CN107450962A - Abnormality eliminating method, apparatus and system under a kind of virtualization running environment - Google Patents
Abnormality eliminating method, apparatus and system under a kind of virtualization running environment Download PDFInfo
- Publication number
- CN107450962A CN107450962A CN201710554394.9A CN201710554394A CN107450962A CN 107450962 A CN107450962 A CN 107450962A CN 201710554394 A CN201710554394 A CN 201710554394A CN 107450962 A CN107450962 A CN 107450962A
- Authority
- CN
- China
- Prior art keywords
- guest
- virtual machine
- abnormal
- kernel code
- caused
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
The application is related to industry internet operation system technology field, more particularly to a kind of abnormality eliminating method virtualized under running environment, apparatus and system, it is poor there is robustness to solve the problems, such as to operate in the Guest OS under virtualized environment in the prior art;Abnormality eliminating method under the virtualization running environment that the embodiment of the present application provides includes:Monitor abnormal caused by the Guest OS run on a virtual machine;If according to the abnormal contextual information of acquisition, it is determined that abnormal is as caused by the out-of-limit operation of the Guest OS kernel codes being limited to operating right in virtual machine, then refuse out-of-limit operations of the Guest OS to kernel code, here, for the important kernel code in virtual machine, operating rights of the Guest OS to the kernel code can be increased, so equivalent to adding one layer of security protection to the kernel code in virtual machine, and the protection to kernel code can effectively improve the security of virtual machine running environment, therefore the Guest OS operated in virtual machine robustness can be strengthened.
Description
Technical field
The application is related to different under industry internet operation system technology field, more particularly to a kind of virtualization running environment
Normal processing method, apparatus and system.
Background technology
Virtualization technology is by the hardware resource of physical machine, such as server and internal memory, is carried out after being abstracted for users to use,
Its core is that virtual machine manager (Virtual Machine Monitor, VMM) is first built in physical machine, then is created on VMM
Multiple virtual machines (Virtual Machine, VM) are built, so, a client operating system can only be run in physical machine originally
(Guest Operating System, Guest OS), can run parallel after virtualization in multiple VM, therefore can be maximum
Change the hardware resource that ground utilizes physical machine.
In the prior art, VMM is monitored to Guest OS running, and the Guest OS monitored are being transported
Caused exception is delivered to the exception processing modules of Guest OS On-premises and handled during row, wherein, exception
Manage abnormal exception, page fault, illegal instruction exceptions etc. as caused by except Z-operation of resume module, these are abnormal be all by
Caused by Software for Design mistake in Guest OS.VM for providing virtualization running environment for Guest OS, ensures in VM
The security of kernel code is the premise that Guest OS and exception processing module are capable of normal work.At present, kernel code in VM
Security simply simply by the operating system run on VM, such as Windows, carry out security protection, under normal circumstances,
The important kernel code that Guest OS can not be had access in VM, once the security protection of operating system is broken, and it is important in VM
Kernel code is easy for being maliciously tampered, this can cause Guest OS can not normal operation, it is serious when may make Guest
OS paralyses, and the user application layer face that Guest OS are had been located in virtualization technology, ensures that Guest OS can be transported steadily and surely
Row is all particularly significant for client and offer Guest OS businessman.
It can be seen that the Guest OS operated in the prior art under virtualized environment there is robustness it is poor the problem of.
The content of the invention
The embodiment of the present application provides a kind of abnormality eliminating method virtualized under running environment, apparatus and system, to solve
The Guest OS certainly operated in the prior art under virtualized environment there is robustness it is poor the problem of.
Abnormality eliminating method under a kind of virtualization running environment that the embodiment of the present application provides, including:
Monitor abnormal caused by the client operating system Guest OS run on a virtual machine;
If according to the abnormal contextual information of acquisition, it is to being grasped in virtual machine by Guest OS to determine the exception
Make caused by the out-of-limit operation of the kernel code of limited authority, then refuse out-of-limit operations of the Guest OS to the kernel code.
