System and method to deprivilege components of a virtual machine monitor
First Claim
1. A system to deprivilege components of a virtual machine monitor, comprising:
- a platform with virtualization hardware support having a plurality of virtual machine (VM) privilege levels, the platform capable of transitioning among processes running in various VM privilege levels based on at least one trapped event;
a micro-hypervisor portion of a virtual machine monitor (VMM), wherein program execution on the platform is to transfer to the micro-hypervisor after selected trapped events; and
at least one service virtual machine (SVM) portion of a VMM to service the least one trapped event, the SVM to run at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor, wherein program execution on the platform is to transfer to the at least one SVM by the micro-hypervisor based on the at least one trapped event.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves a system to deprivilege components of a virtual machine monitor and enable deprivileged service virtual machines (SVMs) to handle selected trapped events. An embodiment of the invention is a hybrid VMM operating on a platform with hardware virtualization support. The hybrid VMM utilizes features from both hypervisor-based and host-based VMM architectures. In at least one embodiment, the functionality of a traditional VMM is partitioned into a small platform-dependent part called a micro-hypervisor (MH) and one or more platform-independent parts called service virtual machines (SVMs). The micro-hypervisor operates at a higher virtual machine (VM) privilege level than any SVM, while the SVM and other VMs may still have access to any instruction set architecture (ISA) privilege level. Other embodiments are described and claimed.
-
Citations
25 Claims
-
1. A system to deprivilege components of a virtual machine monitor, comprising:
-
a platform with virtualization hardware support having a plurality of virtual machine (VM) privilege levels, the platform capable of transitioning among processes running in various VM privilege levels based on at least one trapped event;
a micro-hypervisor portion of a virtual machine monitor (VMM), wherein program execution on the platform is to transfer to the micro-hypervisor after selected trapped events; and
at least one service virtual machine (SVM) portion of a VMM to service the least one trapped event, the SVM to run at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor, wherein program execution on the platform is to transfer to the at least one SVM by the micro-hypervisor based on the at least one trapped event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for deprivileging services in a virtual machine monitor on a virtualization platform, comprising:
-
transitioning control to a guest virtual machine (VM) in a platform with hardware virtualization support, by a micro-hypervisor portion of a virtual machine monitor (VMM), the guest VM to execute at a lower VM privilege level than the micro-hypervisor;
receiving control due to a trapped event;
determining which service virtual machine (SVM) portion of the VMM is to handle the trapped event; and
transitioning control to the determined SVM for the trapped event, wherein the SVM is to execute at a VM privilege level below the VM privilege level operated in by the micro-hypervisor. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A machine accessible medium for deprivileging services in a virtual machine monitor on a virtualization platform, the medium having instructions that when accessed cause the machine to:
-
transition control to a guest virtual machine (VM) in a platform with hardware virtualization support, by a micro-hypervisor portion of a virtual machine monitor (VMM), the guest VM to execute at a lower VM privilege level than the micro-hypervisor;
receive control due to a trapped event;
determine which service virtual machine (SVM) portion of the VMM is to handle the trapped event; and
transition control to one of the determined SVM and micro-hypervisor portion for the trapped event, wherein the SVM is to execute at a VM privilege level below the VM privilege level operated in by the micro-hypervisor. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification