System and method to deprivilege components of a virtual machine monitor

US 20060130060A1
Filed: 12/10/2004
Published: 06/15/2006
Est. Priority Date: 12/10/2004
Status: Active Grant

First Claim

Patent Images

1. A system to deprivilege components of a virtual machine monitor, comprising:

a platform with virtualization hardware support having a plurality of virtual machine (VM) privilege levels, the platform capable of transitioning among processes running in various VM privilege levels based on at least one trapped event;

a micro-hypervisor portion of a virtual machine monitor (VMM), wherein program execution on the platform is to transfer to the micro-hypervisor after selected trapped events; and

at least one service virtual machine (SVM) portion of a VMM to service the least one trapped event, the SVM to run at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor, wherein program execution on the platform is to transfer to the at least one SVM by the micro-hypervisor based on the at least one trapped event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the invention involves a system to deprivilege components of a virtual machine monitor and enable deprivileged service virtual machines (SVMs) to handle selected trapped events. An embodiment of the invention is a hybrid VMM operating on a platform with hardware virtualization support. The hybrid VMM utilizes features from both hypervisor-based and host-based VMM architectures. In at least one embodiment, the functionality of a traditional VMM is partitioned into a small platform-dependent part called a micro-hypervisor (MH) and one or more platform-independent parts called service virtual machines (SVMs). The micro-hypervisor operates at a higher virtual machine (VM) privilege level than any SVM, while the SVM and other VMs may still have access to any instruction set architecture (ISA) privilege level. Other embodiments are described and claimed.

Citations

25 Claims

1. A system to deprivilege components of a virtual machine monitor, comprising:
- a platform with virtualization hardware support having a plurality of virtual machine (VM) privilege levels, the platform capable of transitioning among processes running in various VM privilege levels based on at least one trapped event;
  
  a micro-hypervisor portion of a virtual machine monitor (VMM), wherein program execution on the platform is to transfer to the micro-hypervisor after selected trapped events; and
  
  at least one service virtual machine (SVM) portion of a VMM to service the least one trapped event, the SVM to run at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor, wherein program execution on the platform is to transfer to the at least one SVM by the micro-hypervisor based on the at least one trapped event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system as recited in claim 1, wherein the micro-hypervisor is to run at a highest VM privilege level on the platform.
  - 3. The system as recited in claim 1, wherein a first operating system running in a first guest virtual machine on the platform runs at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor.
  - 4. The system as recited in claim 3, wherein a trapped event is caused when guest software running under the first operating system requests a service.
  - 5. The system as recited in claim 3, wherein at least one portion of the first operating system operates at a highest ISA privilege level of the platform.
  - 6. The system as recited in claim 3, further comprising a plurality of additional operating systems, each additional operating system to run in a respective additional virtual machine, the plurality of operating systems to run at a VM privilege level lower than the VM privilege level operated in by the micro-hypervisor.
  - 7. The system as recited in claim 1, wherein the at least one SVM is restricted in access to a selected at least one component.
  - 8. The system as recited in claim 1, where the micro-hypervisor is launched as a driver from a booting operating system.
  - 9. The system as recited in claim 1, wherein the micro-hypervisor resides in system firmware communicatively coupled to the platform.
  - 10. The system as recited in claim 1, wherein the micro-hypervisor is loaded during system boot.
  - 11. The system as recited in claim 1, wherein the at least one SVM provides services for hardware interactions.
  - 12. The system as recited in claim 1, wherein the highest VM privilege level on the platform is higher than a highest ISA privilege level on the platform.

13. A method for deprivileging services in a virtual machine monitor on a virtualization platform, comprising:
- transitioning control to a guest virtual machine (VM) in a platform with hardware virtualization support, by a micro-hypervisor portion of a virtual machine monitor (VMM), the guest VM to execute at a lower VM privilege level than the micro-hypervisor;
  
  receiving control due to a trapped event;
  
  determining which service virtual machine (SVM) portion of the VMM is to handle the trapped event; and
  
  transitioning control to the determined SVM for the trapped event, wherein the SVM is to execute at a VM privilege level below the VM privilege level operated in by the micro-hypervisor.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method as recited in claim 13, wherein the micro-hypervisor executes at a highest VM privilege level on the platform.
  - 15. The method as recited in claim 13, further comprising:
    - receiving control from the determined SVM; and
      
      transitioning execution to the guest VM.
  - 16. The method as recited in claim 13, wherein the determined SVM is a portion of the micro-hypervisor and the trapped event is handled locally by the micro-hypervisor without explicitly transitioning control to another VM.
  - 17. The method as recited in claim 13, wherein the trapping of events is enabled by the hardware virtualization support.
  - 18. The method as recited in claim 13, further comprising, prior to transitioning control to the guest virtual machine, enumerating at least one event type to be trapped in a virtual machine control structure (VMCS), the VMCS comprising a set of controls that specifies for each type of event, whether the event type is to cause a transition to the micro-hypervisor.
  - 19. The method as recited in claim 13, wherein transitioning control among the micro-hypervisor, guest VM and SVM is enabled by the hardware virtualization support.

20. A machine accessible medium for deprivileging services in a virtual machine monitor on a virtualization platform, the medium having instructions that when accessed cause the machine to:
- transition control to a guest virtual machine (VM) in a platform with hardware virtualization support, by a micro-hypervisor portion of a virtual machine monitor (VMM), the guest VM to execute at a lower VM privilege level than the micro-hypervisor;
  
  receive control due to a trapped event;
  
  determine which service virtual machine (SVM) portion of the VMM is to handle the trapped event; and
  
  transition control to one of the determined SVM and micro-hypervisor portion for the trapped event, wherein the SVM is to execute at a VM privilege level below the VM privilege level operated in by the micro-hypervisor.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The machine accessible medium as recited in claim 20, wherein the micro-hypervisor is to execute at a highest VM privilege level on the platform.
  - 22. The machine accessible medium as recited in claim 20, further comprising instructions that when accessed cause the machine to:
    - receive control from the determined SVM; and
      
      transition execution to the guest VM.
  - 23. The machine accessible medium as recited in claim 20, wherein the trapping of events is enabled by the hardware virtualization support.
  - 24. The machine accessible medium as recited in claim 20, further comprising instructions that when accessed prior to transitioning control to the guest virtual machine, enumerate at least one event type to be trapped in a virtual machine control structure (VMCS), the VMCS comprising a set of controls that specifies for each type of event, whether the event type is to cause a transition to the micro-hypervisor.
  - 25. The machine accessible medium as recited in claim 20, wherein transitioning control among the micro-hypervisor, guest VM and SVM is enabled by the hardware virtualization support.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Schoenberg, Sebastian, Anderson, Andrew V., Neiger, Gilbert, Bennett, Steven M., Zimmer, Vincent J., Rothman, Michael A., Uhlig, Richard, Jeyasingh, Stalinselvaraj, Kagi, Alain, Madukkarumukumana, Rajesh S., Cota-Robles, Erik

Granted Patent

US 7,757,231 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 9/45533 Hypervisors; Virtual machin...

System and method to deprivilege components of a virtual machine monitor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to deprivilege components of a virtual machine monitor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links