VIRTUAL MACHINE SYSTEM, VIRTUAL MACHINE CONTROL METHOD, VIRTUAL MACHINE CONTROL APPLICATION, AND SEMICONDUCTOR INTEGRATED CIRCUIT

US 20120331465A1
Filed: 09/12/2011
Published: 12/27/2012
Est. Priority Date: 03/02/2011
Status: Abandoned Application

First Claim

Patent Images

1. A virtual machine system including a memory unit, a processor connected to the memory unit, and a hypervisor running on the processor and causing the processor to perform execution control on a plurality of virtual machines, the virtual machine system comprisingan access controller controlling access by the virtual machines to memory areas of the memory unit, whereinthe memory unit includes a first memory area storing a type-1 program and a second memory area storing a type-2 program,the hypervisor includes:

a startup request reception module for receiving a type-1 or type-2 program startup request from the virtual machines; and

a virtual machine generation module for, upon receipt of the type-1 program startup request by the startup request reception module, generating a new virtual machine for executing the type-1 program and managing the new virtual machine as a type-1 virtual machine, and for, upon receipt of the type-2 program startup request by the startup request reception module, generating a new virtual machine for executing the type-2 program and managing the new virtual machine as a type-2 virtual machine, andthe access controller performs access control so as to forbid access to the second memory area by the new virtual machine managed by the virtual machine generation module as the type-1 virtual machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory protection unit controls access by virtual machines to memory areas. By having a hypervisor executed by a processor and the memory protection unit cooperate, access to memory areas by each virtual machine is controlled such that access to designated areas is forbidden. Accordingly, each virtual machine is unable to access programs, data, and so on stored in areas forbidden thereto.

51 Citations

View as Search Results

10 Claims

1. A virtual machine system including a memory unit, a processor connected to the memory unit, and a hypervisor running on the processor and causing the processor to perform execution control on a plurality of virtual machines, the virtual machine system comprisingan access controller controlling access by the virtual machines to memory areas of the memory unit, whereinthe memory unit includes a first memory area storing a type-1 program and a second memory area storing a type-2 program,the hypervisor includes:
- a startup request reception module for receiving a type-1 or type-2 program startup request from the virtual machines; and
  
  a virtual machine generation module for, upon receipt of the type-1 program startup request by the startup request reception module, generating a new virtual machine for executing the type-1 program and managing the new virtual machine as a type-1 virtual machine, and for, upon receipt of the type-2 program startup request by the startup request reception module, generating a new virtual machine for executing the type-2 program and managing the new virtual machine as a type-2 virtual machine, andthe access controller performs access control so as to forbid access to the second memory area by the new virtual machine managed by the virtual machine generation module as the type-1 virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The virtual machine system of claim 1, whereinthe access controller has a specification information storage unit for storing second memory area specification information specifying a second memory area address, and controls the access by the virtual machines to memory areas of the memory unit with reference to the second memory area specification information.
  - 3. The virtual machine system of claim 2, whereinthe memory unit includes a program association information storage area for storing program association information indicating program-specifying information in association with program type-specifying information,the virtual machine generation module includes a program type specifier for specifying, with reference to the program association information, a type of program as indicated in a program startup request received by the startup request reception module from a source virtual machine, andthe virtual machine generation module manages the new virtual machine as one of (i) the type-1 virtual machine generated upon receipt of the type-1 program startup request by the startup request reception module, and (ii) the type-2 virtual machine generated upon receipt of the type-2 program startup request by the startup request reception module, according to the type of program specified by the program type specifier.
  - 4. The virtual machine system of claim 3, whereinwhen generating the new virtual machine upon receipt of the type-1 or type-2 program startup request from the source virtual machine by the startup request reception module, the virtual machine generation module allocates the memory areas of the memory unit to the new virtual machine by fork implementation according to the memory areas allocated to the source virtual machine making the program startup request.
  - 5. The virtual machine system of claim 4, whereinthe hypervisor further includes a copy-on-write execution controller for controlling access to the memory areas of the memory unit by the virtual machines such that access to the memory areas by the first virtual machine and the second virtual machine is performed through copy-on-write implementation when the virtual machine generation module has allocated memory areas to the first virtual machine by fork implementation according to the memory areas allocated to the second virtual machine
  - 6. The virtual machine system of claim 5, whereinthe first memory area further includes an area storing data used when the type-1 program is executed by the virtual machines, andthe second memory area further includes an area storing data used when the type-2 program is executed by the virtual machines
  - 7. The virtual machine system of claim 5, whereinthe memory unit includes:
    - a device driver storage area storing a device driver; and
      
      a device control program storage area storing a device control program for communicating with a single virtual machine executing the device driver and for causing the single virtual machine to control a device, through execution of the program by another virtual machine not executing the device driver, andthe access controller performs access control such that access to the device driver storage area is restricted to the single virtual machine among the plurality of virtual machines subject to execution control.

8. A virtual machine control method for controlling a virtual machine system that includes a memory unit, a processor connected to the memory unit, a hypervisor running on the processor and causing the processor to perform execution control on a plurality of virtual machines, and an access controller controlling access by the virtual machines to memory areas of the memory unit, the memory unit including a first memory area storing a type-1 program and a second memory area storing a type-2 program, the virtual machine control method comprising:
- a startup request reception step of the hypervisor receiving a type-1 or type-2 program startup request from the virtual machines;
  
  a virtual machine generation step of the hypervisor, upon receipt of the type-1 program startup request during the startup request reception step, generating a new virtual machine for executing the type-1 program and managing the new virtual machine as a type-1 virtual machine, and, upon receipt of the type-2 program startup request during the startup request reception step, generating a new virtual machine for executing the type-2 program and managing the new virtual machine as a type-2 virtual machine; and
  
  an access control step of the access controller performing access control so as to forbid access to the second memory area by the new virtual machine managed as the type-1 virtual machine.

9. A virtual machine control program for controlling a virtual machine system that includes a memory unit, a processor connected to the memory unit, a hypervisor running on the processor and causing the processor to perform execution control on a plurality of virtual machines, and an access controller controlling access by the virtual machines to memory areas of the memory unit, the memory unit including a first memory area storing a type-1 program and a second memory area storing a type-2 program, the virtual machine control method comprising:
- a startup request reception step of the hypervisor receiving a type-1 or type-2 program startup request from the virtual machines;
  
  a virtual machine generation step of the hypervisor, upon receipt of the type-1 program startup request during the startup request reception step, generating a new virtual machine for executing the type-1 program and managing the new virtual machine as a type-1 virtual machine, and, upon receipt of the type-2 program startup request during the startup request reception step, generating a new virtual machine for executing the type-2 program and managing the new virtual machine as a type-2 virtual machine; and
  
  an access control step of the access controller performing access control so as to forbid access to the second memory area by the new virtual machine managed as the type-1 virtual machine

10. A semiconductor integrated circuit including a memory unit, a processor connected to the memory unit, and a hypervisor running on the processor and causing the processor to perform execution control on a plurality of virtual machines, the semiconductor integrated circuit comprisingan access controller controlling access by the virtual machines to memory areas of the memory unit, whereinthe memory unit includes a first memory area storing a type-1 program and a second memory area storing a type-2 program,the hypervisor includes:
- a startup request reception module for receiving a type-1 or type-2 program startup request from the virtual machines; and
  
  a virtual machine generation module for, upon receipt of the type-1 program startup request by the startup request reception module, generating a new virtual machine for executing the type-1 program and managing the new virtual machine as a type-1 virtual machine, and for, upon receipt of the type-2 program startup request by the startup request reception module, generating a new virtual machine for executing the type-2 program and managing the new virtual machine as a type-2 virtual machine, andthe access controller performs access control so as to forbid access to the second memory area by the new virtual machine managed by the virtual machine generation module as the type-1 virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Tanikawa, Tadao

Application Number

US13/583,151
Publication Number

US 20120331465A1
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/53   by executing in a restricte...

G06F 2212/151   Emulated environment, e.g. ...

G06F 9/5077   Logical partitioning of res...

VIRTUAL MACHINE SYSTEM, VIRTUAL MACHINE CONTROL METHOD, VIRTUAL MACHINE CONTROL APPLICATION, AND SEMICONDUCTOR INTEGRATED CIRCUIT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUAL MACHINE SYSTEM, VIRTUAL MACHINE CONTROL METHOD, VIRTUAL MACHINE CONTROL APPLICATION, AND SEMICONDUCTOR INTEGRATED CIRCUIT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links