Alternatively, according to following steps determine the exception be by Guest OS it is limited to operating right in virtual machine in
Caused by the out-of-limit operation of core code:
Obtain the memory pages mistake address in the abnormal contextual information;
If the memory pages mistake address is included in ground corresponding to the limited kernel code of the operating right pre-saved
In the section of location and Guest OS have access rights to the kernel code in the address field, it is determined that the exception is by Guest
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in virtual machine.
Alternatively, out-of-limit operations of the Guest OS to the kernel code is refused, including:
Judge whether user-defined abnormality processing function;
If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;
Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described different
Obtained in normal contextual information.
Alternatively, methods described also includes:
Monitor and handle caused during calling the abnormality processing function to handle the out-of-limit operation
Secondary exception.
Exception handling device under a kind of virtualization running environment that the embodiment of the present application provides, including:
Monitoring modular, it is abnormal caused by the client operating system Guest OS run on a virtual machine for monitoring;
Processing module, if for the abnormal contextual information according to acquisition, it is by Guest to determine the exception
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in virtual machine, then refuse Guest OS to the kernel generation
The out-of-limit operation of code.
Monitoring modular, it is abnormal caused by the client operating system Guest OS run on a virtual machine for monitoring;
Processing module, if for the abnormal contextual information according to acquisition, it is by Guest to determine the exception
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in virtual machine, then refuse Guest OS to the kernel generation
The out-of-limit operation of code.
Alternatively, the processing module is specifically used for:
Determine that the exception is by kernel code limited to operating right in virtual machine Guest OS according to following steps
Out-of-limit operation caused by:
Obtain the memory pages mistake address in the abnormal contextual information;
If the memory pages mistake address is included in ground corresponding to the limited kernel code of the operating right pre-saved
In the section of location and Guest OS have access rights to the kernel code in the address field, it is determined that the exception is by Guest
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in virtual machine.
Alternatively, the processing module is specifically used for:
Judge whether user-defined abnormality processing function;
If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;
Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described different
Obtained in normal contextual information.
Alternatively, the monitoring modular, be additionally operable to monitoring call the abnormality processing function to it is described it is out-of-limit operate into
Caused secondary exception during row processing;
The processing module, it is additionally operable to handle the secondary exception.
Abnormality processing system under a kind of virtualization running environment that the embodiment of the present application provides, including:Virtual Machine Manager
Device, at least one first virtual machine and one are used to carry out the second of security protection at least one first virtual machine
Virtual machine, wherein:
The virtual machine manager, for each first virtual machine, monitoring the client run on first virtual machine
It is abnormal caused by operating system Guest OS;The abnormal contextual information of acquisition is sent to second virtual machine;
Second virtual machine, for receiving the abnormal contextual information;If believed according to the abnormal context
Breath, determining the exception is produced by the out-of-limit operation of the Guest OS kernel codes being limited to operating right in first virtual machine
Raw, then refuse out-of-limit operations of the Guest OS to the kernel code.
Alternatively, second virtual machine is specifically used for:
Obtain the memory pages mistake address in the abnormal contextual information;
If the memory pages mistake address is included in ground corresponding to the limited kernel code of the operating right pre-saved
In the section of location and Guest OS have access rights to the kernel code in the address field, it is determined that the exception is by Guest
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in the first virtual machine.
Alternatively, second virtual machine is specifically used for:
Judge whether user-defined abnormality processing function;
If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;
Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described different
Obtained in normal contextual information.
Alternatively, the virtual machine manager is additionally operable to:
Monitor and handle caused during calling the abnormality processing function to handle the out-of-limit operation
Secondary exception.
The a kind of electronic equipment that the embodiment of the present application provides, including at least one processing unit and at least one storage
Unit, wherein, the memory cell has program stored therein code, when described program code is performed by the processing unit so that
The processing unit performs the step of abnormality eliminating method under above-mentioned virtualization running environment.
A kind of computer-readable recording medium that the embodiment of the present application provides, including program code, when described program product
When running on the computing device, described program code is different under above-mentioned virtualization running environment for performing the electronic equipment
The step of normal processing method.
