Patents by Inventor Carl A. Waldspurger

Carl A. Waldspurger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9740637
    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
    Type: Grant
    Filed: October 8, 2013
    Date of Patent: August 22, 2017
    Assignee: VMware, Inc.
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
  • Patent number: 9734092
    Abstract: Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: August 15, 2017
    Assignee: Facebook, Inc.
    Inventors: Oded Horovitz, Sahil Rihan, Stephen A. Weis, Carl A. Waldspurger
  • Patent number: 9727420
    Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.
    Type: Grant
    Filed: April 25, 2014
    Date of Patent: August 8, 2017
    Assignee: VMware, Inc.
    Inventors: Carl A. Waldspurger, Michael Nelson, Daniel J. Scales, Pratap Subrahmanyam
  • Publication number: 20170220381
    Abstract: Techniques for implicit coscheduling of CPUs to improve corun performance of scheduled contexts are described. One technique minimizes skew by implementing corun migrations, and another technique minimizes skew by implementing a corun bonus mechanism. Skew between schedulable contexts may be calculated based on guest progress, where guest progress represents time spent executing guest operating system and guest application code. A non-linear skew catch-up algorithm is described that adjusts the progress of a context when the progress falls far behind its sibling contexts.
    Type: Application
    Filed: April 21, 2017
    Publication date: August 3, 2017
    Inventors: Haoqiang ZHENG, Carl A. WALDSPURGER
  • Publication number: 20170206167
    Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.
    Type: Application
    Filed: September 23, 2016
    Publication date: July 20, 2017
    Inventors: Carl A. Waldspurger, Oded Horovitz, Stephen A. Weis, Sahil Rihan
  • Publication number: 20170185531
    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
    Type: Application
    Filed: October 8, 2013
    Publication date: June 29, 2017
    Applicant: VMware, Inc.
    Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL, Dan BONEH
  • Patent number: 9658878
    Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.
    Type: Grant
    Filed: August 25, 2014
    Date of Patent: May 23, 2017
    Assignee: VMware, Inc.
    Inventors: Daniel R. K. Ports, Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel
  • Patent number: 9639480
    Abstract: The configuration of a cache is adjusted within a computer system that includes at least one entity that submits a stream of references, each reference corresponding to a location identifier corresponding to data storage locations in a storage system. The reference stream is spatially sampled using reference hashing. Cache utility values are determined for each of a plurality of caching simulations and an optimal configuration is selected based on the results of the simulations.
    Type: Grant
    Filed: August 16, 2016
    Date of Patent: May 2, 2017
    Assignee: CLOUD PHYSICS, INC.
    Inventors: Carl A. Waldspurger, Irfan Ahmad, Alexander Garthwaite, Nohhyun Park
  • Patent number: 9639482
    Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: May 2, 2017
    Assignee: Facebook, Inc.
    Inventors: Oded Horovitz, Stephen A. Weis, Carl A. Waldspurger, Sahil Rihan
  • Patent number: 9632808
    Abstract: Techniques for implicit coscheduling of CPUs to improve corun performance of scheduled contexts are described. One technique minimizes skew by implementing corun migrations, and another technique minimizes skew by implementing a corun bonus mechanism. Skew between schedulable contexts may be calculated based on guest progress, where guest progress represents time spent executing guest operating system and guest application code. A non-linear skew catch-up algorithm is described that adjusts the progress of a context when the progress falls far behind its sibling contexts.
    Type: Grant
    Filed: May 8, 2014
    Date of Patent: April 25, 2017
    Assignee: VMware, Inc.
    Inventors: Haoqiang Zheng, Carl A. Waldspurger
  • Publication number: 20170075729
    Abstract: At least one guest system, for example, a virtual machine, is connected to a host system, which includes a system resource such as system machine memory. Each guest system includes a guest operating system (OS). A resource requesting mechanism, preferably a driver, is installed within each guest OS and communicates with a resource scheduler included within the host system. If the host system needs any one the guest systems to relinquish some of the system resource it currently is allocated, then the resource scheduler instructs the driver within that guest system's OS to reserve more of the resource, using the guest OS's own, native resource allocation mechanisms. The driver thus frees this resource for use by the host, since the driver does not itself actually need the requested amount of the resource. The driver in each guest OS thus acts as a hollow “balloon” to “inflate” or “deflate,” that is, reserve more or less of the system resource via the corresponding guest OS.
    Type: Application
    Filed: September 23, 2016
    Publication date: March 16, 2017
    Inventor: Carl A. WALDSPURGER
  • Patent number: 9563453
    Abstract: One or more embodiments of the present invention provide a technique for effectively managing virtualized computing systems with an unlimited number of hardware resources. Host systems included in a virtualized computer system are organized into a scalable, peer-to-peer (P2P) network in which host systems arrange themselves into a network overlay to communicate with one another. The network overlay enables the host systems to perform a variety of operations, which include dividing computing resources of the host systems among a plurality of virtual machines (VMs), load balancing VMs across the host systems, and performing an initial placement of a VM in one of the host systems.
    Type: Grant
    Filed: October 7, 2014
    Date of Patent: February 7, 2017
    Assignee: VMware, Inc.
