Deferred shadowing of segment descriptors in a virtual machine monitor for a segmented computer architecture

US 6,785,886 B1
Filed: 08/24/2000
Issued: 08/31/2004
Est. Priority Date: 05/15/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system that has:

a memory;

a plurality of memory segments, each corresponding to a range of the memory;

a method for virtualizing a computer comprising the following steps;

loading in the computer system a virtual machine monitor (VMM) and at least one virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the virtual machine (VM) having at least one VM descriptor table that has, as entries, VM segment descriptors, each VM segment descriptor containing memory location identifiers corresponding to a memory segment;

in the VMM, establishing at least one VMM descriptor table, including at least one shadow descriptor table storing, for predetermined ones of the VM segment descriptors, corresponding shadow descriptors, each of the predetermined ones of the VM segment descriptors for which a shadow descriptor is stored being a shadowed descriptor;

initializing the shadow descriptors in a desynchronized state;

comparing the shadow descriptors with their respective corresponding shadowed VM descriptors;

detecting a lack of correspondence between the shadow descriptor table and the corresponding VM descriptor table; and

updating and thereby synchronizing each shadow descriptor with its respective shadowed VM descriptor, but deferring the updating of at least one shadow descriptor until the VM attempts to load the corresponding shadowed descriptor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more virtual machines (VM'"'"'s) run via a virtual machine monitor (VMM) on a hardware platform that has a segmented memory architecture. Each VM has at least one VM descriptor table that has, as entries, VM segment descriptors. At least one VMM descriptor table is established, including at least one shadow descriptor table that stores shadow descriptors for certain of the VM segment descriptors, which are then shadowed descriptors. The VMM compares the shadow descriptors with their respective corresponding shadowed VM descriptors, detects any lack of correspondence between the shadow descriptor table and the corresponding VM descriptor table, and updates and thereby synchronizes each shadow descriptor with its respective shadowed VM descriptor no later than, and preferably only upon the first use of, the respective descriptor by the VM. Whenever the VMM detects any attempt by the VM to load an usynchronized shadowed descriptor, the VMM verifies that the VM is allowed to load it, and then establishes synchronization for the pair of descriptors. One detection mechanism is the tracing of entire memory pages in which VM descriptors are stored; another involves sensing and setting the state of a segment present bit for individual descriptors. The invention improves virtualization performance by reducing the number of descriptors that need to be kept coherent. The VMM also has a flexible mechanism to invalidate descriptors, for example, when the VM unmaps or remaps the memory page it is located in, or when the VM sets a new segment descriptor table.

Citations

18 Claims

1. In a computer system that has:
- a memory;
  
  a plurality of memory segments, each corresponding to a range of the memory;
  
  a method for virtualizing a computer comprising the following steps;
  
  loading in the computer system a virtual machine monitor (VMM) and at least one virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the virtual machine (VM) having at least one VM descriptor table that has, as entries, VM segment descriptors, each VM segment descriptor containing memory location identifiers corresponding to a memory segment;
  
  in the VMM, establishing at least one VMM descriptor table, including at least one shadow descriptor table storing, for predetermined ones of the VM segment descriptors, corresponding shadow descriptors, each of the predetermined ones of the VM segment descriptors for which a shadow descriptor is stored being a shadowed descriptor;
  
  initializing the shadow descriptors in a desynchronized state;
  
  comparing the shadow descriptors with their respective corresponding shadowed VM descriptors;
  
  detecting a lack of correspondence between the shadow descriptor table and the corresponding VM descriptor table; and
  
  updating and thereby synchronizing each shadow descriptor with its respective shadowed VM descriptor, but deferring the updating of at least one shadow descriptor until the VM attempts to load the corresponding shadowed descriptor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as in claim 1, further including the step, in the VMM, of synchronizing selected ones of the VM segment descriptors, whereby synchronization comprises updating the shadow descriptors in the VMM to maintain correspondence with their respective shadowed, synchronized VM descriptors upon every change by the VM to the shadowed, synchronized VM descriptors.
  - 3. A method as in claim 2,
- 4. A method as in claim 3, in which the computer system has a memory management unit (MMU) that includes a memory map and is able to trace accesses to designated memory pages and cause a page fault to be generated upon any attempt by software to access a memory page that is not mapped, that is, not included in the memory map, further including the following steps:
  - storing the VMM descriptor table and thus also the shadow descriptors on VMM-associated memory pages; and
    
    in the VMM, selectively mapping and unmapping the VMM-associated memory pages, thereby causing page faults to be generated upon any attempt to load into any hardware segment register a shadow descriptor located on any unmapped VMM-associated memory page.
- 5. A method as in claim 4, further including the following steps:
  - A) upon attempted loading by the VM of a VM segment descriptor into a hardware segment register, determining, in the VMM, whether a corresponding shadow descriptor exists and is synchronized in the VMM descriptor table;
    
    B) upon determining that a corresponding shadow descriptor does exist and is synchronized in the VMM descriptor table, loading the corresponding synchronized shadow descriptor;
    
    C) upon determining that a corresponding synchronized shadow descriptor does not exist, determining whether the page containing the VM segment descriptor is mapped;
    
    1) upon determining that the page containing the VM segment descriptor is unmapped, forwarding a corresponding fault to the VM;
    
    2) upon determining that the page containing the VM segment is mapped;
    
    a) mapping the page on which the corresponding shadow descriptor is located;
    
    b) synchronizing the shadow descriptor with the VM segment descriptor that the VM attempted to load;
    
    c) restarting attempted loading of the VM segment descriptor into the respective hardware segment register, thereby ensuring loading of only synchronized shadow descriptors.
- 6. A method as in claim 5, further including the step of determining if the page of the VMM descriptor table containing the synchronized shadow descriptor contains only shadow descriptors and, if so, synchronizing all shadow descriptors on the page whenever one is synchronized, thereby enabling whole memory page detection of attempted loading into any hardware segment register of any shadow descriptors located on the respective page.
- 7. A method as in claim 4, further including the step of tracing accesses to the designated memory pages via a preexisting hardware MMU in the computer system.
- 8. A method as in claim 4, further including the following steps:
  - sensing, in the VMM, changes of mapping of any page(s) of the VM descriptor table; and
    
    in the VMM, desynchronizing and preventing access by the VM to all shadow descriptors corresponding to shadowed descriptors on the page(s) of the VM descriptor table whose mapping is being changed.
- 9. A method as in claim 8, further including the following step:
  - in the VMM, determining whether any VM segment descriptor on the page(s) of the VM descriptor table whose mapping is being changed is currently loaded in any hardware segment register, and, for each such VM segment descriptor so loaded, creating a cached copy of the corresponding shadow descriptor, thereby enabling reversibility of each such VM segment descriptor.
- 10. A method as in claim 3, further including the following steps:
  - A) setting a protection attribute of shadow descriptors to a not present state;
    
    B) upon attempted loading by the VM of a VM segment descriptor, determining, in the VMM, whether the protection attribute of the corresponding shadow descriptor is in a present state or in the not present state;
    
    C) upon determining that the protection attribute is in the present state, loading the corresponding shadow descriptor;
    
    D) upon determining that the protection attribute is in the not present state, determining whether the page on which the VM segment descriptor is located is mapped;
    
    1) upon determining that the page on which the VM segment descriptor is unmapped, forwarding a corresponding fault to the VM;
    
    2) upon determining that the page on which the VM segment descriptor is mapped;
    
    a) synchronizing the shadow descriptor with the VM segment descriptor that the VM attempted to load;
    
    b) setting the protection attribute of the shadow descriptor to the present state;
    
    c) restarting attempted loading of the VM segment descriptor into the respective hardware segment register, thereby enabling detection of attempted loading of individual unsynchronized descriptors regardless of other data located on the same memory page.
- 11. A method as in claim 1, in which each shadow descriptor is first updated and thereby synchronized with its respective shadowed VM descriptor at the time of the first use of the descriptor by the VM.

