Patents by Inventor Paul Mackerras
Paul Mackerras has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11461474Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.Type: GrantFiled: January 24, 2020Date of Patent: October 4, 2022Assignee: International Business Machines CorporationInventors: Jentje Leenstra, Paul Mackerras, Benjamin Herrenschmidt, Bradly George Frey, John Martin Ludden, Guerney D. H. Hunt, David Campbell
-
Publication number: 20210232693Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.Type: ApplicationFiled: January 24, 2020Publication date: July 29, 2021Inventors: Jentje Leenstra, Paul Mackerras, Benjamin Herrenschmidt, Bradly George Frey, John Martin Ludden, Guerney D. H. Hunt, David Campbell
-
Patent number: 10831889Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines are provided. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: GrantFiled: August 13, 2019Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
-
Patent number: 10761853Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.Type: GrantFiled: June 28, 2016Date of Patent: September 1, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Giles R. Frazier, Michael K. Gschwind, Paul Mackerras
-
Patent number: 10761852Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.Type: GrantFiled: September 30, 2015Date of Patent: September 1, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Giles R. Frazier, Michael K. Gschwind, Paul Mackerras
-
Publication number: 20190392143Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: ApplicationFiled: August 13, 2019Publication date: December 26, 2019Inventors: William E. Hall, Guerney D.H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul MACKERRAS, William J. Starke, Jeffrey A. Stuecheli
-
Patent number: 10474816Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: GrantFiled: December 14, 2017Date of Patent: November 12, 2019Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
-
Patent number: 10387686Abstract: Hardware based isolation for secure execution of virtual machines (VMs). At least one virtual machine is executed via operation of a hypervisor and an ultravisor. A first memory component is configured for access by the hypervisor and the ultravisor, and a second memory component is configured for access by the ultravisor and not by the hypervisor. A first mode of operation is operated, such that the virtual machine is executed using the hypervisor, wherein the first memory component is accessible to the virtual machine and the second memory component is not accessible to the virtual machine. A second mode of operation is operated, such that the virtual machine is executed using the ultravisor, wherein the first memory component and the second memory component are accessible to the virtual machine, thereby executing application code and operating system code using the second memory component without code changes.Type: GrantFiled: July 27, 2017Date of Patent: August 20, 2019Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Bradly G. Frey, William E. Hall, Benjamin Herrenschmidt, Guerney D. H. Hunt, Jentje Leenstra, Paul Mackerras, Cathy May, Albert J. Van Norstrand, Jr.
-
Patent number: 10296741Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: GrantFiled: July 27, 2017Date of Patent: May 21, 2019Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
-
Publication number: 20190034628Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: ApplicationFiled: December 14, 2017Publication date: January 31, 2019Inventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
-
Publication number: 20190034627Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.Type: ApplicationFiled: July 27, 2017Publication date: January 31, 2019Inventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
-
Publication number: 20190034666Abstract: Hardware based isolation for secure execution of virtual machines (VMs). At least one virtual machine is executed via operation of a hypervisor and an ultravisor. A first memory component is configured for access by the hypervisor and the ultravisor, and a second memory component is configured for access by the ultravisor and not by the hypervisor. A first mode of operation is operated, such that the virtual machine is executed using the hypervisor, wherein the first memory component is accessible to the virtual machine and the second memory component is not accessible to the virtual machine. A second mode of operation is operated, such that the virtual machine is executed using the ultravisor, wherein the first memory component and the second memory component are accessible to the virtual machine, thereby executing application code and operating system code using the second memory component without code changes.Type: ApplicationFiled: July 27, 2017Publication date: January 31, 2019Inventors: Richard H. Boivie, Bradly G. Frey, William E. Hall, Benjamin Herrenschmidt, Guerney D. H. Hunt, Jentje Leenstra, Paul Mackerras, Cathy May, Albert J. Van Norstrand, JR.
-
Patent number: 9766946Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.Type: GrantFiled: November 11, 2015Date of Patent: September 19, 2017Assignee: International Business Machines CorporationInventor: Paul Mackerras
-
Patent number: 9766948Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.Type: GrantFiled: November 21, 2015Date of Patent: September 19, 2017Assignee: International Business Machines CorporationInventor: Paul Mackerras
-
Publication number: 20170132050Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.Type: ApplicationFiled: November 21, 2015Publication date: May 11, 2017Inventor: Paul Mackerras
-
Publication number: 20170132049Abstract: An approach is provided to dynamically select a micro-threading (MT) mode of each core of a processor based on a load on each of the respective cores while the processor is running a hypervisor. The approach sets a core's micro-threading mode to a whole-core mode (MT1) in response to identifying that the load on the selected core is at a light load level, sets the core's micro-threading mode to a two-way micro-threading mode (MT2) in response to identifying that the load on the selected core has increased above the light load level, and sets the selected core's micro-threading mode to a four-way micro-threading mode (MT4) in response to identifying that the load on the selected core is at a high load level.Type: ApplicationFiled: November 11, 2015Publication date: May 11, 2017Inventor: Paul Mackerras
-
Publication number: 20170090931Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.Type: ApplicationFiled: September 30, 2015Publication date: March 30, 2017Inventors: Giles R. Frazier, Michael K. Gschwind, Paul Mackerras
-
Publication number: 20170090932Abstract: Addressability of instructions and the addressing of data ranges are extended. One or more operands obtained from fields explicitly specified by an instruction are overridden (i.e., ignored), and instead, an address based on the instruction (e.g., an instruction address) is substituted for the one or more operands. This provides an address having more bits than allowed by the operand being overridden, thereby extending addressability of the instruction and extended data range addressing. Further, in one aspect, additional bits may be added to one or more immediate fields of the instruction, thereby extending addressability of the instructions and extending data range addressing.Type: ApplicationFiled: June 28, 2016Publication date: March 30, 2017Inventors: Giles R. Frazier, Michael K. Gschwind, Paul Mackerras
-
Patent number: 9330023Abstract: For a current context in control of a processor requesting access to a particular address, a translation lookaside buffer (TLB) controller specifies a virtual address with a logical partition identifier value indicating a privilege setting of the current context, a process identifier value indicating whether the address is within shared address space, and an effective address comprising at least a portion of the particular address.Type: GrantFiled: June 5, 2014Date of Patent: May 3, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Anthony J. Bybell, Bradly G. Frey, Michael K. Gschwind, Benjamin Herrenschmidt, Paul Mackerras
-
Patent number: 9323692Abstract: In response to a current context, with a particular process currently in control of a processor requesting access to a shared address space, a translation lookaside buffer (TLB) controller sets a process identifier field in a virtual address to be looked up in a TLB to a clamped value different from an identifier for the process, wherein the virtual address comprises at least the process identifier field and an effective address field set to an address in the requested shared address space. In response to the TLB controller comparing the virtual address for the current context to a particular entry of at least one entry within the TLB comprising the at least one entry stored for a previous translation of a previous virtual address, the TLB controller only indicates a match between the process identifier field and a translation process identifier field within the particular entry of the TLB if the translation process identifier field is also set to the clamped value.Type: GrantFiled: April 17, 2014Date of Patent: April 26, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Anthony J. Bybell, Bradly G. Frey, Michael K. Gschwind, Benjamin Herrenschmidt, Paul MacKerras