CN106250329A - A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer - Google Patents

A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer Download PDF

Info

Publication number
CN106250329A
CN106250329A CN201610700783.3A CN201610700783A CN106250329A CN 106250329 A CN106250329 A CN 106250329A CN 201610700783 A CN201610700783 A CN 201610700783A CN 106250329 A CN106250329 A CN 106250329A
Authority
CN
China
Prior art keywords
guest
page
page tables
page table
shadow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610700783.3A
Other languages
Chinese (zh)
Inventor
朱焰冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Calabar Inforamtion Technology Ltd By Share Ltd
Original Assignee
Chengdu Calabar Inforamtion Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Calabar Inforamtion Technology Ltd By Share Ltd filed Critical Chengdu Calabar Inforamtion Technology Ltd By Share Ltd
Priority to CN201610700783.3A priority Critical patent/CN106250329A/en
Publication of CN106250329A publication Critical patent/CN106250329A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1027Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage

Abstract

The invention discloses a kind of method write-protected to guest page tables based on virtual transmission look-aside buffer, step one: difference normal client internal memory and guest page tables;Step 2: obtain the guest page tables accessed in shadow page table;Step 3: write-protect is set;When monitor of virtual machine identifies a guest page tables in virtual transmission look-aside buffer underfilling operation, its required shadow page list item of access will be found by reverse Mapping, and the WP position of shadow page table is labeled as one.The present invention is when using the way of caching shadow page table, it is possible to keep the concordance of guest page tables and shadow page table, it is to avoid the mistake generation that shadow page table is inconsistent with guest page tables occurs when the process resumption closed runs.

