Method and apparatus for supporting address translation in a virtual machine environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/00
G06F-021/00
G06F-009/26
G06F-009/34
G06F-009/455
출원번호
US-0045524
(2005-01-28)
등록번호
US-7395405
(2008-07-01)
발명자
/ 주소
Anderson,Andrew V.
K��gi,Alain
출원인 / 주소
Intel Corporation
대리인 / 주소
Blakely, Sokoloff, Taylor & Zafman LLP
인용정보
피인용 횟수 :
26인용 특허 :
188
초록▼
In one embodiment, a method includes receiving control transitioned from a virtual machine (VM) due to a privileged event pertaining to a translation-lookaside buffer (TLB), and determining which entries in a guest translation data structure were modified by the VM. The determination is made based o
In one embodiment, a method includes receiving control transitioned from a virtual machine (VM) due to a privileged event pertaining to a translation-lookaside buffer (TLB), and determining which entries in a guest translation data structure were modified by the VM. The determination is made based on metadata extracted from a shadow translation data structure maintained by a virtual machine monitor (VMM) and attributes associated with entries in the shadow translation data structure. The method further includes synchronizing entries in the shadow translation data structure that correspond to the modified entries in the guest translation data structure with the modified entries in the guest translation data structure.
대표청구항▼
What is claimed is: 1. A method comprising: receiving control transitioned from a virtual machine (VM) due to a privileged event pertaining to a translation-lookaside buffer (TLB); determining which entries in a guest translation data structure were modified by the VM, based on metadata extracted f
What is claimed is: 1. A method comprising: receiving control transitioned from a virtual machine (VM) due to a privileged event pertaining to a translation-lookaside buffer (TLB); determining which entries in a guest translation data structure were modified by the VM, based on metadata extracted from a shadow translation data structure maintained by a virtual machine monitor (VMM) and attributes associated with entries in the shadow translation data structure; and synchronizing a first set of the entries in the shadow translation data structure with the modified entries in the guest translation data structure, without processing a second set of the entries from the shadow translation data structure, wherein the first set of the entries in the shadow translation data structure includes entries that correspond to the modified entries from the guest translation data structure, and the second set of the entries in the shadow translation data structure includes entries that do not correspond to the modified entries from the guest translation data structure. 2. The method of claim 1 wherein: the guest translation data structure is used by the VM for address translation operations; and content of the shadow translation data structure is used by a processor to cache address translations in the TLB. 3. The method of claim 1 further comprising: maintaining a working set of shadow translation data structures, each shadow translation data structure in the working set being associated with one of a plurality of active processes of the VM; and reusing content of a shadow translation data structure from the working set that is associated with one of the plurality of active processes when a guest translation data structure associated with the one of the plurality of active processes is enabled. 4. The method of claim 3 wherein the privileged event is any one of a request of the VM to enable a different guest translation data structure, a page fault caused by one or more inconsistencies between entries of the guest translation data structure and entries of the shadow translation data structure, and a request of the VM to invalidate one or more address translations in a translation-lookaside buffer (TLB). 5. The method of claim 3 further comprising: determining that the privileged event is any one of a page fault, an INVLPG instruction, and a request to enable a new guest translation data structure; creating a new shadow translation data structure based on the new guest translation data structure; and deriving metadata from the new shadow translation data structure. 6. The method of claim 3 further comprising: determining that one of the plurality of the active processes of the VM is deactivated; and removing a shadow translation data structure associated with the active process being deactivated from the working set. 7. The method of claim 3 further comprising: determining one of the shadow translation data structures is no longer used; and removing the one of the shadow translation data structures from the working set. 8. The method of claim 1 wherein the metadata includes a set of vectors, an active entry list, and one or more active directory lists. 9. The method of claim 8 wherein: each vector in the set identifies frames used as pages at a corresponding level of the guest translation data structure; the active entry list identifies mappings that map pages used in forming the guest translation data structure for which a shadow translation data structure exists; and the one or more active directory lists identify higher level mapping structures referencing a lower level structure through which the shadow translation data structure can be accessed. 10. The method of claim 9 wherein: the active entry list is an active page table (PT) entry list, the active PT entry (PTE) list identifying PTEs in the shadow translation data structure that map PT pages and PD pages from the guest translation data structure, and the one or more active directory lists include an active page directory (PD) entry list, the active PD entry (PDE) list identifying PDEs in the shadow translation data structure that point to PTs having the PTEs from the active PTE list. 11. The method of claim 9 wherein: the active entry list is an active page table (PT) entry list, the active PT entry (PTE) list identifying mappings that map any of page map level 4 (PML4) pages, page directory pointer (PDP) pages, page directory (PD) pages, and PT pages; and the one or more active directory lists include an active PD entry (PDE) list containing PDEs that reference a page with active PTE list entries, an active PDP entry (PDPE) list containing active PDPE entries which reference a PD with an active PDE list entry, and an active PML4E entry (PML4E) list containing entries which map a PDP with elements from the active PDPE list. 12. The method of claim 10 wherein the attributes associated with entries in the shadow translation data structure include access attributes associated with PDEs in the shadow translation data structure and update attributes associated with PTEs in the shadow translation data structure. 13. The method of claim 12 wherein determining which entries in the guest translation data structure were modified by the VM comprises: identifying one or more PDEs from the active PDE list corresponding to the active PT hierarchy being synchronized that have access attributes set to an access value; and for each of the identified PDEs, finding corresponding PTEs from the active PTE list that have update attributes set to an update value. 14. The method of claim 13 further comprising: initializing the access attributes; and initializing the update attributes. 15. An apparatus comprising: a guest translation data structure used by a virtual machine (VM) for address translation operations; a shadow translation data structure maintained by a virtual machine monitor (VMM), the shadow translation data structure deriving a format and structure from the guest translation data structure; and an address translation module to determine, based on metadata extracted from the shadow translation data structure, which entries in the guest translation data structure were modified by the VM, and to synchronize a first set of the entries in the shadow translation data structure with the modified entries in the guest translation data structure, without processing a second set of the entries from the shadow translation data structure, wherein the first set of the entries in the shadow translation data structure includes entries that correspond to the modified entries from the guest translation data structure, and the second set of the entries in the shadow translation data structure includes entries that do not correspond to the modified entries from the guest translation data structure. 16. The apparatus of claim 15 wherein the address translation module is further to maintain a working set of shadow translation data structures, each shadow translation data structure in the working set being associated with one of a plurality of active processes of the VM, and to reuse content of a shadow translation data structure from the working set that is associated with one of the plurality of active processes when a guest translation data structure associated with the one of the plurality of active processes is enabled. 17. The apparatus of claim 16 wherein the privileged event is any one of a request of the VM to enable a different guest translation data structure, a page fault caused by one or more inconsistencies between entries of the guest translation data structure and entries of the shadow translation data structure, and a request of the VM to invalidate one or more address translations in a translation-lookaside buffer (TLB). 18. A system comprising: a dynamic random access memory (DRAM) to store a guest translation data structure used by a virtual machine (VM) for address translation operations, and a shadow translation data structure deriving a format and structure from the guest translation data structure; and a processor, coupled to the DRAM, to determine, based on metadata extracted from the shadow translation data structure, which entries in the guest translation data structure were modified by the VM, and to synchronize a first set of the entries in the shadow translation data structure with the modified entries in the guest translation data structure, without processing a second set of the entries from the shadow translation data structure, wherein the first set of the entries in the shadow translation data structure includes entries that correspond to the modified entries from the guest translation data structure, and the second set of the entries in the shadow translation data structure includes entries that do not correspond to the modified entries from the guest translation data structure. 19. The system of claim 18 wherein the processor is further to maintain a working set of shadow translation data structures, each shadow translation data structure in the working set being associated with one of a plurality of active processes of the VM, and to reuse content of a shadow translation data structure from the working set that is associated with one of the plurality of active processes when a guest translation data structure associated with the one of the plurality of active processes is enabled. 20. The system of claim 19 wherein the privileged event is any one of a request of the VM to enable a different guest translation data structure, a page fault caused by one or more inconsistencies between entries of the guest translation data structure and entries of the shadow translation data structure, and a request of the VM to invalidate one or more address translations in a translation-lookaside buffer (TLB). 21. A computer-readable storage medium storing instructions which, when executed by a processing system, cause the processing system to perform a method, the method comprising: receiving control transitioned from a virtual machine (VM) due to a privileged event pertaining to a translation-lookaside buffer (TLB); determining which entries in a guest translation data structure were modified by the VM, based on metadata extracted from a shadow translation data structure maintained by a virtual machine monitor (VMM) and attributes associated with entries in the shadow translation data structure; and synchronizing a first set of the entries in the shadow translation data structure with the modified entries in the guest translation data structure, without processing a second set of the entries from the shadow translation data structure, wherein the first set of the entries in the shadow translation data structure includes entries that correspond to the modified entries from the guest translation data structure, and the second set of the entries in the shadow translation data structure includes entries that do not correspond to the modified entries from the guest translation data structure. 22. The computer-readable storage medium of claim 21 wherein the method further comprises: maintaining a working set of shadow translation data structures, each shadow translation data structure in the working set being associated with one of a plurality of active processes of the VM, and reusing content of a shadow translation data structure from the working set that is associated with one of the plurality of active processes when a guest translation data structure associated with the one of the plurality of active processes is enabled. 23. The computer-readable storage medium of claim 22 wherein the privileged event is any one of a request of the VM to enable a different guest translation data structure, a page fault caused by one or more inconsistencies between entries of the guest translation data structure and entries of the shadow translation data structure, and a request of the VM to invalidate one or more address translations in a translation-lookaside buffer (TLB).
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (188)
Ryba Edward G. (Milpitas CA) Lipman Peter H. (Cupertino CA) Connell Jefferson J. (Cupertino CA) Weiss David (Palo Alto CA), Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB).
Gannon Patrick M. (Poughkeepsie NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Murray Robert E. (Woodstock NY), Apparatus and method for TLB purge reduction in a multi-level machine system.
Bealkowski Richard (Delray Beach FL) Blackledge ; Jr. John W. (Boca Raton FL) Cronk Doyle S. (Boca Raton FL) Dayan Richard A. (Boca Raton FL) Dixon Jerry D. (Boca Raton FL) Kinnear Scott G. (Boca Rat, Apparatus and method for preventing unauthorized access to BIOS in a personal computer system.
Brelsford David P. (Hyde Park NY) Cutler Melvin M. (Los Angeles CA) Lafitte Jean-Louis (Moens NY FRX) Gdaniec Joseph M. (Hyde Park NY) Osisek Damian L. (Vestal NY) Plambeck Kenneth E. (Poughkeepsie N, Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virt.
Heller Andrew R. (Morgan Hill CA) Worley ; Jr. William S. (Endicott NY), Authorization mechanism for transfer of program control or data between different address spaces having different storag.
Ermolovich Thomas R. (Lexington MA) Stewart Robert E. (Stow MA) Leonard Judson S. (Acton MA) Cutler David N. (Nashua NH), Communications device for data processing system.
Satou Mitsugu,JPX ; Iwata Shunichi,JPX, Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple isolated memories in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple memory zones in an isolated execution environment.
Curtis, Bryce Allen, Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment.
Morley Richard E. (Greenville NH), Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and met.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Executing isolated mode instructions in a secure system running in privilege rings.
Nakamura Kouji,JPX, Exposure apparatus, output control method for energy source, laser device using the control method, and method of producing microdevice.
Adams Phillip M. (Parowan UT) Holmstron Larry W. (Salt Lake City UT) Jacob Steve A. (South Weber UT) Powell Steven H. (Ogden UT) Condie Robert F. (Tuscon AZ) Culley Martin L. (Tuscon AZ), Kernels, description tables, and device drivers.
Johnson James Scott (Fort Worth TX) Short Tim (Duncanville TX) Intrater Gideon (Sunnyvale CA), Memory management circuit which provides simulated privilege levels.
Barnett Philip C.,GBX, Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges.
Chemin Francois (Plaisir FRX) Ugon Michel (Maurepas FRX), Method and apparatus for certifying services obtained using a portable carrier such as a memory card.
Harold L. McFarland ; David R. Stiles ; Korbin S. Van Dyke ; Shrenik Mehta ; John Gregory Favor ; Dale R. Greenley ; Robert A. Cargnoni, Method and apparatus for debugging an integrated circuit.
Miller David A. ; Jansen Kenneth A. ; Culley Paul R. ; Taylor Mark ; Izquierdo Javier F., Method and apparatus for independently resetting processors and cache controllers in multiple processor systems.
Cotichini Christian,CAX ; Cain Fraser,CAX ; Ashworth David G.,CAX ; Livingston Peter Michael Bruce,CAX ; Solymar Gabor,CAX ; Gardner Philip B.,CAX ; Woinoski Timothy S.,CAX, Method and apparatus to monitor and locate an electronic device using a secured intelligent agent.
Luiz Fernando A. (Monte Sereno CA) Snyder Harlan C. (Saratoga CA) Sorg ; Jr. John H. (Los Gatos CA), Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system.
Kahle James Allan ; Loper Albert J. ; Mallick Soummya ; Ogden Aubrey Deene ; Sell John Victor, Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions w.
Hazard Michel (Mareil/Mauldre FRX) Ugon Michel (Maurepas FRX), Method for authenticating an external authorizing datum by a portable object, such as a memory card.
Melo Michael D. (Billerica MA), Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 8048.
Hazard Michel (Mareil/Mauldre FRX), Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a trans.
Ugon Michel (Maurepas FRX) Oisel Andr (Elancourt FRX), Method for checking the integrity of a program or data, and apparatus for implementing this method.
Greenstein Paul Gregory ; Guyette Richard Roland ; Rodell John Ted, Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for.
Panwar Ramesh ; Chamdani Joseph I., Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency.
Scalzi Casper A. (Poughkeepsie NY) Starke William J. (Austin TX), Method of using a target processor to execute programs of a source architecture that uses multiple address spaces.
Ganapathy Narayanan ; Stevens Luis F. ; Schimmel Curt F., Method, system and computer program product for dynamically allocating large memory pages of different sizes.
Eugene Feng ; Gary Phillips, Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space.
Grimmer ; Jr. George G. ; Rhoades Michael W., Microcontroller with security logic circuit which prevents reading of internal memory by external program.
Goetz John W. ; Mahin Stephen W. ; Bergkvist John J., Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set archi.
Blomgren James S. (San Jose CA) Bracking Jimmy (San Jose CA) Richter David (San Jose CA) Spahn Francis (El Cerrito CA), Microprocessor with operation capture facility.
Hough Roger E. (Austin TX) Murray Robert E. (Kingston NY), Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals.
McDonald, Michael F.; Arora, Sumeet; Chu, Mark, Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore.
Reardon David C., Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place.
Neufeld E. David (Tomball TX), Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data trans.
Provanzano Salvatore R. (Melrose MA) Aldrich Wilbert H. (Winchester MA) D\Angelo Robert A. (Windham NH) Drottar Emil P. (Ipswich MA) Finnegan ; Jr. John J. (Hudson NH) Heom James (Bedford MA) Hill La, Programmable controller.
Robinson Paul T. (Arlington MA) Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA), Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces.
John K. Gee ; David A. Greve ; David S. Hardin ; Allen P. Mass ; Michael H. Masters ; Nick M. Mykris ; Matthew M. Wilding, Real time processor capable of concurrently running multiple independent JAVA machines.
Goire Christian (Les Clayes Sous Bois FRX) Sigaud Alain (Elancourt FRX) Moyal Eric (Paris FRX), Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal.
Browne Hendrik A., Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device.
Mark J. Foster ; Saifuddin T. Fakhruddin ; James L. Walker ; Matthew B. Mendelow ; Jiming Sun ; Rodman S. Brahman ; Michael P. Krau ; Brian D. Willoughby ; Michael D. Maddix ; Steven L. Belt, Suspend/resume capability for a protected mode microprocesser.
Hudson Jerome D. ; Champagne Jean-Paul,FRX ; Galindo Mary A. ; Hickerson Cynthia M. K. ; Hickman Donna R. ; Lockhart Robert P. ; Saddler Nancy B. ; Stange Patricia A., System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential.
Agesen, Ole; Subrahmanyam, Pratap; Devine, Scott W.; Rosenblum, Mendel; Bugnlon, Edouard, System and method for detecting access to shared structures and for maintaining coherence of derived structures in virtualized multiprocessor systems.
Angelo Michael F. ; Olarig Sompong P. ; Wooten David R. ; Driscoll Dan J., System and method for performing secure device communications in a peer-to-peer bus architecture.
Inoue Taro (Sagamihara JPX) Umeno Hidenori (Kanagawa JPX) Tanaka Shunji (Sagamihara JPX) Yamamoto Tadashi (Kanagawa JPX) Ohtsuki Toru (Hadano JPX), System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard T. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant player for scrambled contents.
Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA) Robinson Paul T. (Arlington MA) Witek Richard T. (Littleton MA), Translation buffer for virtual machines with address space match.
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
Oney, Adrian J.; Willman, Bryan Mark; Traut, Eric P.; Foltz, Forrest Curtis; Hendel, Matthew D.; Vega, Rene Antonio, Efficient power management of a system with virtual machines.
Oney, Adrian J.; Willman, Bryan Mark; Traut, Eric P.; Foltz, Forrest Curtis; Hendel, Matthew D.; Vega, Rene Antonio, Efficient power management of a system with virtual machines.
Oney, Adrian J.; Willman, Bryan Mark; Traut, Eric P.; Foltz, Forrest Curtis; Hendel, Matthew D.; Vega, Rene Antonio, Efficient power management of a system with virtual machines.
Oney, Adrian J.; Willman, Bryan Mark; Traut, Eric P.; Foltz, Forrest Curtis; Hendel, Matthew D.; Vega, Rene Antonio, Efficient power management of a system with virtual machines.
Sheu, John Te-Jui; Bailey, David S.; Traut, Eric P.; Vega, Renee Antonio, Method and system for caching address translations from multiple address spaces in virtual machines.
Jang, Choon-Ki; Lee, Jaejin; Ryu, Soo-Jung; Egger, Bernhard; Kim, Yoon-Jin; Seo, Woong; Cho, Young-Chul, Multiprocessor using a shared virtual memory and method of generating a translation table.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.