CN102521054B - DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture - Google Patents
DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture Download PDFInfo
- Publication number
- CN102521054B CN102521054B CN 201110419488 CN201110419488A CN102521054B CN 102521054 B CN102521054 B CN 102521054B CN 201110419488 CN201110419488 CN 201110419488 CN 201110419488 A CN201110419488 A CN 201110419488A CN 102521054 B CN102521054 B CN 102521054B
- Authority
- CN
- China
- Prior art keywords
- dma
- virtual address
- control domain
- client territory
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a DMA (direct memory access) resource allocation method for a virtual machine under a sun4v architecture, which includes the steps: 1) enabling a control domain and a customer domain to keep overall-situation reserved virtual address spaces and to set up address translation page tables; 2) enabling the customer domain to acquire the DMA virtual addresses through consultation with the control domain, and allocating the DMA virtual addresses from the overall-situation reserved virtual address spaces to the customer domain by the control domain; 3) utilizing a virtual machine monitor to open service interfaces of an input/output memory management unit to the customer domain; and 4) utilizing the customer domain to search the address translation page tables to obtain real addresses and the table item sequence number, calling the service interfaces of the input/output memory management unit by the customer domain according to the real addresses and the table item sequence number so that the customer domain realizes operation of the DMA with physical memory, and releasing the allocated DMA virtual addresses after DMA operation is completed. The customer domain of the method can directly perform DMA operation without the aid of the control domain, and the method has the advantages of fine reliability, high safety, low performance loss, fine flexibility and adaptability and wide application range.
Description
Technical field
The present invention relates to the technical field of virtualization of computing machine, be specifically related to the virtual machine DMA resource allocation methods under a kind of sun4v framework.
Background technology
Intel Virtualization Technology has obtained widespread use in computer realm, and present Intel Virtualization Technology can be divided into two big classes: a class is that the redundant resource on single physical machine is set up a plurality of virtual machine environments by subregion or mode such as multiplexing; Another kind of is that a plurality of physical machine resources are integrated the more powerful unified calculation machine environment of the ability of setting up.This paper relates to first kind Intel Virtualization Technology, i.e. virtual on the single one physical computer system.
Traditional computer system software generally is made up of operating system and user software; Intel Virtualization Technology has been introduced a new software level (being also referred to as level of privilege or run mode) to computer system, under operating system, added monitor of virtual machine (Virtual Machine Monitor in the virtualized computing machine, VMM), be used for finishing work such as resource isolation management.Angle from the computer resource composition, Intel Virtualization Technology constitutes and can be divided into three aspects: cpu resource is virtual, memory source is virtual, IO(Input-Output) resource virtualizing, the purpose of three aspects is exactly that resource with correspondence is assigned to different virtual machines (Virtual Machine with certain isolation method under the management of VMM, VM) in the environment, make the system software in the virtual machine think that they have the corresponding privately owned resource of oneself.Cpu resource and memory source virtual relative simple.For cpu resource, VMM can carry out that timeslice is cut apart or when CPU quantity is enough CPU directly is assigned to each virtual machine.For memory source, VMM can use memory-mapped technology insulation such as paging, segmentation to distribute to virtual machine and use.But IO resource virtual has its relative singularity: at first, IO equipment is uncertain to system, because allow on the bus hot-swappable event and fault to live in retirement; Secondly, the management of equipment has strong relevance on the standard pci bus, must single pass finishes the initialization of all devices on it, and VMM is difficult to different equipment directly is assigned to each virtual machine, more is difficult to equipment is carried out the timesharing distribution; Again, the IO device category is various, the poor reliability of driver, generally transfers to VME operating system and directly drives.For these reasons, VMM generally can only arrive virtual machine with the IO devices allocation with the granularity of pci bus territory (perhaps HOST master's bridge), by virtual machine the various device that articulates on the bus under the main bridge is carried out driven management.Pci bus territory limited amount on the computing machine, generally has only one, therefore traditional Intel Virtualization Technology generally is to give a special Virtual Machine Manager all IO equipment, this virtual machine is called control domain or Domain0, the IO of oneself is finished in the service that other virtual machine uses control domain to provide by pseudo channel, and these virtual machines are called client territory or DomainU.
As shown in Figure 1, realize that with the control domain in the traditional virtual machine and client territory the disk unit visit is example, control domain can carry out direct read and visit the local disk driver file system (FS), and there is not real IO equipment in the client territory, but have virtual disk, this is that virtual disk client driver vdc provides.The file system operation order in client territory is converted to communication protocol sends to control domain by channel LDC between the territory service routine vds by vdc, after vds visit local file system or disk drive are finished request of access, return results is converted to agreement again and drives by the vdc that channel between the territory sends to the client territory, the read-write requests in client territory is finally finished.As can be seen from Figure 1 traditional Intel Virtualization Technology is comparatively simple to the mode of IO management, and device space visit, DMA management and interrupt management etc. can take full advantage of the ability of legacy operating system and finish, and do not need extra mechanism and code.Yet the mode of this virtual I O not only increases IO processing of request path, significantly reduces the IO performance, and control domain can be become the IO bottleneck.For addressing the above problem, people have proposed the direct IO thought of virtual machine, just the authority of device address space visit, DMA management and interrupt management are all opened the territory to the client.
