What technology area does this patent fall under?

Primary CPC classification G06F9/45558. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 04 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Algorithm and apparatus to deploy virtual machine monitor on demand

US10310882B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10310882-B2
Application number	US-201615172529-A
Country	US
Kind code	B2
Filing date	Jun 3, 2016
Priority date	Mar 12, 2013
Publication date	Jun 4, 2019
Grant date	Jun 4, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of managing memory on a computing device, comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; implementing access control while the hypervisor is enabled; and allocating memory by the HLOS so that an intermediate physical address in the HLOS's intermediate physical address space is the same as a physical address in a physical address space and so that a virtual address in the HLOS's virtual address space is mapped to the physical address via the intermediate physical address when the hypervisor is enabled and when the hypervisor is disabled. 2. The method of claim 1 , wherein the security monitor is developed by ARM®. 3. The method of claim 1 , wherein the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 4. The method of claim 1 , wherein initializing the hypervisor comprises configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in the physical address space. 5. The method of claim 4 , wherein initializing the hypervisor further comprises authenticating the hypervisor's code and data with the security monitor. 6. The method of claim 5 , further comprising configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 7. The method of claim 1 , wherein implementing access control comprises implementing second stage translations. 8. A computing device, comprising: a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; implementing access control while the hypervisor is enabled; and allocating memory by the HLOS so that an intermediate physical address in the HLOS's intermediate physical address space is the same as a physical address in a physical address space and so that a virtual address in the HLOS's virtual address space is mapped to the physical address via the intermediate physical address when the hypervisor is enabled and when the hypervisor is disabled. 9. The computing device of claim 8 , wherein the security monitor is developed by ARM®. 10. The computing device of claim 8 , wherein the processor is configured with processor-executable instructions to perform operations such that the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 11. The computing device of claim 8 , wherein the processor is configured with processor-executable instructions to perform operations such that initializing the hypervisor comprises configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in the physical address space. 12. The computing device of claim 11 , wherein the processor is configured with processor-executable instructions to perform operations such that initializing the hypervisor further comprises authenticating the hypervisor's code and data with the security monitor. 13. The computing device of claim 12 , wherein the processor is configured with processor-executable instructions to perform operations further comprising configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 14. The computing device of claim 8 , wherein the processor is configured with processor-executable instructions to perform operations such that implementing access control comprises implementing second stage translations. 15. A computing device, comprising: means for initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); means for disabling the hypervisor after initialization; means for monitoring for a signal from the security monitor to start a sandbox session; means for enabling the hypervisor in response to receiving the signal to start the sandbox session; means for implementing access control while the hypervisor is enabled; and means for allocating memory by the HLOS so that an intermediate physical address in the HLOS's intermediate physical address space is the same as a physical address in a physical address space and so that a virtual address in the HLOS 's virtual address space is mapped to the physical address via the intermediate physical address when the hypervisor is enabled and when the hypervisor is disabled. 16. The computing device of claim 15 , wherein the security monitor is developed by ARM®. 17. The computing device of claim 15 , wherein the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 18. The computing device of claim 15 , wherein means for initializing the hypervisor comprises means for configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in the physical address space. 19. The computing device of claim 18 , wherein means for initializing the hypervisor further comprises means for authenticating the hypervisor's code and data with the security monitor. 20. The computing device of claim 19 , further comprising means for configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 21. The computing device of claim 15 , wherein means for implementing access control comprises means for implementing second stage translations. 22. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for managing memory on a computing device, the operations comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; implementing access control while the hypervisor is enabled; and allocating memory by the HLOS so that an intermediate physical address in the HLOS's intermediate physical address space is the same as a physical address in a physical address space and so that a virtual address in the HLOS's virtual address space is mapped to the physical address via the intermediate physical address when the hypervisor is enabled and when the hypervisor

Assignees

Qualcomm Inc

Inventors

Classifications

G06F9/45533
Hypervisors; Virtual machine monitors · CPC title
G06F2212/151
Emulated environment, e.g. virtual machine · CPC title
Y02D10/28
Cross-Sectional Technologies · mapped topic
G06F12/1491
in a hierarchical protection system, e.g. privilege levels, memory rings · CPC title
G06F21/53
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title

Patent family

Related publications grouped by family.

View patent family 50473787

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10310882B2 cover?: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor i…
Who is the assignee on this patent?: Qualcomm Inc
What technology area does this patent fall under?: Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 04 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).