CN102855154A - System virtual machine and method for improving execution efficiency of non-sensitive privileged instruction - Google Patents
System virtual machine and method for improving execution efficiency of non-sensitive privileged instruction Download PDFInfo
- Publication number
- CN102855154A CN102855154A CN2012102718385A CN201210271838A CN102855154A CN 102855154 A CN102855154 A CN 102855154A CN 2012102718385 A CN2012102718385 A CN 2012102718385A CN 201210271838 A CN201210271838 A CN 201210271838A CN 102855154 A CN102855154 A CN 102855154A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- privileged instruction
- sensitive
- control bit
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a system virtual machine and a method for improving execution efficiency of a non-sensitive privileged instruction. The system virtual machine for improving the execution efficiency of the non-sensitive privileged instruction comprises a host machine and at least one virtual machine, the host machine and the virtual machine are operated on a central processing unit (CPU), and the CPU comprises a register. The system virtual machine is characterized in that a control bit is additionally arranged on the register, the control bit is used for controlling whether the non-sensitive privileged instruction can be directly executed in the virtual machine or not, before the host machine is trapped in the virtual machine, the state of the virtual machine is judged, and the control bit is set according to the judged result. According to the system virtual machine and the method for improving the execution efficiency of the non-sensitive privileged instruction, the hardware is simply modified, and the software is utilized for controlling, so that the execution efficiency of the non-sensitive privileged instruction in the virtual machine is effectively improved, and the accuracy and the safety during the execution of the non-sensitive privileged instruction are guaranteed.
Description
Technical field
The present invention relates to computer hardware architectures and system virtualization field, especially relate to a kind of system virtual machine and method that non-sensitive privileged instruction is carried out efficient that improve.
Background technology
Virtual machine instructions is divided into two classes: responsive instruction and non-sensitive instruction (harmless instruction).Responsive instruction refers to any change or relies on the instruction of system resource, and responsive instruction cannot directly be carried out on physical cpu; Otherwise non-sensitive instruction can directly be carried out on physical machine, and therefore responsive instruction is carried out needs generation unusual.Simultaneously, because virtual machine need to run under the unprivileged state, the privileged instruction of virtual machine also can produce unusual when carrying out, and the relation of responsive instruction and privileged instruction as shown in Figure 1.Because can produce unusually, so the virtualized bottleneck of CPU is privileged instruction and responsive instruction.
In the prior art, the mode of accelerating responsive instruction and privileged instruction is divided into two kinds: a kind of is to increase extra operator scheme in CPU; Another kind is software mode (such as retouching operation system code mode, binary translation etc.).
After in CPU, increasing extra operator scheme, responsive instruction does not affect the privileged resource of host, and under this operator scheme, also divide franchise attitude and unprivileged state, therefore most responsive instructions and privileged instruction can not produce unusually, framework for there not being the auxiliary virtual design of this hardware can't make in this way.
Software mode for be the CPU that does not have the auxiliary virtual design of hardware to support, with the alternative privileged instruction of the non-sensitive instruction of a series of non-privileges and responsive instruction; Yet, the modification of the method system of being limited in scope, extensibility is relatively poor.
Therefore, need at present a kind of method that the software replacement method can not be processed the defective of some non-sensitive privileged instruction that solves, can be so that the execution of non-sensitive privileged instruction highly effective and safe in system virtual machine.
Summary of the invention
For addressing the above problem, the invention provides a kind of system virtual machine and method that non-sensitive privileged instruction is carried out efficient that improve.
In first aspect, the invention provides a kind of system virtual machine that non-sensitive privileged instruction is carried out efficient that improves.This system virtual machine comprises host and at least one virtual machine, described host and virtual machine operate on the CPU, and described CPU comprises register, it is characterized in that, described register additionally arranges control bit, and can be used for controlling non-sensitive privileged instruction directly carry out at virtual machine; Wherein, host was judged the state of virtual machine before being absorbed in virtual machine, according to judged result, described control bit is set.
Further, when described virtual machine is carried out VME operating system, control bit is set for opening, then allows the directly operation on virtual machine of non-sensitive privileged instruction; When described virtual machine withdraws from VME operating system, control bit is set for closing, then forbids the directly operation on virtual machine of non-sensitive privileged instruction.
Further, described host comprises virtual machine monitor VMM, by described virtual machine monitor VMM is set, so that before host enters virtual machine, judge the state of virtual machine.
In second aspect, the invention provides a kind of method that non-sensitive privileged instruction is carried out efficient that improves.Can the method be implemented in the said system virtual machine, and host and virtual machine operate on the CPU, and described CPU comprises register, the control bit that has the non-sensitive privileged instruction of control directly carry out in virtual machine on the described register.The method step specifically comprises: host was judged the state of virtual machine before being absorbed in virtual machine, according to judged result, described control bit is set.
Further, when described virtual machine is carried out VME operating system, described control bit is set for opening, then allows the directly operation on virtual machine of non-sensitive privileged instruction; When described virtual machine withdraws from VME operating system, control bit is set for closing, then forbids the directly operation on virtual machine of non-sensitive privileged instruction.
Further, virtual machine monitor VMM is set, so that before host is absorbed in virtual machine, judge the state of virtual machine.
Further, the state of judging virtual machine is judged according to the address of the address of operating system and user program.
Further, distinguish the address of operating system and the address of user program by virtual machine compiler operating system.
The invention solves the software replacement method and can not process the defective of some non-sensitive privileged instruction, and system virtual machine provided by the invention and method compared to wanting in realization simple a lot of at the CPU that increase a new operator scheme more.The execution efficient of the non-sensitive privileged instruction that method provided by the invention effectively improves, and correctness and security when having guaranteed that it is carried out.
Description of drawings
Fig. 1 is the synoptic diagram of the relation between responsive instruction, non-sensitive instruction and the privileged instruction;
Fig. 2 is the process flow diagram of the software and hardware cooperating design method step in the one embodiment of the invention.
Embodiment
The characteristics of non-sensitive privileged instruction are when not increasing the operation bidirectional pattern, and the virtual machine general execution can Anomalies Caused if therefore carry out privileged instruction in virtual machine under the unprivileged state of CPU.Yet belong to non-sensitive instruction for these non-sensitive privileged instructions, if it is directly carried out in virtual machine, can carry out in theory, produce unusual possibility but have, cause the safety issue of virtual machine.
In order to improve the execution efficient of this class instruction in virtual machine, guarantee simultaneously the security of virtual machine, the method for a kind of system virtual machine and a kind of Hardware/Software Collaborative Design has been proposed.Guarantee the feasibility that non-sensitive privileged instruction is carried out by hardware design in virtual machine, the security when guaranteeing that by Software for Design non-sensitive privileged instruction is moved in virtual machine.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Present embodiment describes as example based on realizing the invention provides system virtual machine and method on the Godson CPU of MIPS framework take a kind of.This CPU has two kinds of unprivileged states (namely managing attitude and user's attitude).
The cache instruction is the non-sensitive privileged instruction in the MIPS framework.Because MIPS access CACHE can only pass through the cache instruction, therefore can't improve the execution speed of cache instruction in virtual machine by software mode, yet in the VME operating system implementation, can repeatedly carry out the cache instruction, affect very much operating system performance.Therefore, improve the execution efficient of cache instruction in virtual machine by the mode to the design of hardware and software combination, and guarantee its security in virtual machine.The below introduces its implementation from hardware design and Software for Design respectively.Fig. 2 is the method step process flow diagram of Hardware/Software Collaborative Design.
On the hardware design:
System virtual machine comprises host and at least one virtual machine, and in the present embodiment, host and virtual machine all operate on the Godson CPU based on the MIPS framework.No. 22 newly-increased control bits of register in the inner coprocessor 0 of Godson CPU, can be used for control cache instruction directly carry out on host.
Specifically, before increasing control bit, host is when being absorbed in virtual machine, and virtual machine runs on unprivileged, and coprocessor is unavailable, and the cache instruction produces unusual, so the directly execution on virtual machine that the cache instruction can not be safe.
In order to address the above problem, after increasing control bit, host is carried out the cache instruction and need be checked No. 22 registers in the coprocessor 0 of CPU inside when being absorbed in virtual machine.Judge whether to allow the cache instruction in virtual machine, directly to carry out by the control bit state on No. 22 registers.
Wherein, the state that control bit is set realizes by Software for Design, and this design has guaranteed cache instruction directly security during operation on virtual machine.
On the Software for Design:
At first, virtual machine compiler operating system is separated VME operating system address and virtual machine user program address fully, makes CPU when carrying out virtual machine, does not have address conflict, the security during with assurance cache instruction operation.
In the specific embodiment, by compiling address and the use address of retouching operation system, so that the address of operating system and access all is positioned under the management attitude; In addition, user program operates in user's attitude.
