CN107085535B - Information processing method and electronic equipment - Google Patents
Information processing method and electronic equipment Download PDFInfo
- Publication number
- CN107085535B CN107085535B CN201710203551.1A CN201710203551A CN107085535B CN 107085535 B CN107085535 B CN 107085535B CN 201710203551 A CN201710203551 A CN 201710203551A CN 107085535 B CN107085535 B CN 107085535B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- task
- identification information
- memory access
- page table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
Abstract
The invention discloses an information processing method and electronic equipment, wherein the method comprises the following steps: acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, wherein the memory access request comprises a memory virtual address; at least acquiring identification information of the first virtual machine; determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry; and judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
Description
Technical Field
The invention relates to a virtual machine management technology, in particular to an information processing method applied to electronic equipment and the electronic equipment.
Background
At present, container virtualization technology is increasingly used, but some containers in the container virtual machine run very important tasks, and the containers have high rights, which are called high-rights container virtual machines. If the application program in the container virtual machine knows the used Physical Address (PA) of other virtual machines, the address space of other virtual machines can be accessed by modifying the page table of the process; similarly, if the application program in the container virtual machine knows the Physical Address (PA) used by the HOST, the application program can access the address space of the HOST by modifying the page table of the own process, so that unsafe access is caused, and the HOST falls down. In the same way, if the container virtual machine knows the mapped addresses of the other container virtual machines, the device contents of the other container virtual machines can be accessed, such as reading the receiving and sending messages of the network cards of the other virtual machines.
Disclosure of Invention
The present invention is directed to an information processing method and an electronic device, which are used to solve the above problems in the prior art.
In order to achieve the above object, the present invention provides an information processing method applied to an electronic device, including:
acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, wherein the memory access request comprises a memory virtual address;
at least acquiring identification information of the first virtual machine;
determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
and judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
The present invention provides an electronic device, including:
the system comprises a request acquisition unit, a task processing unit and a task processing unit, wherein the request acquisition unit is used for acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, and the memory access request comprises a memory virtual address;
an information extraction unit, configured to obtain at least identification information of the first virtual machine; determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
and the judging unit is used for judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
The information processing method and the electronic device provided in this embodiment can acquire the identification information of the target virtual machine to be accessed based on the access request for the first task of the first virtual machine, and then compare the identification information of the target virtual machine with the identification information of the first virtual machine, thereby determining whether to allow the access request to acquire the memory. Therefore, even if the high-authority container virtual machine knows a specific physical address, the high-authority container virtual machine cannot perform cross-boundary access in a page table mapping mode through the added virtual machine identification information domain, and therefore the safety of the virtual machine is improved.
Drawings
FIG. 1 is a schematic diagram of a flow chart of an implementation of an information processing method according to an embodiment of the present invention 1;
FIG. 2 is a schematic diagram of a flow chart of an implementation of an information processing method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of an implementation of an information processing method according to an embodiment of the present invention 3;
FIG. 4 is a schematic diagram of a flow chart of an implementation of an information processing method according to an embodiment of the present invention 4;
FIG. 5 is a diagram of a processing framework of an information processing method according to an embodiment of the present invention;
FIG. 6 is a processing diagram of an information processing method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a composition structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples.
The first embodiment,
An embodiment of the present invention provides an information processing method, as shown in fig. 1, including:
step 101: acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, wherein the memory access request comprises a memory virtual address;
step 102: at least acquiring identification information of the first virtual machine;
step 103: determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
step 104: and judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
The embodiment applies to an electronic device capable of supporting at least one virtual machine to run.
Before executing each step of the embodiment of the present invention, the identification information corresponding to each virtual machine needs to be saved by an extended register; the identification information corresponding to the virtual machine may be a Namespace ID (NID).
In addition, when recording physical addresses of different tasks, a field related to identification information is also added, and the field is used for recording the identification information of the virtual machine corresponding to the task stored in the physical memory.
The memory access request for the first task of the first virtual machine in the at least one virtual machine may be initiated by the container virtual machine; the memory virtual address included in the memory access request may be first sent to the MMU, that is, the management unit, and the MMU searches for a corresponding entry based on the memory virtual address in the memory access request.
In addition, the above-mentioned manner of obtaining the identification information of the first virtual machine may be to search for the identification information corresponding to the first virtual machine from the NIDR extension register; the search may be performed based on the content in the pre-stored register.
Further, the obtaining at least identification information of the first virtual machine further includes:
acquiring a page table base address corresponding to a first task of the first virtual machine;
correspondingly, the determining a corresponding page table entry based on the memory access request of the first task includes:
and determining a page table entry corresponding to the memory access request of the first task according to the page table base address corresponding to the first task of the first virtual machine and the memory virtual address in the memory access request. The method for determining the corresponding page table entry based on the memory access request of the first task may be that, based on the memory virtual address in the memory access request, the MMU finds the PTE corresponding to the memory virtual address through page table indexing; and searching the extended physical base address from the PTE, and extracting the identification information of the target virtual machine aimed at by the memory access request based on the extended physical base address.
The page table base addresses are different for each task, one virtual machine can correspond to a plurality of tasks, each task is provided with a set of page tables, and each set of page tables corresponds to different page table base addresses; however, the page table entries of the page tables corresponding to all tasks in the same virtual machine have the same identification information of the target virtual machine, and the identification of the target virtual machine is used to distinguish which virtual machine the task belongs to.
The determining whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a determination result includes:
judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine;
if the identification information of the target virtual machine is the same as the identification information of the first virtual machine, obtaining a first judgment result; otherwise, a second judgment result is obtained.
Correspondingly, the determining whether to allow the first task to perform memory access according to the determination result includes:
when the judgment result is a first judgment result, determining a target physical address based on a page table entry corresponding to the memory access request of the first task, and sending the target physical address to an address bus to access a physical memory; and when the judgment result is a second judgment result, rejecting the first task to perform memory access.
That is, when the identification information of the virtual machine corresponding to the memory to be accessed is determined according to the memory access request, the identification information is compared with the identification information of the virtual machine stored in the extended register, if the identification information is the same, a first judgment result is obtained, and if the identification information is different, a second judgment result is obtained. The first judgment result is that the specific physical address corresponding to the first task is accessed based on the memory access request; otherwise, access is denied.
Finally, the determining a corresponding page table entry based on the memory access request of the first task further includes:
judging whether the corresponding page table item is found based on the memory virtual address in the memory access request of the first task; and if the corresponding page table entry is not found, performing page missing processing aiming at the memory virtual address.
The page fault processing method may include requesting paging and allocating a physical memory.
Therefore, by adopting the scheme, the identification information of the target virtual machine to be accessed can be acquired based on the access request of the first task of the first virtual machine, and then the identification information of the target virtual machine is compared with the identification information of the first virtual machine, so that whether the access request is allowed to acquire the memory is judged. Therefore, even if the high-authority container virtual machine knows a specific physical address, the cross-boundary access cannot be carried out in a page table mapping mode through the added virtual machine identification information domain; in addition, the memory can be distinguished only by one layer of identification information when the memory is addressed, so that the processing is more efficient.
Example II,
An embodiment of the present invention provides an information processing method, as shown in fig. 1, including:
step 101: acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, wherein the memory access request comprises a memory virtual address;
step 102: at least acquiring identification information of the first virtual machine;
step 103: determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
step 104: and judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
The embodiment applies to an electronic device capable of supporting at least one virtual machine to run.
Before executing each step of the embodiment of the present invention, the identification information corresponding to each virtual machine needs to be saved by an extended register; the identification information corresponding to the virtual machine may be a NID.
In addition, when recording physical addresses of different tasks, a field related to identification information is also added, and the field is used for recording the identification information of the virtual machine corresponding to the task stored in the physical memory.
It should be further noted that, the extension register stores identification information corresponding to each virtual machine, which may be as shown in fig. 2, and includes:
reading the NID of the original task from the NIDR and storing the NID in the bottom of a task stack;
the original task switching flow saves the original task stack and then switches the new task stack;
reading the NID from the bottom of the stack of the new task, namely reading the corresponding table entry from the bottom of the stack of the new task, acquiring the NID from the table entry, and loading the NID into the NIDR;
load the CR3 register of the new task;
the EIP (register state) of the new task is loaded and then the new task starts running.
