Patents by Inventor Michael Tsirkin

Michael Tsirkin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240193257
    Abstract: An authentication code for an authentication process such as multifactor authentication can be automatically inputted according to some examples described herein. In one example, a computing device can execute an authenticator application to generate an authentication code for use during an authentication process associated with a user logging into an account. The computing device can establish a connection with a target device that is separate from the computing device. The target device may be configured to display a graphical user interface that includes an input box into which the user is to manually type the authentication code as part of the authentication process. The computing device can transmit the authentication code to the target device via the connection. The target device can be configured to receive the authentication code and automatically enter the authentication code into the input box on behalf of the user.
    Type: Application
    Filed: December 13, 2022
    Publication date: June 13, 2024
    Inventor: Michael Tsirkin
  • Patent number: 12007891
    Abstract: Technology for enabling a kernel to perform data deduplication on encrypted storage of a container. An example method may involve: enabling, by a kernel, a guest program of a container to access a first storage block of a first container and a second storage block of a second container; receiving, by the kernel from the guest program, an indication that the first storage block and the second storage block are duplicate storage blocks; and updating the first storage block or the second storage block to cause the duplicate storage blocks to reference a common storage location.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: June 11, 2024
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Patent number: 12001869
    Abstract: Systems and methods for providing memory over-commit support for live migration of virtual machines (VMs). In one implementation, a processing device of a source host computer system may identify a host page cache associated with a VM undergoing live migration from the source to a destination host computer system. The host page cache comprises a first plurality of memory pages associated with the VM. The processing device may transmit, from the source to the destination, at least a part of the host page cache. The processing device may discard the part of the host page cache. The processing device may read into the host page cache one or more memory pages of a second plurality of memory pages associated with the VM. The processing device may transmit, from the source to the destination, the one or more memory pages stored by the host page cache.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: June 4, 2024
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, David Alan Gilbert
  • Patent number: 11983555
    Abstract: Systems and methods for storage snapshots for nested virtual machines. An example method may comprise running, by a host computer system, a hypervisor managing a first virtual machine associated with a first virtual device. Responsive to creating a second virtual machine by the hypervisor, requesting, by the first virtual machine, a first snapshot of the first virtual device. The hypervisor generates the first snapshot of the first virtual device and forwards the first snapshot of the first virtual device to the second virtual machine.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: May 14, 2024
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Amnon Ilan
  • Patent number: 11977493
    Abstract: A system includes a host with a memory, a processor, a supervisor, and a device with access to DMAs. The system also includes a guest with access to GMAs and configured to initialize a first driver for the device. The supervisor is configured to map GMAs to a first subset of DMAs, map SMAs to a second subset of DMAs, which are located in a reserved range of addresses, and to initialize a second driver for the device with access to the SMAs. The device is configured to communicate with the guest and the supervisor via the first subset of DMAs and the SMAs respectively. The supervisor is configured to intercept a request from the first driver and validate that memory addresses associated with the request are outside of the reserved range. The supervisor is also configured to send the request to the device via the second driver.
    Type: Grant
    Filed: July 17, 2019
    Date of Patent: May 7, 2024
    Assignee: RED HAT, INC.
    Inventor: Michael Tsirkin
  • Patent number: 11977631
    Abstract: A system includes a hypervisor, a memory, and boot firmware stored in the memory. The boot firmware is configured to execute on a processor to load a trusted code that includes a condition checker from the hypervisor, check a signature of the trusted code, and verify the signature is trusted by a guest. The boot firmware is also configured to load the trusted code into an encrypted memory at a known guest address. The hypervisor is configured to protect the known guest address. The trusted code includes a first instruction, one or more intermediate instructions, and a final instruction. The first instruction and the final instruction are exits to the hypervisor. The hypervisor is also configured to execute the condition checker and detect an inconsistency in guest memory.
    Type: Grant
    Filed: October 17, 2022
    Date of Patent: May 7, 2024
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Publication number: 20240143317
    Abstract: A computing device can receive, from a version control system, a first set of pre-computed checksums for source files for a software program. The computing device can receive, from the version control system, a second set of pre-computed checksums for a second set of source files for the software program. The computing device can determine a first total checksum by combining the first set of pre-computed checksums. The computing device can also determine a second total checksum by combining the first set of pre-computed checksums. The computing device can determine, by comparing the first total checksum to the second total checksum, that the first set of source files was previously built by the build engine. The computing device can then prevent the build engine from re-building the first set of source files.
