Virtualization system including a virtual machine monitor for a computer with a segmented architecture

US 6,397,242 B1
Filed: 10/26/1998
Issued: 05/28/2002
Est. Priority Date: 05/15/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for virtualizing a computer comprising:

a hardware processor;

a memory;

a virtual machine monitor (VMM); and

a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;

in which;

the virtual machine monitor includes;

a binary translation sub-system;

a direct execution sub-system; and

an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer that has hardware processor, and a memory, the invention provides a virtual machine monitor (VMM) and a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, which are either directly executable or non-directly executable. The VMM includes both a binary translation sub-system and a direct execution sub-system, as well as a sub-system that determines if VM instructions must be executed using binary translation, or if they can be executed using direct execution. Shadow descriptor tables in the VMM, corresponding to VM descriptor tables, segment tracking and memory tracing are used as factors in the decision of which execution mode to activate. The invention is particularly well-adapted for virtualizing computers in which the hardware processor has an Intel x86 architecture.

693 Citations

28 Claims

1. A system for virtualizing a computer comprising:
- a hardware processor;
  
  a memory;
  
  a virtual machine monitor (VMM); and
  
  a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
  
  in which;
  
  the virtual machine monitor includes;
  
  a binary translation sub-system;
  
  a direct execution sub-system; and
  
  an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A system as in claim 1, in which:
3. A system as in claim 1, in which:
- the hardware processor has a plurality of hardware segments and at least one hardware segment descriptor table that is stored in the memory and that has, as entries, hardware segment descriptors;
  
  the virtual machine (VM) has VM descriptor tables having, as entries, VM segment descriptors;
  
  the virtual processor has virtual segments;
  
  the VMM includes;
  
  VMM descriptor tables, including shadow descriptors, corresponding to predetermined ones of the VM descriptors tables; and
  
  segment tracking means for comparing the shadow descriptors with their corresponding VM segment descriptors, for indicating any lack of correspondence between shadow descriptor tables with their corresponding VM descriptor tables; and
  
  for updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors.
4. A system as in claim 3, in which the VMM additionally includes one cached entry in the VMM descriptor tables for each segment of the processor, the binary translation sub-system selectively accessing each cached entry instead of the corresponding shadow entry.
5. A system as in claim 4, in which:
- the hardware processor includes detection means for detecting attempts by the VM to load VMM descriptors other than shadow descriptors, and means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, and means for activating the binary translation sub-system, the binary translation sub-system using this cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
6. A system as in claim 4, in which:
- the hardware processor has predetermined caching semantics and includes non-reversible state information;
  
  the segment tracking means is further provided for detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
  
  the VMM includes means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
  
  the decision means is further provided for directing the VMM to activate the binary translation sub-system when the segment-tracking means has detected creation of a non-reversible segment, the binary translation sub-system using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
7. A system as in claim 4, in which:
- the hardware processor has a native mode;
  
  the virtual processor has native and non-native execution modes, in which the non-native execution modes are independent of the VM segment descriptor tables for accessing segments;
  
  the decision means is further provided for directing the VMM to operate using the cached descriptors and to activate the binary translation sub-system when the hardware processor is in the non-native execution mode, the binary translation sub-system using the cached entry in the native mode when at least one of the following conditions is present;
  
  the virtual processor is in one of the non-native execution modes; and
  
  at least one virtual processor segment has been most recently loaded in one of the non-native execution modes.
8. A system as in claim 4, in which:
- the hardware processor and the virtual processor each has native and non-native execution modes, in which at least one of the non-native execution modes is strictly virtualizeable; and
  
  the decision means is further provided for directing the VMM to run in the same execution mode as the virtual processor.
9. A system as in claim 3, in which the hardware processor has a memory management unit (MMU), further comprising:
- memory tracing means included in the VMM for detecting, via the MMU, accesses to selectable memory portions;
  
  the segment tracking means being operatively connected to the memory tracing means for detecting accesses to selected memory portions.
10. A system as in claim 1, in which the hardware processor has an Intel x86 architecture that is compatible with at least the Intel 80386 processor.
11. A system as in claim 1, in which:
- the hardware processor has an Intel x86 architecture, which has at least one non-virtualizeable instruction;
  
  the virtual processor in the VM also has the Intel x86 architecture;
  
  the virtual processor has a plurality of processing states at a plurality of current privilege levels (CPL), an input/output privilege level, and means for disabling interrupts;
  
  the decision means is further provided for directing the VMM to activate the binary translation sub-system whenever at least one of the following conditions occur;
  
  a) the CPL of the virtual processor is set to a most privileged level;
  
  b) the input/output privilege level of the virtual processor is greater than zero; and
  
  c) interrupts are disabled in the virtual processor;
  
  the VMM, by means of the binary translation sub-system, thereby virtualizing all non-virtualizeable instructions of the virtual processor as a predetermined function of the processing state of the virtual processor.
12. A system as in claim 7, in which thethe hardware processor has an Intel x86 architecture with a protected operation mode, a real operation mode, and a system management operation mode;
- the VMM operates within the protected operation mode; and
  
  the decision means is further provided for directing the VMM to activate the binary translation sub-system whenever the real and system management operation modes of the processor are to be virtualized.
13. A system as in claim 8, in which:
- the hardware processor has an Intel x86 architecture with a strictly virtualizeable virtual 8086 mode; and
  
  the decision means is further provided for directing the VMM to activate the direct execution sub-system whenever the virtual 8086 mode of the processor is to be virtualized.
14. A system as in claim 3, in which the computer has a plurality of hardware processors.
15. A system as in claim 14, further comprising:
- a plurality of virtual processors included in the virtual machine; and
  
  in the VMM, VMM descriptor tables for each virtual processor;
  
  the segment tracking means including means for indicating to the VMM, on selected ones of the plurality of hardware processors, any lack of correspondence between the shadow descriptor tables and their corresponding VM descriptor tables;
  
  for each hardware processor on which the VMM is running, the decision means discriminating between the directly executable and the non-directly executable VM instructions independent of the remaining hardware processors.

16. A system for virtualizing a computer comprising:
- a hardware processor;
  
  a memory;
  
  a virtual machine monitor (VMM) that has at least one virtual processor; and
  
  a virtual machine (VM) operatively connected to the virtual machine monitor for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
  
  in which;
  
  the virtual machine monitor includes;
  
  a binary translation sub-system;
  
  a direct execution sub-system; and
  
  an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions;
  
  the hardware processor has;
  
  a plurality of privilege levels; and
  
  virtualizeable instructions and non-virtualizeable instructions, in which the non-virtualizeable instructions have predefined semantics that depend on the privilege level, in which the semantics of at least two of the privilege levels are non-trapping;
  
  the virtual machine (VM) has a privileged operation mode and a non-privileged operation mode;
  
  the decision means is further provided for directing the VMM to activate the binary translation sub-system when the VM is in the privileged operation mode;
  
  the hardware processor has a plurality of hardware segments and at least one hardware segment descriptor table that is stored in the memory and that has, as entries, hardware processor descriptors;
  
  the virtual machine (VM) has VM descriptor tables having, as entries, VM segment descriptors;
  
  the VMM further includes;
  
  VMM descriptor tables, including shadow descriptors, corresponding to predetermined ones of the VM descriptors tables; and
  
  segment tracking means for comparing the shadow descriptors with their corresponding VM segment descriptors, for indicating any lack of correspondence between shadow descriptor tables with their corresponding VM descriptor tables; and
  
  for updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors;
  
  one cached entry in the VMM descriptor tables for each segment of the processor, the binary translation sub-system selectively accessing each cached entry instead of the corresponding shadow entry;
  
  the hardware processor includes detection means for detecting attempts by the VM to load VMM descriptors other than shadow descriptors, and means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, and means for activating the binary translation sub-system, the binary translation sub-system using this cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor;
  
  the hardware processor has predetermined caching semantics and includes non-reversible state information;
  
  the segment tracking means is further provided for detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
  
  the VMM includes means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
  
  the decision means is further provided for directing the VMM to activate the binary translation sub-system when the segment-tracking means has detected creation of a non-reversible segment, the binary translation sub-system using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor;
  
  the hardware processor has a native mode and non-native execution modes, in which at least one of the non-native execution modes is strictly virtualizeable;
  
  the virtual processor has native and non-native execution modes, in which the non-native execution modes are independent of the VM descriptor tables for accessing segments;
  
  the decision means is further provided for directing the VMM to operate using the cached descriptors and to activate the binary translation sub-system when the hardware processor is in the non-native execution mode, the binary translation sub-system using the cached entry in the native mode when at least one of the following conditions is present;
  
  the virtual processor is in one of the non-native execution modes; and
  
  at least one virtual processor segment has been most recently loaded in one of the non-native execution modes;
  
  the decision means is further provided for directing the VMM to activate the direct execution sub-system when the hardware processor is in any strictly virtualizeable execution mode;
  
  the hardware processor has a memory management unit (MMU);
  
  the VMM includes memory tracing means included in the VMM for detecting, via the MMU, accesses to selectable memory portions; and
  
  the segment tracking means is operatively connected to the memory tracing means for detecting accesses to selected memory portions.

17. In a system that includes:
- a computer with a hardware processor and a memory;
  
  a virtual machine monitor (VMM); and
  
  at least one virtual machine (VM) that has a at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
  
  a method comprising the following steps;
  
  in the VMM, executing the directly executable VM instructions using direct execution and executing the non-directly executable instructions using binary translation.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. A method as in claim 17, further comprising the following steps:
19. A method as in claim 17, further comprising the following steps:
- comparing VMM shadow descriptors with corresponding VM segment descriptors, indicating any lack of correspondence between VMM shadow descriptor tables and corresponding VM descriptor tables, and updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors.
20. A method as in claim 19, further comprising the following steps:
- in the VMM, storing, for each of a plurality of hardware processor segments, a cached descriptor in a descriptor cache; and
  
  executing VM instructions using binary translation and selectively accessing each cached entry instead of the corresponding shadow entry.
21. A method as in claim 20, further comprising the following steps:
- detecting attempts by the VM to load VMM descriptors other than shadow descriptors;
  
  updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor; and
  
  executing VM instructions using binary translation and using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
22. A method as in claim 20, further comprising the following steps:
- detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
  
  updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
  
  detected creation of any non-reversible segment;
  
  executing VM instructions using binary translation when creation of any non-reversible segment is detected and using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
23. A method as in claim 20, further comprising the following steps:
- when the hardware processor is in any one of a plurality of non-native execution modes, operating the VMM using the cached descriptors and executing VM instructions by binary translation, using the cached entry in the native mode, when at least one of the following conditions is present;
  
  the virtual processor is in one of the non-native execution modes; and
  
  at least one virtual processor segment has been most recently loaded in one of the non-native execution modes.
24. A method as in claim 23, in which the non-native execution modes of the hardware processor, which has an Intel x86 architecture, include a protected operation mode, a real operation mode, and a system management operation mode, further comprising the following steps:
- operating the VMM within the protected operation mode; and
  
  executing VM instructions by binary translation whenever the real and system management operation modes of the processor are to be virtualized.
25. A method as in claim 20, in which at least one of the non-native execution modes is strictly virtualizeable, further including the step of executing VM instructions by binary translation when the hardware processor is in any strictly virtualizeable execution mode.
26. A method as in claim 25, in which the hardware processor has an Intel x86 architecture with a strictly virtualizeable virtual 8086 mode, further comprising the step of executing VM instructions using direct execution whenever virtual 8086 mode of the processor is to be virtualized.
27. A method as in claim 19, further comprising the step of applying memory tracing in the VMM and thereby detecting, via a MMU in the hardware processor, accesses to selectable memory portions.
28. A method as in claim 17, further including the step of executing VM instructions by binary translation whenever at least one of the following conditions occurs:
- a) a current privilege level (CPL) of the virtual processor is set to a most privileged level;
  
  b) an input/output privilege level of the virtual processor is greater than zero; and
  
  c) interrupts are disabled in the virtual processor;
  
  whereby all non-virtualizeable instructions of the virtual processor are virtualized as a predetermined function of a processing state of the virtual processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VMware, Inc. (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Devine, Scott W., Bugnion, Edouard, Rosenblum, Mendel
Primary Examiner(s)
BANANKHAH, MAJID A

Application Number

US09/179,137
Time in Patent Office

1,310 Days
Field of Search

709/100,1,200,224,316,320,328,330,223 717/131,138,140 703/26,27 714/1,2,47
US Class Current

718/1
CPC Class Codes

G06F 9/45533 Hypervisors; Virtual machin...

Virtualization system including a virtual machine monitor for a computer with a segmented architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

693 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Virtualization system including a virtual machine monitor for a computer with a segmented architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

693 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links