Virtual computer system, virtual computer control method, virtual computer control program, recording medium, and integrated circuit

US 9,218,287 B2
Filed: 01/23/2012
Issued: 12/22/2015
Est. Priority Date: 01/24/2011
Status: Active Grant

First Claim

Patent Images

1. A virtual machine system comprising:

a processor having a first mode and a second mode, the processor executing a first operating system in the first mode, and the processor executing a second operating system executed in the second mode;

write control circuitry that permits writing of data into a predetermined secure storage area in an external main memory, the writing of data into the secure storage area only being permitted when the processor is in the first mode; and

a cache memory having a plurality of ways for storing data read by the processor from the main memory, whereinthe cache memory includes;

data storage circuitry that, when the processor has read data from the main memory, stores the data into any of the plurality of ways that is ready to newly store data, in a manner that allows for identification of whether the data has been read from the secure storage area; and

write-back circuitry that (i) identifies whether data has been read from the secure storage area and (ii) writes back data stored by the data storage circuitry to the main memory with use of a predetermined algorithm according to a result of the identification, such that the number of times data stored in each of the ways is intermittently written back to the secure storage area is reduced and the number of times the processor is switched from the second mode to the first mode to perform writing of data to the secure storage area is reduced, andwhen the processor executing the second operating system accesses the main memory, the write-back circuitry writes back, to the secure storage area, data that is identified as having been read from the secure storage area and that is stored in at least one of the ways by (i) causing the processor to switch from the second mode to the first mode and (ii) writing, to the secure storage area, the data that is identified as having been read from the secure storage area and that is stored in at least one of the ways so that the at least one of the ways is ready to newly store data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual machine system comprises: a processor for executing a secure operating system and a normal operating system; and a cache memory. The cache memory stores data in a manner that allows for identification of whether the data has been read from a secure storage area of an external main memory. The cache memory writes back data to the main memory in a manner that reduces the number of times data is intermittently written back to the secure storage area which occurs when the processor is executing the normal operating system.

Citations

11 Claims

1. A virtual machine system comprising:
- a processor having a first mode and a second mode, the processor executing a first operating system in the first mode, and the processor executing a second operating system executed in the second mode;
  
  write control circuitry that permits writing of data into a predetermined secure storage area in an external main memory, the writing of data into the secure storage area only being permitted when the processor is in the first mode; and
  
  a cache memory having a plurality of ways for storing data read by the processor from the main memory, whereinthe cache memory includes;
  
  data storage circuitry that, when the processor has read data from the main memory, stores the data into any of the plurality of ways that is ready to newly store data, in a manner that allows for identification of whether the data has been read from the secure storage area; and
  
  write-back circuitry that (i) identifies whether data has been read from the secure storage area and (ii) writes back data stored by the data storage circuitry to the main memory with use of a predetermined algorithm according to a result of the identification, such that the number of times data stored in each of the ways is intermittently written back to the secure storage area is reduced and the number of times the processor is switched from the second mode to the first mode to perform writing of data to the secure storage area is reduced, andwhen the processor executing the second operating system accesses the main memory, the write-back circuitry writes back, to the secure storage area, data that is identified as having been read from the secure storage area and that is stored in at least one of the ways by (i) causing the processor to switch from the second mode to the first mode and (ii) writing, to the secure storage area, the data that is identified as having been read from the secure storage area and that is stored in at least one of the ways so that the at least one of the ways is ready to newly store data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The virtual machine system of claim 1, whereinthe cache memory further includes a plurality of secure identification information storage areas each being for storing secure identification information indicating that data to be stored has been read from the secure storage area, andonly when the processor has read data from the secure storage area of the main memory and the data storage circuitry stores the data into any of the plurality of ways, the data storage circuitry associates the secure identification information with the data, and stores the secure identification information into a corresponding one of the secure identification information storage areas, thereby allowing for the identification of whether data has been read from the secure storage area.
  - 3. The virtual machine system of claim 2, whereineach of the ways includes a plurality of line storage areas each being for storing data read from the main memory and being specified by an index, the index being a predetermined part of a bit sequence of an address specifying a storage area of the main memory,the data storage circuitry stores data read by the processor from the main memory into a line storage area of a way that is ready to newly store data, from among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads the data from the main memory,the cache memory further includes:
    - a plurality of dirty information storage areas corresponding one-to-one to the line storage areas, and each being for storing dirty information indicating that coherency is not ensured between data in the line storage area and the main memory; and
      
      dirty information storage control circuitry that, only when coherency is not ensured between data stored in any of the line storage areas and the main memory, causes the dirty information to be stored into a dirty information storage area corresponding to the line storage area, andthe predetermined algorithm is for when the processor executing the first operating system has issued a power reduction instruction, and for sequentially writing back data into the secure storage area, the data being stored in each of the line storage areas in which (i) the dirty information storage area stores the dirty information and (ii) the secure identification information storage area stores the secure identification information.
  - 4. The virtual machine system of claim 3, whereinthe power reduction instruction belongs to any of a plurality of power reduction levels,the cache memory further includes a plurality of priority storage areas corresponding one-to-one to the line storage areas, and each being for storing a priority for causing any of the line storage areas specified by the same index to be ready to newly store data, andthe write-back circuitry writes back only data stored in each of the line storage areas in which the priority stored in the priority storage area is equal to or higher than a predetermined priority determined by the power reduction level belonging to the power reduction instruction that has been issued.
  - 5. The virtual machine system of claim 2, whereineach of the ways includes a plurality of line storage areas each being for storing data read from the main memory and being specified by an index, the index being a predetermined part of a bit sequence of an address specifying the memory area of the main memory,the data storage circuitry stores data read by the processor from the main memory into a line storage area of a way that is ready to newly store data, from among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads the data from the main memory,the cache memory further includes:
    - a plurality of priority storage areas corresponding one-to-one to the line storage areas, and each being for storing a priority for causing any of the line storage areas specified by the same index to be ready to newly store data; and
      
      update circuitry that, when the data storage circuitry stores data in any of the line storage areas, updates, for each line storage area specified by an index corresponding to the line storage area to which the data is to be stored, the priority stored in the priority storage area, the updating being performed in a manner that a priority of a line storage area whose secure identification information storage area stores the secure identification information is lower than a priority of a line storage area whose secure identification information storage area does not store the secure identification information, andthe predetermined algorithm is for referring to the priority stored in each of the priority storage areas, and writing back data stored in a line storage area having the highest priority among line storage areas specified by the same index.
  - 6. The virtual machine system of claim 2, whereineach of the ways includes a plurality of line storage areas each being for storing data read from the main memory and being specified by an index, the index being a predetermined part of a bit sequence of an address specifying the memory area of the main memory,the data storage circuitry stores data read by the processor from the main memory into a line storage area of a way that is ready to newly store data, from among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads the data from the main memory,the cache memory further includes:
    - a plurality of priority storage areas corresponding one-to-one to the line storage areas, and each being for storing a priority for causing any of the line storage areas specified by the same index to be ready to newly store data; and
      
      update circuitry that, when the processor executing the first operating system has issued a power reduction instruction, updates the priority stored in each of the line storage areas in a manner that a priority of a line storage area whose secure identification information storage area stores the secure identification information is lower than a priority of a line storage area whose secure identification information storage area does not store the secure identification information, andthe predetermined algorithm is for referring to the priority stored in each of the priority storage areas, and writing back data stored in a line storage area having the highest priority among line storage areas specified by the same index.
  - 7. The virtual machine system of claim 2, whereineach of the ways includes a plurality of line storage areas each being for storing data read from the main memory and being specified by an index, the index being a predetermined part of a bit sequence of an address specifying the memory area of the main memory,the data storage circuitry stores data read by the processor from the main memory into a line storage area of a way that is ready to newly store data, from among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads the data from the main memory,the cache memory further includes:
    - a plurality of priority storage areas corresponding one-to-one to the line storage areas, each being for storing a priority among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads data from the main memory, and the priority being for causing any of the line storage areas specified by the same index to be ready to newly store data; and
      
      priority storage circuitry that, when execution of the second operating system is controlled in a sleep state, and the processor reads data from the main memory by specifying an address, (i) generates a priority for each line storage area specified by an index included in the address in a manner that a priority of a line storage area storing data read by the processor executing the second operating system is lower than a priority of a line storage area storing data read by the processor executing the first operating system, and (ii) stores the priorities thus generated into priority storage areas corresponding to the line storage areas specified by the index included in the address, andthe predetermined algorithm is for referring to the priority stored in each of the priority storage areas, and writing back data stored in a line storage area having the highest priority among line storage areas specified by an index included in an address, the address being specified by the processor when the processor reads data from the main memory.
  - 8. The virtual machine system of claim 1, whereinthe plurality of ways include a first way and a second way,the data storage circuitry stores only data read from the secure storage area into the first way, and stores only data read from a storage area other than the secure storage area into the second way, thereby allowing for the identification of whether data has been read from the secure storage area, andthe predetermined algorithm is for setting the second way as a target way from which data is written back to the main memory, when data in any of the ways needs to be written back to the main memory so as to store the data read from the storage area other than the secure storage area.

9. A control method for controlling a virtual machine system including (i) a processor having a first mode and a second mode, the processor executing a first operating system in the first mode, and the processor executing a second operating system executed in the second mode, (ii) write control circuitry that permits writing of data into a predetermined secure storage area in an external main memory, the writing of data into the secure storage area only being permitted when the processor is in the first mode, and (iii) a cache memory having a plurality of ways for storing data read by the processor from the main memory, the control method comprising:
- a data storage step of the cache memory, when the processor has read data from the main memory, storing the data into any of the plurality of ways that is ready to newly store data, in a manner that allows for identification of whether the data has been read from the secure storage area; and
  
  a write-back step of (i) identifying whether data has been read from the secure storage area and (ii) writing back data stored in the data storage step to the main memory with use of a predetermined algorithm according to a result of the identification, such that the number of times data stored in each of the ways is intermittently written back to the secure storage area is reduced and the number of times the processor is switched from the second mode to the first mode to perform writing of data to the secure storage area is reduced,wherein the write-back step includes, when the processor executing the second operating system accesses the main memory, writing back, to the secure storage area, data that is identified as having been read from the secure storage area and that is stored in at least one of the ways by (i) causing the processor to switch from the second mode to the first mode and (ii) writing, to the secure storage area, the data that is identified as having been read from the secure storage area and that is stored in at least one of the ways so that the at least one of the ways is ready to newly store data.

10. A non-transitory computer-readable recording medium having stored thereon a control program for causing a virtual machine system to perform control processing for controlling the virtual machine system, the virtual machine system including (i) a processor having a first mode and a second mode, the processor executing a first operating system in the first mode, and the processor executing a second operating system executed in the second mode, (ii) write control circuitry that permits writing of data into a predetermined secure storage area in an external main memory, the writing of data into the secure storage area only being permitted when the processor is in the first mode, and (iii) a cache memory having a plurality of ways for storing data read by the processor from the main memory, the control processing comprising:
- a data storage step of the cache memory, when the processor has read data from the main memory, storing the data into any of the plurality of ways that is ready to newly store data, in a manner that allows for identification of whether the data has been read from the secure storage area; and
  
  a write-back step of (i) identifying whether data has been read from the secure storage area and (ii) writing back data stored in the data storage step to the main memory with use of a predetermined algorithm according to a result of the identification, such that the number of times data stored in each of the ways is intermittently written back to the secure storage area is reduced and the number of times the processor is switched from the second mode to the first mode to perform writing of data to the secure storage area is reduced,wherein the write-back step includes, when the processor executing the second operating system accesses the main memory, writing back, to the secure storage area, data that is identified as having been read from the secure storage area and that is stored in at least one of the ways by (i) causing the processor to switch from the second mode to the first mode and (ii) writing, to the secure storage area, the data that is identified as having been read from the secure storage area and that is stored in at least one of the ways so that the at least one of the ways is ready to newly store data.

11. An integrated circuit comprising:
- a processor having a first mode and a second mode, the processor executing a first operating system in the first mode, and the processor executing a second operating system executed in the second mode;
  
  write control circuitry that permits writing of data into a predetermined secure storage area in an external main memory, the writing of data into the secure storage area only being permitted when the processor is in the first mode; and
  
  a cache memory having a plurality of ways for storing data read by the processor from the main memory, whereinthe cache memory includes;
  
  data storage circuitry that, when the processor has read data from the main memory, stores the data into any of the plurality of ways that is ready to newly store data, in a manner that allows for identification of whether the data has been read from the secure storage area; and
  
  write-back circuitry that (i) identifies whether data has been read from the secure storage area and (ii) writes back data stored by the data storage circuitry to the main memory with use of a predetermined algorithm according to a result of the identification, such that the number of times data stored in each of the ways is intermittently written back to the secure storage area is reduced and the number of times the processor is switched from the second mode to the first mode to perform writing of data to the secure storage area is reduced, andwhen the processor executing the second operating system accesses the main memory, the write-back circuitry writes back, to the secure storage area, data that is identified as having been read from the secure storage area and that is stored in at least one of the ways by (i) causing the processor to switch from the second mode to the first mode and (ii) writing, to the secure storage area, the data that is identified as having been read from the secure storage area and that is stored in at least one of the ways so that the at least one of the ways is ready to newly store data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 12, LLC (Intellectual Ventures LLC)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Miyazaki, Ryota, Saito, Masahiko
Primary Examiner(s)
Rutz, Jared
Assistant Examiner(s)
EDOUARD, JEAN C

Application Number

US13/819,466
Publication Number

US 20130166848A1
Time in Patent Office

1,429 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/0804   with main memory updating G...

G06F 2212/1052   Security improvement

G06F 9/468   Specific access rights for ...

Virtual computer system, virtual computer control method, virtual computer control program, recording medium, and integrated circuit

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual computer system, virtual computer control method, virtual computer control program, recording medium, and integrated circuit

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links