公开(公告)号：US09280458B2

公开(公告)日：2016-03-08

申请号：US13469457

申请日：2012-05-11

申请人： Paul Durrant

发明人： Paul Durrant

IPC分类号： G06F12/06 ,  G06F12/02 ,  G06F9/50 ,  G06F12/08

CPC分类号： G06F12/023 ,  G06F9/5022 ,  G06F9/5077 ,  G06F12/08 ,  G06F2212/1041 ,  G06F2212/1048 ,  G06F2212/151

摘要： A technique reclaims memory pages in a virtualization platform. The technique involves receiving, by a virtual machine of the virtualization platform, an inflate command which directs a balloon driver of the virtual machine to inflate. The technique further involves issuing, by the virtual machine and in response to the inflate command, a sweep request to a hypervisor. The sweep request directs the hypervisor to (i) perform a scan of memory pages allocated to the virtual machine for a predetermined pattern of characters, (ii) de-allocate memory pages having the predetermined pattern of characters from the virtual machine (e.g., zeroed pages), the de-allocated memory pages including super pages and regular pages, and (iii) update a list of memory page mappings to reflect the de-allocated memory pages. The technique further involves completing balloon driver inflation after the list of memory page mappings is updated.

摘要翻译： 一种技术在虚拟化平台中回收内存页面。 该技术涉及通过虚拟平台的虚拟机来接收一个指挥虚拟机的气球驱动器进行充气的充气命令。 该技术还包括由虚拟机发出并响应于充气命令向管理程序发出扫描请求。 扫描请求指示虚拟机管理程序（i）执行扫描分配给虚拟机的存储器页面以获得预定的字符模式，（ii）从虚拟机（例如，被归零）解除分配具有预定字符模式的存储器页面 页面），去分配的存储器页面包括超级页面和常规页面，以及（iii）更新存储器页面映射的列表以反映去分配的存储器页面。 该技术还涉及在内存页面映射列表更新后完成气球驱动程序充气。

公开(公告)号：US06795936B2

公开(公告)日：2004-09-21

申请号：US09783118

申请日：2001-02-13

申请人： Jeremy Graham Harris ,  Paul Durrant

发明人： Jeremy Graham Harris ,  Paul Durrant

IPC分类号： G06F1100

CPC分类号： G06F11/006

摘要： Resource access control is provided in a manner that avoids unnecessary resource accesses where a resource is already known to be faulty. A resource access controller controls access to resources addressed by at least one central processing unit. The resource access controller includes an address translation mechanism providing fake response identification as to whether or not a response is to be faked. The resource access controller also includes a fake response generator for selectively generating a faked response where the fake response identification of the corresponding translation entry indicates that a response is to be faked. The resource access controller is able to associate fake response indications with a resource and to generate a fake response when an attempt is made to access a resource labeled such that a faked response should be returned. The resource access controller can form part of a bridge that interconnects a first bus connected to a processor of the computer system, which processor includes at least one said central processing unit, and at least a second bus. However, the resource access controller can be provided at other points in a computer system where an address translation is performed, for example in a memory management unit.

摘要翻译： 提供了资源访问控制，以避免在已知资源有故障的情况下进行不必要的资源访问。 资源访问控制器控制对由至少一个中央处理单元寻址的资源的访问。 资源访问控制器包括地址转换机制，提供关于应答是否被伪造的假响应标识。 资源访问控制器还包括一个假响应发生器，用于选择性地产生伪造响应，其中相应的转换条目的假响应标识指示响应是假的。 资源访问控制器能够将假响应指示与资源相关联，并且当尝试访问标记为应该返回假的响应的资源时，产生假响应。 资源访问控制器可以形成桥接器的一部分，桥接器连接到计算机系统的处理器的第一总线，该处理器包括至少一个所述中央处理单元和至少第二总线。 然而，资源访问控制器可以提供在执行地址转换的计算机系统中的其他点处，例如在存储器管理单元中。

公开(公告)号：US08819090B2

公开(公告)日：2014-08-26

申请号：US13453188

申请日：2012-04-23

申请人： Paul Durrant ,  Ben Chalmers

发明人： Paul Durrant ,  Ben Chalmers

IPC分类号： G06F17/30

CPC分类号： G06F17/30091 ,  G06F9/45533 ,  G06F17/30115 ,  G06F21/6218 ,  G06F21/6281 ,  H04L63/10

摘要： Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.

