CN101097526A - Virtual machine system and accessing control method of hardware equipment - Google Patents
Virtual machine system and accessing control method of hardware equipment Download PDFInfo
- Publication number
- CN101097526A CN101097526A CNA2006100942997A CN200610094299A CN101097526A CN 101097526 A CN101097526 A CN 101097526A CN A2006100942997 A CNA2006100942997 A CN A2006100942997A CN 200610094299 A CN200610094299 A CN 200610094299A CN 101097526 A CN101097526 A CN 101097526A
- Authority
- CN
- China
- Prior art keywords
- access
- module
- information
- operating system
- client operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a accessing control method of virtual machine system and equipment. The virtual machine system includes client operation system and virtual machine monitor and hardware. The access mode information of hardware is stored in nonvolatile memory of the virtual machine system, said virtual machine monitor includes access control module and information obtaining module. The access control module is used to send request of accessing control information of the equipment to the information obtaining module when the virtual machine monitor intercepts equipment access command of the client operation command, and generates corresponding control command to control access of equipment based on access control information.
Description
Technical field
The present invention relates to virtual machine technique, relate in particular to the access control method of a kind of dummy machine system and hardware device thereof.
Background technology
Along with development of computer, Intel Virtualization Technology also is used widely in computer realm.The use that is applied as the user of dummy machine system has brought many convenience, yet dummy machine system will be applied, and also needs dummy machine system can be adapted to various application scenarioss.
In present dummy machine system, there is the corresponding equipment access module respectively in different hardware devices.Wherein, when hardware device was exclusive equipment, corresponding access module was the exclusive access pattern, and when hardware device was shared device, corresponding access module was the share and access pattern.Yet, the device access schema category is few in present dummy machine system, and hardware device can only have unique a kind of selection all the time, that is, or as exclusive equipment, or as shared device, and can't change and control the access hardware pattern, therefore, can not make full use of the characteristic of equipment, also can't satisfy the different demands of different application scene the access module of hardware device.
And, along with applying of dummy machine system, its application scenarios also becomes increasingly complex, and this fixing device access mode that exists in the existing dummy machine system is difficult to satisfy complicated day by day application scenarios, has therefore also further limited applying of dummy machine system.
Summary of the invention
For this reason, target of the present invention is to provide a kind of dummy machine system that can realize that multi-mode equipment is shared.
The invention provides a kind of dummy machine system, comprise client operating system, virtual machine monitor and hardware.Store the access module information of each hardware device in the non-volatile memory medium of described dummy machine system, described virtual machine monitor comprises access control module and information acquisition module.
Wherein access control module is used for having intercepted and captured at virtual machine monitor the back request of having sent the access control information that obtains this equipment to the information acquisition module of device access instruction of client operating system, produces control commands corresponding according to the access control information that obtains and controls the visit of client operating system to equipment.
Described information acquisition module is used for comprising the access control information of access module information and sending it to access control module according to the acquisition request that access control module sends.
In above-mentioned dummy machine system, described dummy machine system also comprises the equipment handover module, and described equipment handover module is used for switching according to the control command actuating equipment of access control module.
In above-mentioned dummy machine system, described dummy machine system comprises that also access module is provided with module, and described access module is provided with module and is used for according to different applied environments corresponding access module information being set.
In above-mentioned dummy machine system, described access module is provided with module and is arranged in service operations system and/or the client operating system.
In above-mentioned dummy machine system, the access module information of the hardware device of storing in the non-volatile memory medium also is stored in when initialization in the presumptive area of internal memory, and described information acquisition module obtains access module information from the presumptive area of this internal memory.
In above-mentioned all dummy machine systems, described access control information also comprises status information of equipment and auxiliary control information.
In above-mentioned dummy machine system, described status information of equipment is stored in the presumptive area of internal memory.
In addition, the present invention also provides a kind of access control method of realizing that multi-mode equipment is shared.Described method comprises:
Step 1, the dummy machine system initialization is with the presumptive area of the predetermined device access information stores in the non-volatile memory medium at internal memory;
Step 2, dummy machine system is intercepted and captured the device access request instruction of client operating system;
The request that step 3, access control module obtain device id and send the access control information that obtains this equipment to the information acquisition module;
Step 4, the information acquisition module obtains the access control information that comprises predetermined equipment shared model information according to device id, and it is returned to access control module;
Whether decision allows and can this equipment be conducted interviews operating system according to access control information for step 5, access control module.
In above-mentioned method, described step 5 specifically comprises:
When the access module of equipment was full shared model, the client operating system that access control module directly allows to send the device access instruction conducted interviews; Or
When access module is restricted to the client operating system number of equipment, access control module judges that then whether the number of client operating system of this equipment of current accessed is less than restricted number, if less than, the client operating system that then allows to send the device access instruction conducts interviews, otherwise the visit of the client operating system that to refuse its visit, refusal lower than the client operating system right of priority of sending device access and instructing and allow the visit of current client operating system or refuse the client operating system of overtime visit and allow the visit of current client operating system; Or
When access module is restricted to the client operating system of visiting this equipment, access control module judges then whether the client operating system that sends the device access instruction is consistent with the client operating system that allows visit, if client operating system consistent then that allow to send the device access instruction conducts interviews, otherwise refuses its visit.
In above-mentioned all methods, described predetermined access module information is provided with by following steps:
Steps A 1 is obtained access module information from the presumptive area of the non-volatile memory medium of storage access patterns information or internal memory;
Steps A 2, after access module information is made amendment, utilize in the amended access module information updating non-volatile memory medium and the presumptive area of internal memory in the access module information of storing.
By the present invention, can realize access control to the various modes of shared device according to the shared control information that comprises predetermined access control information.In addition, because the present invention can be provided with different shared model information according to different application scenarioss, thereby realize equipment sharing mode flexibly, realized that multi-mode equipment is shared, and then satisfied the demand of several scenes for various shared models, solved a difficult problem that runs in the virtual machine popularization process, can promote applying of dummy machine system greatly about the equipment sharing mode.In addition, can also expand multiple shared model based on the present invention, so the present invention is with good expansibility also.
Description of drawings
Fig. 1 is the structural representation of an embodiment of dummy machine system of the present invention;
Fig. 2 is the process flow diagram of hardware device access control method of the present invention;
Fig. 3 is for being provided with the process flow diagram of access module information among the present invention.
Embodiment
Along with the application of dummy machine system, its application scenarios also becomes increasingly complex, and various application scenarioss also may differ widely for the demand of device access pattern.Table 1 shows the access module that USB (universal serial bus) under the various scenes (Universal Serial Bus is called for short USB) portable hard drive may need.
The access module of USB hard disk under the different scenes of table 1
| Scene | Access module | Explanation |
| 1 | Fixedly monopolize | Any moment all only allows a fixing client operating system visit |
| 2 | The foreground is monopolized | Any moment all only allows foreground client operating system visit |
| 3 | Single monopolizing | Synchronization only allows a client operating system visit, and after only the client operating system of current accessed was initiatively abandoned access right, other client operating systems could be visited |
| 4 | A plurality of sharing | Synchronization at most only allows N client operating system visit, and N is greater than 1 summation less than whole client operating systems |
| 5 | Complete sharing | Synchronization allows all client operating system visits |
As can be seen from Table 1, various scenes have nothing in common with each other for the requirement of the access module of hardware device, and the fixing device access mode of existing dummy machine system obviously can't address that need.For this reason, the present invention need provide the access control method of a kind of dummy machine system and hardware device.
Thought of the present invention is to set up corresponding access module information into each hardware device, and controls the visit of client operating system to hardware device according to the access control information that comprises access module information.
Be to realize visit to the various modes of hardware device, need be in the non-volatile memory medium of dummy machine system of the present invention with the access module information stores of hardware device.In addition, because in dummy machine system, virtual machine monitor is mainly used in resources allocation and management, therefore visit non-volatile memory medium continually at dummy machine system run duration virtual machine monitor, the performance of system will be influenced, thereby preferably, the access module information of the hardware device of storing in non-volatile memory medium when initialization is kept in the presumptive area of internal memory, obtains access module information easily for virtual machine monitor.Concrete initialization procedure will be described hereinafter.
The access module information of above-mentioned hardware device is the part of access control information.In addition, access control information also can comprise status information of equipment and auxiliary control information.
Wherein status information of equipment is meant the current state with accessed hardware device, such as the operating system of this equipment of current accessed and number thereof etc., specifically can realize by the device access inventory of setting up each hardware device at the dummy machine system run duration, when a certain client operating system conducts interviews to this hardware device, then this client operating system is listed in the device access inventory of this hardware device, and when client operating system stops visit to this hardware device, then will remove in its slave unit visit inventory.In the operational process of dummy machine system, status information of equipment can be stored in the presumptive area of internal memory with access module information.
Auxiliary control information is that the access control with hardware device is relevant, status information and other configuration information of dummy machine system, such as access time information, and the access privileges of current foreground client operating system, foreground client operating system etc.
Table 2 shows an example of the information content that can comprise in the presumptive area of internal memory.Be understandable that, can also be according to the content that actual conditions are added and deletion is wherein stored, such as monopolizing and the number conditional access module of such as a plurality of shared grades to the permission visitor for single, also can comprise in the content of storage allowing the access time, promptly can be limited the access time.
Canned data content in the presumptive area of table 2 internal memory
| Device id | Access module | Fair visitor | Allow visitor's number | The device access inventory |
| 001 | 1 (fixedly monopolizing) | Guest OS1 | ||
| 002 | 2 (foreground is monopolized) | |||
| 003 | 3 (single monopolizing) | |||
| 004 | 4 (a plurality of sharing) | 3 | Guest OS1,Guest OS2 | |
| 005 | 5 (complete sharing) |
Device id is the sign that is used to distinguish different hardware equipment in the dummy machine system, can obtain out access module information, current state information of corresponding hardware device etc. by device id.The set of the resource information of distinct device is unique in dummy machine system, and the set of the interrupt number of each hardware device, I/O address, DMA passage, memory address all is different, therefore can use the set of the resource information of each equipment to make up device id.
As shown in table 2, for the ease of obtain the access module information of hardware device according to device id, can set up the mapping between access module information and the device id.In addition, but mapping relations between apparatus for establishing ID and its memory location of device access pattern in internal memory also.Like this, after directly obtaining corresponding memory location, can obtain the access module information of hardware device from this memory location by device id.
In conjunction with the embodiments the present invention is described in detail below with reference to the accompanying drawings.
Fig. 1 shows the structural representation of an embodiment of dummy machine system of the present invention.Dummy machine system of the present invention comprises service operations system, client operating system, virtual machine monitor and hardware.
Wherein, client operating system is the operating system that the user uses, and such as the operating system of windows XP etc., comprising application module and driver module are arranged, the device access request that application module sends is by convert the device access instruction to through driver module.
The service operations system is the operating system that various services are provided for client operating system, comprises that access module is provided with module, is used for according to different applied environments corresponding access module information being set.
Virtual machine monitor operates on the hardware, has the system resource control, is in charge of the distribution of the hardware resource (processor, internal memory and other equipment etc.) of dummy machine system, comprises access control module, information acquisition module and equipment handover module.
Wherein, access control module is used for sending the request of obtaining access control information to the information acquisition module after virtual machine monitor has been intercepted and captured the device access instruction of client operating system, and controls the visit of client operating system to equipment according to the access control information generation control commands corresponding that obtains.Under the situation that needs equipment to switch, transmitting control commands is given equipment handover module, the switching that is come actuating equipment by the equipment handover module.Under the situation that does not need equipment to switch, directly transmitting control commands is given CPU or dma controller, notifies it to continue the execution of device access instruction.
The information acquisition module is used for the acquisition request access control information that sends according to access control module, and access control information is sent to access control module.
The equipment handover module is used for switching according to the control command actuating equipment of access control module.
Describe the access control method of hardware device of the present invention in detail below with reference to Fig. 2.
Fig. 2 is the process flow diagram of hardware device access control method of the present invention.As shown in Figure 2, when dummy machine system starts, at first carry out initialization procedure.Directly from non-volatile memory medium (such as hard disk, FLASH etc.), read wherein the access module information of storage, and with the access module information stores of resulting each hardware device in the presumptive area of internal memory (step 200).Such as, in the dummy machine system start-up course, the access module information of storing in the interface reading non-volatile storage medium of the visit non-volatile memory medium that can provide by dummy machine system, and write instruction by internal memory and realize that access module information stores with resulting each hardware device is in the presumptive area of internal memory.
After the dummy machine system initialization, in client operating system, when user operation or application module had triggered the device access request, driver module was converted to the device access instruction with this device access request, and gives CPU or dma controller with the device access instruction.
CPU or dma controller are after the device access instruction that receives from client operating system, CPU gives virtual machine monitor with control, make dummy machine system be absorbed in ROOT pattern (operational mode that virtual machine monitor is possessed of control power) from NON-ROOT pattern (operational mode that client operating system is possessed of control power), for example CPU can be by calling the VM-EXIT order, make that virtual machine is the ROOT pattern from the NON-ROOT mode switch, like this, virtual machine monitor just can be intercepted and captured the device access instruction (step 201) that client operating system sends.
After virtual machine monitor has been intercepted and captured from the instruction of the device access of client operating system, access control module is known the device id of accessed hardware device according to the resource collection information such as port address, interrupt number, memory address and DMA channel information of hardware device in the device access instruction, send request to the information acquisition module then, the solicited message acquisition module obtains the access control information (step 202) of this equipment.
The information acquisition module obtains the access module information and the status information of equipment of this hardware device according to device id from the presumptive area of internal memory, and obtains auxiliary control information from dummy machine system.Such as in dummy machine system, comprise whether being the information on foreground in the attribute of each client operating system, therefore as long as, can learn current foreground client operating system by checking the attribute information of each dummy machine system.The information acquisition module obtains after the access control information, with the access control information backward reference control module (step 203) that obtains.In addition, also can directly from the presumptive area of internal memory and dummy machine system, obtain access control information, and need not obtain access control information by information acquisition module by access control module.
After access control module obtains access control information, determine whether to allow this client operating system to this hardware device conduct interviews (step 204) according to access control information.
To be that example is described concrete control deterministic process below with the access module of USB hard disk in the table 1.
1) when device access pattern during for fixing exclusive occupying mode, access control module judges whether the permission visitor in the access module information is consistent with the client operating system that sends the device access instruction, if it is consistent, the client operating system that then allows to send the device access instruction conducts interviews to this hardware device, otherwise denied access;
2) when the device access pattern is the foreground exclusive occupying mode, access control module judges whether the foreground client operating system is consistent with the client operating system that sends the device access instruction in the auxiliary control information, if it is consistent, then allow to send the access hardware devices of device access instruction, otherwise denied access;
3) when the device access pattern is single exclusive occupying mode, the number of the client operating system of this hardware device of current accessed in the access control module judgment device current state, if number is zero, the client operating system that then allows to send the device access instruction conducts interviews, otherwise denied access;
4) when the device access pattern is a plurality of shared model, whether the client operating system number of this equipment of current accessed allows the visit number less than the maximum in the access module information in the access control module judgment device current state, if, the client operating system that then allows to send the device access instruction conducts interviews, otherwise denied access;
5) when the device access pattern is full shared model, the client operating system that then directly allows to send the device access instruction conducts interviews.
Under the situation that allows client operating system that hardware device is conducted interviews, the equipment that further judges whether to carry out switches, such as for the foreground exclusive equipment, if have other client operating system visiting this equipment then need to switch this moment, access control module is given the equipment handover module with regard to transmitting control commands so, by the equipment handover module this equipment is switched to the operating system that is allowed to visit from other client operating system, such as ignoring, abandon access instruction that other client operating system sends or visit data etc. or other irrelevant place is hinted obliquely in the address of its visit, perhaps initiating a message to other client operating systems notifies it to stop visit, send control command simultaneously and make corresponding C PU or dma controller continue to handle the device access instruction of the client operating system that is allowed to, and then the equipment of finishing switches; Switch if need not actuating equipment, then the direct transmitting control commands of access control module notifies it to continue to handle the device access instruction of the client operating system that is allowed to for corresponding C PU or dma controller.
Access control module sends after the control command, the power of then CPU will being operated is given client operating system, and operating result returned to driver module in the client operating system, for example CPU can call VM-ENTRY order and makes virtual machine be absorbed in the NON-ROOT pattern from the ROOT pattern, and the driver module of client operating system obtains after the operation result information this information being returned to the upper strata client operating system.In addition, also can be only at the access instruction return result who needs the return result.
The above-mentioned access control that provides only is an example.In fact, can also add other control law.Such as setting the time that each equipment allows visit for the conditional access module of number (for example, independent access module or a plurality of access module) to the permission visit.When in the access module information device access time having been carried out restriction, need in the dummy machine system access time of each equipment of visiting is carried out record, and in the auxiliary control information that the information acquisition module obtains, comprise the access time of current equipment of visiting.Access control module obtained after the access time of this equipment, get final product the visit of the overtime client operating system of denied access, and then control visit for this equipment according to access control information, judge at first perhaps whether current state allows visit, under the situation that does not allow to visit, if there is overtime equipment, then will switch by equipment handover module actuating equipment, this equipment is switched to the client operating system that sends the device access steering order from overtime client operating system.