The full name of DMA is direct memory access (Directed Memory Access), allows CPU free from the data transmission of equipment exactly, makes equipment directly transmit data with internal memory, reinforms CPU behind the end of transmission and handles.DMA resource management among the present invention only relates to the management of DMA internal memory, does not relate to the informing mechanism (generally being to interrupt) after transmission is finished.In the direct IO technology of virtual machine, for the requirement that efficient and safety are isolated, can need one to be called the input and output memory management unit (input/output memory management unit, the support of additional hardware IOMMU) is used for the DMA management.It is real physical memory addresses that IOMMU is responsible for equipment I O address translation, effect has following four kinds: the one, and the limitation of separation instrumentation 32 bit address space, the 2nd, can use discontinuous address field physically when making equipment DMA, the 3rd, the domain identifier by adding virtual machine to be keeping the isolation of equipment in each virtual machine, and the 4th, make equipment can only visit limited address and control fault to the influence of other virtual machine and main frame.The design of IOMMU has very direct correlativity with the architecture of main frame, common IOMMU has corresponding to the sun4u IOMMU of SPARC framework and sun4v IOMMU, corresponding to the AMD IOMMU of x86-64 framework, corresponding to the INTEL VT-d IOMMU of intel64 framework and the IBM IOMMU on the PowerPC framework etc., and the design of these IOMMU has mostly added the support to the direct IO of virtual machine.
The sun4v framework is the hardware level Intel Virtualization Technology framework that SUN company develops in the sparc series processors, realized to the virtualized instruction of CPU subregion, memory partitioning and IO and register support that at processor SUN company will increase income based on opensparc T1 and the opensparc T2 processor of sun4v framework.The 1000 serial general processors (be called for short down soar CPU) of soaring are the high performance universal microprocessors by National University of Defense technology's independent research, and it is based on opensparc T2 architecture design, compatible sparc v9 instruction set.The cpu chip of soaring uses ripe SOC technology, handles nuclear for integrated 8 on the sheet, comprises 8 hardware threads in the nuclear, has powerful calculating and transaction capabilities.Integrated control unit and the PCI Express interface deposited also on the chip efficiently solves the IO bottleneck problem in addition.For " magnanimity " resource that provides on the processor chips is provided more efficiently, soar and also introduced complete hardware virtualization support in the design of processor, make the SOC system can be divided into the resource partitioning of mutual isolation again, operation when supporting to reach 64 virtual machines, resource utilization ratio is improved significantly, can also better performance be arranged available at height, high secure context.The Intel Virtualization Technology on the CPU platform of soaring also is that the sun4v technology with the exploitation of SUN company is fundamental construction.Software is divided into hyper-privilege, privilege and three kinds of run modes of non-privilege, corresponds respectively to VMM, operating system nucleus and user's attitude software.The software of three run modes can be visited physical address, real address and virtual address respectively, and operating system can only have access to real address and virtual address, and VMM could visit physical address.The DMU(Data Management Unit of CPU on sheet of soaring, Data Management Unit) integrated IOMMU in the module, this IOMMU supports three kinds of use patterns, i.e. bypass, sun4u and sun4v pattern.Actual use sun4u pattern during system's operation at present, the all devices of IOMMU uses a cover address translation page table (IOTSB, IO Translation Storage Buffer), carry out the conversion that physical address is arrived in the virtual address in the page table, directly controlled the read-write of state and the IOTSB of IOMMU by the VMM in the firmware.VMM makes the dummy machine system software of mandate can submit the IOMMU services request to by the form of service interface, and to finish the preliminary work of equipment DMA, two main IOMMU service interfaces that VMM provides see the following form.
| The service interface title | Effect |
| pci_iommu_map() | Generate an IOMMU mapping |
| pci_iommu_demap() | Cancel an IOMMU mapping and clean the IOTSB list item |
A because original system software virtual support share I O, VMM is only to the open above-mentioned service interface of the virtual machine that has PCIE IO bus, other dummy machine system software can return the illegal request mistake when calling these services, so just guarantee the authority audit of each virtual machine, had only control domain just can call the IOMMU service interface.
Because traditional PCI bus equipment only can carry out 32 bus addressings, 1000 are 64 bit CPUs though soar, the IOMMU of current use only supports 32 DMA spaces.Generally speaking, the list item of the address translation page table (IOTSB) of IOMMU use is organized according to the mode of Fig. 2.When the page or leaf size of list item mapping is 8kbyte, if use whole 32 (4Gbyte) spaces as the DMA virtual address space, then use 0x0-0xFFFF FFFF virtual address section, IOTSB has 512k list item; If use the virtual address space of 2Gbyte, then only use high-order 0x80000000-0xFFFF FFFF virtual address section, IOTSB has 256k list item shown in Fig. 2 left part; The virtual address section of other DMA imaginary space size correspondence and the list item number of IOTSB are by that analogy.The IOMMU of CPU of soaring also supports the page or leaf size of 64k, and optional DMA imaginary space size and virtual address section and IOTSB list item number are shown in Fig. 2 right part.VMM is, and IOTSB directly manages, so the parameters of IOMMU should be consistent in VMM and operating system, and the IOMMU of the CPU that soars generally uses the virtual address space of 2Gbyte, also is 0x80000000-0xFFFF FFFF virtual address section.
