Patents by Inventor Michael Tsirkin

Michael Tsirkin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Secure reliable trusted execution environments
    Patent number: 11588623
    Abstract: A system includes an application TEE and a first cloud service of a trusted cloud provider. The first cloud service is configured to receive an encrypted disk image and to launch the application TEE. The system also includes a second cloud service of a first alternate cloud provider, which is configured to launch a first attestation service instance from an attestation disk image that includes a secret and to provide the secret to the application TEE instance. Additionally, the system includes a third cloud service of a second alternate cloud provider, which is configured to launch a second attestation service instance and to provide the secret to the application TEE instance when the second cloud service is unavailable.
    Type: Grant
    Filed: June 24, 2020
    Date of Patent: February 21, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Selective memory deduplication for virtual machines
    Patent number: 11586454
    Abstract: A guest operating system (OS) of a virtual machine (VM) receives a first request from an application to enable memory deduplication for a memory page associated with the application, identifies a mergeable memory range for memory space of the guest OS, where the mergeable memory rage is associated with guest OS memory pages to be deduplicated, and maps, in a page table of the guest OS, a page table entry for the memory page to a memory address within the mergeable memory range. The guest OS causes a hypervisor to enable deduplication for the memory page responsive to detecting an access of the memory page by the application.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: February 21, 2023
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • Fast device discovery for virtual machines
    Patent number: 11586458
    Abstract: A hypervisor identifies a memory address associated with a device slot of a communication bus; determines that the device slot of the communication bus is not associated with any of one or more devices; generates a memory page for the memory address, wherein the memory page comprises a value that indicates that the memory address is not associated with any of the devices; maps, in a page table, a page table entry for the memory page to the memory address, wherein the page table entry indicates that the memory page is read only for a guest operating system (OS) of a virtual machine (VM); and causes the memory page to be provided to the guest OS of the VM in view of a read access of the memory address by the guest OS.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: February 21, 2023
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Paolo Bonzini
  • RUNNING VIRTUAL MACHINES WITHIN CONTAINERS
    Publication number: 20230041845
    Abstract: System and method for running virtual machines within containers. An example method may include: running, by a host computer system, a hypervisor managing a first virtual machine implemented by a first container with a first set of resources, creating, by the hypervisor, a second container implementing the second virtual machine, wherein the second container is nested within the first container, determining, by the first virtual machine of the first container, one or more of the first set of resources to assign to the second container, and assigning, by the hypervisor, to the second container one or more of the first set of resources.
    Type: Application
    Filed: August 3, 2021
    Publication date: February 9, 2023
    Inventors: Michael Tsirkin, Amnon Ilan
  • STORAGE SNAPSHOTS FOR NESTED VIRTUAL MACHINES
    Publication number: 20230043929
    Abstract: Systems and methods for storage snapshots for nested virtual machines. An example method may comprise running, by a host computer system, a hypervisor managing a first virtual machine associated with a first virtual device. Responsive to creating a second virtual machine by the hypervisor, requesting, by the first virtual machine, a first snapshot of the first virtual device. The hypervisor generates the first snapshot of the first virtual device and forwards the first snapshot of the first virtual device to the second virtual machine.
    Type: Application
    Filed: August 3, 2021
    Publication date: February 9, 2023
    Inventors: Michael Tsirkin, Amnon Ilan
  • HYPERVISOR LEVEL SIGNATURE CHECKS FOR ENCRYPTED TRUSTED EXECUTION ENVIRONMENTS
    Publication number: 20230039602
    Abstract: A system includes a hypervisor, a memory, and boot firmware stored in the memory. The boot firmware is configured to execute on a processor to load a trusted code that includes a condition checker from the hypervisor, check a signature of the trusted code, and verify the signature is trusted by a guest. The boot firmware is also configured to load the trusted code into an encrypted memory at a known guest address. The hypervisor is configured to protect the known guest address. The trusted code includes a first instruction, one or more intermediate instructions, and a final instruction. The first instruction and the final instruction are exits to the hypervisor. The hypervisor is also configured to execute the condition checker and detect an inconsistency in guest memory.
    Type: Application
    Filed: October 17, 2022
    Publication date: February 9, 2023
    Inventor: Michael Tsirkin
  • CONSTANT TIME UPDATES AFTER MEMORY DEDUPLICATION
    Publication number: 20230040039
    Abstract: Systems and methods are described for resource-efficient memory deduplication and write-protection. In an example, a method includes receiving, by a computing device having a processor, a request to assess deduplication for a plurality of candidate files. The computing device may perform one or more iterative steps for deduplication. The iterative steps may include: receiving, from the plurality of candidate files, a candidate file that is not write-protected; determining, based on a predetermined Bernoulli distribution, a decision to write-protect the candidate file; rendering the candidate file as a write-protected candidate file; determining, based on a review of other candidate files from the plurality of candidate files, that the write-protected candidate file can be deduplicated; and deduplicating the write-protected candidate file.
    Type: Application
    Filed: August 3, 2021
    Publication date: February 9, 2023
    Inventors: Michael Tsirkin, Zhe Xu, Andrea Arcangeli
  • FAIL-SAFE POST COPY MIGRATION OF CONTAINERIZED APPLICATIONS
    Publication number: 20230043180
    Abstract: A supervisor on a destination host receives a request to migrate an application from a source host to the destination host and determines a total amount of memory associated with the application on the source host. The supervisor on the destination host allocates one or more memory pages in a page table on the destination host to satisfy the total amount of memory associated with the application on the source host, where the one or more memory pages are to be associated with the application on the destination host. Responsive to determining that the one or more memory pages have been allocated on the destination host, the supervisor on the destination host initiates migration of the application from the source host to the destination host.
    Type: Application
    Filed: October 17, 2022
    Publication date: February 9, 2023
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • Dynamic power management states for virtual machine migration
    Patent number: 11573815
    Abstract: Systems and methods for supporting dynamic power management states for virtual machine (VM) migration are disclosed. In one implementation, a processing device may generate, by a host computer system, a host power management data structure specifying a plurality of power management states of the host computer system. The processing device may also detect that a VM has been migrated to the host computer system. The processing device may then prevent the VM from performing power management operations and may cause the virtual machine to read the host power management data structure. Responsive to receiving a notification that the VM has read the host power management data structure, the processing device may enable the VM to enter a first power management state of the plurality of power management states.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: February 7, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • EFFICIENT DIRTY PAGE EXPIRATION
    Publication number: 20230032137
    Abstract: Systems and methods providing efficient dirty memory page expiration. In one implementation, a processing device may identify a storage device. The processing device may determine a value of an indicator associated with the storage device. The indicator may indicate a level of consistency between a volatile memory device and a non-volatile memory device of the storage device. In view of the value of the indicator, the processing device may modify a synchronization timeout value associated with the volatile memory device.
    Type: Application
    Filed: August 2, 2021
    Publication date: February 2, 2023
    Inventors: Andrea Arcangeli, Giuseppe Scrivano, Michael Tsirkin
  • SUPPORT FOR ENCRYPTED MEMORY IN NESTED VIRTUAL MACHINES
    Publication number: 20230031775
    Abstract: A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.
    Type: Application
    Filed: October 6, 2022
    Publication date: February 2, 2023
    Inventors: Michael Tsirkin, Karen Lee Noel
  • HOST ADDRESS SPACE IDENTIFIER FOR NON-UNIFORM MEMORY ACCESS LOCALITY IN VIRTUAL MACHINES
    Publication number: 20230035320
    Abstract: Aspects of the disclosure provide for implementing host address space identifiers for non-uniform memory access (NUMA) locality in virtual machines. A method of the disclosure includes determining, by a virtual machine (VM), that a guest memory page is to be moved from a first virtual NUMA node of the VM to a second virtual NUMA node of the VM. The method also includes updating, one or more designated bits of a guest physical address (GPA) of the memory page to include a host address space identifier (HASID) of the second virtual NUMA node, where the guest page table maps the GPA of the memory page to a corresponding guest virtual address (GVA) of the VM and where the HASID associates the GPA of the memory page with a corresponding virtual NUMA node locality, and accessing by the VM, the updated GPA.
    Type: Application
    Filed: October 10, 2022
    Publication date: February 2, 2023
    Inventors: Andrea Arcangeli, Michael Tsirkin
  • Efficient management of bus bandwidth for multiple drivers
    Patent number: 11567884
    Abstract: Systems and methods are disclosed for efficient management of bus bandwidth among multiple drivers. An example method may comprise: receiving a request from a driver to write data via a bus; reading contents of a random access memory (RAM) at a specified interval of time to determine whether the data written by the driver is accumulated in the RAM; responsive to determining that the data written by the driver is accumulated in the RAM, determining whether a bandwidth of the bus satisfies a bandwidth condition; and responsive to determining that the bandwidth satisfies the bandwidth condition, forwarding, via the bus, a portion of the data written by the driver in the RAM to a device memory of a device.
    Type: Grant
    Filed: July 26, 2021
    Date of Patent: January 31, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Free detection with double free protection
    Patent number: 11567866
    Abstract: The technology disclosed herein may detect, avoid, or protect against “use after free” or “double free” programing logic errors. An example method may involve: receiving a plurality of requests to allocate memory, the plurality of requests comprising a first request and a second request; identifying a chunk of memory; generating a plurality of pointers to the chunk of memory, the plurality of pointers comprising a first pointer and a second pointer; providing the first pointer responsive to the first request and the second pointer responsive to the second request; and updating pointer validation data after providing the second pointer, wherein the pointer validation data indicates at least one of the plurality of pointers is valid and at least one of the plurality of pointers is invalid.
    Type: Grant
    Filed: August 24, 2020
    Date of Patent: January 31, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Optimized branching using safe static keys
    Patent number: 11567774
    Abstract: Systems and methods for managing optimized branching in executable instructions are disclosed. In one implementation, a processing device may identify, in a sequence of executable instructions, a branching instruction associated with a safe static key, the branching instruction specifying a first target location. The processing device may determine whether a value of the safe static key is initialized. Responsive to determining that the value of the safe static key is initialized, the processing device may further replace the branching instruction with an unconditional branching instruction specifying the first target location. Responsive to determining that the value of the safe static key is uninitialized, the processing device may replace the branching instruction with a conditional branching instruction specifying the first target location.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: January 31, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Constant time updates after memory deduplication
    Patent number: 11567684
    Abstract: Systems and methods are described for resource-efficient memory deduplication and write-protection. In an example, a method includes receiving, by a computing device having a processor, a request to assess deduplication for a plurality of candidate files. The computing device may perform one or more iterative steps for deduplication. The iterative steps may include: receiving, from the plurality of candidate files, a candidate file that is not write-protected; determining, based on a predetermined Bernoulli distribution, a decision to write-protect the candidate file; rendering the candidate file as a write-protected candidate file; determining, based on a review of other candidate files from the plurality of candidate files, that the write-protected candidate file can be deduplicated; and deduplicating the write-protected candidate file.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: January 31, 2023
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Zhe Xu, Andrea Arcangeli
  • REVERSE SHADOW PAGE TABLES FOR NESTED VIRTUAL MACHINES
    Publication number: 20230018412
    Abstract: Systems and methods for memory management for virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor which manages a Level 2 virtual machine. The Level 1 hypervisor may detecting execution of an operation that prevents modification to a set of entries in a Level 2 page table and generate a shadow page table where each shadow page table entry of the plurality of shadow page table entries maps a Level 2 guest virtual address of a Level 2 address space associated with the Level 2 virtual machine to a corresponding Level 1 guest physical address of a Level 1 address space associated with the Level 1 virtual machine. The Level 0 hypervisor may generate a Level 0 page table.
    Type: Application
    Filed: September 19, 2022
    Publication date: January 19, 2023
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • MEMORY BARRIER ELISION FOR MULTI-THREADED WORKLOADS
    Publication number: 20230019377
    Abstract: A system includes a memory, at least one physical processor in communication with the memory, and a plurality of threads executing on the at least one physical processor. A first thread of the plurality of threads is configured to execute a plurality of instructions that includes a restartable sequence. Responsive to a different second thread in communication with the first thread being pre-empted while the first thread is executing the restartable sequence, the first thread is configured to restart the restartable sequence prior to reaching a memory barrier.
    Type: Application
    Filed: September 19, 2022
    Publication date: January 19, 2023
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • Hypervisor task execution management for virtual machines
    Patent number: 11556371
    Abstract: A system enabling a hypervisor to assign processor resources for specific tasks to be performed by a virtual machine. An example method may comprise: receiving, by a hypervisor running on a host computer system, a virtual processor (“vCPU”) assignment request from a virtual device driver running on a virtual machine managed by the hypervisor, assigning a vCPU for executing a task associated with the assignment request, and causing the virtual device driver to execute the task using the vCPU.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: January 17, 2023
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • Secure modular devices
    Patent number: 11550941
    Abstract: A system includes a memory and a processor. The memory is in communication with the processor and configured to initialize a secure interface configured to provide access to a virtual machine (VM) from a device, where the VM is associated with a level of security. A buffer is allocated and associated with the secure interface, where the level of security of the VM indicates whether the device has access to guest memory of the VM via the buffer. The buffer is then provided to the device. Inputs/outputs (I/Os) are sent between the device and the VM using the secure interface.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: January 10, 2023
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Sergio Lopez Pascual