CONFIGURATION SPACE VIRTUALIZATION

US 20100088431A1
Filed: 10/03/2008
Published: 04/08/2010
Est. Priority Date: 10/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method for managing communications between a virtual machine and an I/O device, comprising:

constructing a representation of configuration space for the I/O device indicating actions that can be performed on the I/O device by the virtual machine for memory locations within said configuration space;

constructing a representation of memory mapped I/O space, wherein each page of the memory mapped I/O space is mapped into said virtual machine or excluded from said virtual machine; and

controlling access to said I/O device in accordance with said representation of configuration space and said representation of memory mapped I/O space.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various aspects are disclosed herein for bounding the behavior of a non-privileged virtual machine that interacts with a device by creating a description of the device which indicates to a privileged authority (1) which operations on the device may have system-wide effects and (2) which operations have effects local to the device. The privileged authority may then permit or deny these actions. The privileged authority may also translate these actions into other actions with benign consequences.

51 Citations

View as Search Results

20 Claims

1. A method for managing communications between a virtual machine and an I/O device, comprising:
- constructing a representation of configuration space for the I/O device indicating actions that can be performed on the I/O device by the virtual machine for memory locations within said configuration space;
  
  constructing a representation of memory mapped I/O space, wherein each page of the memory mapped I/O space is mapped into said virtual machine or excluded from said virtual machine; and
  
  controlling access to said I/O device in accordance with said representation of configuration space and said representation of memory mapped I/O space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein said constructing a representation of configuration space further comprises associating each bit within said representation of configuration space with at least one read and write operation.
  - 3. The method according to claim 1, wherein for any memory excluded from said representation of configuration space or for any memory excluded from said representation of memory mapped I/O space, populating said any memory with data representative of said I/O device.
  - 4. The method according to claim 2, wherein said read and write operations comprise:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, and set to one after first read.
  - 5. The method according to claim 3, further comprising:
    - defining bits within pages for the excluded memory; and
      
      receiving intercepts and processing the intercepts using pages with the defined bits.
  - 6. The method according to claim 1, further comprising receiving information for constructing said maps, wherein said information is received in a file provided by a vendor of said I/O device, and wherein said constructing a representation of configuration space and said constructing a representation of memory mapped I/O space further comprises constructing the representations in accordance with said information.
  - 7. The method according to claim 6, wherein said file is digitally signed by said vendor.
  - 8. The method according to claim 1, wherein said managing is performed by a virtualizing layer.
  - 9. The method according to claim 6, further comprising:
    - constructing a representation of I/O space;
      
      populating said representation of I/O space based on said received information; and
      
      controlling access to said I/O device in accordance with said representation of I/O space.
  - 10. The method according to claim 6, further comprising populating both said map of configuration space and said map of memory mapped I/O space based on the received information.
  - 11. The method according to claim 1, further comprising excluding I/O space from said virtual machine.

12. A system adapted to managing communications between a virtual machine and a device, comprising:
- at least one processor; and
  
  at least one memory communicatively coupled to said at least one processor, the memory having stored therein computer-executable instructions capable of;
  
  receiving a description of the device, the description comprising information regarding which operations on the device have system-wide effects and which have effects that are local to the device;
  
  creating a representation of the description; and
  
  embedding said representation in an installation file for a driver for said device, wherein the representation enables the construction of a map of configuration space for the device and a map of memory mapped I/O space, wherein said map of configuration space and said map of memory mapped I/O space may be used to access the device.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12 wherein each bit within said map of configuration space comprises at least one of the following properties:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, or set to one after first read.
  - 14. The system according to claim 12, wherein the installation file is an INF, further comprising digitally signing the INF.

15. A computer readable storage medium storing thereon computer executable instructions for controlling access to a PCI, PCI-X or PCI-Express device wherein the device is communicatively coupled to a physical machine that hosts virtual machines, comprising instructions for:
- receiving an installation file for the device, wherein the installation file comprises information regarding which operations on the device have system-wide effects and which have effects that are local to the device;
  
  constructing at least one map of attributes for the device'"'"'s configuration space, memory mapped I/O space and I/O space, wherein each page or each bit associated with the at least one map is mapped into said virtual machine and wherein a static page of bits can be provided to a virtual machine as the state of the device;
  
  populating the at least one map based on said received installation file; and
  
  using the at least one map to manage access the device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable storage medium of claim 15 wherein each bit within said map or page associated with the at least one map contains one of the following attributes:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, or set to one after first read.
  - 17. The computer readable storage medium of claim 15 wherein for any memory excluded from said map of configuration space or for any memory excluded from said map of memory mapped I/O space, populating said any memory with predetermined data.
  - 18. The computer readable storage medium of claim 17 wherein said predetermined data corresponds to a predetermined device.
  - 19. The computer readable storage medium of claim 17, further comprising instructions for:
    - defining bits within pages for the excluded memory; and
      
      receiving intercepts and processing the intercepts using the pages with defined bits.
  - 20. The computer readable storage medium of claim 15, wherein said installation file is an INF provided by a vendor of said device and digitally signed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Thornton, Andrew John, Oshins, Jacob, Allsop, Brandon

Granted Patent

US 8,117,346 B2
Time in Patent Office

Days
Field of Search
US Class Current

710/10
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/468   Specific access rights for ...

G06F 9/5077   Logical partitioning of res...

CONFIGURATION SPACE VIRTUALIZATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONFIGURATION SPACE VIRTUALIZATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links