In addition, can also add priority rule as required.Such as for priority rule being set, come further device access to be controlled according to the priority of the client operating system that is provided with in the dummy machine system to the conditional access module of number (for example independent access module or a plurality of access module) that allows visit.When status information of equipment shows that the number of the client operating system of this equipment of current accessed has been maximum, then check the device access inventory, if there is the low client operating system of priority, then can switch, allow the high client operating system of priority to conduct interviews with the visit of refusing the relatively low client operating system of priority by equipment handover module actuating equipment.Specifically be to refuse the visit of the longest client operating system of priority central access time minimum or that all priority are lower or use other modes to refuse strategy, this can be provided with according to the demand of system.Therefore, based on thought of the present invention multiple access module can be set and formulate multiple access rule, the present invention has very big extensibility.
In the system and method for the foregoing description, by being permitted the run duration of dummy machine system, in the presumptive area of internal memory, preserve predetermined access module information and according to the access control information that comprises access module information control that visit to hardware device sets in can being implemented in system's operational process according to dummy machine system the visit that comes hardware equipment of access module.
In addition, Fig. 3 also shows the procedure that access module information is set according to different application scenarioss.
As shown in Figure 3, when dummy machine system is absorbed in the Root-3 pattern that the service operations system is possessed of control power, access module in the service operations system is provided with the request that module is sent the read access pattern information, and driver module converts this request to equipment access interface that device access instruction provides by virtual machine monitor directly from non-volatile memory medium (such as hard disk, FLASH etc.) and present to the user.In addition, access module is provided with module also can directly obtain access module information from the presumptive area of internal memory, perhaps send request to access control module, obtain the access module information of storing in the presumptive area of internal memory by device access control module command information acquisition module, and obtaining device access information is returned to access module module (step 300) is set.
Then, the user makes amendment to access module information in the service operations system.After revising validation of information, access module is provided with module and sends the device access request once more, utilizes amended information updating to be stored in access module information in the non-volatile memory medium, and the access module information of storing in the presumptive area of updating memory simultaneously.Access module be provided with module to the renewal of the access module information of the storage in the internal memory except adopting common internal storage access mode directly upgrades, access module is provided with module can also send request to access control module, carries out renewal (step 301) to access module information by access control module.
It should be noted that the present invention only can carry out the parameter setting in the service operations system.The scheme that can substitute is, operates access module being set in the system module being set so that parameter is provided with the client.Can also in client operating system and service operations system, access module be set all module is set.When access module is provided with module and is arranged on client operating system, authority can be set for the parameter of client operating system be limited guaranteeing security of system, such as by modes such as authentications.
Different with the situation that access module information is set in the service operations system is that carrying out pattern setting at client operating system need operate in the setting of NON-ROOT pattern execution parameter of following time in system, promptly under the pattern that client operating system is possessed of control power.Detailed process is similar with the process of usually at client operating system internal memory and non-volatile memory device being read and write, and no longer describes in detail herein.
By the present invention, can realize access control to hardware device, and different access modules can be set according to different application scenarioss, thereby realized the multimode access of hardware device, and can satisfy the demand of several scenes, and then help applying of dummy machine system for various access modules.In addition, owing to can increase access module according to the actual requirements and formulate corresponding access rule based on the present invention, therefore system of the present invention also is with good expansibility.
Should be noted in the discussion above that to comprise two client operating systems in the accompanying drawings, this is that in fact, dummy machine system of the present invention can comprise more client operating system as required for convenience of description, but these do not influence realization of the present invention.In addition, of the present invention is that example shows a plurality of embodiment with Xen, but the present invention is not limited to this, and it is the dummy machine system of representative that thought in fact of the present invention can be applied to VmWare, be in the dummy machine system of the modification of dummy machine system, these systems of representative and other structure types with Xen.
One skilled in the art will appreciate that the embodiment that goes out shown in the present, only be understanding, and be not to be any restriction that the present invention is made in order to help to invent.In addition, under any situation that does not deviate from category of the present invention, any modification and substitute and all belong to category of the present invention.
Claims (10)
1. dummy machine system, comprise client operating system, virtual machine monitor and hardware, it is characterized in that, store the access module information of each hardware device in the non-volatile memory medium of described dummy machine system, described virtual machine monitor comprises access control module and information acquisition module, wherein
Access control module is used for having intercepted and captured at virtual machine monitor the back request of having sent the access control information that obtains this equipment to the information acquisition module of device access instruction of client operating system, produces control commands corresponding according to the access control information that obtains and controls the visit of client operating system to equipment;
Described information acquisition module is used for comprising the access control information of access module information and sending it to access control module according to the acquisition request that access control module sends.
2. dummy machine system according to claim 1 is characterized in that described dummy machine system also comprises the equipment handover module, and described equipment handover module is used for switching according to the control command actuating equipment of access control module.
3. dummy machine system according to claim 1 is characterized in that, described dummy machine system comprises that also access module is provided with module, and described access module is provided with module and is used for according to different applied environments corresponding access module information being set.
4. dummy machine system according to claim 3 is characterized in that described access module is provided with module and is arranged in service operations system and/or the client operating system.
5. dummy machine system according to claim 1, it is characterized in that, the access module information of the hardware device of storing in the non-volatile memory medium also is stored in when initialization in the presumptive area of internal memory, and described information acquisition module obtains access module information from the presumptive area of this internal memory.
6. according to each described dummy machine system of claim 1 to 5, it is characterized in that described access control information also comprises status information of equipment and auxiliary control information.
7. dummy machine system according to claim 6 is characterized in that described status information of equipment is stored in the presumptive area of internal memory.
8. the access control method of an equipment, described method comprises:
Step 1, the dummy machine system initialization is with the presumptive area of the predetermined device access information stores in the non-volatile memory medium at internal memory;
Step 2, dummy machine system is intercepted and captured the device access request instruction of client operating system;
The request that step 3, access control module obtain device id and send the access control information that obtains this equipment to the information acquisition module;
Step 4, the information acquisition module obtains the access control information that comprises predetermined equipment shared model information according to device id, and it is returned to access control module;
Whether decision allows and can this equipment be conducted interviews operating system according to access control information for step 5, access control module.
9. want its 8 described method according to power, it is characterized in that described step 5 specifically comprises:
When the access module of equipment was full shared model, the client operating system that access control module directly allows to send the device access instruction conducted interviews; Or
When access module is restricted to the client operating system number of visiting this equipment, access control module judges that then whether the number of client operating system of this equipment of current accessed is less than restricted number, if less than, the client operating system that then allows to send the device access instruction conducts interviews, otherwise the visit of the client operating system that to refuse its visit, refusal lower than the client operating system right of priority of sending device access and instructing and allow the visit of current client operating system or refuse the client operating system of overtime visit and allow the visit of current client operating system; Or
When access module is restricted to the client operating system of visiting this equipment, access control module judges then whether the client operating system that sends the device access instruction is consistent with the client operating system that allows visit, if client operating system consistent then that allow to send the device access instruction conducts interviews, otherwise refuses its visit.
10. according to Claim 8 or 9 described methods, it is characterized in that described predetermined access module information is provided with by following steps:
Steps A 1 is obtained access module information from the presumptive area of the non-volatile memory medium of storage access patterns information or internal memory;
Steps A 2, after access module information is made amendment, utilize in the amended access module information updating non-volatile memory medium and the presumptive area of internal memory in the access module information of storing.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100942997A CN100489782C (en) | 2006-06-29 | 2006-06-29 | Virtual machine system and accessing control method of hardware equipment |
| US11/767,266 US20080022376A1 (en) | 2006-06-23 | 2007-06-22 | System and method for hardware access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100942997A CN100489782C (en) | 2006-06-29 | 2006-06-29 | Virtual machine system and accessing control method of hardware equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101097526A true CN101097526A (en) | 2008-01-02 |
| CN100489782C CN100489782C (en) | 2009-05-20 |
Family
ID=39011373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100942997A Active CN100489782C (en) | 2006-06-23 | 2006-06-29 | Virtual machine system and accessing control method of hardware equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100489782C (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216777B (en) * | 2008-01-11 | 2010-11-03 | 华中科技大学 | Rapid deployment system under multi-dummy machine environment |
| CN102073821A (en) * | 2011-01-27 | 2011-05-25 | 北京工业大学 | XEN platform-based virtual safety communication tunnel establishing method |
| CN101499016B (en) * | 2008-01-31 | 2011-09-21 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
| CN102664756A (en) * | 2012-04-24 | 2012-09-12 | 北京星网锐捷网络技术有限公司 | Device access method, device and system |
| CN102866965A (en) * | 2011-07-07 | 2013-01-09 | 华为技术有限公司 | Method and device for calling read-only device |
| CN102934096A (en) * | 2010-03-18 | 2013-02-13 | 甲骨文国际公司 | Accelerating memory operations using virtualization information |
| CN103036975A (en) * | 2012-12-13 | 2013-04-10 | 深信服网络科技(深圳)有限公司 | Virtual machine control method and control device |
| CN101685404B (en) * | 2008-09-28 | 2013-06-05 | 联想(北京)有限公司 | Device and method for dynamically switching equipment in virtual environment |
| CN103365741A (en) * | 2012-03-30 | 2013-10-23 | 伊姆西公司 | Method and equipment for snapshot and recovery of virtual machine cluster |
| CN103365803A (en) * | 2012-03-29 | 2013-10-23 | 富士通株式会社 | Access control method, server device, and storage device |
| CN104407985A (en) * | 2014-12-15 | 2015-03-11 | 泰斗微电子科技有限公司 | Memorizer address mapping method and memorizer address mapping system |
| CN105438498A (en) * | 2014-08-29 | 2016-03-30 | 深圳航天科技创新研究院 | Management method and device for satellite-borne equipment |
| CN102866965B (en) * | 2011-07-07 | 2016-12-14 | 华为技术有限公司 | The method and apparatus calling read-only device |
| CN106874785A (en) * | 2017-01-13 | 2017-06-20 | 北京元心科技有限公司 | System file access method and device for multiple operating systems |
| CN107660332A (en) * | 2015-06-09 | 2018-02-02 | 英特尔公司 | Systems, devices and methods for the stateful application of control data in a device |
| CN108292233A (en) * | 2015-12-21 | 2018-07-17 | 英特尔公司 | Open the application processor of virtual machine |
| CN108595248A (en) * | 2018-04-24 | 2018-09-28 | 深信服科技股份有限公司 | A kind of virtualization system communication means, device, equipment and virtualization system |
| CN108780387A (en) * | 2016-03-21 | 2018-11-09 | 高通股份有限公司 | Storage resource management in virtualized environment |
-
2006
- 2006-06-29 CN CNB2006100942997A patent/CN100489782C/en active Active
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216777B (en) * | 2008-01-11 | 2010-11-03 | 华中科技大学 | Rapid deployment system under multi-dummy machine environment |
| CN101499016B (en) * | 2008-01-31 | 2011-09-21 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
| CN101685404B (en) * | 2008-09-28 | 2013-06-05 | 联想(北京)有限公司 | Device and method for dynamically switching equipment in virtual environment |
| CN102934096B (en) * | 2010-03-18 | 2016-03-09 | 甲骨文国际公司 | Use the method and system of virtualization information speeds up memory operation |
| CN102934096A (en) * | 2010-03-18 | 2013-02-13 | 甲骨文国际公司 | Accelerating memory operations using virtualization information |
| CN102073821A (en) * | 2011-01-27 | 2011-05-25 | 北京工业大学 | XEN platform-based virtual safety communication tunnel establishing method |
| CN102073821B (en) * | 2011-01-27 | 2012-10-31 | 北京工业大学 | XEN platform-based virtual safety communication tunnel establishing method |
| CN102866965B (en) * | 2011-07-07 | 2016-12-14 | 华为技术有限公司 | The method and apparatus calling read-only device |
| CN102866965A (en) * | 2011-07-07 | 2013-01-09 | 华为技术有限公司 | Method and device for calling read-only device |