Concrete, virtual machine compiler operating system comprises two aspects: being the compiling address of revising VME operating system on the one hand, is the use address of revising VME operating system on the other hand.Both guaranteed by this two aspect that the VME operating system code operated under the management attitude, guaranteed that again the reference address of data all is positioned under the management attitude in the VME operating system, so during virtual machine operation VME operating system, virtual machine runs on the management attitude, during virtual machine run user program, virtual machine runs on user's attitude, and the address of moving when making virtual machine be in different conditions separates fully, does not produce conflict.
Secondly, revise the setting of virtual machine monitor VMM, so that before host is absorbed in virtual machine, judge the state of virtual machine.The state of control bit is set by judged result.
Concrete, when virtual machine operation system, because CPU carries out VME operating system, in said process, VME operating system is recompilated, so cache instruction direct execution in virtual machine can not produce unusually, so control bit is set for opening this moment, allows the cache instruction in virtual machine, directly to carry out.When virtual machine withdraws from operating system, control bit is set for closing, forbid cache instruction directly execution in virtual machine.
Can find out according to above-described embodiment, the invention provides system virtual machine and method, increase control bit by hardware design, guaranteed the feasibility that non-sensitive privileged instruction is directly carried out in virtual machine, and the security when guaranteeing that by Software for Design non-sensitive privileged instruction is directly carried out in virtual machine.Because non-sensitive privileged instruction can be direct and safe in virtual machine, carry out, so improve the execution efficient of non-sensitive privileged instruction in virtual machine.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; the protection domain that is not intended to limit the present invention; within the spirit and principles in the present invention all, any modification of making, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. one kind is improved the system virtual machine that non-sensitive privileged instruction is carried out efficient, comprise host and at least one virtual machine, described host and virtual machine operate on the CPU, described CPU comprises register, it is characterized in that, described register additionally arranges control bit, and can be used for controlling non-sensitive privileged instruction directly carry out at virtual machine;
Wherein, host was judged the state of virtual machine before being absorbed in virtual machine, according to judged result, described control bit is set.
2. the system as claimed in claim 1 virtual machine is characterized in that, when described virtual machine is carried out VME operating system, described control bit is set for opening, and allows the directly operation on virtual machine of non-sensitive privileged instruction; When described virtual machine withdraws from VME operating system, described control bit is set for closing, then forbids the directly operation on virtual machine of non-sensitive privileged instruction.
3. the system as claimed in claim 1 virtual machine is characterized in that, described host comprises virtual machine monitor VMM, by described virtual machine monitor VMM is set, so that before host enters virtual machine, judge the state of virtual machine.
4. one kind is improved the method that non-sensitive privileged instruction is carried out efficient, host and virtual machine operate on the CPU, described CPU comprises register, the control bit that has the non-sensitive privileged instruction of control in virtual machine, directly to carry out on the described register, and described method step specifically comprises:
Host was judged the state of virtual machine before being absorbed in virtual machine, according to judged result, described control bit is set.
5. method as claimed in claim 4 is characterized in that, when described virtual machine is carried out VME operating system, described control bit is set for opening, and then allows the directly operation on virtual machine of non-sensitive privileged instruction; When described virtual machine withdraws from VME operating system, described control bit is set for closing, then forbids the directly operation on virtual machine of non-sensitive privileged instruction.
6. method as claimed in claim 4 is characterized in that, virtual machine monitor VMM is set, so that before host is absorbed in virtual machine, judge the state of virtual machine.
7. method as claimed in claim 5 is characterized in that, the state of judging virtual machine is judged according to the address of the address of operating system and user program.
