Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

Abstract: An example method of maintaining cache coherency in a virtualized computing system includes: trapping access to a memory page by guest software in a virtual machine at a hypervisor managing the virtual machine, where the memory page is not mapped in a second stage page table managed by the hypervisor; performing cache coherency maintenance for instruction and data caches of a central processing unit (CPU) in the virtualized computing system in response to the trap; mapping the memory page in the second stage page table with execute permission; and resuming execution of the virtual machine.

Abstract: Examples construct a bootloader address space using a page fault exception. A bootloader executing in machine address (MA) space determines the MA at which the bootloader has been loaded into memory. The bootloader calculates a difference between an expected virtual address (VA) and the loaded MA. The bootloader defines a page table mapping the bootloader MA to an expected VA, and sets an exception handling vector to point to the expected VA. When a memory management unit (MMU) utilizing the defined page table for address translation is enabled, a page fault exception occurs. The page fault exception handling resumes execution of the bootloader at the expected VA via an exception handling vector pointing thereto.

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

Abstract: Techniques for optimizing CPU usage in a host system based on VM guest OS power and performance management are provided. In one embodiment, a hypervisor of the host system can capture information from a VM guest OS that pertains to a target power or performance state set by the guest OS for a vCPU of the VM. The hypervisor can then perform, based on the captured information, one or more actions that align usage of host CPU resources by the vCPU with the target power or performance state.

Abstract: Negative path testing in a bootloader environment can include backing up a global state of a component under test, injecting a fault to trigger an error in the component under test in a bootloader environment, executing error handling instructions until a checkpoint of the component under test in the bootloader environment is reached, restoring the global state to the component under test from the backup, and restarting the component under test.

Abstract: A method for booting a computer system includes: loading a first stage bootloader of a plurality of first stage bootloaders from a boot image based on a known configuration of the computer system; executing the first stage bootloader to identify a selected bootbank of a plurality of bootbanks in the boot image based on the known configuration of the computer system; executing, by the first stage bootloader, a second stage bootloader from the boot image with an instruction to boot from the selected bootbank; and executing, by the second stage bootloader, a binary file in the selected bootbank.

Abstract: Examples provide for automatically provisioning hosts in a cloud environment. A cloud daemon generates a cloud host-state configuration, for a given cloud instance of a host, stored on a cloud metadata service prior to first boot of the given cloud instance of the host. A first boot of a plurality of cloud instances of hosts is performed using a stateless, master boot image lacking host-specific configuration data. On completion of the first boot of a given cloud instance of a host, the cloud host-state configuration is installed on the master boot image to generate a self-configured boot image including host-specific configuration data for the given cloud instance of the host. A second boot is performed on the given cloud instance of the host by executing the self-configured boot image to automatically provision the given cloud instance of the host in the cloud environment.

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

Abstract: An example method of interfacing with a hypervisor in a computing system is described, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level.

Abstract: An example method of implementing firmware runtime services in a computer system having a processor with a plurality of hierarchical privilege levels, the method including: calling, from software executing at a first privilege level of the processor, a runtime service stub in a firmware of the computer system; executing, by the runtime service stub, an upcall instruction from the first privilege level to a second privilege level of the processor that is more privileged than the first privilege level; and executing, by a handler, a runtime service at the second privilege level in response to execution of the upcall instruction.

Abstract: System and method for providing trusted execution environments uses a peripheral component interconnect (PCI) device of a computer system to receive and process commands to create and manage a trusted execution environment for a software process running in the computer system. The trusted execution environment created in the PCI device is then used to execute operations for the software process.

Abstract: System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those available in the computer system. The module ensures the enclave operation for the software process is executed by the particular hardware TEE mechanism, or the TEE scheme based on a particular hardware TEE mechanism.

Abstract: Disclosed are various embodiments for software-based interrupt remapping. A memory address for a respective interrupt request of the peripheral device is allocated. The peripheral device is then configured to write to the memory address to raise an interrupt with the processor. Later, it can be determined that the peripheral device has attempted to write to the memory address. In response, an interrupt can be raised for the respective interrupt request with the processor of the computing device on behalf of the peripheral device.

Abstract: A method for generating boot tables for a device having access to device information. It is determined whether there exists at least one system boot table stored in a memory. If it is determined that a system boot table does not exist, the device information is retrieved, and the device information is converted to at least one boot table. The converting includes generating a first boot table by populating the first boot table with information of components of the device that have a correspondence to a computer system boot information standard. The generating also includes generating a second boot table for another component of the device that does not have a correspondence to the computer system boot information standard, by creating an entry in the second boot table that is populated with an identifier used to find a compatible component defined in the computer system boot standard.

Abstract: A method of creating a new page table structure after first stage boot operations has completed but before handoff to a hypervisor occurs. Firmware page tables are reused and copied to a region of memory by a first-stage bootloader while the firmware is running, processed to have an expected multi-stage page table structure and desired access rights, and copied again to another region of memory by the first-stage bootloader after the first-stage bootloader has completed its booting operations and after the firmware has been quiesced.

Abstract: A method of handling message signaled interrupts in a computer system that uses an internal bus for communication between peripheral devices, using shared peripheral interrupt (SPI) vectors. The method includes determining whether a message signaled interrupt (MSI) needs to be allocated for a PCI-e device for an interrupt to be sent to a host. If it is determined that MSI needs to be allocated for the PCI-e device, a determination is made as to whether a Locality Specific Interrupt (LPI) register or an Interrupt Translation Service (ITS) is available to process the interrupt. If it is determined that neither the LPI register nor the Interrupt Translation Service (ITS) is available to process the interrupt, the PCI-e device is configured for SPI-based MSI generation to route the interrupt by determining an available SPI vector and assigning the available SPI vector to the PCI-e device.

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

Abstract: A method of detecting virtualization in a computing system, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level, is described. The method includes: executing a program on the processor at a privilege level less privileged than the third privilege level, the program including a load-exclusive instruction of the processor, followed by at least one instruction of the processor capable of being trapped to the third privilege level, followed by a store-exclusive instruction of the processor; and determining presence or absence of virtualization software at least a portion of which executes at the third privilege level in response to a return status of the store-exclusive instruction.