Abstract: A processing device receives request from a process of a plurality of processes of a clusterized service, to attempt to obtain exclusive access to a predetermined resource associated with a leader state of the plurality of processes. Responsive to successfully obtaining the exclusive access to the predetermined resource, the processing device enables the process to enter the leader state. The processing device enables the process to stay in the leader state for the lifetime of the process.
Abstract: Secure userspace networking for guests is disclosed. For example, a memory is associated with a guest, which is associated with a virtual device. A hypervisor associated with the guest executes on a processor to map a queue associated with the virtual device to an address space identifier. A request associated with the queue is detected. A page table associated with the virtual device is located based on the address space identifier. The request is translated with the first page table yielding a memory address of a message.
Abstract: A cloud management system receives a request initiated by a requestor to provide an execution platform to execute one or more applications, identifies a set of computing resources comprising at least one cloud-controlled computing resource and at least one internally-controlled computing resource, and creates the execution platform comprising at least one cloud-controlled computing resource and at least one internally-controlled computing resource. Further, the cloud management system instantiates the one or more applications on the execution platform provides, to the requestor, access to the one or more applications, and responsive to determining that the request has expired, de-allocates the set of computing resources.
Abstract: A system and method are provided for emulating a code sequence while compiling the code sequence into compiled operations for later execution of the code sequence. In one embodiment, the system includes an emulation model for executing operations and a compilation model for compiling operations. The emulation model may execute operations of the code sequence and the compilation model may compile the operations of the code sequence into compiled operations. The system may transfer execution of the operations from the emulation model to the compiled operations. In certain implementations, the transfer may include transferring flow information and program execution information. In further implementations, the transfer may occur after detecting that a current compilation level of the code sequence exceeds a compilation threshold.
Abstract: Mechanisms for obtaining performance metric information securely are provided. A first application server executing on a computing device comprising a processor establishes that communications with a plurality of remote application servers utilize an encrypted communication protocol. Iteratively, over a period of time, each respective remote application server of the plurality of remote application servers is sent an encrypted message requesting performance metric information of the respective remote application server using the encrypted communication protocol. Over the period of time, encrypted requested performance metric information is received. The requested performance metric information is stored in a storage device.
Abstract: Enhanced address space layout randomization is disclosed. For example, a memory includes first and second memory addresses of a plurality of memory addresses, where at least one of the plurality of memory addresses is a decoy address. A memory manager executes on a processors to generate a page table associated with the memory, which includes a plurality of page table entries. Each page table entry in the plurality of page table entries is flagged as in a valid state. The page table is instantiated with first and second page table entries of the plurality of page table entries associated with the first and second memory addresses respectively. A plurality of unused page table entries of the plurality of page table entries, including a decoy page table entry, is associated with a decoy address.
Abstract: Implementations of the disclosure provide for binding data to a network in the presence of an entity. In one implementation, a cryptographic system is provided. The cryptographic system includes a memory to store encrypted data, and a processing device, operatively coupled to the memory, to identify a public key for a communications device in response to an indication of a presence of the communications device on a network. A first intermediate is determined in view of the public key for the communications device and in view of an acquisitioning public key. The acquisitioning public key associated with the encrypted data. A second intermediate public key is received from the communications device in view of the first intermediate public key. Thereupon, the encrypted data is decrypted using an encryption key derived at least from the second intermediate public key.
Abstract: Reads of data stored at a first location of a cloud storage system by an application are monitored. A determination as to whether to migrate the data stored at the first location of the cloud storage system to a second location of the cloud storage system in view of the monitoring of the reads of the data by the application is made. In response to determining that the data stored at the first location is to be migrated, a function trigger is added to the data, wherein the function trigger causes the data to be migrated from the first location of the cloud storage system to the second location of the cloud system upon a subsequent read of the data by the application.
Abstract: An example method may include detecting, by an operating system component of a computing device, that a client requesting a network connection is operating in a non-persistent mode that prevents tracking of network locations accessed by the client; in response to the detecting, performing privacy enhancing operations before establishing the network connection for the client. The privacy enhancing operations include: broadcasting network messages to discover networks without using previously stored information related to the networks; receiving network identifying information from the networks; providing the network identifying information for the networks to the client; requesting the client to perform media access control (MAC) address randomization; receiving a random MAC address and authentication information for a connection to a network selected from the networks; and authenticating the client; and causing the network connection to be established upon a successful authentication of the client.
Abstract: Methods, systems, and computer program products are included for suggesting at least one container image from one or more searched container images, and including the suggested container image in a search result. A log-in request to log a user into a cloud user account of a cloud platform is received via a user interface, and responsive to the log-in request, the user is logged into the cloud user account. A search query for a type of container image is received from the user via the user interface. The cloud platform is searched for one or more container images within the queried type of container image.
Abstract: Systems and methods for managing optimized branching in executable instructions are disclosed. In one implementation, a processing device may identify, in a sequence of executable instructions, a jump instruction associated with a safe static key. Responsive to determining that a condition is satisfied, the processing device may further replace the jump instruction with an optimized transfer of control instruction provided by one of: a no operation instruction or an unconditional jump instruction specifying a first jump target location. Responsive to determining that a rate of modification of the safe static key exceeds a threshold rate, the processing device may also replace the optimized transfer of control instruction with a conditional jump instruction specifying the first jump target location.
