DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. 2023/10644917.4, filed on 06/01/2023.
Response to Amendment
This office action is responsive to amendment filed on February 03, 2026. Claims 1, 8 and 15 have been amended. No claims have been canceled or newly added. Claims 1-20 presented for the examination and remain pending in the application.
The previous claims 8-14 rejection under 35 U.S.C. §101 has been withdrawn due to Applicant’s claim amendment.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 2, 8, 9, 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Banginwar et al. U.S. Pub. No. 2016/0364341 A1, (hereinafter Banginwar) in view of Chen et al. U.S. Pub. No. 20090113110 A1, (hereinafter Chen) further in view of Jain. U.S. Pat. No. 8,307,191 B1, (hereinafter Jain).
Regarding claim 1.
Banginwar teaches a method for managing a shared memory in a computing device, wherein the computing device comprises a virtual machine monitor, a virtual machine, and a trusted execution environment (TEE) (Banginwar teaches in Figs. 1&2, Para. [0035], [0046], [0113] and [0209] memory, virtual machine and trusted execution environment (TEE) provided for the same purpose as the claimed limitation), an untrusted part and a trusted part of a target application program independently run in the virtual machine and the TEE (Banginwar teaches in Figs. 1 &2 and Para. [0118] and [0158]. Also, see Para. [0169] and [0209]), the virtual machine maintains a first page table of the untrusted part, and the virtual machine monitor maintains a second page table of the trusted part (Banginwar teaches in the [Abstract], Para. [0200] and [0202]), and wherein the method comprises:
determining, by the virtual machine monitor based on address information of the shared memory configured in the virtual machine and the virtual machine monitor, whether a first address is comprised in the shared memory when a page fault occurs in response to the trusted part requesting to access the first address (note that here a virtual machine monitor (VMM) determines all activities of the memory and the page table based on the guest virtual address (GVA) and guest physical address (GPA) address information and thus, Banginwar teaches in the [Abstract] the platform protection technology (PPT) may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application (note that here the system preventing the access when a page fault occurs)…Further, Banginwar teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. The VMM may then translate the guest physical address (GPA) (i.e., a first address) to a host physical address (HPA)... The host maintains the SPT by trapping each page fault when the guest tries to access memory);
in response to determining that the first address is comprised in the shared memory, sending, by the virtual machine monitor, an interrupt notification to the virtual machine (Banginwar teaches in Para. [0031]-[0032] OS that runs in a VM may be referred to as a guest OS and the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. The technique includes map a guest virtual address (GVA) to a guest physical address for limiting guest access to memory by trapping each page fault when the guest tries to access memory and further, Banginwar teaches in Para. [0045] the VMM…, when an interrupt/exception arrives, the processor indexes into the virtual IDT (VIDT) to obtain a pointer to the appropriate ISR among TISRs 152. That TISR may then determine whether (a) the interrupt/exception should be passed to an untrusted ISR (UISR) or (b) it should be handled by the TISR itself. Also, see Para. [0064]-[0065] how the interruption can be handled by the VMM);
in response to the interrupt notification and determining, based on the address information, that the first address is comprised in the shared memory (Banginwar teaches in Para. [0200] a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory (i.e., shared memory) used by the trusted application. The VMM may accomplish this by using a first extended page table (EPT) to translate a guest physical address (GPA) (i.e., the first address) into a first host physical address (HPA) for the untrusted application, and further, Banginwar teaches in Para. [0216] preventing the untrusted application from accessing memory (i.e., shared memory) used by the trusted application, wherein the OS comprises an untrusted interrupt descriptor table (IDT) with gates that associate interrupt vectors with untrusted interrupt service routines (ISRs)… Also, see Para. [0176] and [0183] the presence of guest in memory and the performance monitoring of interruptions and trapping interrupts or exceptions and for automatically invoking certain specified ISRs (i.e., interrupt service routines) in response to those interrupts… Architectural exceptions may identify faults in process execution, such as a general protection fault, a page fault, a divide-by-zero fault, etc. and further, the PEH handles the exception or fault and collects data pertaining to the fault, such as IP, stack trace, and memory address accessed during the fault). While, Banginwar teaches about the virtual machine and trusted execution environment (TEE) and the response to the trusted application calling the trusted application, before allowing the trusted application to execute, determine whether the trampoline code and the PPT data structure contain matching SCVs to run in a virtual machine (VM) in a rich execution environment (REE), and the trusted application to run on top of the OS in the VM in a trusted execution environment (TEE) that prevents the untrusted application from accessing memory used by the trusted application as narrated in Para. [0209]). Banginwar does not explicitly teach returning, by the virtual machine, a response message to the virtual machine monitor, wherein the first page table entry comprises address mapping information of a first page that comprises the first address, wherein the response message comprises the address mapping information included in the first page table entry.
However, Chen teaches returning, by the virtual machine, a response message to the virtual machine monitor (Chen teaches in Claim 2 “in response to the first message, accessing the first virtual memory address, wherein the first memory address is mapped by a page table entry in a page table to which the VMM (i.e., virtual machine monitor) has access” and further, Chen teaches in Para. [0014] different virtual address spaces. The OS creates a different set of page tables (and a page directory) for each virtual address space, which maps the respective virtual addresses to physical addresses. Thus, the page tables for a given user process map that process's virtual addresses to the physical addresses that contain the code and data for that process), wherein the first page table entry comprises address mapping information of a first page that comprises the first address (Chen teaches in Claims 2. “the first application, in response to the first message, accessing the first virtual memory address, wherein the first memory address is mapped by a page table entry in a page table to which the VMM has access”), wherein the response message comprises the address mapping information included in the first page table entry (Chen teaches in Claim 19. “the first application, in response to the first message, accessing the first virtual memory address, wherein the first memory address is mapped by a page table entry in a page table to which the VMM has access”).
Therefore, Banginwar and Chen are analogues arts and they are in the same field of endeavor as they both are directed to a trusted execution environment (TEE) for validating a page table entry to monitor shared memory in efficient manner.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of response to the first message, accessing the first virtual memory address, wherein the first memory address is mapped by a page table entry in a page table to which the VMM (i.e., virtual machine monitor) has access, and wherein the first memory address is mapped by a page table entry in a page table to which the VMM has access (Claims 2, 19 and [0014]) as taught, by Chen into Banginwar invention. One would have been motivated to do so in order to a message is returned to the application of virtual memory address if the VMM does not have access to the virtual memory address identified in the hyper call. An operation is implemented to cause the identified virtual memory address to be accessible by the VMM, where the application re-invokes the hyper call to the VMM so that the method provides a hyper call interface to assure a memory access needed by a virtual machine monitor (VMM) to process the hyper call available. The method allows a guest operating system (OS) to perform the tasks of application memory management, without allowing the guest OS to observe the actual memory contents.
Banginwar in view of Chen does not explicitly teach validating, by the virtual machine, a first page table entry in the first page table; and validating, by the virtual machine monitor, a second page table entry in the second page table based on the address mapping information, in response to the response message.
However, Jain teaches validating, by the virtual machine, a first page table entry in the first page table (Jain teaches in [Col. 12, lines 18-25] the VMM 300 (i.e., the virtual machine monitor) determines the changes of the page entry for example, the shadow page table entry 750 could subsequently be validated again and changed to either the second state or the third State. Jain further teaches in [Col. 11, lines 61-67 and Col. 12, lines 1-3] a shadow page table entry 750 is in the first state (i.e., a first page entry), and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry 750 is changed to the second state by setting the present bit 762 to “off” In one such embodiment, the reserved bit 754 is also set to “off” although this is not necessary); and
validating, by the virtual machine monitor, a second page table entry in the second page table based on the address mapping information in response to the response message (Jain teaches in [Col. 12, lines 18-25] the VMM 300 (i.e., the virtual machine monitor) determines the changes of the page entry for example, the shadow page table entry 750 could subsequently be validated again and changed to the second state (i.e., a second page table entry). Further, Jain teaches in [Col. 12, lines 5-17] an address mapping is written to the shadow page table entry, and the shadow page table entry 750 is changed to the third state by setting the reserved bit 754 to "off" and setting the present bit 762 to "on."…, and the VMM 300 determines that a G-PT is now present, then an address mapping is written to the shadow page table entry..., and the VMM 300 determines that a G-PT is no longer present, then the shadow page table entry 750 is changed to the second state by setting the present bit 762 to "off."…, and further, Jain teaches in [Col. 4, lines 54-61] the entry 311-2 includes a machine page number of the data page 392-3. The machine address pointing to the data 311-3 corresponding to the virtual address 318 is the base address of the data page 392-3 plus the offset field 318-3).
Therefore, Banginwar in view of Chen and Jain are analogues arts and they are in the same field of endeavor as they both are directed to a trusted execution environment (TEE) for validating a page table entry to monitor shared memory in efficient manner.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of using the shadow page table entry validation and changing the state from first state to second state (i.e., a second page table entry) by using VMM ([Col. 12, lines 18-25] and [Col. 11, lines 61-67 and Col. 12, lines 1-3]) as taught, by Jain into the teachings of Banginwar in view of Chen invention. One would have been motivated to do so in order to the method enables the shadow page table entry to update operations so as to remain lock-free. The method enables an atomic compare-and-exchange operation used to avoid collisions. The method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Regarding claim 2.
Jain teaches wherein the virtual machine monitor maintains first state information, a value of the first state information comprises a first state value or a second state value, the first state value indicates that a new page table entry is allowed to be validated in the second page table, and the second state value indicates that a new page table entry is prohibited from being validated in the second page table (note that the term state value has been interpreted as “a bit/bits” in light of the Applicant’s specification Para. [0055] and thus, Jain teaches in [Col. 14, lines 61-67 and Col. 15, lines 1-35] the VMM 300 (i.e., the virtual machine monitor) reads the shadow page table entries and writes an address mapping to the shadow page table entry and it sets the reserved bit to "off" and the present bit to "on."… Note that the shadow page table entry always stabilizes on the value written by the remote VCPU 210 if there is a race, which is an acceptable outcome. The possible outcomes of the race are: a) the current VCPU 210 writes the shadow page table entry first,…; and b) the remote VCPU 210 updates the upper and/or lower 32 bits of the shadow page table entry before the current VCPU 210 attempts to overwrite it…, and further, Jain teaches in [Col. 10, lines 11-15] first, default state, for a given shadow page table entry, may be viewed as a state in which the shadow page table entry is not validated (i.e., prohibited from being validated), or a state in which it's unknown whether the corresponding G-PT is present or not); and
wherein the method further comprises: before the validating a second page table entry in the second page table, determining, based on the first state information, whether the second page table entry is allowed to be validated (Jain teaches in [Col. 10, lines 25-35] the entire shadow page table entry may be written with a zero…, in which the present bit 762 is set to "off," may be viewed as a state in which the shadow page table entry has been validated…, and further, Jain teaches in [Col. 10, lines 40-49] a third state for a shadow page table entry is one in which the shadow page table entry has been validated, and the corresponding G-PT entry is present).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of using the shadow page table entry and set a bit or value for the first, the second or the third state ([Col. 10, lines 25-35] and [Col. 10, lines 40-49]) as taught, by Jain into the teachings of Banginwar in view of Chen invention. One would have been motivated to do so in order to the method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Regarding claims 8 and 15.
Claims 8 and 15 incorporate substantively all the limitation of claim 1 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Regarding claims 9 and 16.
Claims 9 and 16 incorporate substantively all the limitation of claim 2 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Claims 3-5, 10-12 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Banginwar in view of Chen further in view of Jain and further in view of Ambula et al. U.S. Pub. No. 2022/0188244 A1, (hereinafter Ambula).
Regarding claim 3. Banginwar in view of Chen further in view of Jain teaches the method according to claim 2.
Banginwar in view of Chen further in view of Jain further teaches wherein the method further comprises: sending, by the virtual machine to the virtual machine monitor, a first start message indicating a second page corresponding to a third page table entry to be invalidated by the virtual machine monitor, and the second page is comprised in the shared memory (((note that here a virtual machine monitor (VMM) determines all activities of the memory and the page table based on the guest virtual address (GVA) and guest physical address (GPA) address information and thus, Banginwar teaches in the [Abstract] the platform protection technology (PPT) may include a virtual machine monitor (VMM) to enable an untrusted application…Further, Banginwar teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. and Chen also teaches in Para. [0153] entry has the form (start, end). fwdarw.(RID, RPN), where start and end denote the virtual address range into which the resource is mapped, RID denotes the resource being mapped, and RPN denotes the first RPN in the mapping. For example, if file "foo.txt" has RID 4, and its third page (starting from 0) is mapped into the first GVPN in the virtual address space, this would be modeled as (0,4096).fwdarw.(4,2).). Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry, and the shadow page table entry 750 is changed to the third state by setting the reserved bit 754 to "off" and setting the present bit 762 to "on."…, and further, Jain teaches in [Col. 10, lines 4-15]…This first, default state, for a given shadow page table entry, may be viewed as a state in which the shadow page table entry is not validated, or a state in which it's unknown whether the corresponding G-PT is present or not)Banginwar teaches in Para. [0111] the operations may start at block 230 with VMM 170 determining whether it has received a request from PPT loader for registration of a page for TA 120…,);
Jain further teaches setting, by the virtual machine monitor, the first state information to the second state value (Jain teaches in [Col. 12, lines 15-17] the VMM 300 determines that a G-PT is no longer present, then the shadow page table entry 750 is changed to the second state by setting the present bit 762 to "off." (i.e., note that bit is the same as to the claimed “value”);
invalidating the third page table entry corresponding to the second page in the second page table (Jain teaches in [Col. 10, lines 43-47] whenever the VMM 300 determines that a G-PT entry is present, the VMM 300 writes an appropriate virtual address mapping into the corresponding shadow page table entry. In this embodiment, the reserved bit 754 of the shadow page table entry is set to "off," and further, Jain teaches in [Col. 11, lines 17-20] the enhanced virtualization layer 501 receives a page fault error code 850 in which the reserved bit 854 is set to "on" and the present bit 860 is set to "on," then the shadow page table entry has not been validated…);
sending a first end message to the virtual machine monitor (Jain teaches in [Col. 11, lines 20-30] the page fault is forwarded to the VMM 300…, and the page fault is forwarded directly to the guest O/S 220. If the reserved bit 754 of the shadow page table entry 750 is set to “off” and the present bit 762 of the shadow page table entry 750 is set to “on, then there should be no page fault reported to the enhanced virtualization layer 501…); and
setting, by the virtual machine monitor, the first state information to the first state value in response to the first end message (Jain teaches in [Col. 12, lines 3-5] the shadow page table entry 750 is in the first state, in which the reserved bit 754 and the present bit 762 (i.e., the first state value) are both set to "on," and the VMM 300 determines (i.e., the virtual machine monitor) that a G-PT is not present).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using the shadow page table entry validation by using VMM ([Col. 12, lines 18-25]) as taught, by Jain into the teachings of Banginwar in view of Chen invention. One would have been motivated to do so in order to the method enables the shadow page table entry to update operations so as to remain lock-free. The method enables an atomic compare-and-exchange operation used to avoid collisions. The method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Banginwar in view of Chen further in view of Jain does not explicitly teach invalidating, by the virtual machine, a fourth page table entry corresponding to the second page in the first page table.
However, Ambula teaches invalidating, by the virtual machine, a fourth page table entry corresponding to the second page in the first page table (Ambula teaches in Para. [0134] a corresponding third set of logical pages of the memory device that each may have the first logical page size and writing at least a portion of the second amount of data to a fourth logical page of the memory device having the third logical page size, where the third logical page includes the fourth logical page).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using a portion of the second amount of data to a fourth logical page of the memory device having the third logical page size ([0134]) as taught, by Ambula into the teachings of Banginwar in view of Chen further in view of Jain invention. One would have been motivated to do so in order to the method enables reducing the page size of the memory device in an effective manner. The method allows the memory cells to maintain the programmed states for extended periods of time even in the absence of an external power source in an efficient manner.
Regarding claim 4.
Banginwar further teaches wherein the virtual machine comprises an operating system and a page table entry synchronization driver; and wherein the method further comprises: receiving, by the page table entry synchronization driver, a second start message from the operating system (Banginwar teaches in Para, [0049] and [0164] a page table ad PPT driver may also register those pages with VMM 170).
Banginwar in view of Jain further teaches in response to the second start message, determining, by the page table entry synchronization driver based on the address information, whether the third page indicated by the second start message is the second page comprised in the shared memory, wherein sending the first start message to the virtual machine monitor comprises: sending the first start message to the virtual machine monitor when the third page indicated by the second start message is the second page comprised in the shared memory ((note that here a virtual machine monitor (VMM) determines all activities of the memory and the page table based on the guest virtual address (GVA) and guest physical address (GPA) address information and thus, Banginwar teaches in the [Abstract] the platform protection technology (PPT) may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application…Further, Banginwar teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry, and the shadow page table entry 750 is changed to the third state by setting the reserved bit 754 to "off" and setting the present bit 762 to "on."…, and further, Jain teaches in [Col. 10, lines 4-15]…This first, default state, for a given shadow page table entry, may be viewed as a state in which the shadow page table entry is not validated, or a state in which it's unknown whether the corresponding G-PT is present or not).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of using the shadow page table entry and set a bit or value for the first, the second or the third state ([Col. 10, lines 25-35] and [Col. 10, lines 40-49]) as taught, by Jain into the teachings of Banginwar in view of Chen further in view of Ambula invention. One would have been motivated to do so in order to the method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Banginwar in view of Chen further in view of Jain does not explicitly teach wherein the second start message indicates a third page corresponding to a fifth page table entry to be invalidated in the operating system.
However, Ambula teaches wherein the second start message indicates a third page corresponding to a fifth page table entry to be invalidated in the operating system (Ambula teaches in Para. [0104]-[0105] a second entry of a third L2P table for mapping a third set of logical addresses to physical addresses of a corresponding third set of logical pages of the memory device that each have the first logical page size, the second entry of the third L2P table including a fifth physical address of a third logical page of the third set of logical pages and further teaches in Para. [0040] L2P tables may be maintained and data may be marked as invalid at the page level of granularity , and a page 175 may contain valid data,...).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of using the second entry of the third L2P table including a fifth physical address of a third logical page of the third set of logical pages and L2P tables may be maintained and data may be marked as invalid ([0104]-[0105] and [0040]) as taught, by Ambula into the teachings of Banginwar in view of Jain invention. One would have been motivated to do so in order to the cost of switching across untrusted and trusted applications is eliminated. The information concerning trusted application execution state at the time of fault without crashing the process that hosts the trusted application is provided. The assurance is provided that only secure and authorized access to a TA's code and data is permitted.
Regarding claim 5.
Banginwar in view of Jain further teaches determining, by the page table entry synchronization driver based on the address information in response to the second end message, whether the third page indicated by the second end message is the second page comprised in the shared memory, wherein sending the first end message to the virtual machine monitor comprises: sending the first start message to the virtual machine monitor when the third page indicated by the second end message is the second page comprised in the shared memory (Banginwar teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry, and the shadow page table entry 750 is changed to the third state by setting the reserved bit 754 to "off" and setting the present bit 762 to "on."…, and further, Jain teaches in [Col. 10, lines 4-15]…This first, default state, for a given shadow page table entry, may be viewed as a state in which the shadow page table entry is not validated, or a state in which it's unknown whether the corresponding G-PT is present or not).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using the shadow page table entry validation by using VMM ([Col. 12, lines 18-25]) as taught, by Jain into the teachings of Banginwar in view of Chen further in view of Ambula invention. One would have been motivated to do so in order to the method enables the shadow page table entry to update operations so as to remain lock-free. The method enables an atomic compare-and-exchange operation used to avoid collisions. The method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Banginwar in view of Chen further in view of Jain does not explicitly teach wherein the method further comprises: receiving, by the page table entry synchronization driver, a second end message from the operating system, wherein the second end message indicates the third page corresponding to the fifth page table entry that has been invalidated in the operating system.
However, Ambula teaches wherein the method further comprises: receiving, by the page table entry synchronization driver, a second end message from the operating system, wherein the second end message indicates the third page corresponding to the fifth page table entry that has been invalidated in the operating system (Ambula teaches in Para. [0104]-[0105], [0134] and [0140] about the logical first, second , third, fourth and fifth. For example, a third L2P table for mapping a third set of logical addresses to physical addresses of a corresponding third set of logical pages of the memory device that each may have the first logical page size, the second entry of the third L2P table including a fifth physical address of a third logical page of the third set of logical pages, identifying that the second amount of data corresponds to the first logical page size, and writing the second amount of data to the third logical page and table including a fifth physical address of a third logical page of the third set of logical pages, identifying, based on a second size of the second amount of data, a third logical page size, and writing at least a portion of the second amount of data to a fourth logical page of the memory device having the third logical page size, where the third logical page includes the fourth logical page, further Ambula teaches in Para. [0041] marking the data in the previously selected pages 175 as invalid, and erasing the selected block 170).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of using the second entry of the third L2P table including a fifth physical address of a third logical page of the third set of logical pages and L2P tables may be maintained and data may be marked as invalid ([0104]-[0105] and [0041]) as taught, by Ambula into the teachings of Banginwar in view of Chen further in view of Jain invention. One would have been motivated to do so in order to the number of blocks that have been erased may be increased such that more blocks are available to store subsequent data (e.g., data subsequently received from the host system) (Ambula. [0041]).
Regarding claims 10 and 17.
Claims 10 and 17 incorporate substantively all the limitation of claim 3 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Regarding claims 11 and 18.
Claims 11 and 18 incorporate substantively all the limitation of claim 4 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Regarding claims 12 and 19.
Claims 12 and 19 incorporate substantively all the limitation of claim 5 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Claims 6, 7, 13, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Banginwar in view of Chen further in view of Jain further in view of Ambula and further in view of Gschwind U.S. Pub. No. 2015/0347300 A1, (hereinafter Gschwind).
Regarding claim 6. Banginwar in view of Chen Jain further in view of Ambula teaches the method according to claim 5.
Banginwar further teaches wherein the page table entry synchronization driver maintains second state information, a value of the second state information comprises a third state value or a fourth state value, the third state value indicates that the address information of the shared memory is allowed to be updated (Banginwar teaches in Para. [0167] as shown at block 462, VMM 170 then allocates memory for SECS 310 and then updates the EPT for TA 120 in EPTs 90 to provide access to SECS 310. Further, Jain teaches in [Col. 15, lines 18-24] possible outcomes of the race are: a) the current VCPU 210 writes the shadow page table entry first, in which case the remote VCPU 210 will overwrite the page table entry completely, and its value will prevail; and b) the remote VCPU 210 updates the upper and/ or lower 32 bits of the shadow page table entry before the current VCPU 210 attempts to overwrite it. Note that here bits and values are similar to the claimed “state value”), and wherein the method further comprises: setting, by the page table entry synchronization driver, the second state information to the fourth state value in response to the second start message (Banginwar teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry, and the shadow page table entry 750 is changed to the third state by setting the reserved bit 754 to "off" and setting the present bit 762 to "on."…, and further, Jain teaches in [Col. 10, lines 4-15]…This first, default state, for a given shadow page table entry, may be viewed as a state in which the shadow page table entry is not validated, or a state in which it's unknown whether the corresponding G-PT is present or not); and
setting, by the page table entry synchronization driver, the second state information to the third state value in response to the second end message (Banginwar teaches in [0124] data processing system 20 may create a distinct set of PDSs for each view, and those PDSs may be allocated from VMM heap memory and further teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry…).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using the shadow page table entry validation by using VMM ([Col. 12, lines 18-25]) as taught, by Jain into the teachings of Banginwar in view of Chen further in view of Ambula invention. One would have been motivated to do so in order to the method enables the shadow page table entry to update operations so as to remain lock-free. The method enables an atomic compare-and-exchange operation used to avoid collisions. The method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Banginwar in view of Chen further in view of Jain and further in view of Ambula does not explicitly teach the fourth state value indicates that the address information of the shared memory is prohibited from being updated.
However, Gschwind teaches the fourth state value indicates that the address information of the shared memory is prohibited from being updated (Gschwind teaches in Para. [0073] RCsync forces any C indicator settings in the page table entry, and no further changes to the C indicator are made after completion of RCsync, since the new PTE value prohibits it. However, if the C indicator is set in a TLB indicating a write has occurred, future writes using the TLB are possible until the TLB is invalidated or updated. Similarly, if a PTE is set to invalid, no R/C updates occur after the RCsync operation, since the new PTE value prohibits it).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of prohibit the value to invalidate the synchronization instruction only page table entry updates are possible that reflect the value of the page table entry at the time at or after the RCsync ([0073]) as taught, by Gschwind into the teachings of Banginwar in view of Chen further in view of Jain and further in view of Ambula invention. One would have been motivated to do so in order to the method enables storing a page portion of an effective address and an address of a physical memory page in a cache structure so as to improve performance, while avoiding page table entries search. The method allows a cloud consumer to unilaterally provision computing capabilities including server time and network storage as needed automatically without requiring human interaction with service provider, while rapidly and elastically provisioning capabilities to quickly scale out and rapidly released to quickly scale in.
Regarding claim 7.
Banginwar in view of Jain further teaches wherein the method further comprises: obtaining, by the virtual machine, an address update request, wherein the address update request is configured to request to update the address information of the shared memory (Banginwar teaches in Para. [0167] VMM 170 then allocates memory for SECS 310 and then updates the EPT for TA 120 in EPTs 90 to provide access to SECS 310. As shown at block 464, VMM 170 then maps SECS 310 to the GVA which was created during registration of SECS 310 with VIDT 84. (E.g., see block 412 of FIG. 14.) The process of FIG. 15 may then end. Further, Jain teaches in [Col. 11, lines 55-60] the virtualization software allows or facilitates the attempted write by the guest O/S 220. Then the virtualization software writes an address mapping to the shadow page table entry, sets the reserved bit 754 to "off," and sets the present bit 762 to "on," all before allowing the guest software to execute again);
determining, by the virtual machine based on the second state information, whether the address information of the shared memory is allowed to be updated (Banginwar teaches in [0124] data processing system 20 may create a distinct set of PDSs for each view, and those PDSs may be allocated from VMM heap memory and further teaches in Para. [0031]-[0032] the VMMs may use different techniques to prevent the guest OS from having unlimited access to memory. Those techniques may involve a page table and that page table may be referred to as an OS page table or a guest page table. Further, Jain teaches in [Col. 11, lines 61-67 and Col. 12, lines 1- 25]…, a shadow page table entry 750 is in the first state, and the VMM 300 determines that a G-PT is present, then an address mapping is written to the shadow page table entry…);
updating, by the virtual machine based on the address update request, the address information of the shared memory configured in the virtual machine if the address information of the shared memory is allowed to be updated (Banginwar teaches in Para. [0088]-[0089] managing shared memory by the VMM 170 based on mapping updates the EPT for TA 120 and the EPT for TA2 so that those EPTs map the same physical pages to the virtual pages of buffers created by TA 120 and TA2. Further, Jain teaches in [Col. 5, lines 53-58] the guest O/S 220 creates an appropriate mapping from the guest virtual address to a corresponding guest physical address and updates 915 the guest O/S page table 292 using the created mapping…, memory).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using an appropriate mapping from the guest virtual address to a corresponding guest physical address ([Col. 5, lines 53-58]) as taught, by Jain into the teachings of Banginwar in view of Chen further in view of Ambula and further in view of Gschwind invention. One would have been motivated to do so in order to the enables an atomic compare-and-exchange operation used to avoid collisions. The method enables the enhanced virtualization layer to be programmed such that the enhanced virtualization layer forwards the fault directly to the guest for processing when a marker in the shadow page table entry indicates that the fault is a true page fault, thus avoiding activation of a virtual machine monitor (VMM).
Banginwar in view of Chen further in view of Jain and further in view of Ambula does not explicitly teach sending an address update notification corresponding to the address update request to the virtual machine monitor; and updating, by the virtual machine monitor based on the address update notification, the address information of the shared memory configured in the virtual machine monitor.
However, Gschwind teaches sending an address update notification corresponding to the address update request to the virtual machine monitor (Gschwind teaches in Para. [0118] up-to-date status information for page table entries. In one example, a synchronization operation uses an RCsync instruction that ensures all updates to dynamically updated…); and
updating, by the virtual machine monitor based on the address update notification, the address information of the shared memory configured in the virtual machine monitor (Gschwind teaches in Para. [0121] a single broadcast can update R/C (and/or other PTE status information) and accelerate processing. For instance, in a single round trip to each remote processor, all R/C updates that are pending prior to performance of the RCsync are committed to memory and further Gschwind teaches in Para. [0108] use of a synchronization operation is to update a free list of memory pages. In systems that use virtual memory, the operating system is to maintain a free list of memory pages, which is used when a page is to be paged in, a buffer is to be allocated).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using a synchronization operation is to update a free list of memory pages and updates that are pending prior to performance of the RCsync are committed to memory ([0121] and [0108]) as taught, by Gschwind into the teachings of Banginwar in view of Chen further in view of Jain and further in view of Ambula invention. One would have been motivated to do so in order to the method enables storing a page portion of an effective address and an address of a physical memory page in a cache structure so as to improve performance, while avoiding page table entries search. The method allows a cloud consumer to unilaterally provision computing capabilities including server time and network storage as needed automatically without requiring human interaction with service provider.
Regarding claims 13 and 20.
Claims 13 and 20 incorporate substantively all the limitation of claim 6 in a computing device and a non-transitory computer readable medium form and are rejected under the same rationale. Furthermore, regarding the claim limitations “device” and “a non-transitory computer readable medium”, the prior art of record Banginwar teaches in Fig. 2 and Para. [0046] and [0196].
Regarding claim 14.
Claim 14 incorporates substantively all the limitation of claim 7 in a computing device form and is rejected under the same rationale. Furthermore, regarding the claim limitation “device” the prior art of record Banginwar teaches in Fig. 2 and Para. [0046].
Response to Arguments
Claim Rejections - 35 U.S.C. §101
Applicant indicated that the §101 rejection of claims 8-14 should be withdrawn.
The Examiner has considered and reviewed the Applicant’s claim amendment and thus, the previous rejection of claims 8-14 has been withdrawn as indicated above under section 4.
Claim Rejections - 35 U.S.C. &103
Applicant argues that the prior art of record the cited Paragraphs (i.e., [0103], [0157], and [0154]) of Banginwar do not teach the limitation in question.
First argument, the Office Action (p. 7) maps the limitation "returning, by the virtual machine, a response message to the virtual machine monitor" to Banginwar's Paras. [0103], [0157], and [0154]. Applicant respectfully submits that it has not been how the cited disclosure meets the "returning ... a response message" limitation. Specifically, the Office Action states that Banginwar's"VMM ... walks the OS page tables and gets the GVA-to-GPA mapping ... A VMM reading or walking page tables is not the same as a VM returning a response message to the VMM as required by the claim. Accordingly, the Office Action's mapping does not establish the cited disclosure as meeting the "returning ... a response message" limitation. (Remarks. Page. 14 of 16).
In response to the first Applicant’s argument above, the Examiner respectfully disagrees because the prior art of record Banginwar expressly teaches the limitation in question of "returning ... a response message" in previously recited Paragraphs under broadest reasonable claim interpretation in addition, Banginwar teaches a response to a message up on receiving a request from the a trusted application (TA) in a TEE by the VMM (i.e., Virtual management monitor) as narrated in Para. [0088]-[0089]. Furthermore, based on the current amendment, the Examiner has introduced the new prior arts based on the disclosure of Chen et al. (2009/0113110 A1, hereinafter Chen) to teach the change in scope of the amended claims 1, 8 and 15 respectively. Therefore, the first argument above is moot because the argument does not apply to the combination of the references being used in the current 103 rejection above.
Second argument, Banginwar has not been shown to teach the required content of the response message as amended. As amended, claim 1 recites that the response message includes the address mapping information included in the first page table entry. (Remarks. Page. 14 of 16).
In response to the second argument above, the Examiner respectfully disagrees because the current amendment changed the scope of the limitation which requires additional prior art of record and thus, the Examiner has introduced the new prior art of record (i.e., Chen) to properly address the limitation in question that changed the scope of the limitation. (See the 103 rejection above with respect to the Chen reference).
Third argument, the Office Action admits that Banginwar does not disclose and relies on Jain for the "validating" steps (Office Action, pp. 7-8). However, Jain has not been shown to its validation is "in response to receiving the response message" as recited in current claim 1 and previously presented claim 8. The cited Jain disclosure describes fault-driven handling and VMM-side shadow page table processing. Jain explains that in a "true page fault," the VMM delivers a fault to the guest O/S, and the guest O/S creates a mapping (Jain, col. 5, 11. 49-55, p. 5). This describes a fault-delivery mechanism and subsequent internal mapping updates, not the claimed causal relationship where the receipt of the response message from the VM serves as a trigger for the VMM to validate the second page table entry. …, "comprises the address mapping information included in the first page table entry" as recited in current claim 1. Accordingly, the cited combination of Banginwar and Jain has not been shown to teach or suggest the current claims limitations requiring (i) a response message comprises the address mapping information included in the first page table entry, and (ii) validation of a second page table entry in response to the response message. The other cited references Ambula and/or Gschwind, have not been shown to remedy the deficiencies of Banginwar and Jain. Applicant thus respectfully requests withdrawal of the §103 rejections for claim 1, 8 and 15, and their respective dependent claims. (Remarks. Pages. 14-15 of 16).
In response to the third argument above, the Examiner respectfully disagrees. First, the prior art of record Jain expressly teaches the deficiencies of the prior art of record Banginwar by evidencing how the validation performed by the virtual machine based on the received message. For example, a state in which the shadow page table entry has been validated in [Col. 10, lines 34-36], a third state for a shadow page table entry is one in which the shadow page table entry has been validated, and the corresponding G-PT entry is present in [Col. 10, lines 40-44] and receives a page fault error code 850 in which the present bit 860 is set to "off," then the shadow page table entry has been validated in [Col. 11, lines 23-25]. Second, the current amendment in claims 1, 8 and 15 added a new claim language and thus, the Examiner has introduced the new prior art of record Chen from the same field of endeavor to address the newly added limitations in the amended claims 1, 8 and 15 respectfully. Third, the amended portion or the previous claim does not clearly recite or indicate “how the receipt of the response message from the VM serves as a trigger for the VMM to validate the second page table entry” and thus the examiner recognizes that obviousness can only be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837F.2d 1071,5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). The combination of the prior arts of records are still believed to teach all of the limitations as indicated in the 103 above. Therefore, the arguments are moot because the arguments do not apply to the current combination of the references being used in the current rejection under 103 above.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BERHANU SHITAYEWOLDETSADIK whose telephone number is (571)270-7142. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 5712723865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BERHANU SHITAYEWOLDETSADIK/ Examiner, Art Unit 2455