiment, when virtual memory pages needed by the VMM to process the hypercall are not available to the VMM, the application is caused to access the needed pages, in response to which the required virtual memory becomes available to the VMM.

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Abstract: The computer program includes a virtualization software that is executable on the new processor in the legacy mode. The new processor includes a legacy instruction set for a legacy operating mode and a new instruction set for a new operation mode. The switching includes switching from the new instruction set to the legacy instruction set and switching paging tables. Each of the new operating mode and the legacy operating mode has separate paging tables. The switch routine is incorporated in a switch page that is locked in physical memory. The switch page has a first section to store a part of switching instructions conforming to the new instruction set and a second section to store another part of the switching instructions conforming to the legacy instruction set.

Abstract: One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a guest in a virtual machine of the virtualization system; and (b) monitoring execution of code registered for monitored execution in an execution context of the guest, wherein the monitoring is performed by the virtualization system and is hidden from computations of the guest.

Abstract: One embodiment of the present invention includes a method for: (a) executing guest computations in a virtual machine of the virtualization system; and (b) forcing execution of registered code into an execution context of the guest, wherein the forcing is performed from the virtualization system based on an execution trigger monitored without reliance on functionality of the guest software.

Abstract: One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a virtualization system on an underlying hardware machine, the virtualization system exposing a virtual machine in which multiple execution contexts of a guest execute; (b) monitoring the execution contexts from the virtualization system; and (c) selectively impeding computational progress of a particular one of the execution contexts.

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Abstract: A processor has multiple operating modes, such as the long/compatibility mode, the long/64-bit mode and the legacy modes of the x86-64 microprocessor. Different software entities execute in different ones of these operating modes. A switching routine is implemented to switch from one operating mode to another and to transfer control from one software entity to another. The software entities may be, for example, a host operating system and a virtual machine monitor. Thus, for example, a virtual computer system may comprise a 64-bit host operating system and a 32-bit virtual machine monitor, executing on an x86-64 microprocessor in long mode and legacy mode, respectively, with the virtual machine monitor supporting an x86 virtual machine. The switching routine may be implemented partially or completely in an identity-mapped memory page. Execution of the switching routine may be initiated by a driver that is installed in the host operating system of a virtual computer system.

Abstract: A virtual computer system including multiple virtual machines (VMs) is implemented in a physical computer system that uses address space identifiers (ASIDs). Each VM includes a virtual translation look-aside buffer (TLB), in which guest software, executing on the VM, may insert address translations, with each translation including an ASID. For each ASID used by guest software, a virtual machine monitor (VMM), or other software unit, assigns a unique shadow ASID for use in corresponding address translations in a hardware TLB. If a unique shadow ASID is not available for a newly used guest ASID, the VMM reassigns a shadow ASID from a prior guest ASID to the new guest ASID, purging any entries in the hardware TLB corresponding to the prior guest ASID. Assigning unique shadow ASIDs limits the need for TLB purges upon switching between the multiple VMs, reducing the number of TLB miss faults, and consequently improving overall processing efficiency.

Abstract: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.

Abstract: In a computer system with a non-segmented, region-based memory architecture, such as Intel IA-64 systems, two or more sub-systems share a resource, such as a virtual-to-physical address mapping and need to have overlapping regions of the virtual address space for accessing different physical addresses. Virtual addresses include a portion that is used to identify which region the issuing sub-system wants to access. For example, the region-identifying portion of virtual addresses may select a region register whose contents point to a virtual-to-physical address mapping for the corresponding region. To protect a second sub-system S2 from a first S1, whenever the S1 issues an address in a region occupied by S2, the region for the S2 is changed. This allows S1 to issue its addresses without change. In a preferred embodiment of the invention, S2 is a virtual machine monitor (VMM) and S1 is a virtual machine running on the VMM.

Abstract: The invention relates to managing registers during a binary translation mode in a virtual computing system. A set of registers is saved to memory before beginning to execute a series of blocks of translated code, and the contents of the set of registers are restored from memory later. A status register is maintained for tracking the status of each register within the set, the status indicating whether the contents are valid and whether the contents are saved in memory. Before the execution of each block, a determination is made as to whether the actions taken within the block relative to the registers are compatible with the current status of the registers. If the actions are not compatible, additional registers are saved to memory or restored from memory, so that the translation block can be executed.

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Abstract: In a computer system with a non-segmented, region-based memory architecture, such as Intel IA-64 systems, two or more sub-systems share a resource, such as a virtual-to-physical address mapping and need to have overlapping regions of the virtual address space for accessing different physical addresses. Virtual addresses include a portion that is used to identify which region the issuing sub-system wants to access. For example, the region-identifying portion of virtual addresses may select a region register whose contents point to a virtual-to-physical address mapping for the corresponding region. To protect a second sub-system S2 from a first S1, whenever the S1 issues an address in a region occupied by S2, the region for the S2 is changed. This allows S1 to issue its addresses without change. In a preferred embodiment of the invention, S2 is a virtual machine monitor (VMM) and S1 is a virtual machine running on the VMM.