摘要翻译： 本文描述了用于在由虚拟化服务器托管的不同域之间执行文件传输的方法和系统。 可信域（Dom 0）可以通过更新存储在密钥值存储中的共享信息来指示一个或多个文件，目录和/或卷可用于第二域（访客域）。 来宾域可以枚举共享文件，以便在其自己的文件系统结构内显示。 来宾域拦截对其文件系统的调用，确定所请求的数据是否实际存储在其自己的文件系统或受信任的域中，并且在所请求的数据由受信任域共享时，将代理文件系统调用到受信任的域。 密钥值存储信息和共享数据信息和内容可以使用在可信域和来宾域之间共享的一个或多个存储器进行传送。

公开(公告)号：US07100006B2

公开(公告)日：2006-08-29

申请号：US10051498

申请日：2002-01-18

申请人： Paul Durrant ,  Stephen R Hanson

发明人： Paul Durrant ,  Stephen R Hanson

IPC分类号： G06F12/16

CPC分类号： G06F17/30309

摘要： A method and mechanism for generating a snapshot in a computing system. On initiating a snapshot of a first storage, the content of a portion of the first storage that includes at least one block is copying to snapshot storage and a copied indication for each copied block is recording in a copy map. Responsive to any write request to a block for which no copied indication has been recorded in the copy map, the content of the block is copied to the snapshot storage, prior to writing to that block. The content of other blocks for which no copied indication has been recorded in the copy map is successively copied to the snapshot storage. A copied indication for each copied block is recorded in the copy map. The successive copying can be performed as a background task.

摘要翻译： 一种用于在计算系统中生成快照的方法和机制。 在启动第一存储器的快照时，包括至少一个块的第一存储器的一部分的内容是复制到快照存储器，并且每个复制块的复制指示是在复制映射中进行记录。 响应于对复制图中没有复制指示的块的任何写入请求，在写入该块之前将块的内容复制到快照存储器。 在复制图中没有复制指示的其他块的内容被连续复制到快照存储器中。 每个复制块的复制指示记录在复制图中。 可以执行连续复制作为后台任务。

公开(公告)号：US20120290765A1

公开(公告)日：2012-11-15

申请号：US13469457

申请日：2012-05-11

申请人： Paul Durrant

发明人： Paul Durrant

IPC分类号： G06F12/06

CPC分类号： G06F12/023 ,  G06F9/5022 ,  G06F9/5077 ,  G06F12/08 ,  G06F2212/1041 ,  G06F2212/1048 ,  G06F2212/151

摘要： A technique reclaims memory pages in a virtualization platform. The technique involves receiving, by a virtual machine of the virtualization platform, an inflate command which directs a balloon driver of the virtual machine to inflate. The technique further involves issuing, by the virtual machine and in response to the inflate command, a sweep request to a hypervisor. The sweep request directs the hypervisor to (i) perform a scan of memory pages allocated to the virtual machine for a predetermined pattern of characters, (ii) de-allocate memory pages having the predetermined pattern of characters from the virtual machine (e.g., zeroed pages), the de-allocated memory pages including super pages and regular pages, and (iii) update a list of memory page mappings to reflect the de-allocated memory pages. The technique further involves completing balloon driver inflation after the list of memory page mappings is updated.

摘要翻译： 一种技术在虚拟化平台中回收内存页面。 该技术涉及通过虚拟平台的虚拟机来接收一个指挥虚拟机的气球驱动器进行充气的充气命令。 该技术还包括由虚拟机发出并响应于充气命令向管理程序发出扫描请求。 扫描请求指示虚拟机管理程序（i）执行扫描分配给虚拟机的存储器页面以获得预定的字符模式，（ii）从虚拟机（例如，被归零）解除分配具有预定字符模式的存储器页面 页面），去分配的存储器页面包括超级页面和常规页面，以及（iii）更新存储器页面映射的列表以反映去分配的存储器页面。 该技术还涉及在内存页面映射列表更新后完成气球驱动程序充气。

公开(公告)号：US07457316B1

公开(公告)日：2008-11-25

申请号：US10930299

申请日：2004-08-31

申请人： Paul Durrant ,  Yuzo Watanabe ,  Nicolas G. Droux

发明人： Paul Durrant ,  Yuzo Watanabe ,  Nicolas G. Droux

IPC分类号： H04J3/24

CPC分类号： H04L69/26 ,  H04L12/4641 ,  H04L69/22 ,  H04L69/324

摘要： A method for processing a chain of packets involving obtaining the chain of packets from a network, obtaining destination information from a first packet in the chain of packets, determining whether destination information of the first packet matches destination information of a second packet in the chain of packets, aggregating the first packet and the second packet to obtain an aggregated chain of packets, if destination information of the second packet matches the destination information of the first packet, hashing destination information to obtain a hash value, and forwarding the aggregated chain of packets to at least one client using the hash value.

摘要翻译： 一种处理分组链的方法，包括从网络获取分组链，从分组链中的第一分组获取目的地信息，确定第一分组的目的地信息是否匹配链中的第二分组的目的地信息 分组，聚合第一分组和第二分组，以获得聚集的分组链，如果第二分组的目的地信息与第一分组的目的地信息匹配，则将散列目的地信息进行哈希值获取，并转发聚合的分组链 到使用哈希值的至少一个客户端。

公开(公告)号：US07171566B2

公开(公告)日：2007-01-30

申请号：US10193568

申请日：2002-07-11

申请人： Paul Durrant

发明人： Paul Durrant

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： G06F21/78 ,  G06F12/1408 ,  G06F21/85

摘要： In a computer processing apparatus, when writing data to, and/or reading data from, memory, one or more instruction bits are associated with the memory address for the data to specify how encryption or decryption is to be performed. The bit(s) may be part of the memory address or separate therefrom, for example as a data header. Multiple data paths provided to write data to, and read data from, memory. On at least one of the paths is hardware operable to perform encryption or decryption. Preferably at least one path is a non-encryption/decryption path. The path to be used to write the data to, or read the data from, memory is chosen in accordance with the instruction bits associated with the memory address.

摘要翻译： 在计算机处理装置中，当向存储器写入数据和/或从存储器读取数据时，一个或多个指令位与数据的存储器地址相关联，以指定如何执行加密或解密。 该位可以是存储器地址的一部分或与其分离，例如作为数据头。 提供多个数据路径，用于向存储器写入数据并从中读取数据。 在至少一个路径是硬件可操作的以执行加密或解密。 优选地，至少一个路径是非加密/解密路径。 根据与存储器地址相关联的指令位来选择用于将数据写入存储器或从存储器读取数据的路径。

公开(公告)号：US06795939B2

公开(公告)日：2004-09-21

申请号：US09783121

申请日：2001-02-13

申请人： Jeremy Graham Harris ,  Paul Durrant

发明人： Jeremy Graham Harris ,  Paul Durrant

IPC分类号： G06F1100

CPC分类号： G06F11/0745 ,  G06F11/004 ,  G06F11/073 ,  G06F11/0793 ,  G06F12/1027

摘要： Resource access control is provided in a manner that avoids unnecessary resource accesses where a resource is already known to be faulty. The resource can be a memory location, a peripheral or any other addressable system component. A resource access mechanism in a processor controls access to resources. The resource access mechanism includes an address control mechanism having a plurality of address control entries, each address control entry providing fake response identification indicating whether or not a response for the corresponding address is to be faked. The resource access mechanism also includes a fake response generator for selectively generating a faked response for an address in response to the fake response identification of the corresponding address control entry indicating that a response is to be faked.

摘要翻译： 提供了资源访问控制，以避免在已知资源有故障的情况下进行不必要的资源访问。 资源可以是存储器位置，外围设备或任何其他可寻址系统组件。 处理器中的资源访问机制控制对资源的访问。 资源访问机制包括具有多个地址控制条目的地址控制机构，每个地址控制条目提供指示是否伪造相应地址的响应的伪响应标识。 资源访问机制还包括一个假响应发生器，用于响应于相应的地址控制条目的伪响应标识指示应答是假的，选择性地产生对地址的伪造响应。

公开(公告)号：US06795937B2

公开(公告)日：2004-09-21

申请号：US09783119

申请日：2001-02-13

申请人： Jeremy Graham Harris ,  Paul Durrant

发明人： Jeremy Graham Harris ,  Paul Durrant

IPC分类号： G06F1100

CPC分类号： G06F11/0793 ,  G06F11/073 ,  G06F11/0745

摘要： To provide efficient resource access control in a computer system, a trap handler for handling a trap in the event of a faulty resource access being detected is arranged to define a diversion for subsequent access attempts to the same resource. An address translation mechanism is responsive to indication of a diversion for a resource access to modify an address mapping, whereby subsequent attempts to access the resource are diverted in accordance with the diversion. The trap handler can be arranged in a conventional manner to process an exception of the first faulty access to the resource. However, by defining the diversion, which can be used to map further attempts to access the same resource, unnecessary exception processing can be avoided.

摘要翻译： 为了在计算机系统中提供有效的资源访问控制，布置了在检测到错误的资源访问的情况下处理陷阱的陷阱处理程序，以定义用于对同一资源的后续访问尝试的转移。 地址转换机制响应于用于资源访问的转移的指示来修改地址映射，由此根据转移来转移接入资源的后续尝试。 陷阱处理程序可以以常规方式进行排列，以处理对资源的第一次故障访问的异常。 然而，通过定义可以用于映射进一步访问相同资源的尝试的转移，可以避免不必要的异常处理。

公开(公告)号：US20130282776A1

公开(公告)日：2013-10-24

申请号：US13453188

申请日：2012-04-23

申请人： Paul Durrant ,  Ben Chalmers

发明人： Paul Durrant ,  Ben Chalmers

IPC分类号： G06F17/30 ,  G06F9/455

CPC分类号： G06F17/30091 ,  G06F9/45533 ,  G06F17/30115 ,  G06F21/6218 ,  G06F21/6281 ,  H04L63/10

摘要： Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.

摘要翻译： 本文描述了用于在由虚拟化服务器托管的不同域之间执行文件传输的方法和系统。 可信域（Dom 0）可以通过更新存储在密钥值存储中的共享信息来指示一个或多个文件，目录和/或卷可用于第二域（访客域）。 来宾域可以枚举共享文件，以便在其自己的文件系统结构内显示。 来宾域拦截对其文件系统的调用，确定所请求的数据是否实际存储在其自己的文件系统或受信任的域中，并且在所请求的数据被可信域共享时，将代理文件系统调用到受信任的域。 密钥值存储信息和共享数据信息和内容可以使用在可信域和来宾域之间共享的一个或多个存储器进行传送。