Configuration space virtualization

US 8,700,816 B2
Filed: 02/08/2012
Issued: 04/15/2014
Est. Priority Date: 10/03/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for installing and operating an I/O device on a virtual machine, comprising:

receiving a description of the I/O device;

constructing a first representation of configuration space for the I/O device, the first representation indicative of which portions of the configuration space can be placed under control of a non-privileged authority, wherein the first representation is constructed based at least in part on said description;

constructing a second representation of memory mapped I/O (MMIO) space and configuration space, the second representation indicative of pages to be included or excluded in the virtual machine, wherein the second representation is constructed based at least in part on said description;

determining which operations have effects that impact functionality of other virtual machines;

based on said determining, constructing a map comprising information indicative of an association between a memory location and information indicative of a translation from a first operation on the memory location to a second operation on the memory location, wherein the second operation has benign consequences on functionality of other virtual machines; and

controlling access to said I/O device based on said map and said first and second representations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various aspects are disclosed herein for bounding the behavior of a non-privileged virtual machine that interacts with a device by creating a description of the device which indicates to a privileged authority (1) which operations on the device may have system-wide effects and (2) which operations have effects local to the device. The privileged authority may then permit or deny these actions. The privileged authority may also translate these actions into other actions with benign consequences.

45 Citations

View as Search Results

19 Claims

1. A computer implemented method for installing and operating an I/O device on a virtual machine, comprising:
- receiving a description of the I/O device;
  
  constructing a first representation of configuration space for the I/O device, the first representation indicative of which portions of the configuration space can be placed under control of a non-privileged authority, wherein the first representation is constructed based at least in part on said description;
  
  constructing a second representation of memory mapped I/O (MMIO) space and configuration space, the second representation indicative of pages to be included or excluded in the virtual machine, wherein the second representation is constructed based at least in part on said description;
  
  determining which operations have effects that impact functionality of other virtual machines;
  
  based on said determining, constructing a map comprising information indicative of an association between a memory location and information indicative of a translation from a first operation on the memory location to a second operation on the memory location, wherein the second operation has benign consequences on functionality of other virtual machines; and
  
  controlling access to said I/O device based on said map and said first and second representations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method according to claim 1, wherein said constructing a first representation further comprises associating bits within said first representation with at least one read and write operation.
  - 3. The computer implemented method according to claim 1, wherein for memory excluded from said first representation or for memory excluded from said second representation, populating the memory with data representative of said I/O device.
  - 4. The computer implemented method according to claim 1,wherein said translation comprises at least one of:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, or set to one after first read.
  - 5. The computer implemented method according to claim 3, further comprising:
    - defining bits within pages for the excluded memory, wherein said controlling access comprises using pages with the defined bits.
  - 6. The computer implemented method according to claim 1, wherein the description of the I/O device is indicative of the association between the memory location and the information indicative of the translation.
  - 7. The computer implemented method according to claim 1, wherein said controlling is performed by a virtualizing layer.
  - 8. The computer implemented method according to claim 6, further comprising:
    - constructing a third representation of I/O space;
      
      populating said third representation of I/O space based on said description; and
      
      controlling access to said I/O device in accordance with said third representation.
  - 9. The computer implemented method according to claim 6, further comprising populating said first or second representations with static data indicative of a state of the device, based on the received description.
  - 10. The computer implemented method according to claim 1, further comprising excluding I/O space from said virtual machine.

11. A system for managing communications between a virtual machine and a device, comprising:
- at least one processor; and
  
  at least one memory communicatively coupled to said at least one processor, the memory having stored therein computer-executable instructions that, when executed on the processor, cause the processor to perform operations comprising;
  
  receiving a description of the device;
  
  constructing a representation of configuration space for the device, the representation of configuration space indicative of which parts of the configuration space can be placed under control of a non-privileged authority, wherein the representation of configuration space is constructed based at least in part on said description;
  
  constructing a representation of memory mapped I/O (MMIO) space and configuration space, the representation of MMIO space and configuration space indicative of pages to be included or excluded in the virtual machine, wherein the representation of MMIO space and configuration space is constructed based at least in part on said description;
  
  populating excluded pages with data representative of the device;
  
  constructing a map comprising indications of operations on memory locations that, when requested by the non-privileged authority, are replaced by different operations on the memory locations; and
  
  controlling access to said device based on said map and said representations of MMIO space and configuration space.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11 wherein bits within said representation ofconfiguration space comprises at least one of:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, or set to one after first read.
  - 13. The system according to claim 11, wherein the description is indicative of the operations that are to be replaced and the description is received via an installation file.

14. A computer readable storage device storing thereon computer executable instructions for controlling access to a device communicatively coupled to a physical machine that hosts virtual machines, comprising instructions for:
- receiving a description of the device;
  
  constructing a representation of memory mapped I/O (MMIO) space and configuration space, the representation of MMIO space and configuration space indicative of pages to be included, excluded, or pre-populated in the virtual machine, wherein the representation of MMIO space and configuration space is constructed based at least in part on said description;
  
  constructing a representation of configuration space comprising an association between at least one memory location within the configuration space to one or more translations from a first operation on the at least one memory location to a second operation on the at least one memory location, wherein the representation of configuration space is constructed based at least in part on said description; and
  
  controlling access to said device based on said representation of MMIO space and configuration space and said representation of configuration space.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer readable storage device of claim 14,wherein bits within said map or a page associated with the map contains at least one of:
    - read-only, always zero on read, always one on read, read-write, write of one clears/write of zero leaves alone, write of one sets/write of zero leaves alone, write of zero clears/write of one leaves alone, write of zero sets/write of one leaves alone, clear to zero after first read, or set to one after first read.
  - 16. The computer readable storage device of claim 14,wherein for memory excluded from said representation of configuration space or for memory excluded from said representation of MMIO space, populating said memory with predetermined data.
  - 17. The computer readable storage device of claim 16,wherein said predetermined data corresponds to a predetermined device.
  - 18. The computer readable storage device of claim 16, further comprising instructions for:
    - defining bits within pages for the excluded memory, wherein said controlling comprises using pages with the defined bits.
  - 19. The computer readable storage device of claim 14, wherein the description is indicative of associations between memory locations and actions operable on said memory locations and the description is received via an installation file provided by a vendor of said device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Oshins, Jacob, Allsop, Brandon, Thornton, Andrew John
Primary Examiner(s)
Tsai, Henry
Assistant Examiner(s)
Shyu, Jing-Yih

Application Number

US13/368,770
Publication Number

US 20120144071A1
Time in Patent Office

797 Days
Field of Search

None
US Class Current

710/11
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/468   Specific access rights for ...

G06F 9/5077   Logical partitioning of res...

Configuration space virtualization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Configuration space virtualization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links