Memory isolation and virtualization among virtual machines

US 20060004944A1
Filed: 06/30/2004
Published: 01/05/2006
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a processor having a normal execution mode and a protected execution mode; and

a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a virtual machine monitor (VMM) that controls access to a page table hierarchy by a guest operating system (OS). For example, the guest operating system may operate as part of a virtual machine. Particularly, the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy. More particularly, when the guest operating system attempts to access a page table, control of memory access transactions is trapped to the virtual machine monitor.

Citations

43 Claims

1. An apparatus comprising:
- a processor having a normal execution mode and a protected execution mode; and
  
  a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy.
  - 3. The apparatus of claim 2, wherein the virtual machine monitor operates in an area of protected memory.
  - 4. The apparatus of claim 2, wherein the virtual machine monitor stores information related to the page table hierarchy.
  - 5. The apparatus of claim 2, wherein the virtual machine monitor comprises a load handler to set invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 6. The apparatus of claim 5, wherein, when the guest operating system attempts to access a modified page table, control of memory access transactions is transferred to the virtual machine monitor.
  - 7. The apparatus of claim 6, wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 8. The apparatus of claim 7, wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of a plurality of linear frame numbers of a modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.

9. A method comprising:
- providing a normal execution mode and a protected execution mode in a processor; and
  
  while operating in either the protected execution mode of the processor or the normal execution mode of the processor, controlling access to a page table hierarchy by a guest operating system (OS) including obtaining control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy, wherein the guest operating system operates as part of a virtual machine.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising storing information related to the page table hierarchy.
  - 11. The method of claim 9, further comprising, setting invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 12. The method of claim 11, wherein, when the guest operating system attempts to access a modified page table, control of memory access transactions is transferred to a virtual machine monitor.
  - 13. The method of claim 12, further comprising storing information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 14. The method of claim 13, further comprising, determining whether a faulting linear frame number matches one of a plurality of linear frame numbers of a modified page table, and if so, emulating a requested instruction on behalf of the guest operating system.

15. A machine-readable medium having stored thereon instructions, which when executed by a machine, cause the machine to perform the following operations comprising:
- providing a normal execution mode and a protected execution mode in a processor; and
  
  while operating in either the protected execution mode of the processor or the normal execution mode of the processor, controlling access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The machine-readable medium of claim 15, wherein the instructions cause the machine to perform further operations comprising obtaining control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy.
  - 17. The machine-readable medium of claim 16, wherein the instructions cause the machine to perform further operations comprising storing information related to the page table hierarchy.
  - 18. The machine-readable medium of claim 16, wherein the instructions cause the machine to perform further operations comprising implementing a setup phase to set invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 19. The machine-readable medium of claim 18, wherein, when the guest operating system attempts to access a modified page table, the instructions cause the machine to perform further operations comprising trapping to a virtual machine monitor to control memory access transactions.
  - 20. The machine-readable medium of claim 19, wherein the instructions cause the machine to perform further operations comprising storing information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 21. The machine-readable medium of claim 20, wherein the instructions cause the machine to perform further operations comprising determining whether a faulting linear frame number matches one of a plurality of linear frame numbers of a modified page table, and if so, emulating a requested instruction on behalf of the guest operating system.

22. A system comprising:
- a processor including virtual machine extension (VMX) instruction support to implement virtual machines, the processor having a normal execution mode or a protected execution mode;
  
  a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The system of claim 22, wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy.
  - 24. The system of claim 23, wherein the virtual machine monitor operates in an area of protected memory.
  - 25. The system of claim 23, wherein the virtual machine monitor stores information related to the page table hierarchy.
  - 26. The system of claim 23, wherein the virtual machine monitor implements a setup phase utilizing a load handler to set invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 27. The system of claim 26, wherein, when the guest operating system attempts to access a modified page table, control of memory access transactions is trapped to the virtual machine monitor.
  - 28. The system of claim 27, wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 29. The system of claim 28, wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of the linear frame numbers of a modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.

30. An apparatus comprising:
- a page table hierarchy; and
  
  a virtual machine monitor (VMM) to control access to the page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine;
  
  wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The apparatus of claim 30, further comprising a processor having a normal execution mode and a protected execution mode, the virtual machine monitor operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor
  - 32. The apparatus of claim 31, wherein the virtual machine monitor operates in an area of protected memory.
  - 33. The apparatus of claim 30, wherein the virtual machine monitor stores information related to the page table hierarchy.
  - 34. The apparatus of claim 30, wherein the virtual machine monitor implements a setup phase utilizing a load handler to set invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 35. The apparatus of claim 34, wherein, when the guest operating system attempts to access a modified page table, control of memory access transactions is trapped to the virtual machine monitor.
  - 36. The apparatus of claim 35, wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 37. The apparatus of claim 36, wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of a plurality of linear frame numbers of a modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.

38. A method comprising:
- controlling access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine; and
  
  obtaining control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy
- View Dependent Claims (39, 40, 41, 42, 43)
- - 39. The method of claim 38, further comprising storing information related to the page table hierarchy.
  - 40. The method of claim 38, further comprising, implementing a setup phase to set invalid flags for page tables in the page table hierarchy to create modified page tables.
  - 41. The method of claim 40, wherein, when the guest operating system attempts to access a modified page table, control of memory access transactions is trapped to a virtual machine monitor.
  - 42. The method of claim 41, further comprising storing information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to modified page tables.
  - 43. The method of claim 42, further comprising, determining whether a faulting linear frame number matches one of a plurality of linear frame numbers of a modified page table, and if so, emulating a requested instruction on behalf of the guest operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Rozas, Carlos V., Vij, Mona, Ranganathan, Kumar

Granted Patent

US 7,640,543 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/6
CPC Class Codes

G06F 12/109 for multiple virtual addres...

G06F 12/1491 in a hierarchical protectio...

Memory isolation and virtualization among virtual machines

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Memory isolation and virtualization among virtual machines

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links