12. In a computer system that has a memory, a plurality of hardware memory segments, each corresponding to a range of the memory, at least one hardware segment register, and at least one hardware descriptor table that has, as entries, hardware segment descriptors, each hardware segment descriptor containing memory location identifiers corresponding to a memory segment, a method for virtualizing a computer comprising the following steps:
- A) loading in the computer system a virtual machine monitor (VMM) and at least one virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions, the virtual machine (VM) having at least one VM descriptor table that has, as entries, VM segment descriptors, each VM segment descriptor containing memory location identifiers corresponding to a memory segment;
  
  B) in the VMM, establishing at least one VMM descriptor table, including at least one shadow descriptor table storing, for predetermined ones of the VM segment descriptors, corresponding shadow descriptors, each of the predetermined ones of the VM segment descriptors for which a shadow descriptor is stored being a shadowed descriptor and each shadow descriptor being initialized in a desynchronized state;
  
  C) comparing the shadow descriptors with their respective corresponding shadowed VM descriptors;
  
  D) detecting a lack of correspondence between the shadow descriptor table and the corresponding VM descriptor table;
  
  E) updating and thereby synchronizing each shadow descriptor with its respective shadowed VM descriptor, but deferring the updating of at least one shadow descriptor until the VM attempts to load the corresponding shadowed descriptor, according to the following steps F)-P);
  
  F) in the VMM, synchronizing selected ones of the VM segment descriptors, whereby synchronization comprises updating the shadow descriptors in the VMM to maintain correspondence with their respective shadowed, synchronized VM descriptors upon every change by the VM to the shadowed, synchronized VM descriptors;
  
  G) preventing access and loading into any hardware segment register by the VM of unsynchronized shadow descriptors;
  
  H) storing the VMM descriptor table and thus also the shadow descriptors on VMM-associated memory pages;
  
  I) in the VMM, selectively mapping and unmapping the VMM-associated memory pages, thereby causing page faults to be generated upon any attempt to load into any hardware segment register a shadow descriptor located on any unmapped VMM-associated memory page;
  
  J) upon attempted loading by the VM of a VM segment descriptor into a hardware segment register, determining, in the VMM, whether a corresponding shadow descriptor exists and is synchronized in the VMM descriptor table;
  
  K) upon determining that a corresponding shadow descriptor does exist and is synchronized in the VMM descriptor table, loading the corresponding synchronized shadow descriptor;
  
  L) upon determining that a corresponding synchronized shadow descriptor does not exist, determining whether the page containing the VM segment descriptor is mapped;
  
  1) upon determining that the page containing the VM segment descriptor is unmapped, forwarding a corresponding fault to the VM;
  
  2) upon determining that the page containing the VM segment is mapped;
  
  a) mapping the page on which the corresponding shadow descriptor is located;
  
  b) synchronizing the shadow descriptor with the VM segment descriptor that the VM attempted to load;
  
  c) restarting attempted loading of the VM segment descriptor into the respective hardware segment register, thereby ensuring loading of only synchronized shadow descriptors;
  
  M) setting a protection attribute of selected ones of the shadow descriptors to a not present state;
  
  N) upon attempted loading by the VM of a VM segment descriptor, determining, in the VMM, whether the protection attribute of the corresponding shadow descriptor is in a present state or in the not present state;
  
  O) upon determining that the protection attribute is in the present state, loading the corresponding shadow descriptor;
  
  P) upon determining that the protection attribute is in the not present state, determining whether the page on which the VM segment descriptor is located is mapped;
  
  1) upon determining that the page on which the VM segment descriptor is unmapped, forwarding a corresponding fault to the VM;
  
  2) upon determining that the page on which the VM segment descriptor is mapped;
  
  a) synchronizing the shadow descriptor with the VM segment descriptor that the VM attempted to load;
  
  b) setting the protection attribute of the shadow descriptor to the present state;
  
  c) restarting attempted loading of the VM segment descriptor into the respective hardware segment register, thereby enabling detection of attempted loading of individual unsynchronized descriptors regardless of other data located on the same memory page.

13. A system for virtualizing a computer comprising:
- a memory;
  
  a plurality of hardware memory segments, each corresponding to a range of the memory;
  
  at least one hardware segment register;
  
  at least one hardware descriptor table that has, as entries, hardware segment descriptors, each hardware segment descriptor containing memory location identifiers corresponding to a memory segment;
  
  a virtual machine monitor (VMM); and
  
  a virtual machine (VM) that has at least one virtual processor and is operatively connected to the VMM for running a sequence of VM instructions;
  
  in which;
  
  the virtual machine (VM) has at least one VM descriptor table having, as entries, VM segment descriptors;
  
  the VMM includes;
  
  VMM descriptor tables, including at least one shadow descriptor table storing, for predetermined ones of the VM segment descriptors, corresponding shadow descriptors, each of the predetermined ones of the VM segment descriptors for which a shadow descriptor is stored being a shadowed descriptor that is initialized in a desynchronized state; and
  
  descriptor tracking means;
  
  for comparing the shadow descriptors with their respective corresponding VM segment descriptors;
  
  for detecting a lack of correspondence between the shadow descriptor table and the corresponding VM descriptor table; and
  
  for updating and thereby synchronizing each shadow descriptor with its respective VM segment descriptor but deferring the updating of at least one shadow descriptor until the VM attempts to load the corresponding shadowed descriptor.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A system as defined in claim 13, in which the descriptor tracking means is further provided for synchronizing selected ones of the VM segment descriptors, whereby synchronization comprises updating the shadow descriptors in the VMM to maintain correspondence with their respective shadowed, synchronized VM descriptors upon every change by the VM to the shadowed, synchronized VM descriptors.
  - 15. A method as in claim 14, in which the descriptor tracking means is further provided for preventing access and loading into any hardware segment register by the VM of unsynchronized shadow descriptors.
  - 16. A system as in claim 15, further comprising:
17. A system as in claim 16, in which the VMM is further provided:
- for sensing changes of mapping of any page(s) of the VM descriptor table; and
  
  for desynchronizing and preventing access by the VM to all shadow descriptors corresponding to shadowed descriptors on the page(s) of the VM descriptor table whose mapping is being changed.
18. A system as in claim 15, in which the VMM is further provided:
- A) for setting a protection attribute of shadow descriptors to a not present state;
  
  B) upon attempted loading by the VM of a VM segment descriptor, for determining whether the protection attribute of the corresponding shadow descriptor is in a present state or in the not present state;
  
  C) upon determining that the protection attribute is in the present state, for loading the corresponding shadow descriptor into the VM-designated one of the hardware segment registers;
  
  D) upon determining that the protection attribute is in the not present state, for determining whether the page on which the VM segment descriptor is located is mapped;
  
  1) upon determining that the page on which the VM segment descriptor is unmapped, for forwarding a corresponding fault to the VM;
  
  2) upon determining that the page on which the VM segment descriptor is mapped;
  
  a) for synchronizing the shadow descriptor with the VM segment descriptor that the VM attempted to load;
  
  b) for setting the protection attribute of the shadow descriptor to the present state;
  
  c) for restarting attempted loading of the VM segment descriptor into the respective hardware segment register, thereby detecting attempted loading of individual unsynchronized descriptors regardless of other data located on the same memory page.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VMware, Inc. (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Lim, Beng-Hong, Bugnion, Edouard, Le, Bich C.
Primary Examiner(s)
An, Meng-Al T.
Assistant Examiner(s)
Ali, Syed J.

Application Number

US09/648,394
Time in Patent Office

1,468 Days
Field of Search

709/1, 711/6, 711/118, 711/135, 711/154, 711/202, 711/203, 711/206, 711/208-210, 711/221
US Class Current

718/1
CPC Class Codes

G06F 9/45533 Hypervisors; Virtual machin...

Deferred shadowing of segment descriptors in a virtual machine monitor for a segmented computer architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Deferred shadowing of segment descriptors in a virtual machine monitor for a segmented computer architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links