Abstract: Disclosed herein is technology for analyzing a computing image (e.g., container image, virtual disk image) while it is on a remote node in a secured environment. An example method may involve: initiating, by a first computing device, an execution of a proxy agent on a second computing device, the proxy agent having access to an image repository comprising an image; transmitting, by the proxy agent, a request for image data of the image, wherein the request comprises information indicating a particular portion of the image to be read using a file system operation; storing the image data that comprises data at the particular portion of the image; and analyzing the image data in view of one or more rules to determine a state of the image, wherein the state indicates a status of at least one of a computer program feature, an operating system feature, or a hardware feature.
Abstract: Implementations of the disclosure provide for receiving, by a processing device, a request for a first data object associated with graph data elements and a metadata of a graph model, inspecting an observable data object to identify whether a copy of the first data object exists on a storage device associated with the processing device, responsive to failing to identify the copy of the first data object on the storage device, transmitting a service request to a host computer for the graph data elements, the service request comprising an identifier of the first data object, responsive to receiving the graph data elements from the host computer, retrieving, from the storage device, the metadata identified by a first reference stored in the observable data object, generating the first data object using the graph data elements and the metadata, and presenting the first data object on a display device.
Abstract: Delayed asynchronous file replication in a distributed file system is described. A first server receives requests to perform a updates to a first replica of a file. The first server sends, to a second server, an outcast instruction to set a second replica of the file to an out-of-date state. The first server performs the updates to the first replica without sending the updates to the second server. The first server receives a request for updates for the second replica from the second server. The first server transmits the updates to the second server to facilitate a heal operation of the second replica, where completion of the heal operation causes the out-of-date state of the second replica to be changed to an up-to-date state.
Abstract: Embodiments pertain generally to a method for providing subscription services in view of virtual machines. The method includes determining that a user is enrolled for a continuous availability service and determining, in view of the continuous availability service, that the service provider is to instantiate a virtual machine for the user to continue execution of operations executed on a client machine. The method further includes causing the virtual machine to be instantiated in view of the continuous availability service and causing the instantiated virtual machine to be configured to restore a state of the client machine that corresponds to a previous update of the client machine. The previous update may correspond to client activity data of the client machine.
Abstract: A hypervisor deduplcation system includes a memory, a processor in communication with the memory, and a hypervisor executing on the processor. The hypervisor is configured to scan a first page, detect that the first page is an unchanged page, check a first free page hint, and insert the unchanged page into a tree. Responsive to inserting the unchanged page into the tree, the hypervisor compares the unchanged page to other pages in the tree and determine a status of the unchanged page as matching one of the other pages or mismatching the other pages in the tree. Responsive to determining the status of the page as matching another page, the hypervisor deduplicates the unchanged page. Additionally, the hypervisor is configured to scan a second page of the memory, check a second free page hint, deduplicate the second page if the free page hint indicates the page is unused.
Abstract: A method of rendering an object model includes modifying, by a first thread executing on a computer system that is coupled to a display screen, a current object model to generate a new object model that is stored at a first memory address. The method also includes storing, by the first thread, a copy of the new object model at a second memory address. The method further includes updating, by the first thread, a reference to identify the copy of the new object model. The method also includes rendering, by a second thread executing on the computer system, a renderable object model identified by the reference into a buffer that is converted into pixels on the display screen, the first thread being independent of the second thread.
August 20, 2018
Date of Patent:
May 25, 2021
RED HAT, INC.
Nathaniel Philip McCallum, Benjamin Petersen, Jonathan Michael Toppins, Juan Jose Vallejo Orozco, Monis Masood Khan
Abstract: Ranked session affinity to improve load balancing efficiency for stateful services is disclosed. A first application server node receives, from a load balancer node, an initial request for a stateful service originating from a client node. The first application server node establishes a session based on the initial request, the session including a session identifier that uniquely identifies the session. The first application server node determines a prioritization list that identifies a set of application server nodes selected from a plurality of application server nodes, the prioritization list identifying the first application server node as a primary application server node and one or more backup application server nodes. The first application server node generates a first response to the initial request, the first response including the prioritization list. The first application server node sends the first response to the load balancer node.
Abstract: A method comprises detecting a write fault associated with a first page of a first plurality of pages of a first persistent memory and resolving the write fault. The method further comprises writing, in response to resolving the write fault, data to the first page. The method further comprises context switching, by a processing device, into a kernel associated with the persistent memory to provide a write confirmation to a client device requesting the data be written. The method further comprises updating, in response to the context switching, a parity block associated with the first page. The method further comprises providing, in response to updating the parity block, the write confirmation to the client device.
Abstract: A controller sandbox using an emulation framework of a hypervisor is disclosed. A hypervisor receives, from a task in a virtual machine that is controlled by the hypervisor in a computing device on which the hypervisor executes, a first implement device command request that requests that a first device command be implemented on a controllable device communicatively connected to the computing device via an interface. The hypervisor determines that the first device command is on an authorized device command list. Based on determining that the first device command is on the authorized device command list, the hypervisor communicates a signal to the controllable device to implement the first device command.