Address translation page table (IOTSB) is by some number of I OTTE(IO Translation Table Entry) list item arranges the table that forms in order, and each IOTTE list item is by there being 64, and its position constitutes as shown in Figure 3.There is the relation of mapping one by one in each IOTTE list item by residing position and its DMA virtual address of shining upon, and is example with 0x80000000-0xFFFF FFFF virtual address section, and its reduction formula is:
The list item sequence number of IOTTE list item=and (the DMA virtual address-0x80000000)〉〉 MMU_PAGESHIFT
Wherein,〉〉 presentation logic moves to right, and MMU_PAGESHIFT is the corresponding amount of moving to right (13) of a page size (8k).
Recorded the physical address that this list item shines upon among the data_pa of IOTTE list item, owing to have only the physical address that VMM can handle machine, so the filling of IOTTE must be finished by VMM.Each effect is as shown in the table in the IOTTE list item:
| Bit | Domain name | Describe |
| 63:48 | dev_key | Be Device Key, 16 PCIE requestor ID(bus #, device #, function #) |
| 47:39 | -- | Keep the position |
| 38:13 | data_pa | Physical address [38:13] |
| 12:6 | data_soft | Reservation is used by software |
| 5:3 | fnm | The function mask of sun4v pattern |
| 2 | key_valid | The significance bit of |
| 1 | data_w | Write permission position (0 for writing, and 1 for writing) |
| 0 | data_v | Significance bit (0 is invalid, and 1 is effective) |
The soar VMM of CPU of prior art only allows the operating system of control domain to call the IOMMU service, control domain machine description (the Machine Description that from system firmware, provides, MD) in, control domain operating system knows that it can use 0x80000000-0xFFFF FFFF virtual address section as the DMA virtual address space, therefore control domain operating system can be reserved 0x80000000-0xFFFF FFFF virtual address section when starting, and can not used by other code except DMA.The DMA application process of its equipment as shown in Figure 4.Control domain is at first applied for memory address (virtual address), judges then whether this moment DMA address is enough, if not enough then can't distribute the virtual address, DMA distributes failure; If DMA address is enough, the list item sequence number of then calculating IOTSB obtains kernel page address (real address), control domain carries out VMM as parameter together with list item sequence number and real address and calls then, VMM is converted to physical address with the real address and writes in the IOTSB list item corresponding with the list item sequence number, and DMA is allocated successfully.
In sum, the Intel Virtualization Technology of sun4v only is that control domain can be to the direct visit of equipment at present, virtual share and access can only be realized by control domain in the client territory, and can't be to the direct visit of equipment, dma operation must just can be finished by control domain in the client territory, suppressed the IO performance of virtual machine and made control domain become the IO bottleneck of system, make the processor platform of soaring be difficult to bring into play its maximum processing power, equally also be difficult to bring into play other opensparc T1, opensparc T2 etc. based on the processing power of the maximum of the virtual machine of sun4v framework.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of client territory and can directly not carry out dma operation by control domain, can realize isolating fully, the virtual machine DMA resource allocation methods under the good reliability, safe, performance loss is low, dirigibility and adaptivity are good, applied widely sun4v framework.
In order to solve the problems of the technologies described above, the technical solution used in the present invention is: the virtual machine DMA resource allocation methods under a kind of sun4v framework, and implementation step is as follows:
1) control domain of virtual machine and client territory all are preserved for the overall situation reservation virtual address space of dma operation when os starting, and control domain and client territory are set up respectively for the address translation page table that the DMA virtual address in the described overall situation reservation virtual address space is converted to physical memory addresses;
2) the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation, and control domain is reserved virtual address space from the described overall situation and distributed the DMA virtual address to give the client territory; Control domain is reserved virtual address space from the overall situation and is distributed the DMA virtual address to behind the client territory, and control domain also writes the DMA virtual address of distributing in the client territory description scheme of monitor of virtual machine;
3) control domain notice monitor of virtual machine is given each client territory open input and output memory management unit service interface;
4) the list item sequence number that the address translation page table obtains real address and address translation page table is searched according to the DMA virtual address of described distribution in the client territory, input and output memory management unit service interface realization client territory is called to the dma operation of physical memory according to described real address and list item sequence number in the client territory, and client territory and control domain discharge the DMA virtual address of described distribution respectively after dma operation is finished.
As further improvement in the technical proposal of the present invention:
It is the address field of continuous distribution that the overall situation that keeps in the described step 1) is reserved virtual address space.
Described step 2) control domain is reserved virtual address space from the overall situation and is distributed to the address field that the DMA virtual address in client territory comprises at least one continuous distribution in.
The detailed step that the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation described step 2) comprises: set up the domain logic channel between control domain and client territory, treat that the client territory of dma operation obtains the DMA virtual address by described domain logic channel to the control domain negotiation.
The described detailed step of setting up the domain logic channel between control domain and client territory comprises: at first monitor of virtual machine adds the domain logic channel, adds the driver module that is used for driving described domain logic channel respectively then in the operating system in the operating system of control domain and client territory.
Described step 2) control domain is reserved virtual address space from the overall situation and distributed the DMA virtual address to comprise for the detailed step in client territory in: control domain preestablishes the permission address realm of the DMA virtual address that allows to distribute to each client territory, when control domain is reserved virtual address space distribution DMA virtual address to the client territory from the overall situation, control domain is at first searched the permission address realm that obtains client territory correspondence, and distributes the DMA virtual address to give the client territory from allow address realm.
Described step 2) control domain is reserved virtual address space distribution DMA virtual address to behind the client territory from the described overall situation in, and control domain also writes the DMA virtual address of described distribution in the client territory description scheme of monitor of virtual machine; In the described step 4) before input and output memory management unit service interface is called in the client territory, described monitor of virtual machine reads the DMA virtual address in the description scheme of corresponding client territory, client territory in advance, monitor of virtual machine compares the DMA virtual address that the DMA virtual address of reading and client territory are used for calling the call parameters of input and output memory management unit service interface then, if both couplings then monitor of virtual machine are accepted the client territory and called input and output memory management unit service interface, monitor of virtual machine refusal client does not call input and output memory management unit service interface in the territory if both match.
The detailed step that client territory and control domain discharge the DMA virtual address of described distribution respectively in the described step 4) comprises: at first the client territory discharges the DMA virtual address that its distribution obtains after dma operation is finished, the client territory checks in the overall situation reservation virtual address space whether exist continuous DMA virtual address to be in idle condition then, if exist continuous DMA virtual address to be in idle condition then notify control domain, control domain discharges described DMA virtual address receiving that described notice back is reserved in the overall situation in the virtual address space.
The present invention has following advantage:
1, control domain and the client territory overall situation that when os starting all be preserved for dma operation of the present invention by virtual machine reserved virtual address space and realized unified DMA page distribution mechanism, set up unified address translation page table distribution mechanism by the address translation page table, thereby the client territory does not need directly to visit by controller dma controller, can realize that data, fault, state variation between each client territory of virtual machine isolate fully, improved the whole IO performance of virtual machine, change to current software systems is very little, good reliability, safe.
2, the expense introduced of the present invention is mainly in the dynamic application of operating system initialization and DMA virtual address with cancel the stage, expense is not introduced in operations such as equipment I O operation and DMA request distribution, being equivalent to the client territory directly has the access ability of dma controller, and performance loss has been accomplished to minimize.
3, client of the present invention territory realizes that by calling input and output memory management unit service interface the client territory is to the dma operation of physical memory, demand to input and output memory management unit (IOMMU) is lower, do not have the demand on the virtual characteristic, therefore have advantage applied widely.
4, the present invention adopts the form of consulting-distributing for required virtual address, the client territory section for the treatment of dma operation, the DMA virtual address space is required more operating system, can the more DMA imaginary space of corresponding dynamic assignment, have higher flexibility and adaptivity.
Description of drawings
Fig. 1 is the realization principle schematic of the virtual machine disk unit visit of prior art.
Fig. 2 is the graph of a relation of page or leaf size, page table size and the virtual address scope of prior art IOTSB list item.
Fig. 3 is the structural representation of prior art IOTTE list item.
Fig. 4 is the implementing procedure synoptic diagram of prior art control domain application DMA address.
Fig. 5 is the implementing procedure synoptic diagram of the embodiment of the invention.
Fig. 6 is the implementing procedure synoptic diagram of embodiment of the invention client territory application DMA address.
Embodiment
The virtual machine environment of present embodiment is the processor platform of soaring based on the sun4v framework, and control domain has PCIE bus (specifying among the MD), and the client territory does not have physics PCIE bus apparatus.
As shown in Figure 5, the implementation step of the virtual machine DMA resource allocation methods under the present embodiment sun4v framework is as follows:
1) control domain of virtual machine and the client territory overall situation that all is preserved for dma operation when os starting is reserved virtual address space, and control domain and client territory are set up respectively for the overall situation being reserved the address translation page table (IOTSB) that DMA virtual address in the virtual address space is converted to physical memory addresses;
2) the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation, and control domain is reserved virtual address space from the overall situation and distributed the DMA virtual address to give the client territory, realizes the negotiation DMA virtual address space between client territory and the control domain;
3) monitor of virtual machine (VMM) gives the client territory open input and output memory management unit service interfaces (IOMMU service interface);
4) the list item sequence number that IOTSB obtains real address and IOTSB is searched according to the DMA virtual address of distributing in the client territory, the client territory is called the IOMMU service interface according to real address and list item sequence number and is realized the client territory to the dma operation of physical memory, and client territory and control domain discharge the DMA virtual address of distribution respectively after dma operation is finished.
It is the virtual address section of continuous distribution that the overall situation that keeps in the step 1) is reserved virtual address space, use the overall situation of 1Gbyte to reserve virtual address space during control domain firmware MD describes in the present embodiment, the address field that the overall situation is reserved DMA virtual address in the virtual address space is 0x8,000 0000~0xBFFF FFFF, and control domain is reserved virtual address space from the overall situation and distributed to the address field that the DMA virtual address in client territory can comprise one or more continuous distribution in the step 3).The overall situation that can read in advance when the os starting of control domain in the control domain firmware MD description is reserved virtual address space, and reservation virtual address section 0x8,000 0000~0xBFFF FFFF, the CPU that soars uses the virtual address space of 2 Gbyte altogether, and virtual address space 0xC,000 0000~0xFFFF FFFF of 1Gbyte can be used by other client territory operating system in addition.Pass through to revise the kernel of client territory operating system simultaneously in the present embodiment, make it when starting, also keep virtual address section 0x8,000 0000~0xBFFF FFFF, use for possible equipment DMA.Though it is very little to be used for 0xC,000 0000~0xFFFF FFFF space, DMA virtual address of 1Gbyte of DMA, with respect to 64 virtual address spaces, the waste of Yin Ruing herein can be ignored, and also can ignore for the entire effect of virtual machine.In addition, also can reserve the enough big overall situation according to actual needs and reserve virtual address space.
In the present embodiment, VMM specifically refers to revise VMM for the open IOMMU service interface in client territory in the step 3), open pci_iommu_map (), pci_iommu_demap service interfaces such as () are given the client territory, and the pointer that also is about to these functions writes each corresponding hcall_tables[in client territory among the VMM] in.
The client territory for the treatment of dma operation step 2) consults to obtain the DMA virtual address to control domain can comprise a plurality of address fields, the detailed step that the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation step 2) comprises: set up the domain logic channel between control domain and client territory, treat that the client territory of dma operation obtains the DMA virtual address by the domain logic channel to the control domain negotiation.In the present embodiment, the detailed step of setting up the domain logic channel between control domain and client territory comprises: at first monitor of virtual machine adds domain logic channel DMA_LDC, that is: respectively at VMM, (be positioned at the storage area by VMM control) in the MD description document in control domain and client territory and add corresponding domain logic channel descriptor, corresponding domain logic channeling port equipment just can be seen in each territory, in the operating system in the operating system of control domain and client territory, add the driver module that is used for driving the domain logic channel then respectively, that is: in control domain operating system, add new driver module DMA_MODULE_CTL, in the operating system of client territory, add new driver module DMA_MODULE_GUEST, one of equipment that domain logic channel DMA_LDC is driven as DMA_MODULE_CTL and DMA_MODULE_GUEST.In the present embodiment, control domain is reserved the distribution of virtual address space in order to realize the overall situation, adds the dynamic listing DMA_ADDR_LIST of used DMA virtual address, each client territory in DMA_MODULE_CTL, and this list initialization is empty.When starting in the client territory, DMA_MODULE_CTL and DMA_MODULE_GUEST consult used DMA virtual address, client territory by DMA_LDC, guarantee that by DMA_MODULE_CTL each client territory and the used DMA virtual address of control domain do not conflict mutually, this address field is given the driver module of this direct access means in client territory in the client territory after consulting the DMA virtual address of oneself.
Step 2) control domain is reserved virtual address space from the overall situation and distributed the DMA virtual address to comprise for the detailed step in client territory in: control domain preestablishes the permission address realm of the DMA virtual address that allows to distribute to each client territory, when control domain is reserved virtual address space distribution DMA virtual address to the client territory from the overall situation, control domain is at first searched the permission address realm that obtains client territory correspondence, and allows to distribute the address realm DMA virtual address to give the client territory from this.In the present embodiment by setting the scope of the DMA virtual address that the client territory allows, thereby can fundamentally avoid different client territories to consult to obtain identical DMA virtual address, thereby can avoid the possibility that clashes between the different clients territory.
Step 2) control domain is reserved virtual address space distribution DMA virtual address to behind the client territory from the overall situation in, control domain also writes the DMA virtual address of distributing in the client territory description scheme of VMM, realize that by the client territory description scheme of revising VMM storage allocation gives the DMA virtual address in each client territory in the present embodiment, add the calling interface dma_alloc_guest (guestid towards control domain simultaneously, va, size), control domain transmits the DMA virtual address distribute to each client territory and to allow the client territory to use by calling interface dma_alloc_guest to VMM, and VMM is recorded to the DMA virtual address of each client territory correspondence in the description scheme of client territory when handling this and call.In the step 4) before the IOMMU service interface is called in the client territory, VMM reads the DMA virtual address in the description scheme of corresponding client territory, client territory in advance, VMM compares the DMA virtual address that the DMA virtual address of reading and client territory are used for calling the call parameters of IOMMU service interface then: if both couplings then VMM judges that the IOTSB that sends into is legal are accepted the client territory and called the IOMMU service interface; VMM judges and to call to illegal and return malloc failure malloc if both do not match, and the refusal client calls the IOMMU service interface in the territory.
In the present embodiment, control domain and client territory operating system are done the DMA management to equipment and the time are all used following formula to do the DMA virtual address to the IOTSB(IOTTE list item) conversion:
The list item sequence number=and (the DMA virtual address-0x80000000)〉〉 MMU_PAGESHIFT
Wherein〉〉 presentation logic moves to right, and MMU_PAGESHIFT is the corresponding amount of moving to right (13) of a page size (8k).
As shown in Figure 6, the client territory is as follows in the detailed operation flow process of application DMA virtual address: whether the DMA virtual address length that driver needs to the kernel application has idle continuation address section to meet the requirements in the current DMA virtual address space of interior nuclear inspection; If no, then kernel is consulted new DMA virtual address by DMA_LDC and control domain; If consult successfully then control domain calls by VMM and tells VMM with this section virtual address; After consulting successfully, kernel returns to driver with the virtual address section (according to the alignment of page or leaf size) of distributing and the real address page that shines upon; Driver utilizes formula to calculate the list item sequence number (may be continuous a plurality of) of the IOTTE list item of this address field correspondence; Driver is with the list item sequence number of IOTTE list item and corresponding real address the pci_iommu_map () interface as parameter call VMM; VMM checks at first whether the IOTTE sequence number is legal, is converted to physical address as the legal real address that then will import into according to caller (client territory ID), and finally writes in the IOTTE list item of IOTSB.
In the present embodiment, the detailed step that client territory and control domain discharge the DMA virtual address of distribution respectively in the step 4) comprises: at first the client territory discharges the DMA virtual address that its distribution obtains after dma operation is finished, the client territory checks in the overall situation reservation virtual address space whether exist continuous DMA virtual address to be in idle condition then, if exist continuous DMA virtual address to be in idle condition then notify control domain, the notified back of control domain is reserved in the overall situation and is discharged the DMA virtual address in the virtual address space.DMA virtual address dynamic negotiation mechanism in the present embodiment also comprises the dynamic release of DMA virtual address, and this release can be that kernel first inspection when the DMA that handles driver discharges afterwards carried out negotiation.That is to say that after driver had discharged the DMA virtual address of own application, the continuous virtual address section whether interior nuclear inspection has into unit had been in idle condition.If have, then kernel is held consultation by DMA_LDC and control domain, finishes final release by control domain.This mechanism helps to improve the utilization factor of DMA resource and the distribution capability of total system DMA resource.
Isolation problem between the virtual machine comprises several aspects in the present embodiment: the one, and the isolation of data between the virtual machine, the 2nd, the isolation of fault, the 3rd, the isolation of state variation.Data isolation is main relevant with physical address, and each client territory and control domain guarantee that by VMM they can not use common physical address when doing the DMA mapping, so data are strictness separation, can't exchange visits; The page table entry that needs only among the IOTSB aspect DMA does not produce conflict, then can not produce between each virtual machine to influence each other, so VMM can guarantee that also the variation of fault and virtual machine state can not have influence on other virtual machine; As for the client territory machine that breaks down or delay, then should be responsible for detecting these faults by VMM, carry out recovery or the reallocation of DMA virtual address, this has not belonged to technology category of the present invention.In sum, the present invention has good isolation performance and security for virtual machine.
The overall work process of present embodiment is as follows: reserve the enough big virtual address spaces continuously that use for DMA in control domain operating system; Set the DMA virtual address segment limit that control domain operating system self is used; Reserving unified continuous virtual address space during client territory os starting uses for DMA; In VMM, provide calling interface to control domain, allow it to set the DMA virtual address scope in each client territory and notify VMM; Control domain is taked certain mechanism to guarantee the DMA virtual address section that self uses and is distributed to the DMA virtual address section non-overlapping copies in each client territory; In VMM, set up special-purpose communication channel, make between control domain and the client territory can communication negotiation client territory DMA virtual address section; In control domain and client territory, set up unified IOTSB list item distribution mechanism respectively, make the IOTSB list item of different virtual addresses section correspondence also scarcely together, so just can avoid using with virtual machine inside between each virtual machine the conflict of IOTSB, all virtual machines can use same set of IOTSB; In control domain and client territory operating system, set up unified DMA page distribution mechanism respectively, use this mechanism to distribute the corresponding physical memory pages for the DMA virtual address section of having distributed; In VMM that the IOMMU service interface is open to all client territories, but VMM carry out the inspection of authority in virtual address, the client territory scope that is providing when service at first to set according to control domain, that is to say that each client territory only allows to use the continuous virtual address section of distributing to oneself as the optional virtual address of DMA; The IOMMU service interface that the client calls in the territory VMM is set up the IOTSB mapping item and is begun to carry out dma operation, and cancels the IOTSB mapping item after dma operation finishes, and discharges the DMA virtual address of distributing.
The above only is preferred implementation of the present invention, and protection scope of the present invention also not only is confined to above-described embodiment, and all technical schemes that belongs under the thinking of the present invention all belong to protection scope of the present invention.Should be pointed out that for those skilled in the art in the some improvements and modifications that do not break away under the principle of the invention prerequisite, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (8)
1. the virtual machine DMA resource allocation methods under the sun4v framework is characterized in that implementation step is as follows:
1) control domain of virtual machine and client territory all are preserved for the overall situation reservation virtual address space of dma operation when os starting, and control domain and client territory are set up respectively for the address translation page table that the DMA virtual address in the described overall situation reservation virtual address space is converted to physical memory addresses;
2) the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation, and control domain is reserved virtual address space from the described overall situation and distributed the DMA virtual address to give the client territory; Control domain is reserved virtual address space from the overall situation and is distributed the DMA virtual address to behind the client territory, and control domain also writes the DMA virtual address of distributing in the client territory description scheme of monitor of virtual machine;
3) control domain notice monitor of virtual machine is given each client territory open input and output memory management unit service interface;
4) the list item sequence number that the address translation page table obtains real address and address translation page table is searched according to the DMA virtual address of described distribution in the client territory, input and output memory management unit service interface realization client territory is called to the dma operation of physical memory according to described real address and list item sequence number in the client territory, and client territory and control domain discharge the DMA virtual address of described distribution respectively after dma operation is finished.
2. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 1 is characterized in that: it is the address field of continuous distribution that the overall situation that keeps in the described step 1) is reserved virtual address space.
3. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 2 is characterized in that: control domain is reserved virtual address space from the overall situation and is distributed to the address field that the DMA virtual address in client territory comprises at least one continuous distribution described step 2).
4. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 1, it is characterized in that, the detailed step that the DMA virtual address is consulted to obtain to control domain in the client territory for the treatment of dma operation described step 2) comprises: set up the domain logic channel between control domain and client territory, treat that the client territory of dma operation obtains the DMA virtual address by described domain logic channel to the control domain negotiation.
5. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 4, it is characterized in that, the described detailed step of setting up the domain logic channel between control domain and client territory comprises: at first monitor of virtual machine adds the domain logic channel, adds the driver module that is used for driving described domain logic channel respectively then in the operating system in the operating system of control domain and client territory.
6. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 1, it is characterized in that, described step 2) control domain is reserved virtual address space from the overall situation and distributed the DMA virtual address to comprise for the detailed step in client territory in: control domain preestablishes the permission address realm of the DMA virtual address that allows to distribute to each client territory, when control domain is reserved virtual address space distribution DMA virtual address to the client territory from the overall situation, control domain is at first searched the permission address realm that obtains client territory correspondence, and distributes the DMA virtual address to give described client territory from allow address realm.
7. the virtual machine DMA resource allocation methods under the sun4v framework according to claim 1, it is characterized in that: control domain is reserved virtual address space distribution DMA virtual address to behind the client territory from the described overall situation described step 2), and control domain also writes the DMA virtual address of described distribution in the client territory description scheme of monitor of virtual machine; In the described step 4) before input and output memory management unit service interface is called in the client territory, described monitor of virtual machine reads the DMA virtual address in the description scheme of corresponding client territory, client territory in advance, monitor of virtual machine compares the DMA virtual address that the DMA virtual address of reading and client territory are used for calling the call parameters of input and output memory management unit service interface then, if both couplings then monitor of virtual machine are accepted the client territory and called input and output memory management unit service interface, monitor of virtual machine refusal client does not call input and output memory management unit service interface in the territory if both match.
8. according to the virtual machine DMA resource allocation methods under any described sun4v framework in the claim 1~7, it is characterized in that, the detailed step that client territory and control domain discharge the DMA virtual address of described distribution respectively in the described step 4) comprises: at first the client territory discharges the DMA virtual address that its distribution obtains after dma operation is finished, the client territory checks in the overall situation reservation virtual address space whether exist continuous DMA virtual address to be in idle condition then, if exist continuous DMA virtual address to be in idle condition then notify control domain, control domain discharges described DMA virtual address receiving that described notice back is reserved in the overall situation in the virtual address space.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110419488 CN102521054B (en) | 2011-12-15 | 2011-12-15 | DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110419488 CN102521054B (en) | 2011-12-15 | 2011-12-15 | DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102521054A CN102521054A (en) | 2012-06-27 |
| CN102521054B true CN102521054B (en) | 2013-07-17 |
Family
ID=46291989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110419488 Active CN102521054B (en) | 2011-12-15 | 2011-12-15 | DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102521054B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104166624B (en) * | 2013-05-15 | 2017-07-07 | 上海贝尔股份有限公司 | Memory Optimize Method and device based on physical memory under virtual environment |
| CN105404597B (en) * | 2015-10-21 | 2018-10-12 | 华为技术有限公司 | Method, equipment and the system of data transmission |
| US10019288B2 (en) * | 2016-09-12 | 2018-07-10 | Mediatek, Inc. | Fast and stable mechanism for allocating contiguous memory |
| CN106484529B (en) * | 2016-09-12 | 2019-05-14 | Oppo广东移动通信有限公司 | The Memory adjustments method and terminal of terminal |
| US20180260262A1 (en) * | 2017-03-07 | 2018-09-13 | Microsoft Technology Licensing, Llc | Availability management interfaces in a distributed computing system |
| CN107329790B (en) * | 2017-06-30 | 2021-01-15 | 联想(北京)有限公司 | Data processing method and electronic equipment |
| CN107562515B (en) * | 2017-08-04 | 2021-09-07 | 海光信息技术股份有限公司 | Method for managing memory in virtualization technology |
| CN110147265A (en) * | 2019-04-26 | 2019-08-20 | 王云飞 | A method of the integrated virtualization system based on microcontroller platform |
| CN112256605A (en) * | 2020-11-03 | 2021-01-22 | 蔺建琪 | Secure DMA controller and data transfer method |
| CN112416525B (en) * | 2020-11-27 | 2022-06-03 | 海光信息技术股份有限公司 | Device driver initialization method, direct storage access method and related device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101470633A (en) * | 2007-12-24 | 2009-07-01 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and its internal memory processing method |
| CN101620573A (en) * | 2009-07-03 | 2010-01-06 | 中国人民解放军国防科学技术大学 | Virtualization method of memory management unit of X86 system structure |
| CN101751284A (en) * | 2009-12-25 | 2010-06-23 | 北京航空航天大学 | I/O resource scheduling method for distributed virtual machine monitor |
| EP2275932A1 (en) * | 2005-01-14 | 2011-01-19 | Intel Corporation | Virtualizing physical memory in a virtual machine system |
| CN102193816A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | Equipment distribution method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009001153A1 (en) * | 2007-06-28 | 2008-12-31 | Nokia Corporation | Memory protection unit in a virtual processing environment |
| US8560758B2 (en) * | 2009-08-24 | 2013-10-15 | Red Hat Israel, Ltd. | Mechanism for out-of-synch virtual machine memory management optimization |
-
2011
- 2011-12-15 CN CN 201110419488 patent/CN102521054B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2275932A1 (en) * | 2005-01-14 | 2011-01-19 | Intel Corporation | Virtualizing physical memory in a virtual machine system |
| CN101470633A (en) * | 2007-12-24 | 2009-07-01 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and its internal memory processing method |
| CN101620573A (en) * | 2009-07-03 | 2010-01-06 | 中国人民解放军国防科学技术大学 | Virtualization method of memory management unit of X86 system structure |
| CN101751284A (en) * | 2009-12-25 | 2010-06-23 | 北京航空航天大学 | I/O resource scheduling method for distributed virtual machine monitor |
| CN102193816A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | Equipment distribution method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102521054A (en) | 2012-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102521054B (en) | DMA (direct memory access) resource allocation method for virtual machine under sun4v architecture | |
| US8392628B2 (en) | Sharing memory spaces for access by hardware and software in a virtual machine environment | |
| CN104040518B (en) | Efficient memory and resource management | |
| CN104685479B (en) | Virtual input/output memory management unit in guest virtual machine | |
| CN100527098C (en) | Dynamic EMS memory mappings method of virtual machine manager | |
| JP5735070B2 (en) | Guest address to host address translation for devices to access memory in partitioned systems | |
| CN102473139B (en) | I/O memory management unit including multilevel address translation for I/O and computation offload | |
| US9454497B2 (en) | Technologies for secure inter-virtual-machine shared memory communication | |
| CN101751284B (en) | I/O resource scheduling method for distributed virtual machine monitor | |
| WO2018041075A1 (en) | Resource access method applied to computer, and computer | |
| US20210216453A1 (en) | Systems and methods for input/output computing resource control | |
| US8893267B1 (en) | System and method for partitioning resources in a system-on-chip (SoC) | |
| EP2115584A1 (en) | Method and apparatus for enabling resource allocation identification at the instruction level in a processor system | |
| CN106445628A (en) | Virtualization method, apparatus and system | |
| CN102779074B (en) | Internal memory resource distribution method based on internal memory hole mechanism | |
| CN110442425B (en) | Virtualized address space isolation system and method | |
| KR20080080594A (en) | Performing direct cache access transactions based on a memory access data structure | |
| CN103984591B (en) | PCI (Peripheral Component Interconnect) device INTx interruption delivery method for computer virtualization system | |
| US9875132B2 (en) | Input output memory management unit based zero copy virtual machine to virtual machine communication | |
| CN107818054A (en) | Distribute method and system of the continuous physical memory space to equipment | |
| US10430327B2 (en) | Virtual machine based huge page balloon support | |
| US10705976B2 (en) | Scalable processor-assisted guest physical address translation | |
| CN104714906B (en) | Dynamic processor-memory vectorization framework again | |
| US20070136550A1 (en) | Methods and apparatus for data transfer between partitions in a computer system | |
| CA2816443A1 (en) | Secure partitioning with shared input/output |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |