PatentsDB

Allocation of shared system resources

US9703951B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-9703951-B2
Application numberUS-201414502891-A
CountryUS
Kind codeB2
Filing dateSep 30, 2014
Priority dateSep 30, 2014
Publication dateJul 11, 2017
Grant dateJul 11, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.

First claim

Opening claim text (preview).

What is claimed is: 1. A computing device, comprising: a processor comprising one or more processing cores and operating in a multi-tenant environment, wherein the one or more processing cores executes at least a first virtual machine and a second virtual machine simultaneously, and the first virtual machine comprising a first plurality of computer executable instructions for a first tenant and the second virtual machine comprising a second plurality of computer executable instructions for a second tenant; a cache or a buffer in the processor shared by the first virtual machine and the second virtual machine, the first virtual machine and the second virtual machine executing simultaneously on the one or more processing cores wherein simultaneously executing virtual machines comprises concurrently processing at least one executable instruction belonging to the first virtual machine and at least another executable instruction belonging to the second virtual machine, wherein neither of the instructions belonging to the first virtual machine and the second virtual machine have completed execution; a hardware resource allocator implemented in microcode for the one or more processing cores or privileged code executing on the one or more processing cores to: assign a first identifier to the first virtual machine; and associate a portion of the cache or the buffer with the first identifier; and the processor comprising a hardware resource manager to: restrict access for computer executable instructions executed from the first virtual machine to the portion of the cache or the buffer associated with the first identifier, wherein the computer executable instructions access other portions of the cache or the buffer. 2. The computing device of claim 1 , wherein restricting access to the portion of the cache or the buffer associated with the first identifier comprises restricting access such that the computer executable instructions executed from the first virtual machine can access only the portion of the cache or the buffer associated with the first identifier from the cache or the buffer, respectively. 3. The computing device of claim 1 , wherein restricting access to the portion of the cache or the buffer associated with the first identifier comprises restricting access such that the computer executable instructions executed from the first virtual machine cannot access the portion of the hardware resource associated with the first identifier from the cache or the buffer, respectively. 4. The computing device of claim 1 , wherein the cache is one or more of a Level 1 cache, a Level 2 cache, or a Level 3 cache, and wherein the buffer is one or more of Translation Look-aside Buffer (TLB), Write Combining Buffer, Branch Prediction Table, or Branch Target Buffer. 5. A computing device, comprising: a processor comprising one or more processing cores, wherein the one or more processing cores executes a plurality of tasks simultaneously, wherein each task comprises a respective plurality of computer executable instructions and belongs to a separate virtual machine executing on the one or more processing cores and wherein simultaneously executing tasks from the plurality of tasks comprises concurrently processing at least one executable instruction belonging to a first task from the tasks and at least another executable instruction belonging to a second task from the tasks, wherein neither of the instructions belonging to the first task and the second task have completed execution; a cache or a buffer in the processor shared by the plurality of tasks executing simultaneously on the one or more processing cores; a hardware resource allocator implemented in microcode for the one or more processing cores or privileged code executing on the one or more processing cores, to: assign a first identifier to the first task from the plurality of tasks; and associate a portion of the cache or the buffer with the first identifier; and a hardware resource manager in the processor to restrict, for computer executable instructions executed from another task than the first task from the plurality of tasks, access to the portion of the cache or the buffer associated with the first identifier, such that the other task cannot infer information associated with execution of the first task. 6. The computing device of claim 5 , the hardware resource manager being configured to restrict access, for computer executable instructions executed from the first task, to the portion of the cache or the buffer associated with the first identifier. 7. The computing device of claim 5 , wherein associating the portion of the cache or the buffer with the first identifier comprises the hardware resource allocator to be further configured to: assign a second identifier to the portion of the cache or the buffer; and associate the first identifier with the second identifier. 8. The computing device of claim 5 , wherein associating the portion of the cache or the buffer with the first identifier comprises the hardware resource allocator being configured to tag the portion of the cache or the buffer with the first identifier. 9. The computing device of claim 6 , wherein restricting access to the portion of the cache or the buffer associated with the first identifier comprises restricting access such that the computer executable instructions executed from the first task can access only the portion of the cache or the buffer associated with the first identifier from the cache or the buffer. 10. The computing device of claim 6 , wherein restricting access to the portion of the cache or the buffer associated with the first identifier comprises restricting access such that the computer executable instructions executed from the first task cannot access the portion of the cache or the buffer associated with the first identifier from the cache or the buffer. 11. The computing device of claim 5 , wherein the cache is one or more of a Level 1 cache, a Level 2 cache, or a Level 3 cache, and wherein the buffer is one or more of Translation Look-aside Buffer (TLB), Write Combining Buffer, Branch Prediction Table, or Branch Target Buffer. 12. The computing device of claim 5 , wherein the plurality of tasks execute using same execution pipeline on one of the processing cores. 13. A method, comprising: executing simultaneously a plurality of tasks on a processor, the processor comprising one or more processing cores, each task comprising a respective plurality of computer executable instructions and belonging to a separate virtual machine executing on the one or more processing cores and wherein simultaneously executing tasks from the plurality of tasks comprises concurrently processing at least one executable instruction belonging to a first task from the tasks and at least another executable instruction belonging to a second task from the tasks, wherein neither of the instructions belonging to the first task and the second task have completed execution, and wherein the plurality of tasks executing on the processor share a hardware resource associated with the processor; assigning, by microcode or privileged instructions executing on the one or more processors, a first identifier to a first task from the plurality of tasks; associating a portion of the shared hardware resource with the first identifier, wherein the shared hardware resource is a cache or a buffer in the processor; and restricting observability, for computer executable instructions executed from a task other than the first task, the other task and the first task executing simultaneously on the one or more processing cores, to the portion of the shared h

Assignees

Inventors

Classifications

  • G06F9/5077Primary

    Logical partitioning of resources; Management or configuration of virtualized resources (specific details on emulation or internal functioning of virtual machines G06F9/455) · CPC title

  • G06F9/45533

    Hypervisors; Virtual machine monitors · CPC title

  • G06F21/53

    by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title

  • G06F9/468

    Specific access rights for resources, e.g. using capability register · CPC title

  • G06F21/55Primary

    Detecting local intrusion or implementing counter-measures · CPC title

Patent family

Related publications grouped by family.

View patent family 54266685

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9703951B2 cover?
Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multipl…
Who is the assignee on this patent?
Amazon Tech Inc
What technology area does this patent fall under?
Primary CPC classification G06F9/5077. Mapped technology areas include Physics.
When was this patent published?
Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).