    Inventors: Ajay Gulati, Irfan Ahmad, Ganesha Shanmuganathan, Carl A. Waldspurger
  • Publication number: 20160357686
    Abstract: The configuration of a cache is adjusted within a computer system that includes at least one entity that submits a stream of references, each reference corresponding to a location identifier corresponding to data storage locations in a storage system. The reference stream is spatially sampled using reference hashing. Cache utility values are determined for each of a plurality of caching simulations and an optimal configuration is selected based on the results of the simulations.
    Type: Application
    Filed: August 16, 2016
    Publication date: December 8, 2016
    Applicant: Cloud Physics, Inc.
    Inventors: Carl A. WALDSPURGER, Irfan AHMAD, Alexander GARTHWAITE, Nohhyun PARK
  • Publication number: 20160357674
    Abstract: A cache in a computer system is configured with a plurality of monitoring slices, each comprising a separately addressable partition of the cache. With each monitoring slice is associated a respective sub-range of a hash function, which has a range that includes at least the addressable partitions of the cache that comprise the monitoring slices. For each of a stream of location identifiers submitted by at least one entity, a respective location identifier hash value is computed and used to determine in which, if any, monitoring slice-associated hash function sub-range the location identifier hash value falls. For at least one of the monitoring slices, a frequency value is determined as a function of how many of the location identifier hash values fell into the slice's associated hash function sub-range, and a respective cache utility value is then computed as a function of each monitoring slice's frequency value.
    Type: Application
    Filed: June 6, 2016
    Publication date: December 8, 2016
    Applicant: Cloud Physics, Inc.
    Inventors: Carl A. WALDSPURGER, Irfan AHMAD, Alexander GARTHWAITE, Nohhyun PARK, Guang YANG
  • Patent number: 9509621
    Abstract: A shared input/output (IO) resource is managed in a decentralized manner. Each of multiple hosts having IO access to the shared resource, computes an average latency value that is normalized with respect to average IO request sizes, and stores the computed normalized latency value for later use. The normalized latency values thus computed and stored may be used for a variety of different applications, including enforcing a quality of service (QoS) policy that is applied to the hosts, detecting a condition known as an anomaly where a host that is not bound by a QoS policy accesses the shared resource at a rate that impacts the level of service received by the plurality of hosts that are bound by the QoS policy, and migrating workloads between storage arrays to achieve load balancing across the storage arrays.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: November 29, 2016
    Assignee: VMware, Inc.
    Inventors: Ajay Gulati, Irfan Ahmad, Jyothir Ramanan, Carl A. Waldspurger
  • Patent number: 9477603
    Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: October 25, 2016
    Assignee: FACEBOOK, INC.
    Inventors: Carl A. Waldspurger, Oded Horovitz, Stephen A. Weis, Sahil Rihan
  • Patent number: 9454478
    Abstract: At least one guest system, for example, a virtual machine, is connected to a host system, which includes a system resource such as system machine memory. Each guest system includes a guest operating system (OS). A resource requesting mechanism, preferably a driver, is installed within each guest OS and communicates with a resource scheduler included within the host system. If the host system needs any one the guest systems to relinquish some of the system resource it currently is allocated, then the resource scheduler instructs the driver within that guest system's OS to reserve more of the resource, using the guest OS's own, native resource allocation mechanisms. The driver thus frees this resource for use by the host, since the driver does not itself actually need the requested amount of the resource.
    Type: Grant
    Filed: March 26, 2012
    Date of Patent: September 27, 2016
    Assignee: VMware, Inc.
    Inventor: Carl A. Waldspurger
  • Publication number: 20160253269
    Abstract: Cache utility curves are determined for different software entities depending on how frequently their storage access requests lead to cache hits or cache misses. Although possible, not all access requests need be tested, but rather only a subset, comprising fewer than all of the requests, determined by whether a hash value of each current storage location identifier (such as an address or block number) meets one or more sampling criteria. The subset may comprise as few as 20% or 10% or even less of the access requests.
    Type: Application
    Filed: May 9, 2016
    Publication date: September 1, 2016
    Applicant: Cloud Physics, Inc.
    Inventors: Carl A. WALDSPURGER, Nohhyun PARK
  • Patent number: 9430277
    Abstract: A method is described for scheduling in an intelligent manner a plurality of threads on a processor having a plurality of cores and a shared last level cache (LLC). In the method, a first and second scenario having a corresponding first and second combination of threads are identified. The cache occupancies of each of the threads for each of the scenarios are predicted. The predicted cache occupancies being a representation of an amount of the LLC that each of the threads would occupy when running with the other threads on the processor according to the particular scenario. One of the scenarios is identified that results in the least objectionable impacts on all threads, the least objectionable impacts taking into account the impact resulting from the predicted cache occupancies. Finally, a scheduling decision is made according to the one of the scenarios that results in the least objectionable impacts.
    Type: Grant
    Filed: March 29, 2013
    Date of Patent: August 30, 2016
    Assignee: VMware, Inc.
    Inventors: Puneet Zaroo, Richard West, Carl A. Waldspurger, Xiao Zhang
  • Publication number: 20160246533
    Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.
    Type: Application
    Filed: April 29, 2016
    Publication date: August 25, 2016
    Inventor: Carl A. WALDSPURGER