In addition, the creation of the PTE in this embodiment includes filling the NID into the NID domain of the extended physical base address; with particular reference to fig. 3, comprises:
allocating real physical page frames, such as missing page exception handling (delaying allocation of physical memory);
obtaining a real physical page frame through the allocation of a slab system or a buddy system (partner system), and obtaining a physical address PA of the physical page frame;
establishing a mapping page table for PA and VA (virtual address);
taking out the NID of the current task from the NIDR;
the contents of the NIDR, together with the physical page frame PA, are filled into the PTE as an extended physical base address, with the contents of the NIDR filled into the NID field.
The memory access request for the first task of the first virtual machine in the at least one virtual machine may be initiated by the container virtual machine; the memory virtual address included in the memory access request may be first sent to the MMU, that is, the management unit, and the MMU searches for a corresponding entry based on the memory virtual address in the memory access request.
In addition, the above-mentioned manner of obtaining the identification information of the first virtual machine may be to search for the identification information corresponding to the first virtual machine from the NIDR extension register; the search may be performed based on the content in the pre-stored register.
Further, the obtaining at least identification information of the first virtual machine further includes:
acquiring a page table base address corresponding to a first task of the first virtual machine;
correspondingly, the determining a corresponding page table entry based on the memory access request of the first task includes:
and determining a page table entry corresponding to the memory access request of the first task according to the page table base address corresponding to the first task of the first virtual machine and the memory virtual address in the memory access request. The method for determining the corresponding page table entry based on the memory access request of the first task may be that, based on the memory virtual address in the memory access request, the MMU finds the PTE corresponding to the memory virtual address through page table indexing; and searching the extended physical base address from the PTE, and extracting the identification information of the target virtual machine aimed at by the memory access request based on the extended physical base address.
The page table base addresses are different for each task, one virtual machine can correspond to a plurality of tasks, each task is provided with a set of page tables, and each set of page tables corresponds to different page table base addresses; however, the page table entries of the page tables corresponding to all tasks in the same virtual machine have the same identification information of the target virtual machine, and the identification of the target virtual machine is used to distinguish which virtual machine the task belongs to.
The determining whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a determination result includes:
judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine;
if the identification information of the target virtual machine is the same as the identification information of the first virtual machine, obtaining a first judgment result; otherwise, a second judgment result is obtained.
Correspondingly, the determining whether to allow the first task to perform memory access according to the determination result includes:
when the judgment result is a first judgment result, determining a target physical address based on a page table entry corresponding to the memory access request of the first task, and sending the target physical address to an address bus to access a physical memory;
and when the judgment result is a second judgment result, rejecting the first task to perform memory access.
In particular, reference may be made to fig. 4, including:
a user mode task performs memory access (namely a content access request aiming at a first task of a first virtual machine), and provides a virtual address VA in a task address space; then the MMU obtains a process page table through the content of the CR3, the page table is traversed, and the VA queries the PTE corresponding to the task;
judging whether PTE can be obtained from VA; if the PTE corresponding to the VA can not be inquired from the page table, the page missing exception processing is carried out, and if the page is determined to be illegal, the error prompt information is fed back to the user;
if the PTE corresponding to the VA can be inquired from the page table, the MMU obtains the contents of the NID domain in the extended physical base address from the PTE and compares the contents with the contents in the NDIR register;
judging whether the contents of the NID and the NIDR are the same, if so, determining that the memory access is rejected, and then returning prompt information of wrong authority;
if the comparison result is the same, the MMU automatically strips the contents of the NID domain in the extended physical address, and adds offset (offset value) to obtain a physical address PA;
the PA is sent to the address bus to complete the access to the physical memory.
Finally, the determining a corresponding page table entry based on the memory access request of the first task further includes:
judging whether the corresponding page table item is found based on the memory virtual address in the memory access request of the first task; and if the corresponding page table entry is not found, performing page missing processing aiming at the memory virtual address.
The page fault processing method may include requesting paging and allocating a physical memory.
In the method provided by this embodiment, referring to fig. 5, an extension register NIDR is added to a chip (for example, a CPU), and a physical base address recorded in a PTE is extended and added to an NID domain. When the task of the container virtual machine performs memory access, the MMU uses the VA to perform index lookup in the page table to obtain the corresponding PTE. Obtaining an extended physical address contained in a PA physical address recorded in a PTE; the contents of the NID domain (which contains identification information of the target virtual machine to be accessed by the task) are obtained from the PA. The MMU extracts the identification information of the first virtual machine from the NIDR, compares the identification information of the first virtual machine in the NIDR with the identification information of a target virtual machine in the NID domain, and refuses access if the comparison results are different; if the comparison result is the same, the MMU automatically strips the extended physical address NID field, and uses the positive physical base address plus the offset to obtain the final physical address, and sends the physical address to the data bus to access the physical memory.
