Memory isolation and virtualization among virtual machines
First Claim
Patent Images
1. An apparatus comprising:
- a processor having a normal execution mode and a protected execution mode; and
a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor operating in an area of protected memory, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine, the guest OS through the VMM to manage memory address access for a plurality of virtual machines;
wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy and stores information related to the page table hierarchy;
wherein the virtual machine monitor includes a load handler to set invalid flags for page tables in the page table hierarchy, and to create a list of modified page table, and when the guest operating system attempts to access the list of the modified page table, control of memory access transactions is transferred to the virtual machine monitor;
wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to the list of the modified page table; and
wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of a plurality of linear frame numbers of the list of modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a virtual machine monitor (VMM) that controls access to a page table hierarchy by a guest operating system (OS). For example, the guest operating system may operate as part of a virtual machine. Particularly, the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy. More particularly, when the guest operating system attempts to access a page table, control of memory access transactions is trapped to the virtual machine monitor.
35 Citations
4 Claims
-
1. An apparatus comprising:
-
a processor having a normal execution mode and a protected execution mode; and a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor operating in an area of protected memory, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine, the guest OS through the VMM to manage memory address access for a plurality of virtual machines; wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy and stores information related to the page table hierarchy; wherein the virtual machine monitor includes a load handler to set invalid flags for page tables in the page table hierarchy, and to create a list of modified page table, and when the guest operating system attempts to access the list of the modified page table, control of memory access transactions is transferred to the virtual machine monitor; wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to the list of the modified page table; and wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of a plurality of linear frame numbers of the list of modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.
-
-
2. A method comprising:
-
providing a normal execution mode and a protected execution mode in a processor; while operating in either the protected execution mode of the processor or the normal execution mode of the processor, controlling access to a page table hierarchy by a guest operating system (OS) including obtaining control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy, wherein the guest operating system operates as part of a virtual machine and wherein the guest OS through the virtual machine monitor (VMM) manages memory address access for a plurality of virtual machines; storing information related to the page table hierarchy; and setting invalid flags for page tables in the page table hierarchy, and to create a list of a modified page table; wherein, when the guest operating system attempts to access the list of the modified page table, control of memory access transactions is transferred to a virtual machine monitor, the virtual machine monitor operating in an area of protected memory; storing information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to the list of the modified page table; and determining whether a faulting linear frame number matches one of a plurality of linear frame numbers of the list of the modified page table, and if so, emulating a requested instruction on behalf of the guest operating system.
-
-
3. A machine-readable medium having stored thereon instructions, which when executed by a machine, cause the machine to perform the following operations comprising:
-
providing a normal execution mode and a protected execution mode in a processor; while operating in either the protected execution mode of the processor or the normal execution mode of the processor, controlling access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine and wherein the guest OS through the (virtual machine monitor) VMM manages memory address access for a plurality of virtual machines; storing information related to the page table hierarchy; and setting invalid flags for page tables in the page table hierarchy, and to create a list of a modified page table; wherein, when the guest operating system attempts to access a the list of the modified page table, control of memory access transactions is transferred to a virtual machine monitor, the virtual machine monitor operating in an area of protected memory; wherein the instructions cause the machine to perform further operations comprising storing information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to the list of the modified page table ;
andwherein the instructions cause the machine to perform further operations comprising determining whether a faulting linear frame number matches one of a plurality of linear frame numbers of the list of the modified page table, and if so, emulating a requested instruction on behalf of the quest operating system.
-
-
4. A system comprising:
-
a processor including virtual machine extension (VMX) instruction support to implement virtual machines, the processor having a normal execution mode or a protected execution mode; a virtual machine monitor (VMM) operable in conjunction with either the protected execution mode of the processor or the normal execution mode of the processor, the virtual machine monitor operating in an area of protected memory, the virtual machine monitor to control access to a page table hierarchy by a guest operating system (OS), the guest operating system operating as part of a virtual machine; wherein the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy and stores information related to the page table hierarchy, the guest OS through the VMM to manage memory address access for a plurality of virtual machines; and wherein the virtual machine monitor includes a load handler to set invalid flags for page tables in the page table hierarchy, and to create a list of a modified page table, and when the guest operating system attempts to access the list of the modified page table, control of memory access transactions is transferred to the virtual machine monitor; wherein the virtual machine monitor stores information related to the page table hierarchy including a listing of page tables and virtual page frame numbers corresponding to the list of the modified page tables; and wherein the virtual machine monitor utilizing a page fault handler, determines whether a faulting linear frame number matches one of the linear frame numbers of the list of the modified page table, and if so, the virtual machine monitor emulates a requested instruction on behalf of the guest operating system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
-
Original AssigneeIntel Corporation
-
InventorsRozas, Carlos V., Vij, Mona, Ranganathan, Kumar
-
Primary Examiner(s)An; Meng-Ai
-
Assistant Examiner(s)Truong; Camquy
-
Application NumberUS10/881,847Publication NumberTime in Patent Office2,008 DaysField of Search718/1, 711/6, 711/152US Class Current718/1CPC Class CodesG06F 12/109 for multiple virtual addres...G06F 12/1491 in a hierarchical protectio...