8. method as claimed in claim 6 is characterized in that, distinguishes the address of operating system and the address of user program by virtual machine compiler operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210271838.5A CN102855154B (en) | 2012-08-01 | 2012-08-01 | A kind of system virtual machine and method improving non-sensitive privileged instruction execution efficiency |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210271838.5A CN102855154B (en) | 2012-08-01 | 2012-08-01 | A kind of system virtual machine and method improving non-sensitive privileged instruction execution efficiency |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102855154A true CN102855154A (en) | 2013-01-02 |
| CN102855154B CN102855154B (en) | 2015-08-26 |
Family
ID=47401763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210271838.5A Active CN102855154B (en) | 2012-08-01 | 2012-08-01 | A kind of system virtual machine and method improving non-sensitive privileged instruction execution efficiency |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102855154B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN112416508A (en) * | 2019-08-23 | 2021-02-26 | 无锡江南计算技术研究所 | CPU virtualization method based on privilege instruction library |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425046A (en) * | 2008-10-28 | 2009-05-06 | 北京航空航天大学 | Method for implementing distributed I/O resource virtualizing technique |
| CN101681269A (en) * | 2007-05-16 | 2010-03-24 | 威睿公司 | The self-adaptation Dynamic Selection and the application of multiple virtualization techniques |
| US7689987B2 (en) * | 2004-06-30 | 2010-03-30 | Microsoft Corporation | Systems and methods for stack-jumping between a virtual machine and a host environment |
| US8239610B2 (en) * | 2009-10-29 | 2012-08-07 | Red Hat, Inc. | Asynchronous page faults for virtual machines |
-
2012
- 2012-08-01 CN CN201210271838.5A patent/CN102855154B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7689987B2 (en) * | 2004-06-30 | 2010-03-30 | Microsoft Corporation | Systems and methods for stack-jumping between a virtual machine and a host environment |
| CN101681269A (en) * | 2007-05-16 | 2010-03-24 | 威睿公司 | The self-adaptation Dynamic Selection and the application of multiple virtualization techniques |
| CN101425046A (en) * | 2008-10-28 | 2009-05-06 | 北京航空航天大学 | Method for implementing distributed I/O resource virtualizing technique |
| US8239610B2 (en) * | 2009-10-29 | 2012-08-07 | Red Hat, Inc. | Asynchronous page faults for virtual machines |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN112416508A (en) * | 2019-08-23 | 2021-02-26 | 无锡江南计算技术研究所 | CPU virtualization method based on privilege instruction library |
| CN112416508B (en) * | 2019-08-23 | 2022-07-12 | 无锡江南计算技术研究所 | CPU virtualization method based on privilege instruction library |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102855154B (en) | 2015-08-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9244712B2 (en) | Virtualizing performance counters | |
| JP6507435B2 (en) | Instruction emulation processor, method, and system | |
| EP2962240B1 (en) | Performing security operations using binary translation | |
| TWI620124B (en) | Virtual machine control structure shadowing | |
| EP1995662B1 (en) | Controlling virtual machines based on activity state | |
| EP2881860B1 (en) | Method for implementing an interrupt between virtual processors, related device, and system | |
| Goto | Kernel-based virtual machine technology | |
| US20160378977A1 (en) | Simulation of an application | |
| US9697031B2 (en) | Method for implementing inter-virtual processor interrupt by writing register data in a single write operation to a virtual register | |
| US9201823B2 (en) | Pessimistic interrupt affinity for devices | |
| KR20060048597A (en) | Support for transitioning to a virtual machine monitor based upon the privilege level of guest software | |
| US20130326514A1 (en) | Method and apparatus for supporting virtualization of loadable module | |
| JP2016173821A5 (en) | ||
| US20170046187A1 (en) | Guest driven surprise removal for pci devices | |
| WO2018040845A1 (en) | Method and apparatus for scheduling computing resource | |
| CN102855154A (en) | System virtual machine and method for improving execution efficiency of non-sensitive privileged instruction | |
| Chen et al. | Duvisor: a user-level hypervisor through delegated virtualization | |
| US10140148B1 (en) | Copy based IOMMU emulation for out-of-process emulated devices | |
| US20190042661A1 (en) | Methods of Graph-Type Specialization and Optimization in Graph Algorithm DSL Compilation | |
| Molyakov | Token scanning as a new scientific approach in the creation of protected systems: A new generation OS MICROTEK | |
| CN102819712B (en) | Method and device for ensuring security of virtual machine operation system | |
| US9122549B2 (en) | Method and system for emulation of instructions and hardware using background guest mode processing | |
| Kiszka et al. | „Architec-ture of the Kernel-based Virtual Machine (KVM)“ | |
| CN102368167A (en) | Method for displaying SMP (Symmetric Multi-Processing) function of godson CPUs (Central Processing Units) | |
| KR20120065091A (en) | Virtual machine system for driving in-place virtual machine monitor in guest operating system and controlling method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100095 Building 2, Longxin Industrial Park, Zhongguancun environmental protection technology demonstration park, Haidian District, Beijing Patentee after: Loongson Zhongke Technology Co.,Ltd. Address before: 100190 No. 10 South Road, Zhongguancun Academy of Sciences, Haidian District, Beijing Patentee before: LOONGSON TECHNOLOGY Corp.,Ltd. |