Further, an effect schematic diagram of processing performed by this embodiment is described with reference to fig. 6, when a memory access request for task 1 of a first virtual machine (VM1) is initiated, only a memory region of VM1 (first virtual machine) may be accessed, where the method provided by this embodiment is to compare identification information of a target virtual machine included in the memory access request initiated for task 1 with identification information of VM1 to determine whether the access request is correct, and when the two are the same, allow access to the memory region of task 1 of VM 1; otherwise, if the access request of task 1 is directed to the memory of another virtual machine, such as VM2, as shown in fig. 6, then the access request is denied.
Therefore, by adopting the scheme, the identification information of the target virtual machine to be accessed can be acquired based on the access request of the first task of the first virtual machine, and then the identification information of the target virtual machine is compared with the identification information of the first virtual machine, so that whether the access request is allowed to acquire the memory is judged. Therefore, even if the high-authority container virtual machine knows a specific physical address, the cross-boundary access cannot be carried out in a page table mapping mode through the added virtual machine identification information domain; in addition, the memory can be distinguished only by one layer of identification information when the memory is addressed, so that the processing is more efficient.
Example III,
An embodiment of the present invention provides an electronic device, as shown in fig. 7, including:
a request obtaining unit 71, configured to obtain a memory access request for a first task of a first virtual machine in at least one virtual machine, where the memory access request includes a memory virtual address;
an information extraction unit 72, configured to obtain at least identification information of the first virtual machine; determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
a determining unit 73, configured to determine whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a determination result, and determine whether to allow the first task to perform memory access according to the determination result.
The embodiment applies to an electronic device capable of supporting at least one virtual machine to run.
Before executing each step of the embodiment of the present invention, the identification information corresponding to each virtual machine needs to be saved by an extended register; the identification information corresponding to the virtual machine may be a NID.
In addition, when recording physical addresses of different tasks, a field related to identification information is also added, and the field is used for recording the identification information of the virtual machine corresponding to the task stored in the physical memory.
It should be further noted that, the extension register stores identification information corresponding to each virtual machine, which may be as shown in fig. 2, and includes:
reading the NID of the original task from the NIDR and storing the NID in the bottom of a task stack;
the original task switching flow saves the original task stack and then switches the new task stack;
reading the NID from the bottom of the stack of the new task, namely reading the corresponding table entry from the bottom of the stack of the new task, acquiring the NID from the table entry, and loading the NID into the NIDR;
load the CR3 register of the new task;
the EIP (register state) of the new task is loaded and then the new task starts running.
In addition, the creation of the PTE in this embodiment includes filling the NID into the NID domain of the extended physical base address; with particular reference to fig. 3, comprises:
allocating real physical page frames, such as missing page exception handling (delaying allocation of physical memory);
obtaining a real physical page frame through the allocation of a slab system or a buddy system (partner system), and obtaining a physical address PA of the physical page frame;
establishing a mapping page table for PA and VA (virtual address);
taking out the NID of the current task from the NIDR;
the contents of the NIDR, together with the physical page frame PA, are filled into the PTE as an extended physical base address, with the contents of the NIDR filled into the NID field.
The memory access request for the first task of the first virtual machine in the at least one virtual machine may be initiated by the container virtual machine; the memory virtual address included in the memory access request may be first sent to the MMU, that is, the management unit, and the MMU searches for a corresponding entry based on the memory virtual address in the memory access request.
In addition, the request obtaining unit 71 may be configured to obtain the identification information of the first virtual machine by searching for the identification information corresponding to the first virtual machine from the NIDR extension register; the search may be performed based on the content in the pre-stored register.
