Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor
First Claim
Patent Images
1. A method comprising:
- running guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software;
identifying, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode;
determining, within said processor mode, whether the attempt of the guest software would fail if the guest software was running outside said processor mode;
allowing the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode;
transferring control over the operation to an operating system running within said processor mode in response to the guest software attempting the operation; and
generating a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a processor mode is provided for guest software. The processor mode enables the guest software to operate at a privilege level intended by the guest software. When the guest software attempts to perform an operation restricted by the processor mode, the processor mode is exited to transfer control over the operation to a virtual-machine monitor, which runs outside this processor mode.
-
Citations
11 Claims
-
1. A method comprising:
-
running guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software; identifying, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode; determining, within said processor mode, whether the attempt of the guest software would fail if the guest software was running outside said processor mode; allowing the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode; transferring control over the operation to an operating system running within said processor mode in response to the guest software attempting the operation; and generating a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode. - View Dependent Claims (2, 3)
-
-
4. A processor comprising:
-
a storage location to store an indicator to indicate whether the processor is configured to execute guest software in a mode that enables the guest software to operate at a privilege level intended by the guest software; and logic to execute the guest software in said processor mode, to identify, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode, to determine, within said processor mode, whether the attempt would fail if the guest software was running outside said processor mode, to allow the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode, to transfer control over the operation to an operating system running within said processor mode in response to the attempt; and
to generate a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode. - View Dependent Claims (5, 6)
-
-
7. A system comprising:
-
a memory to store application software and an operating system; and a processor to execute the application software in a processor mode that enables the application software to operate at a privilege level intended by the application software, to identify, within said processor mode, an attempt of the application software to perform an operation restricted by said processor mode, to determine, within said processor mode, whether the attempt would fail if the application software was running outside said processor mode, to allow the application software to attempt the operation within said processor mode in response to determining that the attempt would fall if the application software was running outside said processor mode, to transfer control over the operation to the operating system running within said processor mode in response to the attempt; and
to generate a virtualization trap in response to determining that the attempt would succeed if the application software was running outside said processor mode. - View Dependent Claims (8, 9)
-
-
10. A non-transitory computer readable storage medium that provides instructions, which when executed on a processor, cause the processor to:
-
present a virtual machine to guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software; handle a virtualization trap, where the virtualization trap is generated in response to an attempt of the guest software to perform an operation restricted by said processor mode and a determination, within said processor mode, that the attempt would succeed if the guest software was running outside the virtual machine; and allow the guest software to attempt the operation within said processor mode in response to determining that the attempt would fall if the guest software was running outside said processor mode, and transfer control over the operation to an operating system running within said processor mode in response to the attempt. - View Dependent Claims (11)
-
Specification