Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

In view of the appeal brief filed on 03/04/2021, PROSECUTION IS HEREBY REOPENED. A new ground of rejection is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195                                                                                                                                                                                                        
DETAILED ACTION

Claims 1-21 are currently pending and have been examined.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5, 12-15, and 19-21 rejected under 35 U.S.C. 103 as being unpatentable over Nakajima et al. (U.S. Patent No. 9,747,123 B2) in view of Wang et al. “Jitk: A Trustworthy In-Kernel Interpreter Infrastructure”.
Nakajima was cited in the last office action.

As per claim 1, Nakajima teaches the invention substantially as claimed including a system having one or more processors (Fig. 1, Processor 120) and a memory (Fig. 1, Memory 128) coupled to the one or more processors and containing a hypervisor that supports a virtual machine running a guest operating system (Fig. 3, Root Hypervisor 320, non-root Hypervisor 306 executing virtual machines 304), a method for communicating information specific to the guest operating system [the non-root hypervisor executing as a guest] to the hypervisor [root-hypervisor], said method comprising:
upon an occurrence of a specified event (col. 3, line 2, In response to a virtual machine exit), obtaining, by the hypervisor, … [callback handler] that has been registered by the guest operating system with the hypervisor for the specified event; executing, by the hypervisor, the … [callback handler] to obtain information regarding the guest operating system running in the virtual machine; in response to executing the … [callback handler], obtaining, by the hypervisor, the information regarding the guest operating system running in the virtual machine (col. 2, lines 67 – col. 3, line 5 the non-root hypervisor [executing as guest] may register one or more callback handlers and associated trigger conditions with the root hypervisor. In response to a virtual machine exit, if the trigger condition is satisfied, the root hypervisor may switch to the non-root virtualization mode and execute the registered callback handler; col. 11, lines 25-28, … in some embodiments, if the non-root hypervisor 306 is trusted by the root hypervisor 320, the computing device 100 may remain in the VMX-root mode while executing the callback handler 316; col. 9, lines 43-47, wherein when registering the callback handler 316, the non-root hypervisor 306 may also supply additional information, such as pointers to virtual VMX objects 308, or lists of requested VMCS 328 field updates to be made; col. 21, lines 11-19).

Nakajima does not expressly disclose a callback handler is callback byte code; and the byte code is assembled into executable code that runs on the one or more processors.
However, Wang discloses a callback handler is a callback byte code (Fig. 1, items 1, 2, bytecode form system call; Fig. 4; and the byte code is assembled into executable code that runs on the one or more processors. (page 6, left column, lines 1-3, In Jitk when the kernel accepts BPF bytecode from user space, a JIT translates the BPF filter into native code; Fig. 13, steps 3 and 4, describes user space providing a BPF bytecode to a Kernel, and the Kernel using a JIT interpreter to translate the BPF 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Nakajima to incorporate the method of specifying system call policies via proving a BPF bytecode to a kernel as set forth by Wang because it would allowed guest operating systems to communicate information [e.g. resource usage], via registering/providing a byte code to the hypervisor. Further, the ability to translate byte code using JIT interpreter would have allowed for correctly translating guest information provided to the hypervisor. 

As per claim 2, Wang teaches wherein the … byte code is based on a simplified CPU and memory architecture (pages 9,section 5.3 describes Jitk implements an encoder and decoder, which transforms an in-memory representation of a BPF program into BPF bytecode, and back into an in-memory, which is based on processor, memory architecture).

As per claim 3, Nakajima wherein the callback byte code [callback handler] is derived and prepared from one or more functions of the guest operating system (col. 7, lines 55-61, the non-root hypervisor 306 further includes one or more callback handlers 316, which may be embodied as any function, method, vector, or other routine that may be invoked).

As per claim 5, Nakajima wherein the callback byte code [callback handler] is registered with the hypervisor prior to the occurrence of the specified event, and the 

As per claim 12, it is a non-transitory computer-readable medium having similar limitations as claim 1. Thus, claim 12 is rejected for the same rationale as applied to claim 1.

As per claim 13, it is a non-transitory computer-readable medium having similar limitations as claim 2. Thus, claim 13 is rejected for the same rationale as applied to claim 2.

As per claim 14, it is a non-transitory computer-readable medium having similar limitations as claim 3. Thus, claim 14 is rejected for the same rationale as applied to claim 3.

As per claim 15, it is a non-transitory computer-readable medium having similar limitations as claim 5. Thus, claim 15 is rejected for the same rationale as applied to claim 5.

As per claim 19, it is a system having similar limitations as claim 1. Thus, claim 19 is rejected for the same rationale as applied to claim 1. Nakajima further teaches one or more processors; and a memory coupled to the one or more processors (Fig. 1, Processor 120 and Memory 128).

As per claim 20, it is a system having similar limitations as claim 5. Thus, claim 20 is rejected for the same rationale as applied to claim 5.

As per claim 21, Nakajima teaches wherein the callback byte code has been safety checked by the hypervisor to ensure that the callback byte code complies with one or more safety properties (col. 7, lines 19-21 … root hypervisor 320 may include an integrity checker 322 to monitor and/or integrity check the host operating system 302 and/or the non-root hypervisor 306).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Wang, as applied to claim 1, and further in view of Mahadevan et al. (U.S. Patent No. 5,797,013 A).
Mahadevan was cited in previous Office Action.

As per claim 4, Nakajima and Wang do not expressly disclose wherein preparation of the callback byte code includes unrolling loops and removing branches in the one or more functions.
However, Mahadevan teaches preparation of the callback byte code includes unrolling loops and removing branches in the one or more functions (Abstract; col. 4, lines 50-57, provides a new compiler that can unroll more loops than previous algorithms. It also significantly reduces the number of branch instructions by cleverly handling the iteration count and by converting loops with early exits to regular FOR loops).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Nakajima and Wang to incorporate the technique unrolling loops and removing branches it would provide for generating callback code which executes faster.

Claims 6-11, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Wang, as applied to claims 1 and 12, and further in view of Dabak et al. (U.S. Pub. No. 20180267818 A1).
Dabak was cited in a previous Office Action.

As per claims 6-9, Nakajima and Wang teaches the limitations of claim 1. Nakajima and Wang does not expressly describe wherein the callback byte code is prepared so as to permit the hypervisor to access only a range of addresses in the 
However, Dabak teaches wherein the range of addresses is registered with the hypervisor prior to the occurrence of the specified event (par. 0068, guest OS 134B configures hypervisor 114 to perform a safe read to access data stored within the guest virtual memory address range. For example, guest OS 134B may register, with hypervisor 114, an instruction pointer to a memory copy function to cause the hypervisor to absorb any fault that arises from accessing the data stored within the guest virtual memory address range using the memory copy function; par. 0022 memory address associated with physical memory).
It would have been obvious to one of ordinary skill in the art before he effective filing date of the claimed invention to modify the teaching of Nakajima and Wang t to include registering memory address ranges with the hypervisor as set forth by Dabak because it would allow the hypervisor to safely perform requested operation with respect the registered memory addresses. 

As per claim 10, Dabak further teaches wherein the hypervisor is further configured to check for valid inputs in the assembled callback executable code (par. 0047, may involve configuring hypervisor 114 to perform a safe read on the target address range (e.g., using a safe read request). This takes advantage of the safe read 

As per claim 11, Dabak further teaches wherein the hypervisor is further configured to hook in hypervisor functions to the assembled callback executable code (par. 0056, technique used by malware is to change the values of the callback function pointer to point to malicious code, an action known as hooking).

As per claim 16, it is a non-transitory computer-readable medium having similar limitations as claim 6. Thus, claim 16 is rejected for the same rationale as applied to claim 6.

As per claim 17, it is a non-transitory computer-readable medium having similar limitations as claim 10. Thus, claim 17 is rejected for the same rationale as applied to claim 10.

As per claim 18, it is a non-transitory computer-readable medium having similar limitations as claim 11. Thus, claim 18 is rejected for the same rationale as applied to claim 11.

Conclusion
The prior art made of record and not relied upon is considered pertinent to 
U.S. Pub. No. US 20190140983 A1 teaches extensible virtual switch datapath including method of loading extended Berkeley Packet Filter (eBPF) into the kernel space of host operating system.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Willy W. Huaracha whose telephone number is (571)270-5510.  The examiner can normally be reached on M-F 8:30-5:00pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on (571) 272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/WH/
Examiner, Art Unit 2195


/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195