| CN103365803B (en) * | 2012-03-29 | 2016-05-04 | 富士通株式会社 | Access control method, server unit and storage device |
| CN103365803A (en) * | 2012-03-29 | 2013-10-23 | 富士通株式会社 | Access control method, server device, and storage device |
| CN103365741A (en) * | 2012-03-30 | 2013-10-23 | 伊姆西公司 | Method and equipment for snapshot and recovery of virtual machine cluster |
| CN103365741B (en) * | 2012-03-30 | 2016-05-04 | 伊姆西公司 | For the snapshot of cluster virtual machine and the method and apparatus of recovery |
| CN102664756B (en) * | 2012-04-24 | 2015-07-22 | 北京星网锐捷网络技术有限公司 | Device access method, device and system |
| CN102664756A (en) * | 2012-04-24 | 2012-09-12 | 北京星网锐捷网络技术有限公司 | Device access method, device and system |
| CN103036975A (en) * | 2012-12-13 | 2013-04-10 | 深信服网络科技(深圳)有限公司 | Virtual machine control method and control device |
| CN103036975B (en) * | 2012-12-13 | 2016-03-09 | 深信服网络科技(深圳)有限公司 | virtual machine control method and device |
| CN105438498A (en) * | 2014-08-29 | 2016-03-30 | 深圳航天科技创新研究院 | Management method and device for satellite-borne equipment |
| CN105438498B (en) * | 2014-08-29 | 2017-11-14 | 深圳航天科技创新研究院 | The management method and device of a kind of satellite borne equipment |
| CN104407985A (en) * | 2014-12-15 | 2015-03-11 | 泰斗微电子科技有限公司 | Memorizer address mapping method and memorizer address mapping system |
| CN104407985B (en) * | 2014-12-15 | 2018-04-03 | 泰斗微电子科技有限公司 | Storage address mapping method and storage address mapped system |
| CN107660332A (en) * | 2015-06-09 | 2018-02-02 | 英特尔公司 | Systems, devices and methods for the stateful application of control data in a device |
| CN107660332B (en) * | 2015-06-09 | 2021-05-28 | 英特尔公司 | System, apparatus and method for controlling stateful application of data in a device |
| CN108292233B (en) * | 2015-12-21 | 2021-11-09 | 英特尔公司 | Application processor for starting virtual machine |
| CN108292233A (en) * | 2015-12-21 | 2018-07-17 | 英特尔公司 | Open the application processor of virtual machine |
| CN108780387A (en) * | 2016-03-21 | 2018-11-09 | 高通股份有限公司 | Storage resource management in virtualized environment |
| CN108780387B (en) * | 2016-03-21 | 2021-06-29 | 高通股份有限公司 | Storage resource management in a virtualized environment |
| CN106874785A (en) * | 2017-01-13 | 2017-06-20 | 北京元心科技有限公司 | System file access method and device for multiple operating systems |
| CN108595248A (en) * | 2018-04-24 | 2018-09-28 | 深信服科技股份有限公司 | A kind of virtualization system communication means, device, equipment and virtualization system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100489782C (en) | 2009-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100489782C (en) | Virtual machine system and accessing control method of hardware equipment | |
| US20080022376A1 (en) | System and method for hardware access control | |
| US7827615B1 (en) | Hybrid role-based discretionary access control | |
| CN100426238C (en) | VEX - virtual extension framework | |
| CN102214118A (en) | Method, system and device for controlling virtual machine (VM) | |
| CN106528269B (en) | The virtual machine access control system and control method of lightweight | |
| KR20070005903A (en) | Computer system | |
| CN105900105A (en) | Media protection policy enforcement for multiple-operating-system environments | |
| CN100419620C (en) | Method for command interaction and two-way data transmission on USB mass storage equipment by program and USB mass storage equipment | |
| CN113064697B (en) | Method for accelerating communication between microkernel processes by using multiple hardware characteristics | |
| CN101101575A (en) | Data safe memory method and device | |
| CN106776067A (en) | Method and device for managing system resources in multi-container system | |
| CN109412830B (en) | Method and device for curing internet card name, computer equipment and storage medium | |
| CN115408707B (en) | Data transmission method, device and system, electronic equipment and storage medium | |
| CN101169737A (en) | Task switching control method and computer system | |
| CN106897027B (en) | Distributed storage service system and method based on desktop virtualization | |
| CN112835846A (en) | System on chip | |
| US10936506B2 (en) | Method for tagging control information associated with a physical address, processing system and device | |
| CN104462893A (en) | Method and device for managing multiple SE modules | |
| CN100477005C (en) | Partition-supporting flash memory device | |
| CN102929802B (en) | A kind of guard method of storage resources and system | |
| US20140245291A1 (en) | Sharing devices assigned to virtual machines using runtime exclusion | |
| KR20150010095A (en) | Apparatus for configuring operating system and method thereof | |
| CN101436162A (en) | Method and system for implementing memory multiuser management | |
| CN108491249B (en) | Kernel module isolation method and system based on module weight |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |