RussianPatents.com
|
Method for solving conflicts concerning address space between virtual machines monitor and guest operation system |
|||||||||||
IPC classes for russian patent Method for solving conflicts concerning address space between virtual machines monitor and guest operation system (RU 2259582):
|
FIELD: computer science. SUBSTANCE: method includes stages, at which it is detected, that guest operation system tries to access area, which is locked by first portion of virtual machines monitor within limits of first address space, and first portion of virtual machines monitor is moved within limits of first address space to allow guest operation system access to area, previously occupied with first portion of virtual machines monitor. EFFECT: higher efficiency. 3 cl, 7 dwg
The SCOPE of the INVENTION The present invention relates in General to virtual machines, and more specifically to the resolution of conflicts on the address space between the VMM and the guest operating system. PRIOR art Well-known virtual machine monitor (MBM, VMM) is usually performed on a computer and is other software the abstraction of one or more virtual machines. Each virtual machine can operate as a stand-alone platform, running its own "guest operating system" (i.e. the operating system managed MWM). It is expected that the guest operating system will behave as if it is running on a dedicated computer, and not on a virtual machine. I.e. it is expected that the guest operating system will manage various computer operations and have unlimited access to the physical memory of the computer and the device I / o pre-distributed memory during these operations. However, in a virtual machine environment MBM should be able to have maximum control over the resources of the computer to protect from other virtual machines and between them. To achieve this, MWM usually intercepts and makes decisions on all treatment is the third computer resources, performed by the guest operating system. Under the existing processors (e.g. microprocessors IA-32) MBM may not be able to intercept the address of the guest operating system to hardware resources, if part of the code and/or data structures MBM is not located in the same virtual address space, where the guest operating system. However, the guest operating system does not expect that the code and/or data structures MWM reside in the address space of the guest operating system, and it may be trying to refer to the area occupied by MWM in this address space, causing conflict in the address space between the guest operating system and MBM. This conflict can lead to a crash of operations MBM or the guest operating system. Thus, a mechanism is needed that will detect and resolve conflicts on the address space between MVM and the guest operating system. LIST of FIGURES The present invention is illustrated, for example, and not as limitations, the figures of the accompanying drawings, in which identical item numbers refer to similar elements and in which: figure 1 - one of the embodiments of the virtual machine environment; figure 2 - block diagram of the system, prednaznachennoi to resolve conflicts on the address space between the virtual machine monitor and a guest operating system according to one of embodiments of the present invention; figure 3 - sequence of operations of a method of conflict resolution in the address space between the virtual machine monitor and a guest operating system according to one of embodiments of the present invention; figure 4 - sequence of operations of moving the kernel of the virtual machine within the address space of the virtual machine according to one of embodiments of the present invention; figure 5 illustrates the kernel of the virtual machine, which supports the lower privilege level of the guest according to one of embodiments of the present invention; 6 is a sequence of operations of a method of processing interrupts virtualization generated by the guest operating system, according to one of embodiments of the present invention; and 7 is a structural diagram of one of the embodiments of the processing system. DESCRIPTION of embodiments The described method and device, designed to resolve conflicts on the address space. In the following description formulated numerous details, such as the distance between the components, types, forms, etc. However, the specialist in the art it will be obvious that the present invention can be implemented in PR is ctice and without these specific details. In other instances, well-known structures and devices are shown in the form of block diagrams, but not in detail, in order not to obscure the present invention. In the following description, for purposes of explanation, numerous specific details are formulated in order to ensure full understanding of the present invention. However, the specialist in the art it will be obvious that the present invention can be implemented without these specific details. Some portions of the detailed description that follows, presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by specialists in the field of data processing for more efficient transmission of the essence of their work to other specialists. In this case, and in General, it is believed that the algorithm is self-consistent sequence of steps that lead to the desired result. The stage is the fact that require physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals that can be stored, transferred, combined, compared, also can be manipulated and other SPO is obom. It is proved that at times convenient, mainly for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or other similar way. It should be borne in mind, however, that all these and similar terms should be associated with appropriate physical quantities and are merely convenient labels applied to these quantities. It should be recognized that unless specifically stated or not it is obvious from the foregoing discussion, it is everywhere according to the present invention used in the description of terms such as "processing"or "calculating"or "calculating"or "determining"or "displaying"or the like may refer to actions and processes of a computer system, or similar electronic computing device that manipulates the data represented as physical (electronic) quantities within the registers of the computer system and a storage device, and converts them into other data similarly represented as physical quantities in a storage device of a computer system or in registers or other storage devices, transmission or display information. The present invention also relates to a device intended to perform the described operations. This device may be the specially constructed for the required purposes, or it can contain a General-purpose computer selectively activated or Preconfiguring computer program stored in the computer. Such a computer program may be stored on machine-readable data carrier, such as any type of disk that includes floppy disks, optical disks, compact disks (CD-ROMs), and magneto-optical disks, a persistent storage device (RAM, ROM), random access memory (RAM, RAM), erasable programmable permanent memory (EEPROM, EPROM), electrically erasable programmable permanent memory (EEPROM EEPROM), magnetic or optical cards, or any type of media suitable for storing electronic commands, and each of which is connected with the computer system bus, with said media data is not limited to the foregoing. Commands are executed using one or more processing devices (e.g., processors, blocks, CPU etc). The presented algorithms and image is not inherently related to any particular computer or other device. Various computing machines General purpose can be used with programs in accordance opened here conceived, or may find it convenient to construct more specialized is the first device to perform the required steps of the method. The required structure for many of these computers will be clear from the following description. In addition, the present invention is described without reference to any particular programming language. It should be recognized that a variety of programming languages may be used to implement the plan described inventions. In the following detailed description of embodiments refers to the accompanying drawings, which show, by way of example, specific embodiments of which the invention can be implemented in practice. In these drawings the same number of positions, in essence, describe similar components on multiple images. These implementation options described in sufficient detail to provide an opportunity for specialists in the art to implement the invention in practice. Can be used in other embodiments of, and may be made of structural, logical and electrical changes, without departing from the scope of the present invention. In addition, it should be understood that the various embodiments of the invention, although different, are not necessarily mutually exclusive. For example, a particular distinctive feature, structure or characteristic described in one of the variants of implementation is to be placed, may include other variants of implementation. Therefore, further detailed description should not be construed in the sense of limitation and the scope of the present invention is defined only by the attached claims along with the full scope of equivalents covered by the claims. The method and apparatus of the present invention provide a mechanism for resolving conflicts on the address space between the guest operating system and virtual machine monitor (MBM). Figure 1 illustrates one of the embodiments of the environment 100 virtual machines in which the present invention can operate. In this embodiment, the "naked" (without software) hardware platform 116 contain computing platform, which may, for example, to run a standard operating system (OS) or a virtual machine monitor (MBM), such as MWM 112. MWM, although usually implemented in software, can export interface "naked" machines, for example, by emulation, the software higher level. Such software is of a higher level can contain standard OS or OS, running in real time, although the scope of the invention is not limited in this respect and, as the viola is rnative, MBM can be performed, for example, in another MWM or on top of it. Monitors MBM and their typical features and functionality are widely known to experts in the art and may be implemented, for example, in software, software-hardware or using a combination of different methods. As described above, MBM is other software (i.e. the "guest" software) the abstraction of one or more virtual machines (VM, VM). Figure 1 shows two VMS 102 and 114. Each VM includes a guest OS, such as the guest OS 104 or 106, and various applications 108-110 guest software. It is expected that each of the guest OS 104 and 106 will control access to physical resources (e.g., memory devices, input / output with pre-distributed memory) within the hardware platform running the guest OS 104 or 106, and to perform other functions. However, in a virtual machine environment MWM 112 should be able to have maximum control over the physical resources to ensure the protection of the VMS 102 and 114 from each other. MWM 112 achieves this goal by intercepting all calls of the guest OS 104 and 106 to the physical resources of the computer. For example, this may be a way to reduce the privilege level of the guest to whom the substance of the possibility MWM 112 to intercept the above address. Lower privilege level of the guest makes all the guest software to run on the hardware privilege level, which does not allow the software to access some hardware resources. As a result, whenever the guest OS 104 or 106 attempts to access any of these hardware resources, it generates a trap" MWM 112, i.e. MWM 112 receives a control operation initiated by the guest operating system, if in this operation, there is recourse to such hardware resources. It should be noted that any other method known from the prior art, can be used to transfer control of this operation from the guest OS 104 or 106 to MBM 112. When using the method of reduction of level of guest privileges, or in other ways, providing a MWM 112 to intercept references guest OS 104 and 106 to the physical resources of the computer, the part of the code and/or data structures MWM can architecture be should always be in the same virtual address space, in which each of the guest OS 104 and 106. However, because the guest OS 104 and 106 do not know about the presence of MBM, they may attempt to access a region occupied by the code and/or data structures MBM in the virtual address space is e, associated with the guest OS 104 or 106. Such attempt may result in conflict between code and data structures of the guest OS code and data structures MBM in the virtual address space, causing abnormal termination of the operations performed by the guest OS 104 or 106, or MWM 112. The present invention provides a mechanism for resolving such conflicts on the address space. Figure 2 - block diagram of a system 200 that is designed to resolve conflicts on the address space between MVM and the guest OS according to one of embodiments of the present invention. The system 200 includes a "bare" hardware platform 214, which include a computing platform that can run a guest OS (for example, the guest OS 104 or 106), MWM (for example, MWM 112), etc. Two separate address space 204 and 202 allocated to the guest software and MBM. I.e. address space 204 VM selected in such a way that it contains code and data structures of the guest OS and other guest software, and the address space 202 MWM allocated for code and data structures MWM. As described above, some components of the code and/or data structures MWM can architecture be required to reside in the same address space, in which n is located to the guest OS, to enable MWM to intercept references guest OS to hardware resources. For example, the architecture of the system commands (ASA, ISA) IA-32 when using a lower privilege level of the guest to provide MWM control applications guest OS to hardware resources, the table, the interrupt descriptor (TPD IDT)that includes pointers to the processing procedures of the trap, the architecture must reside in the same address space, in which the guest OS. One of the embodiments of the present invention, which supports a lower privilege level of the guest will be described in more detail below, together with figure 5 and 6. For other architectures ask various other parts of the code and/or data structures MWM can architecture be must reside in the same address space, in which the guest OS is to provide an opportunity for MWM to manage complaints, carry out the guest OS to hardware resources. In one embodiment, the implementation of the code and data structures MBM is divided into two parts. The first part of the MBM includes a set of code and/or data structures that are required to reside in the address space of the guest OS, i.e. in the address space 204 VM. The second part of the MBM includes the remaining part of the code and data structures MWM. In one embodiment, the implementation of the program (called the kernel virtual machine 210) collects a minimal set of code and/or data structures MWM, which must reside in the same address space, in which is located the guest OS. The remaining part of the code and data structures MBM is compiled as a standalone program and is located in the address space 202 MWM. The core 210 of the virtual machine (YAWM, VK) then displays itself in the address space of the VM 204, and an address space 202 MWM. Subsequently, when the guest OS tries to access the area occupied by the code and/or data structures MBM in the address space 204 VM, YAWM 210 detects this attempt of the guest OS. In one of the embodiments YAWM 210 receives a control event initiated by the guest OS, if this event could potentially cause a conflict in the address space between the guest OS and MBM. Lower privilege level of the guest or any other hardware or software mechanisms known from the prior art, can be used for transmission of control over the event from the guest OS to the code and/or data structures MWM that resides in the address space 204 VM. Then YAWM 210 evaluates this event to determine the cause. When detecting that the event was caused by priests is what the guest OS to access the field, busy code and/or data structures MWM, YAWM 210 periotoneal yourself in another area within the address space 204 VM in order to allow the guest OS access to the area previously used YAWM 210. One of the variants of the method of moving YAWM 210 within the address space of the VM 204 is described in more detail below, together with figure 4. Figure 3 - sequence of operations of one embodiment of the method 300 conflict resolution in the address space between MVM and the guest OS according to one of embodiments of the present invention. The method 300 begins with the division of MBM on the first part and the second part (processing block 304). As described above, the first part includes a set of code and/or data structures MWM that on-demand architecture must reside in the same address space where the guest OS. The second part of the MBM includes the remaining part of the code and data structures MWM. In one of the embodiments described in more detail below) the first part of the MBM includes a set of handlers trap and table, the interrupt descriptor (TPD, IDT). In alternative embodiments, the first part includes various other data structures and code MBM, which should always be in the same hell is asnom space, where is the guest OS. Then created the first address space (i.e. address space 204 VM), which contains the code and data structures of the guest OS and other guest software (processing block 306), and the second address space (i.e. address space 202 MWM) is created for code and data structures MWM (processing block 308). In one embodiment, the implementation of these address spaces created during the boot process. In addition, the first part of the MBM is displayed in the address space of the VM, and in the address space of the MWM (processing block 310)and the second part MBM is loaded into the address space of MBM (processing block 312). In processing block 314 detects an attempt of the guest OS to refer to the area occupied by the first part of the MBM. In one embodiment, the implementation of such an attempt is detected by the transmission control event initiated by the guest OS, the first part of MVM, if this event could potentially cause a conflict in the address space between the guest operating system and MBM. One of the embodiments of the detection of potential conflicts on the address space described in more detail below in connection with figure 5 and 6. Subsequently, in processing block 316, the first part of MWM is moved to a different region is here within the address space of the VM to allow the guest OS to the area previously occupied by the first part of the MBM. Any subsequent attempt to access a new area occupied by the first part of the MWM, again leads to its movement within the address space of the VM. One of the variants of the method of moving YAWM, which contains the first part of the MWM, shown in figure 4. According to figure 4, when a conflict is detected by the address space between the guest OS and MBM (processing block 404) in the address space of the VM searches the unused area (processing block 406). In the final block 408 determines whether there is an unused area in the address space of the VM. If positive determination YAWM, containing the first part of the code and data structures MWM, peretiraetsya in this unused area, and control is passed back to the guest OS, which can now turn to the area previously used YAWM. Alternatively, if the unused area does not exist in the address space of the VM, i.e. the guest OS uses the entire address space of the VM, a random location is selected within the address space of the VM (processing block 412), the contents of memory locations in the selected region is copied into a buffer in the address space MWM (processing block 414), and YAWM eriocephala in the selected area in the address space of the VM (processing block 416). Subsequent references to this selected memory area (i.e. to a new area YAWM) are served through emulation memory access buffer in the address space of MBM, which contains the original contents of the new field YAWM. In one of the embodiments, the frequency of such requests to the emulated memory can be reduced by periodic movement YAWM in a random area within the address space of the VM until you find an area that is rarely used. Figure 5 illustrates the YAWM, which supports the lower privilege level of the guest, according to one of embodiments of the present invention. As described above, the lower privilege level of the guest makes a guest OS to run on less-privileged level so that the guest OS "caused a trap" MWM whenever she tries to issue privileged commands that operate on the system state of the processor. In one embodiment, the implementation of the LCP supporting the lower privilege level of the guest places the pointers to the processing procedures of the trap (i.e. handlers 552 trap) in table 514, the interrupt descriptor (TPD). Some architectures ASC (for example, the architecture of the instruction set IA-32) require that TPD 514 was constantly in the active currently, the virtual address space (i.e. in the address space of the VM 504). In one embodiment, the implementation of the elements TPD 514 are gateways tasks, which provide the switching of the address space. I.e. when a trap is generated, TPD 514 is looking for a pointer to a procedure of the trap. If this pointer is the gateway task, he will give you the opportunity to make a direct switch to the address space of MBM, which contains the procedure for handling system interrupt for the generated traps. Accordingly, the trap handler corresponding to the gateway tasks does not have to reside in the address space of the VM, although the gateway tasks must reside in the address space of the VM. In another embodiment, the elements TPD 514 are gateways trap or gateways, external interrupts that do not provide switching of the address space. Therefore, handlers trap associated with such elements TPD must reside in the address space of the VM. In addition, MWM can host shadow versions of other data structures (for example, the global descriptor table) in the address space of the VM. In one of the embodiments YAWM 510 collects together a minimal set of handlers, the system flags the deposits and/or data structures (e.g., TPD 514), which must be located in the address space of the VM, and displays them in the address space of the VM 504, and the address space 502 MBM, and sets access rights for pages containing YAWM 510, at the most privileged level (for example, on a privilege level "supervisor" with the 0-th ring of protection (ring=0) for microprocessors IA-32). As described above, the guest OS runs in user mode (for example, in "user" mode with 3-ring protection (ring=3) for microprocessors IA-32). As a result, in one embodiment, the implementation of the guest OS generates a system interrupt virtualization whenever she tries to access privileged machine resources, including pages containing YAWM 510, which are protected by the most privileged access rights. In one of the embodiments, when a system interrupt virtualization generated in TPD 514 searches for the corresponding pointer to the handler traps. In one embodiment, the implementation of a trap, perhaps, should be handled by the trap handler that resides in MVM. In this embodiment, YAWM performs two switching address spaces - one switch in order to deliver the system interrupt handler of systems the x interrupts in the address space 502 MWM, and second switches to switch back to the address space 504 VM after a trap was serviced by a trap handler that resides in MVM. Alternatively, a trap can be handled in the event handler that resides in YAWM. For example, a trap may be caused by the guest OS command to reset the flag in the processor register. Such a trap can be handled completely in the processor 552 trap, not by transferring management of MBM in the address space MWM 502, and such an implementation would lead to better performance. One type of system interrupt virtualization is the error due to the conflict, which is generated when the guest OS tries to access the area of the address space 504 VM, which is currently used YAWM 510. YAWM 510 handles these errors due to the conflict through protobrain yourself in a new area within the address space 504 VM, as described in more detail above in connection with figure 4. 6 is a sequence of operations of the method 600 of processing system interrupt virtualization generated by the guest OS according to one of embodiments of the present invention. Method 600 begins with the installation of access rights field is t, busy YAWM, at a more privileged level than the privilege level associated with the guest OS (processing block 604). For example, all pages YAWM can be displayed only with the privilege level of the supervisor (with the 0-th ring of protection (ring=0))and the guest OS can be installed to run in the unprivileged user mode (with 3-ring protection). In processing block 606 accepted system interrupt generated by the guest OS. A trap is caused by an attempt of the guest OS to access privileged hardware resources. In the final block 608 is determined whether the system interrupt to be processed inside YAWM (for example, the trap handler that resides in YAWM). If a trap is too difficult to be handled YAWM, it is delivered into the address space of MBM (for example, the trap handler that resides in MBM) (processing block 610), and then returns back into the address space of the VM after a trap was serviced MWM (processing block 612). Subsequently, the control of the event that caused the system interrupt, and returns guest OS (processing block 620). Alternatively, if the system interrupt can be processed inside YAWM, toprovide determining was it a trap caused by a conflict in the address space between code and data structures YAWM and code and data structures of the guest OS (the decisive block 614). If a trap was really caused by a conflict in the address space, the code and data structures YAWM moved to a new area within the address space of the VM (processing block 618). Alternatively, a system interrupt is processed in the corresponding trap handler (processing block 616). Subsequently, the control of the event that caused the system interrupt, and returns guest OS (processing block 620). 7 is a block diagram of one of the embodiments of the processing system. The processing system 700 includes a processor 720, a memory 730. The processor 720 may be a processor of any type capable of executing software, such as a microprocessor, processor, digital signal processing, microcontroller or the like. The processing system 700 may be a personal computer (PC), a universal computing machine (mainframe, handheld device, portable computer, set top box or any other system that includes the software. The memory 730 may be a hard disk, the flexible disk, random access memory device (RAM), read-only memory (ROM), flash memory or any other type of machine medium readable by the processor 720. The memory 730 may store the commands to perform various embodiments of the method of the present invention, such as methods 300, 400 and 600 (Fig 3, 4 and 6). It should be understood that according to the plan above description is illustrative and not restrictive. Many other embodiments will be obvious to experts in the art after reading and understanding the above description. Therefore, the scope of the invention should be determined in relation to the appended claims along with the full scope of equivalents, which covers the claims. 1. The way to resolve conflicts on the address space between the virtual machine monitor and a guest operating system that contains the stages on which to find that the guest operating system attempts to access a region occupied by the first part of the virtual machine monitor (MBM) within the first address space, and move the first part of the LCP within the first address space to allow the guest operating system access to the area previously occupied by the first part of the MBM./p> 2. The method according to p. 1, in which the first part of the MBM includes a set of code and data structures MWM that architecture should always be in the first address space. 3. The method according to p. 1, in which the first part of the MBM includes a set of handlers trap and table, the interrupt descriptor (TPD). 4. The method according to p. 1, further comprising stages, which are divided MWM on the first part and the second part, make a first address space associated with the guest operating system, generate a second address space associated with MBM, place the second part of the MBM in the second address space associated with MBM, and display the first part of the MBM in the first address space and the second address space. 5. The method according to p. 1, additionally containing a phase in which gains control of the event initiated by the guest operating system when the event could potentially cause a conflict in the address space between the guest operating system and MBM. 6. The method according to p. 5, in which the gain control further comprises the steps on which set out the rights of access to the section occupied the first part of the MWM, at a more privileged level than the privilege level associated with the guest operating system, and take a trap is caused by an attempt of the guest operating system to access the hardware resource, having a higher level of privilege than the privilege level associated with the guest operating system. 7. The method according to p. 6, further comprising stages, which determine that the system interrupt can be processed first part of the MWM, execute code associated with the system interrupt, and return control of the event, the guest operating system. 8. The method according to p. 6, further comprising stages, which determine that the system interrupt is to be processed in the second part of the MWM, take a trap to the second part of MWM, transmit control event guest operating system after the code associated with the system interrupt was executed the second part of the MBM. 9. The method according to p. 1, in which the movement of the first part MWM further comprises the steps that detect unused area within the first address space and periotoneal the first part of the MWM in this unused area. 10. The method according to p. 1, in which the movement of the first part MWM further comprises the steps, which determines that the unused area does not exist within the first address space, choose a random location within the first address space, copying the contents of memory located in this random field, in Deuteronomy the e address space and periotoneal the first part of the MWM in this random area. 11. The method according to p. 10, further comprising stages on which gains control of the event initiated by the guest operating system, and this event corresponds to the attempt of the guest operating system to access the content memory previously located in random areas, and access to the copied contents of the memory at the second address space. 12. The method according to p. 11, optionally containing phase, which periodically move the first part of the MWM in a random area within the first address space until, until you find an area that rarely apply. 13. System for conflict resolution in the address space between the VMM and the guest operating system containing a memory that includes a first address space associated with the guest operating system, and the second address space associated with the virtual machine monitor (MBM), and a processor coupled to the memory, designed to detect that the guest operating system attempts to access a region occupied by the first part of the LCP within the first address space, and to move the first part of the LCP within the first address space to allow the guest operating system access to the area, previously occupied by the first part of the MBM. 14. The system under item 13, in which the first part of the MBM includes a set of code and data structures MWM that architecture should always be in the first address space. 15. The system under item 13, in which the first part of the MBM includes a set of handlers trap and table, the interrupt descriptor (TPD). 16. Machine-readable medium that provides commands that, when executed on the processor cause the specified processor to perform operations, comprising stages on which to find that the guest operating system attempts to access a region occupied by the first part of the virtual machine monitor (MBM) within the first address space, and move the first part of the LCP within the first address space to allow the guest operating system access to the area previously occupied by the first part of the MBM. 17. Machine-readable media according to p. 16 additional commands, causes the processor to perform operations, comprising stages, which detect unused area within the first address space, and periotoneal the first part of the MWM in this unused area. 18. Machine-readable media according to p. 16 additional commands causing the processor to perform operations, containing phases, which determine what is within the first address space does not exist unused area, choose a random location within the first address space, copying the contents of memory located in this random area in the second address space and periotoneal the first part of the MWM in this random area.
|
© 2013-2014 Russian business network RussianPatents.com - Special Russian commercial information project for world wide. Foreign filing in English. |