CN101872312A - Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) - Google Patents
Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) Download PDFInfo
- Publication number
- CN101872312A CN101872312A CN200910116596A CN200910116596A CN101872312A CN 101872312 A CN101872312 A CN 101872312A CN 200910116596 A CN200910116596 A CN 200910116596A CN 200910116596 A CN200910116596 A CN 200910116596A CN 101872312 A CN101872312 A CN 101872312A
- Authority
- CN
- China
- Prior art keywords
- client
- vmm
- descriptors
- virtual machine
- guest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Memory System Of A Hierarchy Structure (AREA)
Abstract
The invention relates to a method for efficiently and dynamically acquiring process descriptors of a client Linux operation system according to requirements by adopting a VMM (Virtual Machine Monitor). On the premise of not changing the client operation system, the process descriptors of the client operation system in the current process can be dynamically acquired by a stack pointer register in the VMM, and members of a tasks linked table of the process descriptor are then traversed so as to directly and dynamically acquire all process descriptors in the client Linux operation system according to requirements. By fully utilizing Linux core characteristics, the operation of searching a client page table in the acquisition process and the operation of acquiring the process descriptor in the current client process by the stack pointer register at a time are eliminated, thereby reducing the influence on the VMM performance to minimum.
Description
Technical field
The present invention relates to virtual machine technique in general, more specifically, relates to the method for the process descriptors that is dynamic on-demand access to all processes of Client OS in the monitor of virtual machine.
Background technology
The system virtualization machine technology fictionalizes one or more computing platforms by increase one deck software layer on physical hardware, and this layer software layer is called as virtual monitor device (Virtual Machine Monitor), is called for short VMM.The system that so fictionalizes is called as virtual machine, and this virtual machine is also referred to as client computer (Guest) sometimes.Virtual machine is all at the monitoring of VMM and auxiliary visit bottom physical hardware down.So because VMM can allow the resource of the transparent multiplexing physical machine of a plurality of virtual machines can carry out strict monitoring to virtual machine again simultaneously. virtual technology has obtained in enterprise calculation, cloud computing, disaster recovery and security of system field using widely in recent years.
Though VMM is managing virtual machines effectively, but its management granularity is a virtual machine-level, need and can the process of operating system in the virtual machine be managed under a lot of situations, that is to say that the management granularity need reach process-level, such as list all processes in the current VME operating system, collect they load information, kill wherein certain process or the like, What is more needs the kernel execution route of the process in the VME operating system that obtains sometimes.
The simplest method is a client server mode, supervisory routine of operation in VMM and in the management work of a Control Server specific implementation of Client OS (Guest OS) lining operation.Supervisory routine among the VMM is communicated by letter with Control Server by means of communication such as socket, shared drives, is realized certain management function and the result is passed back by the indication Control Server of giving an order of the supervisory routine among the VMM.But this method needs Client OS (Guest OS) to move extra control service program; If Client OS (Guest OS) generation problem or extra unexpected termination of control service processes, the management tool that the method realizes will lose efficacy; And this management tool is when being applied to security solution based on VMM, and Client OS (Guest OS) is considered to incredible usually, and its information of returning may victim malicious modification.
Process descriptors has been preserved all relevant informations and the control structure of process in the operating system, if can in VMM, obtain the process descriptors in the Client OS (Guest OS), just can be undertaken the management of process in the Client OS (Guest OS) so by directly under VMM, operating this process descriptors.A kind of method of directly obtaining the process descriptors of Client OS (Guest OS) in VMM is arranged at present, it is mainly by intercepting and capturing the operation of writing page directory register (being the CR3 register) among the VMM on X86, thereby the page directory address that when each Client OS (Guest OS) process switching, obtains process among the GuestOS, this address and corresponding client machine operation system (Guest OS) process descriptors address are kept in the core buffer, and the page directory address with Client OS (Guest OS) process when needing is that key word is searched in core buffer.The deficiency of this method is: one. with the page directory address is that key word can not identify all processes, because be not that all processes all have independently page directory address in the system.The kernel thread among the Linux (kernel thread) and call the Lightweight Process that the clone function generates with OLONE_VM sign and do not have oneself independently page directory address for example; Two. need be that key word searches in buffer zone whether record has been arranged in buffer zone with Client OS (Guest OS) process page directory address all when Client OS (Guest OS) process switching, Client OS (Guest OS) the process switching time significantly increases and has a strong impact on the VMM performance; Three. the process extinction time need be searched the record and the deletion of this process correspondence in buffer zone, this not only reduces the VMM performance again, and even more serious is that VMM is difficult to learn which process is withered away, when withered away in the Client OS (Guest OS).The operation of deletion record from buffer zone of process extinction time has been left in the basket.So it is all process descriptors in can not complete acquisition Client OS (Guest OS), and very big to the VMM performance impact.
Summary of the invention
Therefore, consider the problems referred to above and make the present invention, the purpose of this invention is to provide a kind of method that directly in VMM, is dynamic on-demand access to the process descriptors of Client OS, thereby the Effect on Performance to VMM has been avoided in the operation of not intercepting and capturing among any VMM.The present invention's characteristics of making full use of the Client OS process descriptors have proposed a kind of method of eliminating the performance bottleneck in the above-mentioned dynamic acquisition process descriptors process on the other hand, have obtained greatly performance boost.
Process descriptors in the linux kernel is that type is the structure of task_struct, and the information that all processes are relevant all is kept in this structure.Begin to introduce the thread_info structure from the Linux2.6 kernel and be used for preserving the most frequent content that is arranged in the task_struct structure originally of visit, the task_struct structure no longer is positioned at the top of kernel stack.Linux kernel is used for depositing thread_info structure and kernel state process stacks for the region of memory of the individual page of each course allocation (THREAD_ORDER+1).Whether according to using independently interrupt stack is defined as zero or is one THREAD_ORDER when kernel compiling configuration.The thread_info structure is positioned at the front end of region of memory, and the kernel state storehouse down increases from the end of region of memory.The thread_info that a stack pointed correspondence is arranged in the task_struct structure also has individual task to point to corresponding task_struct simultaneously in the thread_info structure.
If sp is the SP that is used to refer to current stack top location in the processor, carry out p=sp﹠amp behind such c language statement so; (THREAD_SIZE-1), p will point to the thread_info structure of process, so p->task will point to the task_struct structure of process.
The task_struct structure has the member of a type for struct list_head tasks by name, and linux kernel is linked at the process descriptors of all processes in the system together by this member.As long as travel through successively this chained list can the acquisition system in the process descriptors of all processes
The present invention just goes to obtain all process descriptors of Client OS (Guest OS) when needed, during general each acquisition process descriptors, all needing the virtual address translation in the Client OS (Guest OS) is physical address in the Client OS (Guest OS), and then reads this place, address value.Conversion operations wherein need obtain the pairing page table address of virtual address that will change by query client operating system (Guest OS) page directory tables, and then inquire about this page table again and obtain physical address in the Client OS (Guest OS), this process is very time-consuming.But the virtual address of operating system process descriptors and the transformational relation between the physical address are normally very simple, generally only differ a constant skew, have eliminated the query page table handling so the present invention makes full use of this transformational relation, have promoted performance.
When dynamically obtaining all process descriptors, all will obtain Client OS (Guest OS) current process descriptor address from kernel stack by SP earlier, this is optional in fact at every turn.Dynamically obtain for the first time the process descriptors that can find certain process of never withering away at system's run duration in the Client OS (Guest OS) after all process descriptors.In case obtain can preserving fully behind this process descriptors address, after this traveling through all from then on, the tasks chained list member of process descriptors begins traversal.
The invention has the beneficial effects as follows, do not need to change Client OS (Guest OS), proposed a kind of under VMM dynamic on-demand intactly obtain the method for client Linux operating system process descriptors, be very little to the VMM Effect on Performance simultaneously, overcome and the sort ofly operated imperfection and the performance drawback that obtains the process descriptors method by some that intercept and capture VMM.
Embodiment
VMM among the present invention is the lguest among the Linux kernel 2.6.29, and Client OS (Guest OS) is the Debian linux system of the same version kernel of operation.Hardware platform is an X8632 position pc machine
Realized among the lguest that the guest_pa function is used to change the guest virtual address and is corresponding guest physical address.Realized that in addition the lgread function is used for reading the value at place, place, guest physics address.The present invention just can directly read the content of virtual address indication internal memory among the guest in conjunction with these two functions in VMM.The ESP register is the CPU SP under the X86 platform simultaneously, is used to refer to current stack top location.
Obtain the process descriptors of process by following inline function: the value of p was the thread_info structure address of process in the Client OS (Guest OS) after the second statement executed, but this address is the virtual address among the guest, we can not directly obtain its task member's value with p->task, need call the guest_pa function is the guest physical address with the guest virtual address translation, calls lgread at last and reads the process descriptors address.
static?inline?struct?task_struct*g_current(struct?lg_cpu?cpu)
{
struct?task_struct*p;
p=~(THREAD_SIZE-1)&cpu->regs->esp;
p=guest_pa(cpu,p->task);
p=lgread(cpu,p,unsigned?long);
return?p;
}
Process descriptors task_struct is distributed in the logical address space of direct mapping physical internal memory of kernel in the linux kernel, and its virtual address is very simple to the physical address map relation, only differs a constant (PAGE_OFFSET) skew usually.In this case, the present invention substitutes the guest_pa function call with simply deducting a constant offset operation.The performance boost that brings thus is surprising.
Dynamically obtain for the first time and find No. 0 process in the Client OS (Guest OS) after all process descriptors the descriptor that also is the swapper process among the present invention, this process is first process in the linux system and never withers away at system's run duration.In case obtain to preserve fully so that use the back behind this process descriptors address, cost is exactly to have used the static variable in one 4 word city to store it more, the income that brings is to have eliminated the operation that at every turn all will obtain the process descriptors address in the dynamic acquisition process in back again, and this comprises a guest_pa function call, a lgread function call.This is the optimization method of typically trading space for time.
The c pseudo-code of the algorithm of whole flow process is as follows:
inittask=task=p=g_current(cpu);
do{
The represented process of task is carried out the bookkeeping of various proceeding graininess;
p=&task->tasks;
// read the value that type is the tasks member of struct list_head
l=lgread(cpu,guest_pa(cpu,p),struct?list_head);
// the next pointer of chained list is composed to p
p=1.next;
// read the value of p
p=lgread(cpu,guest_pa(cpu,p),struct?list_head*);
// obtain the task_struct structure pointer of p place chained list
task=list_entry(p,struct?task_struct,tasks);
}while(inittask!=task)
In view of foregoing, to be understood that: the invention provides a kind of method, do not revise Client OS and do not influence under the prerequisite of VMM performance, can be in VMM dynamic on-demand obtain the process descriptors of Client OS (Guest OS) so that VMM can be easily and effectively to the management of client process process-level such as list all processes in the current Client OS (Guest OS), collect they load information, kill wherein certain process or the like.In addition, still be understood that:, under the situation of the spirit and scope of the present invention that in not deviating from, define, can make a lot of changes it as following claims although for the illustrative purpose discloses exemplary embodiment of the present invention.
Claims (3)
1. method that is dynamic on-demand access to client Linux operating system process descriptors under monitor of virtual machine (VMM) comprises:
Do not revise Client OS; Under monitor of virtual machine, SP by processor obtains client Linux operating system current process descriptor, and the tasks chained list member dynamic on-demand that travels through this process descriptors obtains all process descriptors in the client Linux operating system.
2. the method for claim 1 further comprises: when monitor of virtual machine traversal tasks chained list member by the client computer virtual address being deducted the operation of a constant offset operation replacement query client computer page table.
3. the method for claim 1, monitor of virtual machine dynamically obtains for the first time preserves certain in never the wither away process descriptors of process of system's run duration after all process descriptors in the client Linux operating system, after this all from then on the tasks chained list member of descriptor begin the traversal, all utilize SP from kernel stack, to obtain no longer at every turn.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910116596A CN101872312A (en) | 2009-04-21 | 2009-04-21 | Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910116596A CN101872312A (en) | 2009-04-21 | 2009-04-21 | Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101872312A true CN101872312A (en) | 2010-10-27 |
Family
ID=42997185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910116596A Pending CN101872312A (en) | 2009-04-21 | 2009-04-21 | Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101872312A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063303A (en) * | 2010-12-22 | 2011-05-18 | 浙大网新科技股份有限公司 | Method for supporting kdata page of WinCE/WM by Linux kernel |
| CN102521140A (en) * | 2011-12-01 | 2012-06-27 | 瑞斯康达科技发展股份有限公司 | Method and device for acquiring descriptor group of activities |
| CN103902371A (en) * | 2014-03-14 | 2014-07-02 | 汉柏科技有限公司 | Method and system for acquiring inner core jiffies from user mode program |
-
2009
- 2009-04-21 CN CN200910116596A patent/CN101872312A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063303A (en) * | 2010-12-22 | 2011-05-18 | 浙大网新科技股份有限公司 | Method for supporting kdata page of WinCE/WM by Linux kernel |
| CN102063303B (en) * | 2010-12-22 | 2013-07-31 | 浙大网新科技股份有限公司 | Method for supporting kdata page of WinCE/WM by Linux kernel |
| CN102521140A (en) * | 2011-12-01 | 2012-06-27 | 瑞斯康达科技发展股份有限公司 | Method and device for acquiring descriptor group of activities |
| CN102521140B (en) * | 2011-12-01 | 2015-04-29 | 瑞斯康达科技发展股份有限公司 | Method and device for acquiring descriptor group of activities |
| CN103902371A (en) * | 2014-03-14 | 2014-07-02 | 汉柏科技有限公司 | Method and system for acquiring inner core jiffies from user mode program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7844954B2 (en) | Using branch instruction counts to facilitate replay of virtual machine instruction execution | |
| US9946870B2 (en) | Apparatus and method thereof for efficient execution of a guest in a virtualized enviroment | |
| US11080244B2 (en) | Inter-version mapping of distributed file systems | |
| US20110167422A1 (en) | Virtualization apparatus | |
| US20130205106A1 (en) | Mapping guest pages to disk blocks to improve virtual machine management processes | |
| US10061713B2 (en) | Associating cache memory with a work process | |
| US10102373B2 (en) | Method and apparatus for capturing operation in a container-based virtualization system | |
| US9990237B2 (en) | Lockless write tracking | |
| US8429648B2 (en) | Method and apparatus to service a software generated trap received by a virtual machine monitor | |
| US20070143315A1 (en) | Inter-partition communication in a virtualization environment | |
| US11636107B2 (en) | Database management system, computer, and database management method | |
| WO2020238245A1 (en) | Function jump implementation method, device, and computer storage medium | |
| US10489185B2 (en) | Hypervisor-assisted approach for locating operating system data structures based on attribute matching | |
| US20180267818A1 (en) | Hypervisor-assisted approach for locating operating system data structures based on notification data | |
| US9146847B2 (en) | Optimizing for page sharing in virtualized java virtual machines | |
| CN101872312A (en) | Method for dynamically acquiring process descriptors in client Linux by adopting VMM (Virtual Machine Monitor) | |
| US11232000B1 (en) | Moving database partitions from replica nodes | |
| US8886867B1 (en) | Method for translating virtual storage device addresses to physical storage device addresses in a proprietary virtualization hypervisor | |
| Kim et al. | NHVM: design and implementation of linux server virtual machine using hybrid virtualization technology | |
| US11960420B2 (en) | Direct memory control operations on memory data structures | |
| Vañó-García et al. | How kernel randomization is canceling memory deduplication in cloud computing systems | |
| US11748136B2 (en) | Event notification support for nested virtual machines | |
| US20210303326A1 (en) | Transparent huge pages support for encrypted virtual machines | |
| US11914556B2 (en) | Lazy virtual filesystem instantiation and caching | |
| Schad | Understanding and managing the performance variation and data growth in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhang Jisheng Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: Zhang Jisheng Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| DD01 | Delivery of document by public notice |
Addressee: Zhang Jisheng Document name: Notification that Application Deemed to be Withdrawn |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101027 |