Patents by Inventor Michael Tsirkin

Michael Tsirkin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • ZERO-COPY FORWARDING FOR NETWORK FUNCTION VIRTUALIZATION
    Publication number: 20220321433
    Abstract: Systems and methods for zero-copy forwarding for network function virtualization (NFV). An example method comprises: receiving, by a supervisor of a host computer system, a definition of a packet filter originated by a virtual execution environment running on the host computer system; responsive to validating the packet filter, associating the packet filter with a vNIC of the virtual execution environment; receiving, by the supervisor, a network packet originated by the vNIC; and responsive to matching the network packet to a network connection specified by the packet filter, causing the packet filter to forward the network packet via the network connection.
    Type: Application
    Filed: June 16, 2022
    Publication date: October 6, 2022
    Inventors: Amnon Ilan, Michael Tsirkin
  • EXPOSING UNTRUSTED DEVICES TO VIRTUAL MACHINES
    Publication number: 20220308909
    Abstract: A method includes receiving, by a hypervisor executing on a computing system, a request to associate an input/output (I/O) device with a virtual machine running on the computing system. The I/O device corresponds to a physical device attached to a first peripheral bus of a first bus type. The method further includes determining whether the I/O device is a trusted I/O device. The method further includes, in response to determining that the I/O device is not a trusted I/O device, exposing the I/O device to the virtual machine via a first virtual bus of a second bus type. Exposing the I/O device to the virtual machine via the first virtual bus causes the virtual machine to initiate a first security protocol associated with the first virtual bus.
    Type: Application
    Filed: March 29, 2021
    Publication date: September 29, 2022
    Inventor: Michael Tsirkin
  • SYSTEMS AND METHODS FOR PREVENTING KERNEL STALLING ATTACKS
    Publication number: 20220309150
    Abstract: Systems and methods for preventing kernel stalling attacks. An example method may comprise receiving, by a kernel, an address range associated with a data store of an application program; mapping, by the kernel, a portion of random access memory (RAM) to the address range; disabling page fault handling with respect to addresses falling within the address range; and responsive to receiving, from the application program, a memory access request specifying an address outside of the address range, returning a memory access error to the application program.
    Type: Application
    Filed: March 29, 2021
    Publication date: September 29, 2022
    Inventor: Michael Tsirkin
  • LOCATION CHANGE NOTIFICATION HANDLING
    Publication number: 20220303215
    Abstract: A method includes receiving a message at a network bridge from a computer system where the network bridge stores a forwarding table. The method also includes determining a type of the message. The method also includes upon a determination that the type of message is a network notification message, determining whether data within the message corresponds to an entry within the forwarding table. The method also includes upon determining that the data within the message corresponds to the entry within the forwarding table, halting a transmission of the message. The method also includes upon determining that the data within the message does not correspond to the entry in the forwarding table, transmitting the message to a device in communication with the network bridge.
    Type: Application
    Filed: June 3, 2022
    Publication date: September 22, 2022
    Inventor: Michael Tsirkin
  • Memory barrier elision for multi-threaded workloads
    Patent number: 11449339
    Abstract: A system includes a memory, at least one physical processor in communication with the memory, and a plurality of hardware threads executing on the at least one physical processor. A first thread of the plurality of hardware threads is configured to execute a plurality of instructions that includes a restartable sequence. Responsive to a different second thread in communication with the first thread being pre-empted while the first thread is executing the restartable sequence, the first thread is configured to restart the restartable sequence prior to reaching a memory barrier.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: September 20, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • Reverse shadow page tables for firewalled nested encrypted virtual machines
    Patent number: 11449434
    Abstract: Systems and methods for memory management for virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor which manages a Level 2 virtual machine having encrypted memory pages. The Level 1 hypervisor may generate a shadow page table where each shadow page table entry of the plurality of shadow page table entries maps a Level 2 guest virtual address of a Level 2 address space associated with the Level 2 virtual machine to a corresponding Level 1 guest physical address of a Level 1 address space associated with the Level 1 virtual machine. The Level 0 hypervisor may generate a Level 0 page table comprising a plurality of Level 0 page table entries that maps a Level 1 guest physical address to a corresponding Level 0 host physical address.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: September 20, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Andrea Arcangeli
  • LIBRARY BASED VIRTUAL MACHINE MIGRATION
    Publication number: 20220283835
    Abstract: A method includes determining to migrate a guest VM from a source host to a destination host and, in response to determining to migrate the guest VM, determining that a page of the guest VM matches a page of a VM image of a plurality of VM images in a VM library associated with the source host. The method further includes forwarding an identifier of the page of the VM image to the destination host, the destination host to retrieve, in view of the identifier, the page of the VM image from a second VM library associated with the destination host to instantiate the guest VM at the destination host.
    Type: Application
    Filed: March 2, 2021
    Publication date: September 8, 2022
    Inventor: Michael Tsirkin
  • Free memory page hinting by virtual machines
    Patent number: 11436141
    Abstract: Systems and methods for free memory hinting by virtual machines. An example method comprises: identifying, by a virtual machine running on a host computer system, a first memory page referenced by a free memory list maintained by the virtual machine; identifying a second memory page residing in a hinting buffer associated with the virtual machine; moving the second memory page to the free memory list; disassociating the first memory page from the free memory list; and notifying the host computer system of an identifier of the first memory page.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: September 6, 2022
    Assignee: Red Hat, Inc.
    Inventors: David Hildenbrand, Michael Tsirkin
  • NON FRAGMENTING MEMORY BALLOONING
    Publication number: 20220276889
    Abstract: Technology is disclosed for non-fragmenting memory ballooning. An example method may involve: receiving, by a processing device, a request associated with a memory balloon; searching for available memory chunks in a memory, wherein the memory is fragmented and comprises a set of available chunks that are separate from each other; selecting, by the processing device, a first chunk and a second chunk of the set of available chunks, wherein the first chunk is smaller than the second chunk and is selected before the second chunk; and associating the first chunk and the second chunk with the memory balloon.
    Type: Application
    Filed: March 1, 2021
    Publication date: September 1, 2022
    Inventors: Michael Tsirkin, David Hildenbrand
  • Guest protection from application code execution in kernel mode
    Patent number: 11429412
    Abstract: Systems and methods are disclosed for securing an application running on a guest. An example method includes detecting, by a guest running on a virtual machine, that a set of physical memory pages is allocated to an application. The virtual machine runs on a hypervisor, and the application runs on the guest. During runtime, the guest may send a request to the hypervisor to set the set of physical memory pages to an executable-by-user mode in the hypervisor's page tables.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: August 30, 2022
    Assignee: RED HAT ISRAEL, LTD.
    Inventors: Michael Tsirkin, Paolo Bonzini
  • Memory deduplication based on guest page hints
    Patent number: 11429416
    Abstract: Methods, systems, and computer program products are included for de-duplicating one or more memory pages. A method includes receiving, by a hypervisor, a list of read-only memory page hints from a guest running on a virtual machine. The list of read-only memory page hints specifies a first memory page marked as writeable. The method also includes determining whether the first memory page matches a second memory page. In response to a determination that the first memory page matches the second memory page, the hypervisor may deduplicate the first and second memory pages.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: August 30, 2022
    Assignee: RED HAT ISRAEL, LTD.
    Inventors: Michael Tsirkin, Uri Lublin
  • MEMORY OVER-COMMIT SUPPORT FOR LIVE MIGRATION OF VIRTUAL MACHINES
    Publication number: 20220269522
    Abstract: Systems and methods for providing memory over-commit support for live migration of virtual machines (VMs). In one implementation, a processing device of a source host computer system may identify a host page cache associated with a VM undergoing live migration from the source to a destination host computer system. The host page cache comprises a first plurality of memory pages associated with the VM. The processing device may transmit, from the source to the destination, at least a part of the host page cache. The processing device may discard the part of the host page cache. The processing device may read into the host page cache one or more memory pages of a second plurality of memory pages associated with the VM. The processing device may transmit, from the source to the destination, the one or more memory pages stored by the host page cache.
    Type: Application
    Filed: February 25, 2021
    Publication date: August 25, 2022
    Inventors: Michael Tsirkin, David Alan Gilbert
  • FUNCTION POINTER PROTECTION
    Publication number: 20220269775
    Abstract: A system includes a memory and a processor in communication with the memory. The processor is configured to supply a library with a list of safe callback values, protect the list of safe callback values, invoke a callback, and validate the callback against the list of safe callback values to determine a status of the callback. The status of the callback is one of safe and unsafe. Additionally, the processor is configured to execute the callback responsive to determining the status of the callback is safe. The processor is also configured to abort the callback responsive to determining the status of the callback is unsafe.
    Type: Application
    Filed: February 25, 2021
    Publication date: August 25, 2022
    Inventor: Michael Tsirkin
  • POST-COPY MIGRATION CROSS CLUSTER SYNCHRONIZATION FOR POST-COPY MIGRATION OF VIRTUAL MACHINES
    Publication number: 20220272152
    Abstract: Systems and methods of the disclosure include: publishing, by a first host computer system of a computing cluster comprising a plurality of host computer systems running a plurality of virtual machines, a list of memory page identifiers, wherein each memory page identifier is associated with a corresponding content identifier; receiving, from a second host computer system of the computing cluster, a memory page request comprising a first memory page identifier; and sending, to the first host computer system, a first memory page identified by the first memory page identifier.
    Type: Application
    Filed: February 25, 2021
    Publication date: August 25, 2022
    Inventors: Michael Tsirkin, David Alan Gilbert
  • SYSTEM TO USE DESCRIPTOR RINGS FOR I/O COMMUNICATION
    Publication number: 20220269623
    Abstract: A system and method for input/output communication is disclosed. In one embodiment, a virtual device identifies a queue including a plurality of input/output (I/O) descriptors, each of the plurality of I/O descriptors representing one of: an active descriptor associated with an active I/O request or an executed descriptor that is associated with an executed I/O request. The virtual device retrieves, from a first index in the queue, one or more active descriptors associated with an I/O request. The virtual device executes the I/O request. The virtual device writes a first executed descriptor to a second index in the queue, where the first executed descriptor indicates the I/O request has been executed. The virtual device updates the second index to an initial position in the queue responsive to a predetermined condition.
    Type: Application
    Filed: February 25, 2021
    Publication date: August 25, 2022
    Inventor: Michael Tsirkin
  • MEMORY PAGE COPYING FOR VIRTUAL MACHINE MIGRATION
    Publication number: 20220269521
    Abstract: Systems and methods of the disclosure include: identifying, by a destination host computer system, a first memory page residing in a memory of the destination host computer system; transmitting, by the destination host computer system, at least a part of the first memory page to a source host computer system; receiving, by the destination host computer system, a confirmation from the source host computer system that the first memory page matches a second memory page associated with a virtual machine to be migrated from the source host computer system to the destination host computer system; and associating, by the destination host computer system, the first memory page with the virtual machine.
    Type: Application
    Filed: February 25, 2021
    Publication date: August 25, 2022
    Inventors: Michael Tsirkin, David Alan Gilbert
  • System to use descriptor rings for I/O communication
    Patent number: 11422959
    Abstract: A system and method for input/output communication is disclosed. In one embodiment, a virtual device identifies a queue including a plurality of input/output (I/O) descriptors, each of the plurality of I/O descriptors representing one of: an active descriptor associated with an active I/O request or an executed descriptor that is associated with an executed I/O request. The virtual device retrieves, from a first index in the queue, one or more active descriptors associated with an I/O request. The virtual device executes the I/O request. The virtual device writes a first executed descriptor to a second index in the queue, where the first executed descriptor indicates the I/O request has been executed. The virtual device updates the second index to an initial position in the queue responsive to a predetermined condition.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: August 23, 2022
    Assignee: Red Hat, Inc.
    Inventor: Michael Tsirkin
  • ZERO COPY MESSAGE RECEPTION FOR APPLICATIONS
    Publication number: 20220261272
    Abstract: Zero copy message reception for guests is disclosed. For example, a host has a memory, a device with access to device memory addresses, a processor, and a supervisor. An application with access to application memory addresses (AMA) executes on the host. An AMA is mapped to a page table entry (PTE). The application shares access to a first page of memory addressed by the AMA with the device to store data received by the device for the first application, where the first page is mapped as a device memory address of the plurality of device memory addresses. The application later sends a request to disconnect from the device. The supervisor is configured to copy contents of the first page to a second page in the memory after receiving the request to disconnect, and then update the PTE to address the second page instead of the first page.
    Type: Application
    Filed: May 9, 2022
    Publication date: August 18, 2022
    Inventor: Michael Tsirkin
  • NON-INTERRUPTING PORTABLE PAGE REQUEST INTERFACE
    Publication number: 20220244981
    Abstract: Systems and methods for memory management for guests. An example method may include running, by a host computer system, a host component managing a guest in communication with a peripheral device, wherein the peripheral device comprises an input/output memory management unit (IOMMU). The method may further include appending, to a page table of the IOMMU, a plurality of records referencing present memory pages associated with a task running on the guest and appending, to the page table of the IOMMU, a plurality of records referencing read-only memory pages associated with the task, wherein the read-only memory pages are indicated as read-only in the page table.
    Type: Application
    Filed: April 8, 2022
    Publication date: August 4, 2022
    Inventors: Michael Tsirkin, David Gilbert
  • PAGE REQUEST INTERFACE OVERHEAD REDUCTION FOR VIRTUAL MACHINE MIGRATION AND WRITE PROTECTION IN MEMORY
    Publication number: 20220244983
    Abstract: Page request interface overhead reduction for virtual machine migration and write protection in memory may be provided by generating a page table associated with the memory; in response to receiving a write-protection command to prevent write-access to data from a portion of the memory, write-protecting a first range of memory addresses comprising the data write protected from the portion of the memory, wherein a second range of memory addresses comprises data not write protected in the memory; and modifying the page table to include a page table entry associated with the first range of memory addresses being write-protected, wherein write access to a memory address in the first range of memory addresses by a device during write-protection is tracked.
    Type: Application
    Filed: April 25, 2022
    Publication date: August 4, 2022
    Inventors: Michael Tsirkin, Amnon Ilan