    Type: Application
    Filed: October 26, 2022
    Publication date: May 2, 2024
    Inventor: Michael TSIRKIN
  • Publication number: 20240143362
    Abstract: Memory pages can be migrated between non-uniform memory access (NUMA) nodes based on entries in a page modification log according to some examples described herein. In one example, a physical processor can detect a request from a virtual machine to access a memory page. The physical processor can then update a page modification log to include an entry indicating the request. A hypervisor supporting the virtual machine can be configured to detect the request based on the entry in the page modification log and, in response to detecting the request, migrate the memory page from a second NUMA node to a destination NUMA node.
    Type: Application
    Filed: October 26, 2022
    Publication date: May 2, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240143514
    Abstract: An input/output memory management unit (IOMMU) can assign input/output virtual addresses (IOVA) using a predetermined randomness algorithm according to some examples. For instance, the IOMMU can determine an input/output virtual address (IOVA) using the pre-defined randomness algorithm. Then, the IOMMU can store, in a translation table, an entry which maps the IOVA to a physical memory address of a storage device. Subsequent to storing the entry in the translation table the IOMMU can receive a request from an input/output (IO) device, where the request is to access data at the IOVA. In response to receiving the request, the IOMMU can identify the physical memory address that is mapped to the IOVA in the entry. The IOMMU can then allow the IO device to access the data at the physical memory address.
    Type: Application
    Filed: October 26, 2022
    Publication date: May 2, 2024
    Inventor: Michael Tsirkin
  • Patent number: 11971830
    Abstract: An example method may include determining whether a preemption flag associated with a first input/output (I/O) handling thread is equal to a first value indicating that preemption of the first I/O queue handling thread is forthcoming, wherein the first I/O queue handling thread is executing on a first processor, the first I/O queue handling thread is associated with a first set of one or more queue identifiers, and each queue identifier identifies a queue being handled by the first I/O queue handling thread, and, responsive to determining that the preemption flag is equal to the first value, transferring the first set of one or more queue identifiers to a second I/O queue handling thread executing on a second processor. Transferring the first set of queue identifiers may include removing the one or more queue identifiers from the first set.
    Type: Grant
    Filed: March 22, 2022
    Date of Patent: April 30, 2024
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Patent number: 11966743
    Abstract: A system includes a memory including a ring buffer having a plurality of slots, a processor in communication with the memory, a guest operating system, and a hypervisor. The hypervisor is configured to detect a request associated with a memory entry, retrieve up to a predetermined quantity of memory entries in the ring buffer from an original slot to an end slot, and test a respective descriptor of each successive slot from the original slot through the end slot while the respective descriptor of each successive slot in the ring buffer remains unchanged. Additionally, the hypervisor is configured to execute the request associated with the memory entries and respective valid descriptors. The hypervisor is also configured to walk the ring buffer backwards from the end slot to the original slot while clearing the valid descriptors.
    Type: Grant
    Filed: January 27, 2022
    Date of Patent: April 23, 2024
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Patent number: 11943337
    Abstract: A system includes an application instance or application environment instance and a first cloud service of a trusted cloud provider. The first cloud service is configured to receive an encrypted disk image and to launch the application instance or application environment instance. The system also includes a second cloud service of a first alternate cloud provider, which is configured to launch a first attestation service instance from an attestation disk image that includes a secret and to provide the secret to the application instance or application environment instance.
    Type: Grant
    Filed: February 17, 2023
    Date of Patent: March 26, 2024
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Publication number: 20240095040
    Abstract: Aspects of the disclosure provide for mechanisms providing a captive portal to manage a driver application for a peripheral device. Systems and methods of the disclosure include: providing, by a client device, a first request for a connection with a peripheral device over a wireless network provided by the peripheral device; receiving a message granting the connection to the wireless network; providing a second request to access a first web page at an address; receiving a second web page associated with a driver application for the peripheral device instead of the first web page; and launching the driver application by using a first link that facilitates an installation of the driver application and a second link that launches the driver application.
    Type: Application
    Filed: November 20, 2023
    Publication date: March 21, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240095059
    Abstract: A cryptographic data item is generated based on at least a public cryptographic key associated with a peripheral device connected to a virtualized computing system. The cryptographic data is transmitted to the peripheral device. A shared cryptographic key is generated based on the generated cryptographic data. One or more memory access operations are performed to access data at a region of memory associated with the peripheral device using the shared cryptographic key.
