Virtualization system including a virtual machine monitor for a computer with a segmented architecture
First Claim
1. A system for virtualizing a computer comprising:
- a hardware processor;
a memory;
a virtual machine monitor (VMM); and
a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
in which;
the virtual machine monitor includes;
a binary translation sub-system;
a direct execution sub-system; and
an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
In a computer that has hardware processor, and a memory, the invention provides a virtual machine monitor (VMM) and a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, which are either directly executable or non-directly executable. The VMM includes both a binary translation sub-system and a direct execution sub-system, as well as a sub-system that determines if VM instructions must be executed using binary translation, or if they can be executed using direct execution. Shadow descriptor tables in the VMM, corresponding to VM descriptor tables, segment tracking and memory tracing are used as factors in the decision of which execution mode to activate. The invention is particularly well-adapted for virtualizing computers in which the hardware processor has an Intel x86 architecture.
693 Citations
28 Claims
-
1. A system for virtualizing a computer comprising:
-
a hardware processor;
a memory;
a virtual machine monitor (VMM); and
a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
in which;
the virtual machine monitor includes;
a binary translation sub-system;
a direct execution sub-system; and
an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
the hardware processor has;
a plurality of privilege levels; and
virtualizeable instructions and non-virtualizeable instructions, in which the non-virtualizeable instructions have predefined semantics that depend on the privilege level, in which the semantics of at least two of the privilege levels are mutually different and non-trapping;
the virtual machine (VM) has a privileged operation mode and a non-privileged operation mode; and
the decision means is further provided for directing the VMM to activate the binary translation sub-system when the VM is in the privileged operation mode.
-
-
3. A system as in claim 1, in which:
-
the hardware processor has a plurality of hardware segments and at least one hardware segment descriptor table that is stored in the memory and that has, as entries, hardware segment descriptors;
the virtual machine (VM) has VM descriptor tables having, as entries, VM segment descriptors;
the virtual processor has virtual segments;
the VMM includes;
VMM descriptor tables, including shadow descriptors, corresponding to predetermined ones of the VM descriptors tables; and
segment tracking means for comparing the shadow descriptors with their corresponding VM segment descriptors, for indicating any lack of correspondence between shadow descriptor tables with their corresponding VM descriptor tables; and
for updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors.
-
-
4. A system as in claim 3, in which the VMM additionally includes one cached entry in the VMM descriptor tables for each segment of the processor, the binary translation sub-system selectively accessing each cached entry instead of the corresponding shadow entry.
-
5. A system as in claim 4, in which:
the hardware processor includes detection means for detecting attempts by the VM to load VMM descriptors other than shadow descriptors, and means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, and means for activating the binary translation sub-system, the binary translation sub-system using this cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
-
6. A system as in claim 4, in which:
-
the hardware processor has predetermined caching semantics and includes non-reversible state information;
the segment tracking means is further provided for detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
the VMM includes means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
the decision means is further provided for directing the VMM to activate the binary translation sub-system when the segment-tracking means has detected creation of a non-reversible segment, the binary translation sub-system using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
-
-
7. A system as in claim 4, in which:
-
the hardware processor has a native mode;
the virtual processor has native and non-native execution modes, in which the non-native execution modes are independent of the VM segment descriptor tables for accessing segments;
the decision means is further provided for directing the VMM to operate using the cached descriptors and to activate the binary translation sub-system when the hardware processor is in the non-native execution mode, the binary translation sub-system using the cached entry in the native mode when at least one of the following conditions is present;
the virtual processor is in one of the non-native execution modes; and
at least one virtual processor segment has been most recently loaded in one of the non-native execution modes.
-
-
8. A system as in claim 4, in which:
-
the hardware processor and the virtual processor each has native and non-native execution modes, in which at least one of the non-native execution modes is strictly virtualizeable; and
the decision means is further provided for directing the VMM to run in the same execution mode as the virtual processor.
-
-
9. A system as in claim 3, in which the hardware processor has a memory management unit (MMU), further comprising:
-
memory tracing means included in the VMM for detecting, via the MMU, accesses to selectable memory portions;
the segment tracking means being operatively connected to the memory tracing means for detecting accesses to selected memory portions.
-
-
10. A system as in claim 1, in which the hardware processor has an Intel x86 architecture that is compatible with at least the Intel 80386 processor.
-
11. A system as in claim 1, in which:
-
the hardware processor has an Intel x86 architecture, which has at least one non-virtualizeable instruction;
the virtual processor in the VM also has the Intel x86 architecture;
the virtual processor has a plurality of processing states at a plurality of current privilege levels (CPL), an input/output privilege level, and means for disabling interrupts;
the decision means is further provided for directing the VMM to activate the binary translation sub-system whenever at least one of the following conditions occur;
a) the CPL of the virtual processor is set to a most privileged level;
b) the input/output privilege level of the virtual processor is greater than zero; and
c) interrupts are disabled in the virtual processor;
the VMM, by means of the binary translation sub-system, thereby virtualizing all non-virtualizeable instructions of the virtual processor as a predetermined function of the processing state of the virtual processor.
-
-
12. A system as in claim 7, in which the
the hardware processor has an Intel x86 architecture with a protected operation mode, a real operation mode, and a system management operation mode; -
the VMM operates within the protected operation mode; and
the decision means is further provided for directing the VMM to activate the binary translation sub-system whenever the real and system management operation modes of the processor are to be virtualized.
-
-
13. A system as in claim 8, in which:
-
the hardware processor has an Intel x86 architecture with a strictly virtualizeable virtual 8086 mode; and
the decision means is further provided for directing the VMM to activate the direct execution sub-system whenever the virtual 8086 mode of the processor is to be virtualized.
-
-
14. A system as in claim 3, in which the computer has a plurality of hardware processors.
-
15. A system as in claim 14, further comprising:
-
a plurality of virtual processors included in the virtual machine; and
in the VMM, VMM descriptor tables for each virtual processor;
the segment tracking means including means for indicating to the VMM, on selected ones of the plurality of hardware processors, any lack of correspondence between the shadow descriptor tables and their corresponding VM descriptor tables;
for each hardware processor on which the VMM is running, the decision means discriminating between the directly executable and the non-directly executable VM instructions independent of the remaining hardware processors.
-
-
16. A system for virtualizing a computer comprising:
-
a hardware processor;
a memory;
a virtual machine monitor (VMM) that has at least one virtual processor; and
a virtual machine (VM) operatively connected to the virtual machine monitor for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
in which;
the virtual machine monitor includes;
a binary translation sub-system;
a direct execution sub-system; and
an execution decision sub-system forming decision means for discriminating between the directly executable and non-directly executable VM instructions, and for selectively directing the VMM to activate the direct execution subsystem for execution by the hardware processor of the directly executable VM instructions and to activate the binary translation subsystem for execution on the hardware processor of the non-directly executable VM instructions;
the hardware processor has;
a plurality of privilege levels; and
virtualizeable instructions and non-virtualizeable instructions, in which the non-virtualizeable instructions have predefined semantics that depend on the privilege level, in which the semantics of at least two of the privilege levels are non-trapping;
the virtual machine (VM) has a privileged operation mode and a non-privileged operation mode;
the decision means is further provided for directing the VMM to activate the binary translation sub-system when the VM is in the privileged operation mode;
the hardware processor has a plurality of hardware segments and at least one hardware segment descriptor table that is stored in the memory and that has, as entries, hardware processor descriptors;
the virtual machine (VM) has VM descriptor tables having, as entries, VM segment descriptors;
the VMM further includes;
VMM descriptor tables, including shadow descriptors, corresponding to predetermined ones of the VM descriptors tables; and
segment tracking means for comparing the shadow descriptors with their corresponding VM segment descriptors, for indicating any lack of correspondence between shadow descriptor tables with their corresponding VM descriptor tables; and
for updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors;
one cached entry in the VMM descriptor tables for each segment of the processor, the binary translation sub-system selectively accessing each cached entry instead of the corresponding shadow entry;
the hardware processor includes detection means for detecting attempts by the VM to load VMM descriptors other than shadow descriptors, and means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, and means for activating the binary translation sub-system, the binary translation sub-system using this cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor;
the hardware processor has predetermined caching semantics and includes non-reversible state information;
the segment tracking means is further provided for detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
the VMM includes means for updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
the decision means is further provided for directing the VMM to activate the binary translation sub-system when the segment-tracking means has detected creation of a non-reversible segment, the binary translation sub-system using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor;
the hardware processor has a native mode and non-native execution modes, in which at least one of the non-native execution modes is strictly virtualizeable;
the virtual processor has native and non-native execution modes, in which the non-native execution modes are independent of the VM descriptor tables for accessing segments;
the decision means is further provided for directing the VMM to operate using the cached descriptors and to activate the binary translation sub-system when the hardware processor is in the non-native execution mode, the binary translation sub-system using the cached entry in the native mode when at least one of the following conditions is present;
the virtual processor is in one of the non-native execution modes; and
at least one virtual processor segment has been most recently loaded in one of the non-native execution modes;
the decision means is further provided for directing the VMM to activate the direct execution sub-system when the hardware processor is in any strictly virtualizeable execution mode;
the hardware processor has a memory management unit (MMU);
the VMM includes memory tracing means included in the VMM for detecting, via the MMU, accesses to selectable memory portions; and
the segment tracking means is operatively connected to the memory tracing means for detecting accesses to selected memory portions.
-
-
17. In a system that includes:
-
a computer with a hardware processor and a memory;
a virtual machine monitor (VMM); and
at least one virtual machine (VM) that has a at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the VM instructions including directly executable VM instructions and non-directly executable instructions;
a method comprising the following steps;
in the VMM, executing the directly executable VM instructions using direct execution and executing the non-directly executable instructions using binary translation. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
in the VMM, executing the VM instructions using binary translation when the VM is in a privileged operation mode; and
the privileged and non-privileged operation modes of the VM being a predefined function of privilege levels of the hardware processor and predetermined semantics of the privilege levels of the hardware processor, of which the semantics of at least two of the privilege levels are mutually different and non-trapping.
-
-
19. A method as in claim 17, further comprising the following steps:
comparing VMM shadow descriptors with corresponding VM segment descriptors, indicating any lack of correspondence between VMM shadow descriptor tables and corresponding VM descriptor tables, and updating the shadow descriptors to correspond to their respective corresponding VM segment descriptors.
-
20. A method as in claim 19, further comprising the following steps:
-
in the VMM, storing, for each of a plurality of hardware processor segments, a cached descriptor in a descriptor cache; and
executing VM instructions using binary translation and selectively accessing each cached entry instead of the corresponding shadow entry.
-
-
21. A method as in claim 20, further comprising the following steps:
-
detecting attempts by the VM to load VMM descriptors other than shadow descriptors;
updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor; and
executing VM instructions using binary translation and using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
-
-
22. A method as in claim 20, further comprising the following steps:
-
detecting attempts by the VM to modify any VM segment descriptor that leads to a non-reversible processor segment;
updating the VMM descriptor table so that the cached entry corresponding to the processor segment also corresponds to the VM segment descriptor, before any modification of the VM segment descriptor;
detected creation of any non-reversible segment;
executing VM instructions using binary translation when creation of any non-reversible segment is detected and using the cached entry until the processor segment is subsequently loaded with a VMM descriptor that is a shadow descriptor.
-
-
23. A method as in claim 20, further comprising the following steps:
when the hardware processor is in any one of a plurality of non-native execution modes, operating the VMM using the cached descriptors and executing VM instructions by binary translation, using the cached entry in the native mode, when at least one of the following conditions is present;
the virtual processor is in one of the non-native execution modes; and
at least one virtual processor segment has been most recently loaded in one of the non-native execution modes.
-
24. A method as in claim 23, in which the non-native execution modes of the hardware processor, which has an Intel x86 architecture, include a protected operation mode, a real operation mode, and a system management operation mode, further comprising the following steps:
-
operating the VMM within the protected operation mode; and
executing VM instructions by binary translation whenever the real and system management operation modes of the processor are to be virtualized.
-
-
25. A method as in claim 20, in which at least one of the non-native execution modes is strictly virtualizeable, further including the step of executing VM instructions by binary translation when the hardware processor is in any strictly virtualizeable execution mode.
-
26. A method as in claim 25, in which the hardware processor has an Intel x86 architecture with a strictly virtualizeable virtual 8086 mode, further comprising the step of executing VM instructions using direct execution whenever virtual 8086 mode of the processor is to be virtualized.
-
27. A method as in claim 19, further comprising the step of applying memory tracing in the VMM and thereby detecting, via a MMU in the hardware processor, accesses to selectable memory portions.
-
28. A method as in claim 17, further including the step of executing VM instructions by binary translation whenever at least one of the following conditions occurs:
-
a) a current privilege level (CPL) of the virtual processor is set to a most privileged level;
b) an input/output privilege level of the virtual processor is greater than zero; and
c) interrupts are disabled in the virtual processor;
whereby all non-virtualizeable instructions of the virtual processor are virtualized as a predetermined function of a processing state of the virtual processor.
-
Specification