Alberto J. Munoz

Bio: Alberto J. Munoz is an academic researcher from VMware. The author has contributed to research in topics: Address space & Kernel virtual address space. The author has an hindex of 7, co-authored 7 publications receiving 384 citations.

TLB miss fault handler and method for accessing multiple page tables

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Virtualization system for computers having multiple protection mechanisms

Abstract: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.

Switching between multiple software entities using different operating modes of a processor in a computer system

Abstract: A processor has multiple operating modes, such as the long/compatibility mode, the long/64-bit mode and the legacy modes of the x86-64 microprocessor. Different software entities execute in different ones of these operating modes. A switching routine is implemented to switch from one operating mode to another and to transfer control from one software entity to another. The software entities may be, for example, a host operating system and a virtual machine monitor. Thus, for example, a virtual computer system may comprise a 64-bit host operating system and a 32-bit virtual machine monitor, executing on an x86-64 microprocessor in long mode and legacy mode, respectively, with the virtual machine monitor supporting an x86 virtual machine. The switching routine may be implemented partially or completely in an identity-mapped memory page. Execution of the switching routine may be initiated by a driver that is installed in the host operating system of a virtual computer system.

Virtualization system for computers that use address space indentifiers

Abstract: A virtual computer system including multiple virtual machines (VMs) is implemented in a physical computer system that uses address space identifiers (ASIDs) Each VM includes a virtual translation look-aside buffer (TLB), in which guest software, executing on the VM, may insert address translations, with each translation including an ASID For each ASID used by guest software, a virtual machine monitor (VMM), or other software unit, assigns a unique shadow ASID for use in corresponding address translations in a hardware TLB If a unique shadow ASID is not available for a newly used guest ASID, the VMM reassigns a shadow ASID from a prior guest ASID to the new guest ASID, purging any entries in the hardware TLB corresponding to the prior guest ASID Assigning unique shadow ASIDs limits the need for TLB purges upon switching between the multiple VMs, reducing the number of TLB miss faults, and consequently improving overall processing efficiency

Accessing multiple page tables in a computer system

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Methods and apparatus for distributed dynamic network provisioning

Abstract: In one embodiment, a method includes detecting a virtual resource hosted by a host device, selecting a configuration template associated with the virtual resource, and providing a provisioning instruction to a virtual switch module hosted by the host device based on the configuration template. The host device is operatively coupled to a network device. The detecting is at the network device; the selecting is at the network device; and the providing is at the network device. The virtual switch module is in communication with the virtual resource. The configuration template associated with the virtual resource is selected from a library of configuration templates accessible to the network device.

Migrating virtual machines among computer systems to balance load caused by virtual machines

Abstract: A cluster comprises a plurality of computer systems, wherein each of the plurality of computer systems is configured to execute one or more virtual machines. Each of the plurality of computer systems comprises hardware and a plurality of instructions. The plurality of instructions, when executed on the hardware, migrates at least a first virtual machine executing on a first computer system of the plurality of computer systems to a second computer system of the plurality of computer systems. The plurality of instructions migrates the first virtual machine responsive to a first load of the first computer system prior to the migration exceeding a second load of the second computer system prior to the migration.

Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices

Abstract: A secure demand paging system ( 1020 ) includes a processor ( 1030 ) operable for executing instructions, an internal memory ( 1034 ) for a first page in a first virtual machine context, an external memory ( 1024 ) for a second page in a second virtual machine context, and a security circuit ( 1038 ) coupled to the processor ( 1030 ) and to the internal memory ( 1034 ) for maintaining the first page secure in the internal memory ( 1034 ). The processor ( 1030 ) is operable to execute sets of instructions representing: a central controller ( 4210 ), an abort handler ( 4260 ) coupled to supply to the central controller ( 4210 ) at least one signal representing a page fault by an instruction in the processor ( 1030 ), a scavenger ( 4220 ) responsive to the central controller ( 4210 ) and operable to identify the first page as a page to free, a virtual machine context switcher ( 4230 ) responsive to the central controller ( 4210 ) to change from the first virtual machine context to the second virtual machine context; and a swapper manager ( 4240 ) operable to swap in the second page from the external memory ( 1024 ) with decryption and integrity check, to the internal memory ( 1034 ) in place of the first page.

Methods and apparatus for routing between virtual resources based on a routing location policy

Abstract: In one embodiment, a method includes performing, at a host device on a first side of a single-hop link, packet classification associated with hairpin routing of a first data packet between a first virtual resource and a second virtual resource that are logically defined at the host device. The first virtual resource can be different than the second virtual resource. The also includes transmitting a second data packet to a network device on a second side of the single-hop link so that packet classification associated with hairpin routing of the second data packet between at least two virtual resources logically defined at the host device is performed at the network device.

Method and apparatus for determining a network topology during network provisioning

Abstract: In one embodiment, a method includes receiving a provisioning instruction including a device identifier from an external management entity, receiving the device identifier from a network device, associating the provisioning instruction the network device, and sending a portion of the provisioning instruction to the network device. The device identifier being associated with a virtual resource. The associating is based on the device identifier of the virtual resource and a device identifier of a network device. The portion of the provisioning instruction is sent to the network device based on the associating.