Virtualization hardware for device driver isolation

US 8,595,487 B2
Filed: 11/01/2006
Issued: 11/26/2013
Est. Priority Date: 11/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for isolating a kernel extension in a computer system with hardware virtualization support, the method comprising:

executing a kernel in a first hardware protection domain, including calling to a first kernel extension, a first set of computer resource privileges being allowed for code executing in the first hardware protection domain;

executing the first kernel extension in a second hardware protection domain, a second set of computer resource privileges being allowed for code executing in the second hardware protection domain, the first set of computer resource privileges being different from the second set of computer resource privileges, wherein each hardware protection domain is determined at least in part by events described in a virtual machine control data structure provided by the hardware virtualization support;

wherein the kernel and the first kernel extension execute in a common execution privilege level, the common execution privilege level being a special execution privilege level allowing execution of instructions that are not allowed in other execution privilege levels; and

wherein no virtualization hypervisor or emulation layer is interposed between hardware of the computer system and either the kernel or the first kernel extension.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Hardware virtualization support is used to isolate kernel extensions. A kernel and various kernel extensions are executed in a plurality of hardware protection domains. Each hardware protection domain defines computer resource privileges allowed to code executing in that hardware protection domain. Kernel extensions execute with appropriate computer resource privileges to complete tasks without comprising the stability of the computer system.

7 Citations

View as Search Results

52 Claims

1. A method for isolating a kernel extension in a computer system with hardware virtualization support, the method comprising:
- executing a kernel in a first hardware protection domain, including calling to a first kernel extension, a first set of computer resource privileges being allowed for code executing in the first hardware protection domain;
  
  executing the first kernel extension in a second hardware protection domain, a second set of computer resource privileges being allowed for code executing in the second hardware protection domain, the first set of computer resource privileges being different from the second set of computer resource privileges, wherein each hardware protection domain is determined at least in part by events described in a virtual machine control data structure provided by the hardware virtualization support;
  
  wherein the kernel and the first kernel extension execute in a common execution privilege level, the common execution privilege level being a special execution privilege level allowing execution of instructions that are not allowed in other execution privilege levels; and
  
  wherein no virtualization hypervisor or emulation layer is interposed between hardware of the computer system and either the kernel or the first kernel extension.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein the first hardware protection domain is associated with a first virtual memory address space, and wherein the second hardware protection domain is associated with a second virtual memory address space.
  - 3. The method of claim 2, wherein the first virtual memory address space is different from the second virtual memory address space.
  - 4. The method of claim 2, wherein the first virtual memory address space comprises a first virtual page mapped to a first physical page, and wherein the second virtual memory address space comprises a second virtual page mapped to a second physical page.
  - 5. The method of claim 4, wherein the first physical page is the same as the second physical page.
  - 6. The method of claim 4, wherein the second set of computer resource privileges comprises a read-only permission for the second virtual page.
  - 7. The method of claim 4, wherein the second set of computer resource privileges comprises a write-only permission for the second virtual page.
  - 8. The method of claim 1, wherein the first hardware protection domain is associated with a first virtual memory address space, and wherein the second hardware protection domain is associated with a DMA memory address space.
  - 9. The method of claim 8, wherein the first virtual memory address space comprises a first virtual page mapped to a first physical page, and wherein the DMA memory address space comprises a DMA page mapped to a second physical page.
  - 10. The method of claim 9, wherein the first physical page is the same as the second physical page.
  - 11. The method of claim 9, wherein the second set of computer resource privileges comprises a read-only permission for the DMA page.
  - 12. The method of claim 9, wherein the second set of computer resource privileges comprises a write-only permission for the DMA page.
  - 13. The method of claim 1, further comprising:
    - responsive to the execution of the first kernel extension, adding a computer resource privilege to the second set of computer resource privileges.
  - 14. The method of claim 1, further comprising:
    - responsive to the execution of the first kernel extension, removing a computer resource privilege from the second set of computer resource privileges.
  - 15. The method of claim 1, further comprising:
    - responsive to an attempted violation of the second set of computer resource privileges, terminating the first kernel extension.
  - 16. The method of claim 1, wherein the first set of computer resource privileges contains at least one computer resource privilege not contained in the second set of computer resource privileges.
  - 17. The method of claim 1, wherein the second set of computer resource privileges contains at least one computer resource privilege not contained in the first set of computer resource privileges.
  - 18. The method of claim 1, further comprising executing a second kernel extension in a third hardware protection domain, a third set of computer resource privileges being allowed for code executing in the third hardware protection domain, wherein the third set of computer resource privileges is different from the first and second set of computer resource privileges.
  - 19. The method of claim 1, wherein the first kernel extension comprises a device driver.
  - 20. The method of claim 1, wherein the first kernel extension comprises a file system.
  - 21. The method of claim 1, wherein the first kernel extension comprises a stream module.
  - 22. The method of claim 1, wherein the first kernel extension comprises a network protocol module.
  - 23. The method of claim 1, wherein the hardware virtualization support is selected from the group consisting of Intel Virtualization Technology and AMD Secure Virtual Machine.
  - 24. The method of claim 1, wherein the second set of computer resource privileges comprises a set of events that are authorized in the second hardware protection domain.
  - 25. The method of claim 24, further comprising:
    - responsive to an event not included in the set of events that are authorized in the second hardware protection domain, said event occurring during the execution of the kernel extension, exiting to the kernel.
  - 26. The method of claim 1, wherein the first kernel extension executes with a special permission level.

27. A non-transitory computer-readable medium containing computer program code for configuring a computer system to perform a method for isolating a kernel extension in a computer system with hardware virtualization support, the method comprising:
- executing a kernel in a first hardware protection domain, the kernel comprising executable code for calling to a first kernel extension, a first set of computer resource privileges being allowed for code executing in the first hardware protection domain;
  
  executing the first kernel extension in a second hardware protection domain, a second set of computer resource privileges being allowed for code executing in the second hardware protection domain, the first set of computer resource privileges being different from the second set of computer resource privileges, wherein each hardware protection domain is determined at least in part by events described in a virtual machine control data structure provided by the hardware virtualization support;
  
  wherein the kernel and the first kernel extension execute in a common execution privilege level, the common execution privilege level being a special execution privilege level allowing execution of instructions that are not allowed in other execution privilege levels; and
  
  wherein no virtualization hypervisor or emulation layer is interposed between hardware of the computer system and either the kernel or the first kernel extension.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 28. The machine readable medium of claim 27, wherein the first hardware protection domain is associated with a first virtual memory address space, and wherein the second hardware protection domain is associated with a second virtual memory address space.
  - 29. The machine readable medium of claim 28, wherein the first virtual memory address space is different from the second virtual memory address space.
  - 30. The machine readable medium of claim 28, wherein the first virtual memory address space comprises a first virtual page mapped to a first physical page, and wherein the second virtual memory address space comprises a second virtual page mapped to a second physical page.
  - 31. The machine readable medium of claim 30, wherein the first physical page is the same as the second physical page.
  - 32. The machine readable medium of claim 30, wherein the second set of computer resource privileges comprises a read-only permission for the second virtual page.
  - 33. The machine readable medium of claim 30, wherein the second set of computer resource privileges comprises a write-only permission for the second virtual page.
  - 34. The machine readable medium of claim 27, wherein the first hardware protection domain is associated with a first virtual memory address space, and wherein the second hardware protection domain is associated with a DMA memory address space.
  - 35. The machine readable medium of claim 34, wherein the first virtual memory address space comprises a first virtual page mapped to a first physical page, and wherein the DMA memory address space comprises a DMA page mapped to a second physical page.
  - 36. The machine readable medium of claim 35, wherein the first physical page is the same as the second physical page.
  - 37. The machine readable medium of claim 35, wherein the second set of computer resource privileges comprises a read-only permission for the DMA page.
  - 38. The machine readable medium of claim 35, wherein the second set of computer resource privileges comprises a write-only permission for the DMA page.
  - 39. The machine readable medium of claim 27, wherein the method further comprises:
    - responsive to the execution of the first kernel extension, adding a computer resource privilege to the second set of computer resource privileges.
  - 40. The machine readable medium of claim 27, wherein the method further comprises:
    - responsive to the execution of the first kernel extension, removing a computer resource privilege from the second set of computer resource privileges.
  - 41. The machine readable medium of claim 27, wherein the method further comprises:
    - responsive to an attempted violation of the second set of computer resource privileges, terminating the first kernel extension.
  - 42. The machine readable medium of claim 27, wherein the first set of computer resource privileges contains at least one computer resource privilege not contained in the second set of computer resource privileges.
  - 43. The machine readable medium of claim 27, wherein the second set of computer resource privileges contains at least one computer resource privilege not contained in the first set of computer resource privileges.
  - 44. The machine readable medium of claim 27, wherein the method further comprises:
    - executing a second kernel extension at the common execution privilege level in a third hardware protection domain, a third set of computer resource privileges are allowed for code executing in the third hardware protection domain, the third set of computer resource privileges is different from the first and second set of computer resource privileges, and no virtualization hypervisor or emulation layer is interposed between hardware of the computer system and either the kernel or the first kernel extension.
  - 45. The machine readable medium of claim 27, wherein the first kernel extension comprises a device driver.
  - 46. The machine readable medium of claim 27, wherein the first kernel extension comprises a file system.
  - 47. The machine readable medium of claim 27, wherein the first kernel extension comprises a stream module.
  - 48. The machine readable medium of claim 27, wherein the first kernel extension comprises a network protocol module.
  - 49. The machine readable medium of claim 27, wherein the hardware virtualization support is selected from the group consisting of Intel Virtualization Technology and AMD Secure Virtual Machine.
  - 50. The machine readable medium of claim 27, wherein the second set of computer resource privileges comprises a set of events that are authorized in the second hardware protection domain.
  - 51. The machine readable medium of claim 50, wherein the method further comprises:
    - responsive to an event not included in the set of events that are authorized in the second hardware protection domain, said event occurring during the execution of the kernel extension, exiting to the kernel.
  - 52. The machine readable medium of claim 27, wherein the first kernel extension executes with a special permission level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Govil, Kinshuk, Adams, Keith
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US11/555,679
Publication Number

US 20080148048A1
Time in Patent Office

2,582 Days
Field of Search

713164-167, 718/104, 718/106, 719/321, 719/324
US Class Current

713/164
CPC Class Codes

G06F 21/53 by executing in a restricte...

Virtualization hardware for device driver isolation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

52 Claims

Specification

Use Cases

Quick Links

Others

Virtualization hardware for device driver isolation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

52 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others