公开(公告)号：US08819090B2

公开(公告)日：2014-08-26

申请号：US13453188

申请日：2012-04-23

Applicant: Paul Durrant ,  Ben Chalmers

Inventor： Paul Durrant ,  Ben Chalmers

IPC: G06F17/30

CPC classification number: G06F17/30091 ,  G06F9/45533 ,  G06F17/30115 ,  G06F21/6218 ,  G06F21/6281 ,  H04L63/10

Abstract: Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.

Abstract translation: 本文描述了用于在由虚拟化服务器托管的不同域之间执行文件传输的方法和系统。 可信域（Dom 0）可以通过更新存储在密钥值存储中的共享信息来指示一个或多个文件，目录和/或卷可用于第二域（访客域）。 来宾域可以枚举共享文件，以便在其自己的文件系统结构内显示。 来宾域拦截对其文件系统的调用，确定所请求的数据是否实际存储在其自己的文件系统或受信任的域中，并且在所请求的数据由受信任域共享时，将代理文件系统调用到受信任的域。 密钥值存储信息和共享数据信息和内容可以使用在可信域和来宾域之间共享的一个或多个存储器进行传送。

公开(公告)号：US07100006B2

公开(公告)日：2006-08-29

申请号：US10051498

申请日：2002-01-18

Applicant: Paul Durrant ,  Stephen R Hanson

Inventor： Paul Durrant ,  Stephen R Hanson

IPC: G06F12/16

CPC classification number: G06F17/30309

Abstract: A method and mechanism for generating a snapshot in a computing system. On initiating a snapshot of a first storage, the content of a portion of the first storage that includes at least one block is copying to snapshot storage and a copied indication for each copied block is recording in a copy map. Responsive to any write request to a block for which no copied indication has been recorded in the copy map, the content of the block is copied to the snapshot storage, prior to writing to that block. The content of other blocks for which no copied indication has been recorded in the copy map is successively copied to the snapshot storage. A copied indication for each copied block is recorded in the copy map. The successive copying can be performed as a background task.

Abstract translation: 一种用于在计算系统中生成快照的方法和机制。 在启动第一存储器的快照时，包括至少一个块的第一存储器的一部分的内容是复制到快照存储器，并且每个复制块的复制指示是在复制映射中进行记录。 响应于对复制图中没有复制指示的块的任何写入请求，在写入该块之前将块的内容复制到快照存储器。 在复制图中没有复制指示的其他块的内容被连续复制到快照存储器中。 每个复制块的复制指示记录在复制图中。 可以执行连续复制作为后台任务。

公开(公告)号：US09280458B2

公开(公告)日：2016-03-08

申请号：US13469457

申请日：2012-05-11

Applicant: Paul Durrant

Inventor： Paul Durrant

IPC: G06F12/06 ,  G06F12/02 ,  G06F9/50 ,  G06F12/08

CPC classification number: G06F12/023 ,  G06F9/5022 ,  G06F9/5077 ,  G06F12/08 ,  G06F2212/1041 ,  G06F2212/1048 ,  G06F2212/151

Abstract: A technique reclaims memory pages in a virtualization platform. The technique involves receiving, by a virtual machine of the virtualization platform, an inflate command which directs a balloon driver of the virtual machine to inflate. The technique further involves issuing, by the virtual machine and in response to the inflate command, a sweep request to a hypervisor. The sweep request directs the hypervisor to (i) perform a scan of memory pages allocated to the virtual machine for a predetermined pattern of characters, (ii) de-allocate memory pages having the predetermined pattern of characters from the virtual machine (e.g., zeroed pages), the de-allocated memory pages including super pages and regular pages, and (iii) update a list of memory page mappings to reflect the de-allocated memory pages. The technique further involves completing balloon driver inflation after the list of memory page mappings is updated.

Abstract translation: 一种技术在虚拟化平台中回收内存页面。 该技术涉及通过虚拟平台的虚拟机来接收一个指挥虚拟机的气球驱动器进行充气的充气命令。 该技术还包括由虚拟机发出并响应于充气命令向管理程序发出扫描请求。 扫描请求指示虚拟机管理程序（i）执行扫描分配给虚拟机的存储器页面以获得预定的字符模式，（ii）从虚拟机（例如，被归零）解除分配具有预定字符模式的存储器页面 页面），去分配的存储器页面包括超级页面和常规页面，以及（iii）更新存储器页面映射的列表以反映去分配的存储器页面。 该技术还涉及在内存页面映射列表更新后完成气球驱动程序充气。

公开(公告)号：US06795936B2

公开(公告)日：2004-09-21

申请号：US09783118

申请日：2001-02-13

Applicant: Jeremy Graham Harris ,  Paul Durrant

Inventor： Jeremy Graham Harris ,  Paul Durrant

IPC: G06F1100

CPC classification number: G06F11/006

Abstract: Resource access control is provided in a manner that avoids unnecessary resource accesses where a resource is already known to be faulty. A resource access controller controls access to resources addressed by at least one central processing unit. The resource access controller includes an address translation mechanism providing fake response identification as to whether or not a response is to be faked. The resource access controller also includes a fake response generator for selectively generating a faked response where the fake response identification of the corresponding translation entry indicates that a response is to be faked. The resource access controller is able to associate fake response indications with a resource and to generate a fake response when an attempt is made to access a resource labeled such that a faked response should be returned. The resource access controller can form part of a bridge that interconnects a first bus connected to a processor of the computer system, which processor includes at least one said central processing unit, and at least a second bus. However, the resource access controller can be provided at other points in a computer system where an address translation is performed, for example in a memory management unit.

Abstract translation: 提供了资源访问控制，以避免在已知资源有故障的情况下进行不必要的资源访问。 资源访问控制器控制对由至少一个中央处理单元寻址的资源的访问。 资源访问控制器包括地址转换机制，提供关于应答是否被伪造的假响应标识。 资源访问控制器还包括一个假响应发生器，用于选择性地产生伪造响应，其中相应的转换条目的假响应标识指示响应是假的。 资源访问控制器能够将假响应指示与资源相关联，并且当尝试访问标记为应该返回假的响应的资源时，产生假响应。 资源访问控制器可以形成桥接器的一部分，桥接器连接到计算机系统的处理器的第一总线，该处理器包括至少一个所述中央处理单元和至少第二总线。 然而，资源访问控制器可以提供在执行地址转换的计算机系统中的其他点处，例如在存储器管理单元中。

公开(公告)号：US20130282776A1

公开(公告)日：2013-10-24

申请号：US13453188

申请日：2012-04-23

Applicant: Paul Durrant ,  Ben Chalmers

Inventor： Paul Durrant ,  Ben Chalmers

IPC: G06F17/30 ,  G06F9/455

CPC classification number: G06F17/30091 ,  G06F9/45533 ,  G06F17/30115 ,  G06F21/6218 ,  G06F21/6281 ,  H04L63/10

Abstract: Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.

Abstract translation: 本文描述了用于在由虚拟化服务器托管的不同域之间执行文件传输的方法和系统。 可信域（Dom 0）可以通过更新存储在密钥值存储中的共享信息来指示一个或多个文件，目录和/或卷可用于第二域（访客域）。 来宾域可以枚举共享文件，以便在其自己的文件系统结构内显示。 来宾域拦截对其文件系统的调用，确定所请求的数据是否实际存储在其自己的文件系统或受信任的域中，并且在所请求的数据被可信域共享时，将代理文件系统调用到受信任的域。 密钥值存储信息和共享数据信息和内容可以使用在可信域和来宾域之间共享的一个或多个存储器进行传送。

公开(公告)号：US07234038B1

公开(公告)日：2007-06-19

申请号：US10857149

申请日：2004-05-28

Applicant: Paul Durrant

Inventor： Paul Durrant

IPC: G06F12/00

CPC classification number: G06F12/1027 ,  G06F12/1072 ,  G06F2212/682

Abstract: A method for managing virtual memory including placing a first virtual memory page in a physical memory page to create a virtual-to-physical memory mapping, associating a first page mapping cookie value with the virtual-to-physical memory mapping, determining whether the virtual-to-physical memory mapping is valid using the first page mapping cookie value, and performing a memory operation addressing the first virtual memory page if the virtual-to-physical memory mapping is valid.

Abstract translation: 一种用于管理虚拟存储器的方法，包括将第一虚拟存储器页面放置在物理存储器页面中以创建虚拟到物理存储器映射，将第一页面映射cookie值与虚拟到物理存储器映射相关联，确定虚拟到物理存储器映射 物理内存映射使用第一页映射cookie值有效，并且如果虚拟到物理内存映射有效，则执行寻址第一虚拟内存页的存储器操作。

公开(公告)号：US06732250B2

公开(公告)日：2004-05-04

申请号：US10071045

申请日：2002-02-08

Applicant: Paul Durrant

Inventor： Paul Durrant

IPC: G06F1200

CPC classification number: G06F12/1009 ,  G06F11/1666 ,  G06F11/20 ,  G06F11/2087 ,  G06F11/2097 ,  G06F12/1027

Abstract: A computer system includes memory and at least a first processor that includes a memory management unit. The memory management unit includes a translation table having a plurality of translation table entries for translating processor addresses to memory addresses. The translation table entries provide first and second memory address translations for a processor address. The memory management unit can enable either the first translation or the second translation to be used in response to a processor address to enable data to be written simultaneously to different memories or parts of a memory. A first translation addresses could be for a first memory and a second translation addresses could be for a second backup memory. The backup memory could then be used in the event of a fault.

Abstract translation: 计算机系统包括存储器和至少包括存储器管理单元的第一处理器。 存储器管理单元包括具有用于将处理器地址转换为存储器地址的多个转换表条目的转换表。 转换表条目为处理器地址提供第一和第二存储器地址转换。 存储器管理单元可以使得能够响应于处理器地址使用第一转换或第二转换，以使得能够将数据同时写入到存储器的不同存储器或部分。 第一个翻译地址可以是第一个存储器，第二个翻译地址可以是第二个备份存储器。 然后可以在发生故障时使用备份存储器。

公开(公告)号：US20120290765A1

公开(公告)日：2012-11-15

申请号：US13469457

申请日：2012-05-11

Applicant: Paul Durrant

Inventor： Paul Durrant

IPC: G06F12/06

CPC classification number: G06F12/023 ,  G06F9/5022 ,  G06F9/5077 ,  G06F12/08 ,  G06F2212/1041 ,  G06F2212/1048 ,  G06F2212/151

Abstract: A technique reclaims memory pages in a virtualization platform. The technique involves receiving, by a virtual machine of the virtualization platform, an inflate command which directs a balloon driver of the virtual machine to inflate. The technique further involves issuing, by the virtual machine and in response to the inflate command, a sweep request to a hypervisor. The sweep request directs the hypervisor to (i) perform a scan of memory pages allocated to the virtual machine for a predetermined pattern of characters, (ii) de-allocate memory pages having the predetermined pattern of characters from the virtual machine (e.g., zeroed pages), the de-allocated memory pages including super pages and regular pages, and (iii) update a list of memory page mappings to reflect the de-allocated memory pages. The technique further involves completing balloon driver inflation after the list of memory page mappings is updated.

Abstract translation: 一种技术在虚拟化平台中回收内存页面。 该技术涉及通过虚拟平台的虚拟机来接收一个指挥虚拟机的气球驱动器进行充气的充气命令。 该技术还包括由虚拟机发出并响应于充气命令向管理程序发出扫描请求。 扫描请求指示虚拟机管理程序（i）执行扫描分配给虚拟机的存储器页面以获得预定的字符模式，（ii）从虚拟机（例如，被归零）解除分配具有预定字符模式的存储器页面 页面），去分配的存储器页面包括超级页面和常规页面，以及（iii）更新存储器页面映射的列表以反映去分配的存储器页面。 该技术还涉及在内存页面映射列表更新后完成气球驱动程序充气。

公开(公告)号：US07457316B1

公开(公告)日：2008-11-25

申请号：US10930299

申请日：2004-08-31

Applicant: Paul Durrant ,  Yuzo Watanabe ,  Nicolas G. Droux

Inventor： Paul Durrant ,  Yuzo Watanabe ,  Nicolas G. Droux

IPC: H04J3/24

CPC classification number: H04L69/26 ,  H04L12/4641 ,  H04L69/22 ,  H04L69/324

Abstract: A method for processing a chain of packets involving obtaining the chain of packets from a network, obtaining destination information from a first packet in the chain of packets, determining whether destination information of the first packet matches destination information of a second packet in the chain of packets, aggregating the first packet and the second packet to obtain an aggregated chain of packets, if destination information of the second packet matches the destination information of the first packet, hashing destination information to obtain a hash value, and forwarding the aggregated chain of packets to at least one client using the hash value.

Abstract translation: 一种处理分组链的方法，包括从网络获取分组链，从分组链中的第一分组获取目的地信息，确定第一分组的目的地信息是否匹配链中的第二分组的目的地信息 分组，聚合第一分组和第二分组，以获得聚集的分组链，如果第二分组的目的地信息与第一分组的目的地信息匹配，则将散列目的地信息进行哈希值获取，并转发聚合的分组链 到使用哈希值的至少一个客户端。

公开(公告)号：US07171566B2

公开(公告)日：2007-01-30

申请号：US10193568

申请日：2002-07-11

Applicant: Paul Durrant

Inventor： Paul Durrant

IPC: H04K1/00 ,  H04L9/00

CPC classification number: G06F21/78 ,  G06F12/1408 ,  G06F21/85

Abstract: In a computer processing apparatus, when writing data to, and/or reading data from, memory, one or more instruction bits are associated with the memory address for the data to specify how encryption or decryption is to be performed. The bit(s) may be part of the memory address or separate therefrom, for example as a data header. Multiple data paths provided to write data to, and read data from, memory. On at least one of the paths is hardware operable to perform encryption or decryption. Preferably at least one path is a non-encryption/decryption path. The path to be used to write the data to, or read the data from, memory is chosen in accordance with the instruction bits associated with the memory address.

Abstract translation: 在计算机处理装置中，当向存储器写入数据和/或从存储器读取数据时，一个或多个指令位与数据的存储器地址相关联，以指定如何执行加密或解密。 该位可以是存储器地址的一部分或与其分离，例如作为数据头。 提供多个数据路径，用于向存储器写入数据并从中读取数据。 在至少一个路径是硬件可操作的以执行加密或解密。 优选地，至少一个路径是非加密/解密路径。 根据与存储器地址相关联的指令位来选择用于将数据写入存储器或从存储器读取数据的路径。