Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor

US 7,818,808 B1
Filed: 12/27/2000
Issued: 10/19/2010
Est. Priority Date: 12/27/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

running guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software;

identifying, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode;

determining, within said processor mode, whether the attempt of the guest software would fail if the guest software was running outside said processor mode;

allowing the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode;

transferring control over the operation to an operating system running within said processor mode in response to the guest software attempting the operation; and

generating a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a processor mode is provided for guest software. The processor mode enables the guest software to operate at a privilege level intended by the guest software. When the guest software attempts to perform an operation restricted by the processor mode, the processor mode is exited to transfer control over the operation to a virtual-machine monitor, which runs outside this processor mode.

Citations

11 Claims

1. A method comprising:
- running guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software;
  
  identifying, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode;
  
  determining, within said processor mode, whether the attempt of the guest software would fail if the guest software was running outside said processor mode;
  
  allowing the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode;
  
  transferring control over the operation to an operating system running within said processor mode in response to the guest software attempting the operation; and
  
  generating a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein determining that the attempt of the guest software would fail includes determining that the guest software is running with insufficient privilege to perform the operation.
  - 3. The method of claim 1 further comprising exiting said processor mode to transfer control over the operation to a virtual machine monitor running outside said processor mode in response to determining that the attempt would succeed if the guest software was running outside said processor mode.

4. A processor comprising:
- a storage location to store an indicator to indicate whether the processor is configured to execute guest software in a mode that enables the guest software to operate at a privilege level intended by the guest software; and
  
  logic to execute the guest software in said processor mode, to identify, within said processor mode, an attempt of the guest software to perform an operation restricted by said processor mode, to determine, within said processor mode, whether the attempt would fail if the guest software was running outside said processor mode, to allow the guest software to attempt the operation within said processor mode in response to determining that the attempt would fail if the guest software was running outside said processor mode, to transfer control over the operation to an operating system running within said processor mode in response to the attempt; and
  
  to generate a virtualization trap in response to determining that the attempt would succeed if the guest software was running outside said processor mode.
- View Dependent Claims (5, 6)
- - 5. The processor of claim 4 wherein the logic is to determine whether the attempt would fail by determining whether the guest software is running with sufficient privilege to perform the operation.
  - 6. The processor of claim 4 wherein the logic is also to exit said processor mode to transfer control over the operation to a virtual machine monitor running outside said processor mode in response to determining that the attempt would succeed if the guest software was running outside said processor mode.

7. A system comprising:
- a memory to store application software and an operating system; and
  
  a processor to execute the application software in a processor mode that enables the application software to operate at a privilege level intended by the application software, to identify, within said processor mode, an attempt of the application software to perform an operation restricted by said processor mode, to determine, within said processor mode, whether the attempt would fail if the application software was running outside said processor mode, to allow the application software to attempt the operation within said processor mode in response to determining that the attempt would fall if the application software was running outside said processor mode, to transfer control over the operation to the operating system running within said processor mode in response to the attempt; and
  
  to generate a virtualization trap in response to determining that the attempt would succeed if the application software was running outside said processor mode.
- View Dependent Claims (8, 9)
- - 8. The system of claim 7 wherein the processor is to determine whether the attempt would fail by determining whether the application software is running with sufficient privilege to perform the operation.
  - 9. The system of claim 7 wherein:
    - the memory is also to store a virtual machine monitor; and
      
      the processor is also to exit said processor mode to transfer control over the operation to the virtual machine monitor running outside said processor mode in response to determining that the attempt would succeed.

10. A non-transitory computer readable storage medium that provides instructions, which when executed on a processor, cause the processor to:
- present a virtual machine to guest software in a processor mode that enables the guest software to operate at a privilege level intended by the guest software;
  
  handle a virtualization trap, where the virtualization trap is generated in response to an attempt of the guest software to perform an operation restricted by said processor mode and a determination, within said processor mode, that the attempt would succeed if the guest software was running outside the virtual machine; and
  
  allow the guest software to attempt the operation within said processor mode in response to determining that the attempt would fall if the guest software was running outside said processor mode, andtransfer control over the operation to an operating system running within said processor mode in response to the attempt.
- View Dependent Claims (11)
- - 11. The non-transitory computer readable storage medium of claim 10 wherein the determination that the attempt would succeed includes determining whether the application software is running with sufficient privilege to perform the operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Chou, Stephen, Kozuch, Michael, Neiger, Gilbert, Uhlig, Richard, Jeyasingh, Stalinselvaraj, Kagi, Alain, Cota-Robles, Erik
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US09/752,134
Time in Patent Office

3,583 Days
Field of Search

713/200, 726/26, 718/1, 711/6, 703/27
US Class Current

726/26
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 2009/45583   Memory management, e.g. acc...

G06F 9/45558   Hypervisor-specific managem...

Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links