Description

A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer
Technical field
The present invention relates to a kind of field of computer, be specifically related to a kind of based on virtual transmission look-aside buffer to visitor The write-protected method of family page table.
Background technology
The real memory access of client is carried out by shadow page table, if there is guest linear address in shadow page table to thing The mapping of reason address, then access storage (memory access) operation and be just normally carried out.If shadow page table does not exist guest linear Address is to the mapping of physical address, then will cause a page fault, thus cause a virtual machine to exit (VM exit).
Monitor of virtual machine (VMM) obtains after controlling, and will first go to search visitor according to the guest linear address of exception throw Family page table, if guest page tables itself limits current access, as the mapping to physical address does not exists, violates page level safeguard rule Deng, VMM will be processed this page fault anomalous event re-injection to client by client operating system.If guest page tables allows this Access, then generally this page fault is to cause to the mapping of physical address owing to there is not guest linear address in shadow page table , now it is accomplished by the content according to guest page tables and builds corresponding shadow page table, or be referred to as guest page tables is hinted obliquely at (Shadowing).In VMM, the internal memory for shadow page table is limited, and therefore when internal memory anxiety, VMM may reclaim one Divide shadow page table.
If the behavior of analog physical transmission look-aside buffer (TLB) completely, VMM needs to empty whole virtual transmission standby Buffer (VTLB), makes the content invalid of all shadow page tables.In multi-process client operating system, some shadow page table interior Hold and may will soon again be used, and rebuilding shadow page table is a quite time-consuming job.Therefore, employing is simulated completely It is poor in efficiency that the method for physics TLB behavior builds VTLB.In order to realize caching the way of shadow page table, it is necessary to consciousness Existence to problems with: client may revise common memory and equally revise shadow page table in the case of not notifying VMM, visitor Family operating system will not use instruction refreshing TLB, VMM the most just to have no way of learning the page table that client have modified process.After, work as process When resuming operation, owing to shadow page table is inconsistent with guest page tables, mistake will be caused.
Summary of the invention
The technical problem to be solved is when using the way of caching shadow page table, how to keep guest page tables And the concordance between shadow page table, it is therefore intended that provide a kind of based on virtual transmission look-aside buffer to guest page tables write-protect Method, it is to avoid when using caching shadow page table, shadow page table and guest page tables be inconsistent and the mistake that causes.
The present invention is achieved through the following technical solutions:
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer, including following two step:
Step one: difference normal client internal memory and guest page tables;I.e. when client operating system is when initializing certain page table, virtual Monitor unit not can determine that this page is normal client internal memory or guest page tables, if when certain page table described is used for accessing storage Time, do not hint obliquely in virtual transmission look-aside buffer, it will occur a virtual transmission look-aside buffer to fill, trigger simultaneously Monitor of virtual machine search client's page table structure, so that it is determined that cause the customer page being correlated with in the guest linear address of page fault True identity;The operation that virtual transmission look-aside buffer is filled makes to have carried out between guest page tables and shadow page table once together Step.
Step 2: obtain the guest page tables accessed in shadow page table;
A: virtual machine based on kernel is set up guest linear address in shadow page table and is hinted obliquely at relation to physical address;
B: safeguard that physical address arrives the reverse Mapping between final stage page table;I.e. give customer page, it is possible to readily obtain this client The final stage page table of the page;
C: a given customer page, if its reverse Mapping exists, Direct mapping certainly exists;This customer page i.e. can lead to Cross shadow page table to access.
Step 3: write-protect is set;When monitor of virtual machine is known in virtual transmission look-aside buffer underfilling operation An other guest page tables, will find its required shadow page list item of access by reverse Mapping, and by the word of shadow page table Reason device position is labeled as one.
Use mode write-protected to guest page tables, it is possible to keep the concordance between guest page tables and shadow page table;But In view of efficiency, it is impossible to all write-protects of all of customer page, it is therefore desirable to difference normal client internal memory and custom page Table, just for guest page tables write-protect.In guest page tables after write-protect, this guest page tables is modified by client, will lead Cause virtual machine to exit (VM exit), monitor of virtual machine (VMM) so can be made to have an opportunity with guest page tables and keep Tong Bu.
Further, when recognizing a guest page tables, shadow page table not necessarily always exists reflecting to guest page tables Penetrate, when shadow page table does not exist the mapping of guest page tables, it is impossible to guest page tables write-protect, first exist Setting up the mapping of guest page tables in shadow page table, whether monitor of virtual machine checks the WP position of this guest page tables simultaneously It is one, if one, then this guest page tables is hinted obliquely at.
Further, if shadow page table exists the mapping to guest page tables, but guest page tables is not hinted obliquely at, Now monitor of virtual machine can not be to guest page tables write-protect, client's rewritable guest page tables, hereafter, when client uses visitor Family page table conducts interviews when storing, and a virtual transmission look-aside buffer can be caused to fill, so that monitor of virtual machine is hinted obliquely at This guest page tables, Tong Bu with shadow page table, and in the case of shadow page table is not recovered, guarantor is write in the setting of this guest page tables Protect.
The present invention compared with prior art, has such advantages as and beneficial effect: using doing of caching shadow page table During method, it is possible to keep the concordance of guest page tables and shadow page table, it is to avoid shadow page occurs when the process resumption closed runs The mistake generation that table is inconsistent with guest page tables.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing being further appreciated by the embodiment of the present invention, constitutes of the application Point, it is not intended that the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is that guest page tables of the present invention calls figure;
The parts title of labelling and correspondence in accompanying drawing:
PD, PT1, PT2, P1 and P2 are guest page tables;CR3 is to control depositor;SPD, SPT1 and SPT2 are shadow page tables.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, to this Invention is described in further detail, and the exemplary embodiment of the present invention and explanation thereof are only used for explaining the present invention, do not make For limitation of the invention.
Embodiment
As it is shown in figure 1, SPD is the shadow page table of PD, SPT1/SPT2 is the shadow page table of PT1/PT2.Due to custom page mesh Page table base and page base location that record table (PDE) and page table (PTE) are given are not real physical address, so we use void Line represents that PDE is to guest page tables and PTE to the mapping relations of normal client page.In VMM, the internal memory for shadow page table is to be subject to Limit, therefore when internal memory anxiety, VMM may reclaim a part of shadow page table.For example, it may be possible to the shadow page table in recovery Fig. 1 SPT2, will cause page fault when later client accesses P1, VMM will distribute shadow page table again, inquire about guest page tables, and repair visitor Family linear address is to the mapping of P1.If the behavior of analog physical TLB completely, client computer is when switching CR3, and VMM needs to empty Whole VTLB, makes the content invalid of all shadow page tables.In multi-process client operating system, CR3 will be switched continually, certain The content of a little shadow page tables may will soon be used again, and rebuilding shadow page table is a quite time-consuming job.Cause This, using the method for complete analog physical TLB behavior to build VTLB is poor in efficiency.Just carry high efficiency Main It is to cache when shadow page table, i.e. client switch CR3 not empty shadow page table.For example, it is assumed that have two processes A and B in client computer, Before the T1 moment, A is currently running, and now CR3 points to the shadow page table of process A.Run in T1 to T2 moment process B, now CR3 points to the shadow page table of process B, but does not abandon the shadow page table of process A.Again switch to process A in the T3 moment later Time, the shadow page table of originally A can also be reused, and avoiding problems the shadow page table all rebuilding A, improves efficiency.
Above-described detailed description of the invention, has been carried out the purpose of the present invention, technical scheme and beneficial effect further Describe in detail, be it should be understood that the detailed description of the invention that the foregoing is only the present invention, be not intended to limit the present invention Protection domain, all within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, all should comprise Within protection scope of the present invention.

Claims (3)

1. a method write-protected to guest page tables based on virtual transmission look-aside buffer, it is characterised in that include following Three steps:
Step one: difference normal client internal memory and guest page tables;I.e. when client operating system is when initializing certain page table, virtual Monitor unit not can determine that this page table is normal client internal memory or guest page tables, if when certain page table described is deposited for access Chu Shi, does not hint obliquely in virtual transmission look-aside buffer, it will occurs a virtual transmission look-aside buffer to fill, touches simultaneously Send out monitor of virtual machine search client's page table structure, so that it is determined that cause the custom page being correlated with in the guest linear address of page fault The true identity in face;The operation that virtual transmission look-aside buffer is filled makes to have carried out between guest page tables and shadow page table once together Step;
Step 2: obtain the guest page tables accessed in shadow page table;
A: virtual machine based on kernel is set up guest linear address in shadow page table and is hinted obliquely at relation to physical address;
B: safeguard that physical address arrives the reverse Mapping between final stage page table;I.e. give customer page, it is possible to readily obtain this client The final stage page table of the page;
C: a given customer page, if its reverse Mapping exists, Direct mapping certainly exists;This customer page i.e. can lead to Cross shadow page table to access;
Step 3: write-protect is set;When monitor of virtual machine identifies one in virtual transmission look-aside buffer underfilling operation Individual guest page tables, will find its required shadow page list item of access by reverse Mapping, and by the WP of shadow page table Position is labeled as one.
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer the most according to claim 1, It is characterized in that, described step one, when recognizing a guest page tables, in shadow page table, not necessarily total existence arrives guest page tables Mapping, when shadow page table does not exist the mapping of guest page tables, it is impossible to guest page tables write-protect, in this case first First setting up the mapping of guest page tables in shadow page table, monitor of virtual machine checks the WP position of this guest page tables simultaneously Whether it is one, if one, then this guest page tables is hinted obliquely at.
A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer the most according to claim 1, It is characterized in that, described step one, if shadow page table exists the mapping to guest page tables, but guest page tables does not has quilt Hinting obliquely at, now monitor of virtual machine can not be to guest page tables write-protect, and hereafter client's rewritable guest page tables, works as client Use guest page tables conducts interviews when storing, and a virtual transmission look-aside buffer can be caused to fill, so that virtual machine monitoring This guest page tables hinted obliquely at by device, Tong Bu with shadow page table, and sets this guest page tables in the case of shadow page table is not recovered Put write-protect.
CN201610700783.3A 2016-08-23 2016-08-23 A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer Pending CN106250329A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610700783.3A CN106250329A (en) 2016-08-23 2016-08-23 A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610700783.3A CN106250329A (en) 2016-08-23 2016-08-23 A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer

Publications (1)

Publication Number Publication Date
CN106250329A true CN106250329A (en) 2016-12-21

Family

ID=57594587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610700783.3A Pending CN106250329A (en) 2016-08-23 2016-08-23 A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer

Country Status (1)

Country Link
CN (1) CN106250329A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112363960A (en) * 2020-10-12 2021-02-12 北京大学 Novel memory virtualization method and system based on shadow page table mechanism

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112363960A (en) * 2020-10-12 2021-02-12 北京大学 Novel memory virtualization method and system based on shadow page table mechanism

Similar Documents

Publication Publication Date Title
US20220027287A1 (en) System for address mapping and translation protection
CN104081346B (en) For being interrupted using between tracking data Processing for removing device to support the method and apparatus of the address conversion in multiprocessor virtual machine environment
JP5214670B2 (en) Method and apparatus for supporting address translation in a multiprocessor virtual machine environment
TWI603195B (en) Page table data management
US11494222B2 (en) Process-based multi-key total memory encryption
US9639476B2 (en) Merged TLB structure for multiple sequential address translations
US9645941B2 (en) Collapsed address translation with multiple page sizes
US9772962B2 (en) Memory sharing for direct memory access by a device assigned to a guest operating system
US20160085686A1 (en) Synchronizing a translation lookaside buffer with page tables
US20140108701A1 (en) Memory protection unit in a virtual processing environment
US20120017039A1 (en) Caching using virtual memory
US20150089147A1 (en) Maintenance Of Cache And Tags In A Translation Lookaside Buffer
US9996474B2 (en) Multiple stage memory management
EP3177993B1 (en) Write operations to non-volatile memory
US10365947B2 (en) Multi-core processor including a master core performing tasks involving operating system kernel-related features on behalf of slave cores
GB2575877A (en) Memory protection unit using memory protection table stored in memory system
WO2012163017A1 (en) Method for processing access exception of distributed virtual machine and virtual machine monitor
US9471509B2 (en) Managing address-independent page attributes
TWI812798B (en) An apparatus and method for controlling memory accesses
CN106250329A (en) A kind of method write-protected to guest page tables based on virtual transmission look-aside buffer
US9208080B2 (en) Persistent memory garbage collection
US10558486B2 (en) Memory address translation management
US10613989B2 (en) Fast address translation for virtual machines
CN110134545A (en) The method and system of the virtual NVRAM of offer based on credible performing environment
CN101957775B (en) For the method and apparatus supporting the address translation in multiprocessor virtual machine environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20161221

WD01 Invention patent application deemed withdrawn after publication