Virtual Machine Memory Addressing Patents (Class 711/6)
  • Patent number: 10853132
    Abstract: A mechanism is described for facilitating memory-based software barriers to emulate hardware barriers at graphics processors in computing devices. A method of embodiments, as described herein, includes facilitating converting thread scheduling at a processor from hardware barriers to software barriers, where the software barriers emulate the hardware barriers.
    Type: Grant
    Filed: April 9, 2019
    Date of Patent: December 1, 2020
    Assignee: INTEL CORPORATION
    Inventors: Altug Koker, Joydeep Ray, Balaji Vembu, James A. Valerio, Abhishek R. Appu
  • Patent number: 10839093
    Abstract: Systems for low-latency data access in distributed computing systems. A method embodiment commences upon generating a first storage area in local storage of a first computing node. Access to the first storage area is provided through the first computing node. A second storage area is generated wherein the second storage area comprises a first set of metadata that comprises local storage device locations of at least some of the local storage areas of the first storage area. A set of physical access locations of the second storage area is stored to a database that manages updates to the second set of metadata pertaining to the second storage area. Accesses to the first storage area are accomplished by querying the database retrieve a location of the second set of metadata, and then accessing the first storage area through one or more additional levels of metadata that are node-wise collocated.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: November 17, 2020
    Assignee: Nutanix, Inc.
    Inventors: Karan Gupta, Rishi Bhardwaj, Amod Vilas Jaltade, Gowtham Alluri, Pavan Kumar Konka
  • Patent number: 10838753
    Abstract: Systems and methods for performing data deduplication of storage units. An example method may comprise: receiving a request to initialize a portion of a data storage; modifying a content of a storage unit to comprise an initialization value; updating, by a processing device, a content indicator to represent the initialization value of the storage unit; determining in view of the content indicator that a plurality of storage units comprise matching content; and updating the storage unit to comprise a reference to the matching content of one of the plurality of storage units that comprise the matching content.
    Type: Grant
    Filed: February 21, 2018
    Date of Patent: November 17, 2020
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Karen Lee Noel
  • Patent number: 10824494
    Abstract: Operation of a multi-slice processor that includes a plurality of execution slices, a plurality of load/store slices, and one or more translation caches, where operation includes: determining, at the load/store slice, a real address from a cache hit in the translation cache for an effective address for an instruction received at a load/store slice; determining, at the load/store slice, an error condition corresponding to an access of the real address; determining, at the load/store slice, a process type indicating a source of the instruction to be a guest process; and responsive to determining the error condition, initiating, in dependence upon the process type indicating a source of the instruction to be a guest process, an effective address translation corresponding to a cache miss in the translation cache for the effective address for the instruction.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: November 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Dwain A. Hicks, Jonathan H. Raymond, Shih-Hsiung S. Tung
  • Patent number: 10802985
    Abstract: A method of GPU virtualization comprises allocating each virtual machine (or operating system running on a VM) an identifier by the hypervisor and then this identifier is used to tag every transaction deriving from a GPU workload operating within a given VM context (i.e. every GPU transaction on the system bus which interconnects the CPU, GPU and other peripherals). Additionally, dedicated portions of a memory resource (which may be GPU registers or RAM) are provided for each VM and whilst each VM can only see their allocated portion of the memory, a microprocessor within the GPU can see all of the memory. Access control is achieved using root memory management units which are configured by the hypervisor and which map guest physical addresses to actual memory addresses based on the identifier associated with the transaction.
    Type: Grant
    Filed: June 14, 2019
    Date of Patent: October 13, 2020
    Assignee: Imagination Technologies Limited
    Inventors: Dave Roberts, Mario Sopena Novales, John W. Howson
  • Patent number: 10803086
    Abstract: Component objects of a virtual disk are backed by first storage nodes, which are at a primary site, and second storage nodes, which are at a secondary site. The method of resynchronizing the component objects of the virtual disk includes, at a coordinating node at the primary site, responsive to a second storage node coming back online, identifying an out-of-sync block of the second storage node, locating the out-of-sync block in an address space maintained for blocks of the virtual disk, and transmitting a resync command to a replication module of a coordinating node at the secondary site, the resync command identifying the out-of-sync block within the address space.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: October 13, 2020
    Assignee: VMware, Inc.