Further, the obtaining at least identification information of the first virtual machine further includes:
acquiring a page table base address corresponding to a first task of the first virtual machine;
correspondingly, the determining a corresponding page table entry based on the memory access request of the first task includes:
and determining a page table entry corresponding to the memory access request of the first task according to the page table base address corresponding to the first task of the first virtual machine and the memory virtual address in the memory access request. The method for determining the corresponding page table entry based on the memory access request of the first task may be that, based on the memory virtual address in the memory access request, the MMU finds the PTE corresponding to the memory virtual address through page table indexing; and searching the extended physical base address from the PTE, and extracting the identification information of the target virtual machine aimed at by the memory access request based on the extended physical base address.
The page table base addresses are different for each task, one virtual machine can correspond to a plurality of tasks, each task is provided with a set of page tables, and each set of page tables corresponds to different page table base addresses; however, the page table entries of the page tables corresponding to all tasks in the same virtual machine have the same identification information of the target virtual machine, and the identification of the target virtual machine is used to distinguish which virtual machine the task belongs to.
The judging unit is used for judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine;
if the identification information of the target virtual machine is the same as the identification information of the first virtual machine, obtaining a first judgment result; otherwise, a second judgment result is obtained.
When the judgment result is a first judgment result, determining a target physical address based on a page table entry corresponding to the memory access request of the first task, and sending the target physical address to an address bus to access a physical memory;
and when the judgment result is a second judgment result, rejecting the first task to perform memory access.
In particular, reference may be made to fig. 4, including:
a user mode task performs memory access (namely a content access request aiming at a first task of a first virtual machine), and provides a virtual address VA in a task address space; then the MMU obtains a process page table through the content of the CR3, the page table is traversed, and the VA queries the PTE corresponding to the task;
judging whether PTE can be obtained from VA; if the PTE corresponding to the VA can not be inquired from the page table, the page missing exception processing is carried out, and if the page is determined to be illegal, the error prompt information is fed back to the user;
if the PTE corresponding to the VA can be inquired from the page table, the MMU obtains the contents of the NID domain in the extended physical base address from the PTE and compares the contents with the contents in the NDIR register;
judging whether the contents of the NID and the NIDR are the same, if so, determining that the memory access is rejected, and then returning prompt information of wrong authority;
if the comparison result is the same, the MMU automatically strips the contents of the NID domain in the extended physical address, and adds offset (offset value) to obtain a physical address PA;
the PA is sent to the address bus to complete the access to the physical memory.
Finally, the information extraction unit is configured to determine whether to find a corresponding page table entry based on a memory virtual address in the memory access request of the first task; and if the corresponding page table entry is not found, performing page missing processing aiming at the memory virtual address.
The page fault processing method may include requesting paging and allocating a physical memory.
In the method provided by this embodiment, referring to fig. 5, an extension register NIDR is added to a chip (for example, a CPU), and a physical base address recorded in a PTE is extended and added to an NID domain. When the task of the container virtual machine performs memory access, the MMU uses the VA to perform index lookup in the page table to obtain the corresponding PTE. Obtaining an extended physical address contained in a PA physical address recorded in a PTE; the contents of the NID domain (which contains identification information of the target virtual machine to be accessed by the task) are obtained from the PA. The MMU extracts the identification information of the first virtual machine from the NIDR, compares the identification information of the first virtual machine in the NIDR with the identification information of a target virtual machine in the NID domain, and refuses access if the comparison results are different; if the comparison result is the same, the MMU automatically strips the extended physical address NID field, and uses the positive physical base address plus the offset to obtain the final physical address, and sends the physical address to the data bus to access the physical memory.
Further, an effect schematic diagram of processing performed by this embodiment is described with reference to fig. 6, when a memory access request for task 1 of a first virtual machine (VM1) is initiated, only a memory region of VM1 (first virtual machine) may be accessed, where the method provided by this embodiment is to compare identification information of a target virtual machine included in the memory access request initiated for task 1 with identification information of VM1 to determine whether the access request is correct, and when the two are the same, allow access to the memory region of task 1 of VM 1; otherwise, if the access request of task 1 is directed to the memory of another virtual machine, such as VM2, as shown in fig. 6, then the access request is denied.
Therefore, by adopting the scheme, the identification information of the target virtual machine to be accessed can be acquired based on the access request of the first task of the first virtual machine, and then the identification information of the target virtual machine is compared with the identification information of the first virtual machine, so that whether the access request is allowed to acquire the memory is judged. Therefore, even if the high-authority container virtual machine knows a specific physical address, the cross-boundary access cannot be carried out in a page table mapping mode through the added virtual machine identification information domain; in addition, the memory can be distinguished only by one layer of identification information when the memory is addressed, so that the processing is more efficient.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (12)
1. An information processing method, the method comprising:
acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, wherein the memory access request comprises a memory virtual address;
at least acquiring identification information of the first virtual machine from an extension register, wherein the identification information of each virtual machine is stored in the extension register;
determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
and judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
2. The method of claim 1, wherein the obtaining at least identification information of the first virtual machine further comprises:
acquiring a page table base address corresponding to a first task of the first virtual machine;
correspondingly, the determining a corresponding page table entry based on the memory access request of the first task includes:
and determining a page table entry corresponding to the memory access request of the first task according to the page table base address corresponding to the first task of the first virtual machine and the memory virtual address in the memory access request.
3. The method according to claim 1, wherein the determining whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a determination result comprises:
judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine;
if the identification information of the target virtual machine is the same as the identification information of the first virtual machine, obtaining a first judgment result; otherwise, a second judgment result is obtained.
4. The method according to claim 3, wherein the determining whether to allow the first task to perform the memory access according to the determination result comprises:
when the judgment result is a first judgment result, determining a target physical address based on a page table entry corresponding to the memory access request of the first task, and sending the target physical address to an address bus to access a physical memory;
and when the judgment result is a second judgment result, rejecting the first task to perform memory access.
5. The method of claim 4, wherein determining a target physical address based on a page table entry corresponding to the memory access request of the first task comprises:
and extracting a physical base address from a page table entry corresponding to the memory access request of the first task, and determining a target physical address based on the physical base address.
6. The method of claim 1, wherein determining the corresponding page table entry based on the memory access request of the first task further comprises:
judging whether the corresponding page table item is found based on the memory virtual address in the memory access request of the first task;
and if the corresponding page table entry is not found, performing page missing processing aiming at the memory virtual address.
7. An electronic device, characterized in that the electronic device comprises:
the system comprises a request acquisition unit, a task processing unit and a task processing unit, wherein the request acquisition unit is used for acquiring a memory access request of a first task of a first virtual machine in at least one virtual machine, and the memory access request comprises a memory virtual address;
the information extraction unit is used for at least acquiring the identification information of the first virtual machine from an extension register, and the extension register stores the identification information of each virtual machine; determining a corresponding page table entry based on the memory access request of the first task, and acquiring at least identification information of a target virtual machine corresponding to the memory virtual address from the page table entry;
and the judging unit is used for judging whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine to obtain a judgment result, and determining whether the first task is allowed to carry out memory access according to the judgment result.
8. The electronic device according to claim 7, wherein the information extracting unit is configured to obtain a page table base address corresponding to a first task of the first virtual machine; and determining a page table entry corresponding to the memory access request of the first task according to the page table base address corresponding to the first task of the first virtual machine and the memory virtual address in the memory access request.
9. The electronic device according to claim 7, wherein the determination unit is configured to determine whether the identification information of the target virtual machine is the same as the identification information of the first virtual machine; if the identification information of the target virtual machine is the same as the identification information of the first virtual machine, obtaining a first judgment result; otherwise, a second judgment result is obtained.
10. The electronic device according to claim 9, wherein the determining unit is configured to, when the determination result is a first determination result, determine a target physical address based on a page table entry corresponding to the memory access request of the first task, and send the target physical address to an address bus to access a physical memory; and when the judgment result is a second judgment result, rejecting the first task to perform memory access.
11. The electronic device according to claim 10, wherein the determining unit is configured to extract a physical base address from a page table entry corresponding to the memory access request of the first task, and determine a target physical address based on the physical base address.
12. The electronic device according to claim 7, wherein the information extraction unit is configured to determine whether a corresponding page table entry is found based on a memory virtual address in the memory access request of the first task; and if the corresponding page table entry is not found, performing page missing processing aiming at the memory virtual address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710203551.1A CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710203551.1A CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107085535A CN107085535A (en) | 2017-08-22 |
| CN107085535B true CN107085535B (en) | 2020-10-27 |
Family
ID=59615121
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710203551.1A Active CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107085535B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108491249B (en) * | 2018-03-16 | 2020-11-10 | 中国人民解放军战略支援部队信息工程大学 | Kernel module isolation method and system based on module weight |
| CN109766165B (en) * | 2018-11-22 | 2022-07-08 | 海光信息技术股份有限公司 | Memory access control method and device, memory controller and computer system |
| CN110008692B (en) * | 2019-03-22 | 2021-08-17 | 联想(北京)有限公司 | Information processing method and device and storage medium |
| CN110442425B (en) * | 2019-07-19 | 2022-04-08 | 南京芯驰半导体科技有限公司 | Virtualized address space isolation system and method |
| CN110928646B (en) * | 2019-11-22 | 2023-02-17 | 海光信息技术股份有限公司 | Method, device, processor and computer system for accessing shared memory |
| CN111400096B (en) * | 2020-03-16 | 2023-05-02 | 杭州涂鸦信息技术有限公司 | Memory mirroring method based on linux page-missing mechanism and system and device thereof |
| CN112817756B (en) * | 2021-01-25 | 2022-05-27 | 上海壁仞智能科技有限公司 | Computer readable storage medium, and virtualization method and device of memory management unit |
| CN115080223A (en) * | 2021-03-16 | 2022-09-20 | 华为技术有限公司 | Execution method of memory read-write instruction and computing equipment |
| CN113391881B (en) * | 2021-06-28 | 2023-07-14 | 元心信息科技集团有限公司 | Interrupt management method and device, electronic equipment and computer storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN103530167A (en) * | 2013-09-30 | 2014-01-22 | 华为技术有限公司 | Virtual machine memory data migration method and relevant device and cluster system |
| CN104978283A (en) * | 2014-04-10 | 2015-10-14 | 华为技术有限公司 | Memory access control method and device |
| CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
| CN107783913A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | A kind of resource access method and computer applied to computer |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8037280B2 (en) * | 2008-06-11 | 2011-10-11 | Vmware, Inc. | System and method for improving memory locality of virtual machines |
-
2017
- 2017-03-30 CN CN201710203551.1A patent/CN107085535B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN103530167A (en) * | 2013-09-30 | 2014-01-22 | 华为技术有限公司 | Virtual machine memory data migration method and relevant device and cluster system |
| CN104978283A (en) * | 2014-04-10 | 2015-10-14 | 华为技术有限公司 | Memory access control method and device |
| CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
| CN107783913A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | A kind of resource access method and computer applied to computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107085535A (en) | 2017-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107085535B (en) | Information processing method and electronic equipment | |
| CN108153757B (en) | Hash table management method and device | |
| US8255201B2 (en) | Full-system ISA emulating system and process recognition method | |
| JP5646498B2 (en) | Opportunistic page largeification | |
| US11797678B2 (en) | Memory scanning methods and apparatus | |
| US11494220B2 (en) | Scalable techniques for data transfer between virtual machines | |
| US9354916B2 (en) | Detection of guest disk cache | |
| CN107278292B (en) | Mapping method and device for memory of virtual machine and data transmission equipment | |
| US10089024B2 (en) | Memory deduplication protection for memory pages | |
| CN111190752A (en) | Method and device for sharing kernel memory of virtual machine | |
| CN104636203A (en) | Method and apparatus to represent a processor context with fewer bits | |
| US9977747B2 (en) | Identification of page sharing opportunities within large pages | |
| US20160103768A1 (en) | TLB Management Method and Computer | |
| CN115658564A (en) | Address translation cache control method, device, equipment and medium | |
| CN110196757A (en) | TLB filling method, device and the storage medium of virtual machine | |
| CN112328354A (en) | Virtual machine live migration method and device, electronic equipment and computer storage medium | |
| CN108491716B (en) | Virtual machine memory isolation detection method based on physical page address analysis | |
| EP3646221A1 (en) | Accelerated code injection detection using operating system controlled memory attributes | |
| US20070192549A1 (en) | Method of improving the detection of opening and method for reducing the booting time of a wireless terminal | |
| CN111382429B (en) | Instruction execution method and device and storage medium | |
| CN106874119A (en) | Merging method and device based on the scanning of homogeneity internal memory | |
| US20180341595A1 (en) | Memory Address Assignment Method for Virtual Machine and Apparatus | |
| US20160170899A1 (en) | Embedded device and memory management method thereof | |
| CN117234963B (en) | Dynamic library processing method and device | |
| CN117472806B (en) | Address translation method and device and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |