CN106250329A - A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer - Google Patents
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer Download PDFInfo
- Publication number
- CN106250329A CN106250329A CN201610700783.3A CN201610700783A CN106250329A CN 106250329 A CN106250329 A CN 106250329A CN 201610700783 A CN201610700783 A CN 201610700783A CN 106250329 A CN106250329 A CN 106250329A
- Authority
- CN
- China
- Prior art keywords
- guest
- page
- page tables
- page table
- shadow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1009—Address translation using page tables, e.g. page table structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1027—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45579—I/O management, e.g. providing access to device drivers or storage
Abstract
The invention discloses a kind of method write-protected to guest page tables based on virtual transmission look-aside buffer, step one: difference normal client internal memory and guest page tables;Step 2: obtain the guest page tables accessed in shadow page table;Step 3: write-protect is set;When monitor of virtual machine identifies a guest page tables in virtual transmission look-aside buffer underfilling operation, its required shadow page list item of access will be found by reverse Mapping, and the WP position of shadow page table is labeled as one.The present invention is when using the way of caching shadow page table, it is possible to keep the concordance of guest page tables and shadow page table, it is to avoid the mistake generation that shadow page table is inconsistent with guest page tables occurs when the process resumption closed runs.
Description
Technical field
The present invention relates to a kind of field of computer, be specifically related to a kind of based on virtual transmission look-aside buffer to visitor
The write-protected method of family page table.
Background technology
The real memory access of client is carried out by shadow page table, if there is guest linear address in shadow page table to thing
The mapping of reason address, then access storage (memory access) operation and be just normally carried out.If shadow page table does not exist guest linear
Address is to the mapping of physical address, then will cause a page fault, thus cause a virtual machine to exit (VM exit).
Monitor of virtual machine (VMM) obtains after controlling, and will first go to search visitor according to the guest linear address of exception throw
Family page table, if guest page tables itself limits current access, as the mapping to physical address does not exists, violates page level safeguard rule
Deng, VMM will be processed this page fault anomalous event re-injection to client by client operating system.If guest page tables allows this
Access, then generally this page fault is to cause to the mapping of physical address owing to there is not guest linear address in shadow page table
, now it is accomplished by the content according to guest page tables and builds corresponding shadow page table, or be referred to as guest page tables is hinted obliquely at
(Shadowing).In VMM, the internal memory for shadow page table is limited, and therefore when internal memory anxiety, VMM may reclaim one
Divide shadow page table.
If the behavior of analog physical transmission look-aside buffer (TLB) completely, VMM needs to empty whole virtual transmission standby
Buffer (VTLB), makes the content invalid of all shadow page tables.In multi-process client operating system, some shadow page table interior
Hold and may will soon again be used, and rebuilding shadow page table is a quite time-consuming job.Therefore, employing is simulated completely
It is poor in efficiency that the method for physics TLB behavior builds VTLB.In order to realize caching the way of shadow page table, it is necessary to consciousness
Existence to problems with: client may revise common memory and equally revise shadow page table in the case of not notifying VMM, visitor
Family operating system will not use instruction refreshing TLB, VMM the most just to have no way of learning the page table that client have modified process.After, work as process
When resuming operation, owing to shadow page table is inconsistent with guest page tables, mistake will be caused.
Summary of the invention
The technical problem to be solved is when using the way of caching shadow page table, how to keep guest page tables
And the concordance between shadow page table, it is therefore intended that provide a kind of based on virtual transmission look-aside buffer to guest page tables write-protect
Method, it is to avoid when using caching shadow page table, shadow page table and guest page tables be inconsistent and the mistake that causes.
The present invention is achieved through the following technical solutions:
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer, including following two step:
Step one: difference normal client internal memory and guest page tables;I.e. when client operating system is when initializing certain page table, virtual
Monitor unit not can determine that this page is normal client internal memory or guest page tables, if when certain page table described is used for accessing storage
Time, do not hint obliquely in virtual transmission look-aside buffer, it will occur a virtual transmission look-aside buffer to fill, trigger simultaneously
Monitor of virtual machine search client's page table structure, so that it is determined that cause the customer page being correlated with in the guest linear address of page fault
True identity;The operation that virtual transmission look-aside buffer is filled makes to have carried out between guest page tables and shadow page table once together
Step.
Step 2: obtain the guest page tables accessed in shadow page table;
A: virtual machine based on kernel is set up guest linear address in shadow page table and is hinted obliquely at relation to physical address;
B: safeguard that physical address arrives the reverse Mapping between final stage page table;I.e. give customer page, it is possible to readily obtain this client
The final stage page table of the page;
C: a given customer page, if its reverse Mapping exists, Direct mapping certainly exists;This customer page i.e. can lead to
Cross shadow page table to access.
Step 3: write-protect is set;When monitor of virtual machine is known in virtual transmission look-aside buffer underfilling operation
An other guest page tables, will find its required shadow page list item of access by reverse Mapping, and by the word of shadow page table
Reason device position is labeled as one.
Use mode write-protected to guest page tables, it is possible to keep the concordance between guest page tables and shadow page table;But
In view of efficiency, it is impossible to all write-protects of all of customer page, it is therefore desirable to difference normal client internal memory and custom page
Table, just for guest page tables write-protect.In guest page tables after write-protect, this guest page tables is modified by client, will lead
Cause virtual machine to exit (VM exit), monitor of virtual machine (VMM) so can be made to have an opportunity with guest page tables and keep Tong Bu.
Further, when recognizing a guest page tables, shadow page table not necessarily always exists reflecting to guest page tables
Penetrate, when shadow page table does not exist the mapping of guest page tables, it is impossible to guest page tables write-protect, first exist
Setting up the mapping of guest page tables in shadow page table, whether monitor of virtual machine checks the WP position of this guest page tables simultaneously
It is one, if one, then this guest page tables is hinted obliquely at.
Further, if shadow page table exists the mapping to guest page tables, but guest page tables is not hinted obliquely at,
Now monitor of virtual machine can not be to guest page tables write-protect, client's rewritable guest page tables, hereafter, when client uses visitor
Family page table conducts interviews when storing, and a virtual transmission look-aside buffer can be caused to fill, so that monitor of virtual machine is hinted obliquely at
This guest page tables, Tong Bu with shadow page table, and in the case of shadow page table is not recovered, guarantor is write in the setting of this guest page tables
Protect.
The present invention compared with prior art, has such advantages as and beneficial effect: using doing of caching shadow page table
During method, it is possible to keep the concordance of guest page tables and shadow page table, it is to avoid shadow page occurs when the process resumption closed runs
The mistake generation that table is inconsistent with guest page tables.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing being further appreciated by the embodiment of the present invention, constitutes of the application
Point, it is not intended that the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is that guest page tables of the present invention calls figure;
The parts title of labelling and correspondence in accompanying drawing:
PD, PT1, PT2, P1 and P2 are guest page tables;CR3 is to control depositor;SPD, SPT1 and SPT2 are shadow page tables.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, to this
Invention is described in further detail, and the exemplary embodiment of the present invention and explanation thereof are only used for explaining the present invention, do not make
For limitation of the invention.
Embodiment
As it is shown in figure 1, SPD is the shadow page table of PD, SPT1/SPT2 is the shadow page table of PT1/PT2.Due to custom page mesh
Page table base and page base location that record table (PDE) and page table (PTE) are given are not real physical address, so we use void
Line represents that PDE is to guest page tables and PTE to the mapping relations of normal client page.In VMM, the internal memory for shadow page table is to be subject to
Limit, therefore when internal memory anxiety, VMM may reclaim a part of shadow page table.For example, it may be possible to the shadow page table in recovery Fig. 1
SPT2, will cause page fault when later client accesses P1, VMM will distribute shadow page table again, inquire about guest page tables, and repair visitor
Family linear address is to the mapping of P1.If the behavior of analog physical TLB completely, client computer is when switching CR3, and VMM needs to empty
Whole VTLB, makes the content invalid of all shadow page tables.In multi-process client operating system, CR3 will be switched continually, certain
The content of a little shadow page tables may will soon be used again, and rebuilding shadow page table is a quite time-consuming job.Cause
This, using the method for complete analog physical TLB behavior to build VTLB is poor in efficiency.Just carry high efficiency Main
It is to cache when shadow page table, i.e. client switch CR3 not empty shadow page table.For example, it is assumed that have two processes A and B in client computer,
Before the T1 moment, A is currently running, and now CR3 points to the shadow page table of process A.Run in T1 to T2 moment process B, now
CR3 points to the shadow page table of process B, but does not abandon the shadow page table of process A.Again switch to process A in the T3 moment later
Time, the shadow page table of originally A can also be reused, and avoiding problems the shadow page table all rebuilding A, improves efficiency.
Above-described detailed description of the invention, has been carried out the purpose of the present invention, technical scheme and beneficial effect further
Describe in detail, be it should be understood that the detailed description of the invention that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, all within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, all should comprise
Within protection scope of the present invention.
Claims (3)
1. a method write-protected to guest page tables based on virtual transmission look-aside buffer, it is characterised in that include following
Three steps:
Step one: difference normal client internal memory and guest page tables;I.e. when client operating system is when initializing certain page table, virtual
Monitor unit not can determine that this page table is normal client internal memory or guest page tables, if when certain page table described is deposited for access
Chu Shi, does not hint obliquely in virtual transmission look-aside buffer, it will occurs a virtual transmission look-aside buffer to fill, touches simultaneously
Send out monitor of virtual machine search client's page table structure, so that it is determined that cause the custom page being correlated with in the guest linear address of page fault
The true identity in face;The operation that virtual transmission look-aside buffer is filled makes to have carried out between guest page tables and shadow page table once together
Step;
Step 2: obtain the guest page tables accessed in shadow page table;
A: virtual machine based on kernel is set up guest linear address in shadow page table and is hinted obliquely at relation to physical address;
B: safeguard that physical address arrives the reverse Mapping between final stage page table;I.e. give customer page, it is possible to readily obtain this client
The final stage page table of the page;
C: a given customer page, if its reverse Mapping exists, Direct mapping certainly exists;This customer page i.e. can lead to
Cross shadow page table to access;
Step 3: write-protect is set;When monitor of virtual machine identifies one in virtual transmission look-aside buffer underfilling operation
Individual guest page tables, will find its required shadow page list item of access by reverse Mapping, and by the WP of shadow page table
Position is labeled as one.
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer the most according to claim 1,
It is characterized in that, described step one, when recognizing a guest page tables, in shadow page table, not necessarily total existence arrives guest page tables
Mapping, when shadow page table does not exist the mapping of guest page tables, it is impossible to guest page tables write-protect, in this case first
First setting up the mapping of guest page tables in shadow page table, monitor of virtual machine checks the WP position of this guest page tables simultaneously
Whether it is one, if one, then this guest page tables is hinted obliquely at.
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer the most according to claim 1,
It is characterized in that, described step one, if shadow page table exists the mapping to guest page tables, but guest page tables does not has quilt
Hinting obliquely at, now monitor of virtual machine can not be to guest page tables write-protect, and hereafter client's rewritable guest page tables, works as client
Use guest page tables conducts interviews when storing, and a virtual transmission look-aside buffer can be caused to fill, so that virtual machine monitoring
This guest page tables hinted obliquely at by device, Tong Bu with shadow page table, and sets this guest page tables in the case of shadow page table is not recovered
Put write-protect.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610700783.3A CN106250329A (en) | 2016-08-23 | 2016-08-23 | A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610700783.3A CN106250329A (en) | 2016-08-23 | 2016-08-23 | A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106250329A true CN106250329A (en) | 2016-12-21 |
Family
ID=57594587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610700783.3A Pending CN106250329A (en) | 2016-08-23 | 2016-08-23 | A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106250329A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112363960A (en) * | 2020-10-12 | 2021-02-12 | 北京大学 | Novel memory virtualization method and system based on shadow page table mechanism |
-
2016
- 2016-08-23 CN CN201610700783.3A patent/CN106250329A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112363960A (en) * | 2020-10-12 | 2021-02-12 | 北京大学 | Novel memory virtualization method and system based on shadow page table mechanism |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220027287A1 (en) | System for address mapping and translation protection | |
CN104081346B (en) | For being interrupted using between tracking data Processing for removing device to support the method and apparatus of the address conversion in multiprocessor virtual machine environment | |
JP5214670B2 (en) | Method and apparatus for supporting address translation in a multiprocessor virtual machine environment | |
TWI603195B (en) | Page table data management | |
US11494222B2 (en) | Process-based multi-key total memory encryption | |
US9639476B2 (en) | Merged TLB structure for multiple sequential address translations | |
US9645941B2 (en) | Collapsed address translation with multiple page sizes | |
US9772962B2 (en) | Memory sharing for direct memory access by a device assigned to a guest operating system | |
US20160085686A1 (en) | Synchronizing a translation lookaside buffer with page tables | |
US20140108701A1 (en) | Memory protection unit in a virtual processing environment | |
US20120017039A1 (en) | Caching using virtual memory | |
US20150089147A1 (en) | Maintenance Of Cache And Tags In A Translation Lookaside Buffer | |
US9996474B2 (en) | Multiple stage memory management | |
EP3177993B1 (en) | Write operations to non-volatile memory | |
US10365947B2 (en) | Multi-core processor including a master core performing tasks involving operating system kernel-related features on behalf of slave cores | |
GB2575877A (en) | Memory protection unit using memory protection table stored in memory system | |
WO2012163017A1 (en) | Method for processing access exception of distributed virtual machine and virtual machine monitor | |
US9471509B2 (en) | Managing address-independent page attributes | |
TWI812798B (en) | An apparatus and method for controlling memory accesses | |
CN106250329A (en) | A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer | |
US9208080B2 (en) | Persistent memory garbage collection | |
US10558486B2 (en) | Memory address translation management | |
US10613989B2 (en) | Fast address translation for virtual machines | |
CN110134545A (en) | The method and system of the virtual NVRAM of offer based on credible performing environment | |
CN101957775B (en) | For the method and apparatus supporting the address translation in multiprocessor virtual machine environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161221 |
|
WD01 | Invention patent application deemed withdrawn after publication |