    Inventors: Pascal Renauld, Enning Xiang, Eric Knauft
  • Patent number: 10802862
    Abstract: A method of migrating a virtual machine (VM) having a virtual disk from a source data center to a destination data center includes generating a snapshot of the VM to create a base disk and a delta disk in which writes to the virtual disk subsequent to the snapshot are recorded, and copying the base disk to a destination data store. The method further includes, in response to a request to migrate the VM, preparing a migration specification at the source and transmitting the migration specification to the destination, the migration specification including a VM identifier and a current content ID of the base disk, and determining that a content ID of the copied base disk matches the current content ID of the base disk included in the migration specification and updating the migration specification to indicate that the base disk does not need to be migrated.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: October 13, 2020
    Assignee: VMware, Inc.
    Inventors: Arunachalam Ramanathan, Yanlei Zhao, Rohan Pradip Shah, Benjamin Yun Liang, Gabriel Tarasuk-Levin
  • Patent number: 10776036
    Abstract: An agent for managing virtual machines includes a persistent storage and a processor. The persistent storage stores backup/restoration policies. The processor identifies a virtual machine of the virtual machines that is likely to fail and, in response to identifying the virtual machine, identifies backup data associated with the identified virtual machine; instantiates a clone of the identified virtual machine using the identified backup; exposes the clone while the identified virtual machine is exposed; and hides the virtual machine after the clone is exposed.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: September 15, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Upanshu Singhal, Pradeep Mittal, Kumari Priyanka, Shivakumar Kunnal Onkarappa, Chakraveer Singh, Archit Seth, Rahul Bhardwaj, Chandra Prakash, Manish Sharma, Akansha Purwar, Lalita Dabburi, Shilpa Mehta, Shelesh Chopra, Asif Khan
  • Patent number: 10776112
    Abstract: Optimizations are provided for frame management operations, including a clear operation and/or a set storage key operation, requested by pageable guests. The operations are performed, absent host intervention, on frames not resident in host memory. The operations may be specified in an instruction issued by the pageable guests.
    Type: Grant
    Filed: June 14, 2019
    Date of Patent: September 15, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Charles W. Gainey, Jr., Dan F. Greiner, Lisa C. Heller, Damian L. Osisek, Gustav E. Sittmann, III
  • Patent number: 10768832
    Abstract: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: September 8, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mark S. Farrell, Lisa Cranton Heller, Damian L. Osisek, Peter K. Szwed
  • Patent number: 10768959
    Abstract: Methods, systems, and computer program products are provided for migrating memory pages. A virtual machine is run by a hypervisor. The virtual machine includes a guest that is allocated a plurality of guest memory pages. A data structure is initialized corresponding to a memory page of the plurality of guest memory pages. A first status is assigned in the data structure to the memory page. The memory page is migrated to a destination and the data structure is modified to assign the memory page a second status.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: September 8, 2020
    Assignee: RED HAT ISRAEL, LTD.
    Inventors: Michael Tsirkin, Uri Lublin
  • Patent number: 10761996
    Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: September 1, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi Sahita, Rajesh Sankaran, Siddhartha Chhabra, Abhishek Basak, Krystof Zmudzinski, Rupin Vakharwala
  • Patent number: 10754795
    Abstract: Providing memory management unit (MMU)-assisted address sanitizing in processor-based devices is disclosed. In one aspect, a processor-based device provides an MMU that includes a last-level page table that is configured to store page table entry (PTE) tokens for validating memory accesses, as well as fragment order indicators representing a count of page fragments for each memory page in the system memory. Upon receiving a memory access request comprising a pointer token and a virtual address of a memory fragment within a memory page of the system memory, the MMU uses the virtual address and the fragment order indicator of the PTE corresponding to the virtual address to retrieve a PTE token for the virtual address from the last-level page table, and determines whether the PTE token corresponds to the pointer token. If so, the MMU performs the memory access request using the pointer, and otherwise may raise an exception.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: August 25, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Chintan Bipinchandra Pandya, Ramswaroop Ghanshyam Somani
  • Patent number: 10733109
    Abstract: System for for managing host reclaimable memory based on VM needs includes a plurality of VMs; a hypervisor configured to process VM memory requests; a host CPU configured to control host physical memory reclaim process; at least one VM being allocated physical memory; Guest tool configured to determine page types based on a memory map; and a host module configured to scan an LRU list for pages that it can reacquire, and to force a slowdown in VM operations when reclaim operations use up more than a predefined share of CPU time. The host CPU performs the following based on the page type: (i) hard lock protection, when the page is a VM kernel page, for host-based reclaim of the page when no other VM pages are left to reacquire; and (ii) access/dirty (A/D) bit marking, when the page is a regular VM page.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: August 4, 2020
    Assignee: Virtuozzo International GmbH
    Inventors: Pavel Emelyanov, Alexey Kobets
  • Patent number: 10733130
    Abstract: Systems, methods, apparatuses, and software for data storage systems are provided herein. In one example, a data storage assembly is provided that includes a plurality of storage drives each comprising a PCIe host interface and solid state storage media. The data storage assembly includes a PCIe switch circuit coupled to the PCIe host interfaces of the storage drives and configured to receive storage operations issued by one or more host systems over a shared PCIe interface and transfer the storage operations for delivery to the storage drives over selected ones of the PCIe host interfaces. The data storage assembly includes a control processor configured to monitor usage statistics of the storage drives, and power control circuitry configured to selectively remove the power from ones of the storage drives based at least on the usage statistics of the storage drives.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: August 4, 2020
    Assignee: Liqid Inc.
    Inventors: Christopher Long, Jason Breakstone
  • Patent number: 10725853
    Abstract: Some embodiments described herein are directed to memory page or bad block monitoring and retirement algorithms, systems and methods for random access memory (RAM). Reliability issues or errors can be detected for multiple memory pages using one or more retirement criterion. In some embodiments, when reliability errors are detected, it may be desired to remove such pages from operation before they create a more serious problem, such as a computer crash. Thus, bad block retirement and replacement mechanisms are described herein.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: July 28, 2020
    Assignee: Formulus Black Corporation
    Inventors: Yin Zhang, Nafees Ahmed Abdul, Boyu Ni, Gautham Reddy Kunta, Andrei Khurshudov, Stephen J. Sicola
  • Patent number: 10719456
    Abstract: Embodiments of the disclosure provide a method and an apparatus for accessing private data in a physical memory of an electronic device, wherein the method includes: receiving a request for accessing private data in the physical memory from a process running in the electronic device; and accessing private data in a particular physical address interval of the physical memory through a secure memory access interface added to a virtual machine monitor of the electronic device, wherein a mapping relationship for the particular physical address interval is not established in a memory management unit of the electronic device, and the secure memory access interface is pre-designed to realize access to the private data in the particular physical address interval of the physical memory. The method and the apparatus of the present application can enhance security of private data in a physical memory.
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: July 21, 2020
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventor: Maochang Dang
  • Patent number: 10713175
    Abstract: A method and a Memory Availability Managing Module (110) “MAMM” for managing availability of memory pages (130) are disclosed. A disaggregated hardware system (100) comprises sets of memory blades (105, 106, 107) and computing pools (102, 103, 104). The MAMM (110) receives (A010) a message relating to allocation of at least one memory page to at least one operating system (120). The message comprises an indication about availability for said at least one memory page. The MAMM (110) translates (A020) the indication about availability to a set of memory blade parameters, identifying at least one memory blade (105, 106, 107). The MAMM (110) generates (A030) address mapping information for said at least one memory page, including a logical address of said at least one memory page mapped to at least two physical memory addresses of said at least one memory blade (105, 106, 107).
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: July 14, 2020
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Amir Roozbeh, Joao Monteiro Soares, Daniel Turull
  • Patent number: 10713254
    Abstract: The invention relates to a method, computer program product and computer system for providing attribute value information for a data extent having a set of data entries.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: July 14, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Michal Bodziony, Lukasz Gaza, Artur M. Gruszecki, Tomasz Kazalski, Konrad K. Skibski
  • Patent number: 10713131
    Abstract: One or more embodiments provide techniques for migrating a virtual machine (VM) from a private data center to a cloud data center. A hybridity manager receives a request at the cloud data center to replicate a VM from the private data center on the cloud data center. The hybridity manager identifies a source network associated with the VM. The hybridity manager identifies whether there exists a stretched network associated with the source network of the VM. Responsive to determining that there is a stretched network associated with the source network of the VM, the hybridity manager replicates the VM on the stretched network without reconfiguring internet-protocol (IP) settings of the VM.
    Type: Grant
    Filed: January 15, 2018
    Date of Patent: July 14, 2020
    Assignee: WMware, Inc.
    Inventors: Serge Maskalik, Uday Masurekar, Narendra Kumar Basur Shankarappa, Anand Pritam
  • Patent number: 10693802
    Abstract: A system for provisioning an elastic computing infrastructure is provided. The system include a memory and at least one processor coupled to the memory. The system also includes a management component executed by the at least one processor and configured to instantiate an objective object having a resource collection and instructions that specify processing performed by the objective object, the resource collection identifying at least one resource object that controls a capacity of at least one resource provided by at least one computer system, the capacity being sufficient for processing to be performed at a predetermined performance level.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: June 23, 2020
    Assignee: SEA STREET TECHNOLOGIES, INC.
    Inventors: John Weber, Harley L. Stowell, III
  • Patent number: 10691479
    Abstract: Techniques for placing virtual machines based on compliance of device profiles are disclosed. In one embodiment, a list of device profiles may be maintained, each device profile including details of at least one virtual device and associated capabilities. Further, a first device profile from the list of device profiles may be assigned to a virtual machine. Furthermore, the virtual machine may be placed on a host computing system based on compliance of the first device profile.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: June 23, 2020
    Assignee: VMWARE, INC.
    Inventors: Hariharan Jeyaraman Ganesan, Jinto Antony, Madhusudhanan Gangadharan
  • Patent number: 10693844
    Abstract: Systems and methods for efficient migration for encrypted virtual machines (VMs) by active page copying are disclosed. An example method may include receiving a request to migrate a VM, identifying a first page of memory of the VM on the source host machine for migration, the first page of memory encrypted with a VM-specific encryption key, protecting the first page from access by the VM, executing a send command to modify the first page from encrypted with the guest-specific encryption key to encrypted with a migration key while the first page remains in place in the memory, allocating a second page in a buffer, copying contents of the first page to the second page, executing a receive command to modify the first page from encrypted with the migration key to encrypted with the guest-specific encryption key while the first page remains in place in the memory, and transmitting contents of the second page.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: June 23, 2020
    Assignee: Red Hat, Inc.
    Inventors: Karen Noel, Michael Tsirkin
  • Patent number: 10678648
    Abstract: A method, an apparatus, and a system for migrating virtual machine backup information, which implement backup information migration after a virtual machine is migrated. The method includes: receiving, by a first backup server, a migration trigger message, where the migration trigger message carries pre-migration virtual-machine identification information and indication information of a second backup server; determining, by the first backup server, backup information of the virtual machine according to the pre-migration virtual-machine identification information; and sending, by the first backup server, the backup information to the second backup server. Therefore, the migrated virtual machine inherits backup information existing before the migration, such that the migrated virtual machine continues to be protected by backup data existing before the migration, and data of the virtual machine is backed up according to a backup policy existing before the migration.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: June 9, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Heng Huang, Lei Zhang, Hua Cheng
  • Patent number: 10671422
    Abstract: A security module in a memory access path of a processor of a processing system protects secure information by verifying the contents of memory pages as they transition between one or more virtual machines (VMs) executing at the processor and a hypervisor that provides an interface between the VMs and the processing system's hardware. The security module of the processor is employed to monitor memory pages as they transition between one or more VMs and a hypervisor so that memory pages that have been altered by a hypervisor or other VM cannot be returned to the VM from which they were transitioned.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: June 2, 2020
    Assignee: ADVANCED MICRO DEVICES, INC.
    Inventors: David Kaplan, Jeremy W. Powell, Richard Relph
  • Patent number: 10664304
    Abstract: A hypervisor generates first and second page views, where a guest physical address points to a first page of the first page view and a second page of the second page view. A first pointer value is written to the first page and a second pointer value is written to the second page. A guest operating system executes a first task and if a determination to switch to the second task is made, the guest operating system reads a current pointer value and determines what the current page view is. If the guest operating system determines that the current page view is the first page view, the guest operating system saves the first pointer value in a first memory of the first task, loads the second pointer value from a second memory of the second task, and executes a virtual machine function to switch to the second page view.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: May 26, 2020
    Assignee: Red Hat Israel, Ltd.
    Inventor: Michael Tsirkin
  • Patent number: 10649687
    Abstract: Methods, systems, and devices for memory buffer management and bypass are described. Data corresponding to a page size of a memory array may be received at a virtual memory bank of a memory device, and a value of a counter associated with the virtual memory bank may be incremented. Upon determining that a value of the counter has reached a threshold value, the data may be communicated from the virtual memory bank to a buffer of the same memory device. For instance, the counter may be incremented based on the virtual memory bank receiving an access command from a host device.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: May 12, 2020
    Assignee: Micron Technology, Inc.
    Inventors: Robert Nasry Hasbun, Dean D. Gans, Sharookh Daruwalla
  • Patent number: 10642753
    Abstract: A computing device features one or more hardware processors and a memory that is coupled to the one or more processors. The memory comprises software that supports virtualization, including a virtual machine operating in the guest mode and a virtualization layer operating in the host mode. The virtual machine is configured to execute a plurality of processes including a guest agent process. The virtualization layer is configured to protect the guest agent process operating within the virtual machine that provides metadata to the virtualization layer by restricting page permissions for memory pages associated with the guest agent process when the guest agent process is inactive.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: May 5, 2020
    Assignee: FireEye, Inc.
    Inventor: Udo Steinberg
  • Patent number: 10628290
    Abstract: A microservice application can be tested inside an inner cloud environment that is within an outer cloud environment. For example, a software application can generate an inner cloud environment within an outer cloud environment in response to an event associated with a microservice application. The software application can then deploy another version of the microservice application in the inner cloud environment. The software application can perform at least one test on the other version of the microservice application in the inner cloud environment to determine a compatibility of the other version of the microservice application with the inner cloud environment.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: April 21, 2020
    Assignee: Red Hat, Inc.
    Inventor: Subin Modeel
  • Patent number: 10621338
    Abstract: A method for detecting a ROP attack comprising processing of an object within a virtual machine managed by a virtual machine monitor (VMM), intercepting an attempted execution by the object of an instruction, the instruction stored on a page in memory that is accessed by the virtual machine, responsive to determining the page includes instructions corresponding to one of a predefined set of function calls, (i) inserting a first transition event into the memory at a starting address location of a function call, and (ii) setting a permission of the page to be execute only, and responsive to triggering the first transition event, halting, by the VMM, the processing of the object and analyzing, by logic within the VMM, content of last branch records associated with the virtual machine to determine whether the processing of the object displays characteristics of a ROP attack is shown.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: April 14, 2020
    Assignee: FireEye, Inc.
    Inventors: Jonas Pfoh, Phung-Te Ha
  • Patent number: 10621106
    Abstract: A computer system includes a translation lookaside buffer (TLB) data cache and a processor. The TLB data cache includes a hierarchical configuration comprising a first TLB array, a second TLB array, a third TLB array, and a fourth TLB array. The processor is configured to receive a first address for translation to a second address, and determine whether translation should be performed using a hierarchical page table or a hashed page table. The processor also determines (using a first portion of the first address) whether the first array stores a mapping of the first portion of the first address in response to determining that the translation should be performed using the hashed page table, and retrieving the second address from the third TLB array or the fourth TLB array in response to determining that the first TLB array stores the mapping of the first portion of the first address.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: April 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: David Campbell, Dwain A. Hicks
  • Patent number: 10621107
    Abstract: Circuitry comprises a translation lookaside buffer to store data representing memory address translations, each memory address translation being between an input memory address range defining a contiguous range of one or more input memory addresses in an input memory address space and a translated output memory address range defining a contiguous range of one or more output memory addresses in an output memory address space; in which the translation lookaside buffer comprises a plurality of memory elements to store one or more arrays each having a base input memory address, a base output memory address and a plurality of entries each mapping an n-bit offset to an m-bit offset, each entry representing a memory address translation of an input memory address range defined by the respective n-bit offset relative to the base input memory address to a translated output memory address range defined by the respective m-bit offset relative to the base output memory address; in which n and m are positive integers and n
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: April 14, 2020
    Assignee: Arm Limited
    Inventors: Paolo Monti, Pierre-Julien Kirsch, Vincenzo Consales, Guillaume Bolbenes, Gabriele Calianno
  • Patent number: 10606659
    Abstract: Acquiring location information is presented, including acquiring disk location information for logical partitions, the logical partitions pertaining to a virtual machine, matching the disk location information corresponding to the logical partitions against location information for at least one virtual disk stored on a physical device, in the event that the disk location information matches the location information for the at least one virtual disk, determining the location information for the at least one virtual disk obtained by the matching to be the disk location information for the logical partitions in the physical device, and outputting the location information for the at least one virtual disk.
    Type: Grant
    Filed: January 7, 2017
    Date of Patent: March 31, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Mingxian Gong
  • Patent number: 10609080
    Abstract: A selection of a document that includes a command and a parameter is received, and a user is caused to be associated with a policy that grants permission to execute the document. A request is received, from a requestor, to execute the document, the request including a parameter value, and the requestor is determined to be the user associated with the policy. The user is validated to have access to a resource indicated by the parameter value, and the command is caused to be executed against the resource.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: March 31, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Amjad Hussain, Manivannan Sundaram, Sivaprasad Venkata Padisetty, Nikolaos Pamboukas, Alan Hadley Goodman
  • Patent number: 10599455
    Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a hardware processor including event circuit to recognize a virtualization event, and evaluation circuit to determine whether to transfer control of the apparatus from a child guest to a parent guest in response to the virtualization event, wherein the child guest and the parent guest each include a bit per virtualization event to indicate whether the parent guest is to gain control when the virtualization event occurs.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: March 24, 2020
    Assignee: Intel Corporation
    Inventors: Steven M. Bennett, Andrew V. Anderson, Gilbert Neiger, Dion Rodgers, Richard A. Uhlig, Lawrence O. Smith, Barry E. Huntley
  • Patent number: 10601693
    Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: March 24, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sivakumar Ganapathy, Rajagopalan Janakiraman, Kalyan Ghosh, Sapan Shah
  • Patent number: 10599463
    Abstract: A system and method include receiving, by a computing system, an initial container file of a container as input, such that the container is to be converted into a virtual machine and the initial container file is part of a plurality of container files associated with the container. The system and method also include parsing, by the computing system, the plurality of container files including the initial container file, generating, by the computing system, an ISO image from each of the parsed container files, and booting, by the computing system, the virtual machine using the ISO image from each of the parsed container files.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: March 24, 2020
    Assignee: NUTANIX, INC.
    Inventors: Abhijit Paithankar, Shruthi Racha
  • Patent number: 10601635
    Abstract: An apparatus, system, and method provide remote management of a distributed computer system through a wireless communication link. A wireless server application utilizes a stateless protocol to communicate with a wireless client. An administrator uses the wireless client running on a portable device connected to a wireless server through the wireless communication link to access a network management application connected to the distributed computer network.
    Type: Grant
    Filed: April 16, 2004
    Date of Patent: March 24, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Azhar M. Zuberi
  • Patent number: 10585785
    Abstract: An example method of preserving a modification to an internal state of a computer system includes applying an overlay on a target container. The overlay includes a set of events corresponding to a first set of modifications to a computer system. The method also includes after applying the overlay, receiving a set of user requests corresponding to a second set of modifications to the computer system. The method further includes changing, based on the set of user requests, the third set of internal states of the computer system to the fourth set of internal states. The method also includes removing the overlay from the target container, while preserving the second set of modifications to the computer system.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: March 10, 2020
    Assignee: Red Hat, Inc.
    Inventors: Martin Vecera, Jiri Pechanec
  • Patent number: 10546186
    Abstract: A method and system using face tracking and object tracking is disclosed. The method and system use face tracking, location, and/or recognition to enhance object tracking, and use object tracking and/or location to enhance face tracking.
    Type: Grant
    Filed: December 15, 2017
    Date of Patent: January 28, 2020
    Assignee: AVIGILON FORTRESS CORPORATION
    Inventors: Paul C. Brewer, Dana Eubanks, Himaanshu Gupta, W. Andrew Scanlon, Peter L. Venetianer, Weihong Yin, Li Yu, Zhong Zhang
  • Patent number: 10540199
    Abstract: In a virtual computing environment, a system configured to switch between isolated virtual contexts. A system includes a physical processor. The physical processor includes an instruction set architecture. The instruction set architecture includes an instruction included in the instruction set architecture for the physical processor that when invoked indicates that a virtual processor implemented using the physical processor should switch directly from a first virtual machine context to a second virtual machine context. The first and second virtual machine contexts are isolated from each other.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: January 21, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: David Alan Hepkin
  • Patent number: 10534921
    Abstract: Systems and methods for copy and decrypt support for encrypted virtual machines are disclosed. An example method may include receiving, at a source host machine hosting a virtual machine (VM), a request to migrate the VM to a destination host machine, identifying a first page of memory of the VM on the source host machine for migration, write-protecting the first page, the first page of memory encrypted with a VM-specific encryption key, allocating a second page, executing a copy-and-reencrypt command using the first page and the second page as parameters for the copy-and-reencrypt command, the copy-and-reencrypt command to output the second page comprising contents of the first page re-encrypted with a migration key, and transmitting contents of the second page to the destination host machine.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: January 14, 2020
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Henri van Riel
  • Patent number: 10528335
    Abstract: An image forming apparatus capable of preventing compatibility with an extension application from being impaired. The image forming apparatus installs an operation program of an extension application therein, and includes a VM (Virtual Machine) that executes a bytecoded program generated based on the operation program. The bytecoded program is generated by converting the operation program to bytecode. The operation program and the bytecoded program are written into a package, and the package is stored in a storage of the image forming apparatus.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: January 7, 2020
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Takeshi Kogure
  • Patent number: 10521305
    Abstract: In one embodiment, a solid state drive (SSD) with power loss protection (PLP) includes a SSD controller, a secondary controller and a power circuit configured to supply power to the SSD from a power source during normal operation and backup power from a backup power source in response to a loss of power supplied by the power source. In the event of a loss of power, the secondary controller is configured to track the holdup time, or duration of time for which the primary controller can operate on backup power. In one embodiment, the holdup time tracked by the secondary controller is stored in a non-volatile memory in communication with the secondary controller.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: December 31, 2019
    Assignee: Toshiba Memory Corporation
    Inventors: Christopher Delaney, Leland Thompson, John Hamilton, Gordon Waidhofer, Ali Aiouaz
  • Patent number: 10521354
    Abstract: Apparatuses, methods and storage medium associated with computing that include usage and backup of persistent memory are disclosed herein. In embodiments, an apparatus for computing may comprise one or more processors and persistent memory to host operation of one or more virtual machines; and one or more page tables to store a plurality of mappings to map a plurality of virtual memory pages of a virtualization of the persistent memory of the one or more virtual machines to a plurality of physical memory pages of the persistent memory allocated to the one or more virtual machines. The apparatus may further include a memory manager to manage accesses of the persistent memory that includes a copy-on-write mechanism to service write instructions that address virtual memory pages mapped to physical memory pages that are marked as read-only. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: December 31, 2019
    Assignee: Intel Corporation
    Inventors: Yao Zu Dong, Kun Tian
  • Patent number: 10515210
    Abstract: Various techniques for detection of malware using an instrumented virtual machine environment are disclosed. In some embodiments, detection of malware using an instrumented virtual machine environment includes instantiating a first virtual machine in the instrumented virtual machine environment, in which the first virtual machine is configured to support installation of two or more versions of a resource; installing a first version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the first version of the resource with a malware sample opened using the first version of the resource; and installing a second version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the second version of the resource with the malware sample opened using the second version of the resource.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: December 24, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: ChienHua Lu, Bo Qu
  • Patent number: 10503484
    Abstract: According to one or more embodiments of the disclosure, virtual replication of physical things for scale-out in an Internet of Things (IoT) integrated developer environment (IDE) is shown and described. In particular, in one embodiment, a computer operates an Internet of Things (IoT) integrated developer environment (IDE) that accesses one or more real-world physical devices within a computer network that are configured to participate with the IoT IDE. The IoT IDE may then virtually replicate the one or more real-world physical devices within the IoT IDE into a configuration of virtual devices within the IoT IDE, such that simulating an IoT application within the IoT IDE results in relaying input and/or output (I/O) messages between the IoT IDE and the one or more real-world physical devices, and virtually replicating those I/O messages according to the configuration of virtual devices within the IoT IDE.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: December 10, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Yajun Zhang, Susie Wee, Ashutosh A. Malegaonkar
  • Patent number: 10496150
    Abstract: A power consumption optimization system includes a virtual machine (VM) provisioned on a host, a memory, a server, and a processor in communication with the memory. The processor causes the server to store a power consumption profile of the VM. The VM runs at a processor frequency state. Additionally, the processor causes the server to receive a request to lower a processor frequency for the VM from an original processor frequency state to a reduced processor frequency state. The request has request criteria indicating a time duration associated with the request. The server validates the request criteria and a requirement of another tenant on the host. Responsive to validating the request criteria and the requirement the other tenant on the host, the server confirms the request to lower the processor frequency. Additionally, the server lowers the processor frequency to the reduced processor frequency state during the time duration.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: December 3, 2019
    Assignee: Red Hat, Inc.
    Inventors: Huamin Chen, Jay Vyas
  • Patent number: 10474825
    Abstract: Techniques for configurable compute instance resets are described. A user can issue a request to securely reset one or more compute instances implemented within a service provider system. Each compute instance is reset to a previous point in time, such that any activity of the compute instance or effects thereof occurring since that point in time are completely eliminated. Each compute instance reset can include removing an existing volume of the compute instance, obtaining a volume, attaching the obtained volume to the compute instance, and rebooting the compute instance. Configuration data of the compute instance, such as an instance identifier or network addresses, can be maintained after the reset.
    Type: Grant
    Filed: September 27, 2017
    Date of Patent: November 12, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Diwakar Gupta, Marcin Piotr Kowalski, Johannes Stephanus Jansen Van Rensburg
  • Patent number: 10474608
    Abstract: Various computer peripheral cards, devices, systems, methods, and software are provided herein. In one example, a storage card insertable into a host system includes a plurality of storage device connectors in a stacked arrangement, each configured to mate with associated storage devices and carry Peripheral Component Interconnect Express (PCIe) signaling for the associated storage devices. The storage card also includes a PCIe switch circuit configured to communicatively couple the PCIe signaling of the plurality of storage device connectors and PCIe signaling of a host connector of the storage card, where the PCIe switch circuit is configured to receive storage operations over the PCIe signaling of the host connector of the storage card and transfer the storage operations for delivery over the PCIe signaling of selected ones of the plurality of storage device connectors.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: November 12, 2019
    Assignee: Liqid Inc.
    Inventors: Jason Breakstone, Andrew Rudolph Heyd, Christopher R. Long, James Scott Cannata