    Type: Application
    Filed: October 31, 2023
    Publication date: March 21, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240095188
    Abstract: Memory deduplication for encrypted virtual machines can be performed according to some examples. In one example, a virtual machine can select a target memory page stored in an encrypted memory of the virtual machine. The encrypted memory can be inaccessible to a hypervisor configured to manage the virtual machine. The virtual machine can store a copy of the target memory page to a shared memory that is accessible to the hypervisor. The hypervisor can then execute a deduplication process with respect to the copy of the target memory page stored in the shared memory. Subsequent to storing the copy of the target memory page to the shared memory, the virtual machine can remove the target memory page from the encrypted memory. The virtual machine can also prompt the hypervisor to reallocate the memory space of the encrypted memory that was previously used to store the target memory page.
    Type: Application
    Filed: September 19, 2022
    Publication date: March 21, 2024
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • Publication number: 20240086220
    Abstract: A computing device can detect an interrupt associated with a virtual machine. Based on detecting the interrupt, the computing device can determine whether the virtual machine is in an idle state. Based on determining that the virtual machine is in the idle state, the computing device can delay the interrupt by storing the interrupt in an interrupt register for a period of time and preventing the interrupt from being transmitted to the virtual machine during the period of time. After storing the interrupt in the interrupt register, the computing device can determine that the virtual machine is in an awake state. In response to determining that the virtual machine is in the awake state, the computing device can transmit the interrupt from the interrupt register to the virtual machine.
    Type: Application
    Filed: September 13, 2022
    Publication date: March 14, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240089099
    Abstract: Deduplication can be performed based on encrypted storage blocks generated by a secure enclave. For example, a secure enclave can generate a first encrypted storage block and a second encrypted storage block using an encryption key. The first encrypted storage block can be an encrypted version of a first storage block and the second encrypted storage block can be an encrypted version of a second storage block. The secure enclave can then provide the first encrypted storage block and the second encrypted storage block to a supervisory program executable on a processor that is separate from the secure enclave. The supervisory program can be configured to initiate deduplication of the first storage block and the second storage block in response to determining that the first encrypted storage block matches the second encrypted storage block.
    Type: Application
    Filed: September 13, 2022
    Publication date: March 14, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240086219
    Abstract: One example described herein includes a source processing unit that can detect that guest software of a virtual machine has transmitted an interrupt to a virtual central processing unit (vCPU) identifier, where the vCPU identifier that does not match any vCPUs in the virtual machine. Based on the interrupt, the source processing unit can access an interrupt table that is associated with the virtual machine. The interrupt table can include an entry that maps the interrupt to a destination processing unit. Based on the entry in the interrupt table, the source processing unit can determine that the interrupt is to be transmitted to the destination processing unit. The source processing unit can then transmit the interrupt to the destination processing unit, without triggering an exit of the virtual machine on the source processing unit.
    Type: Application
    Filed: September 13, 2022
    Publication date: March 14, 2024
    Inventor: Michael Tsirkin
  • Publication number: 20240072995
    Abstract: Systems and methods for secured peripheral device communication via a bridge device in virtualized computer systems. An example method may comprise receiving, by a virtualized execution environment running on a computing system, a state measurement associated with a bridge device of the computing system; generating an ephemeral key; responsive to validating the state measurement, transmitting, to the bridge device, the ephemeral key encrypted using a device key associated with the bridge device; and transmitting, to the bridge device, an access request directed to a peripheral device accessible via the bridge device, wherein the access request is encrypted using a value derived from the ephemeral key.
    Type: Application
    Filed: August 31, 2022
    Publication date: February 29, 2024
    Inventors: Michael Tsirkin, Amnon Ilan
  • Publication number: 20240073243
    Abstract: A virtual device can be provided to a virtual machine from a hypervisor. The virtual can correspond to a backend element accessible to the VM via communications with the virtual device. The hypervisor can intercept a communication from the VM directed to the backend element via the virtual device. The hypervisor can set a timer. The timer can track an elapsed time from the communication to a response from the backend element. The hypervisor can send the communication from the virtual machine to the backend element. The timer can then be determined to have expired without a response being received. The virtual device can then be disabled.
    Type: Application
    Filed: August 31, 2022
    Publication date: February 29, 2024
    Inventor: Michael Tsirkin