In the embodiment of the present application, exception caused by the Guest OS run on a virtual machine is monitored, if according to the different of acquisition
Normal contextual information, it is by the out-of-limit behaviour of the Guest OS kernel codes being limited to operating right in virtual machine to determine the exception
Caused by work, then refuse out-of-limit operations of the Guest OS to kernel code.For the important kernel code in virtual machine, compared to
Security protection is simply carried out using the operating system run on VM in the prior art, can also be increased in the embodiment of the present application
Guest OS prevent the operating right of important kernel code more equivalent to one layer of safety is increased the kernel code in virtual machine
Shield, and the security protection to kernel code can effectively improve the security of virtual machine running environment, therefore operation can be strengthened
The robustness of Guest OS in virtual machine.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the present invention, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the abnormality eliminating method flow chart under the virtualization running environment that the embodiment of the present application provides;
Fig. 2 is the abnormality processing system schematic diagram under the virtualization running environment that the embodiment of the present application provides;
Fig. 3 is the abnormality processing system schematic diagram under the another virtualization running environment that the embodiment of the present application provides;
Fig. 4 is the flow chart that the health control subsystem that the embodiment of the present application provides is handled exception;
Fig. 5 is the exception handling device structure chart under the virtualization running environment that the embodiment of the present application provides;
Fig. 6 is the hardware configuration signal of the exception handling device under the virtualization running environment that the embodiment of the present application provides
Figure.
Embodiment
In the embodiment of the present application, exception caused by the Guest OS run on a virtual machine is monitored, if according to the different of acquisition
Normal contextual information, it is by the out-of-limit behaviour of the Guest OS kernel codes being limited to operating right in virtual machine to determine the exception
Caused by work, then refuse out-of-limit operations of the Guest OS to kernel code.For the important kernel code in virtual machine, compared to
Security protection is simply carried out using the operating system run on VM in the prior art, can also be increased in the embodiment of the present application
Guest OS prevent the operating right of important kernel code more equivalent to one layer of safety is increased the kernel code in virtual machine
Shield, and the security protection to kernel code can effectively improve the security of virtual machine running environment, therefore operation can be strengthened
The robustness of Guest OS in virtual machine.
The preferred embodiments of the present invention are illustrated below in conjunction with Figure of description, it will be appreciated that described herein
Preferred embodiment is merely to illustrate and explain the present invention, and is not intended to limit the present invention, and in the case where not conflicting, this hair
The feature in embodiment and embodiment in bright can be mutually combined.
Embodiment one
As shown in figure 1, the abnormality eliminating method flow chart under the virtualization running environment provided for the embodiment of the present application, bag
Include following steps:
S101:Monitor abnormal caused by the client operating system Guest OS run on a virtual machine.
Wherein, include exception caused by Software for Design mistake in Guest OS caused by Guest OS extremely, also include
In virtual machine of the illegal program to running Guest OS kernel code distort etc. it is abnormal caused by operation.
S102:If according to the abnormal contextual information of acquisition, it is determined that abnormal is to being operated in virtual machine by Guest OS
Caused by the out-of-limit operation of the kernel code of limited authority, then refuse out-of-limit operations of the Guest OS to kernel code.
Alternatively, after exception is detected, abnormal contextual information can be obtained, is included in the contextual information
Pointer information in the address of operational order, operational order when producing abnormal, memory pages mistake address, task stack etc..
In practical application, because the operating system run on VM has served certain security protection to kernel code and made
With, therefore under normal circumstances, Guest OS are the important kernel codes that can not be had access in VM, if Guest OS are in VM
Important kernel code carried out out-of-limit operation, the safety of kernel code can not have been ensured by illustrating current VM operating system
Property, VM running environment may have potential safety hazard, and the application is precisely in order to potential safety hazard as solving.
Specifically, the memory pages mistake address in abnormal contextual information can be obtained, it is internal according to operating system
The division rule of middle address field is deposited, memory pages mistake address address field affiliated in depositing inside is determined, if the address field is pre-
The limited kernel code of the operating right that first preserves corresponding a certain address field and Guest OS are in the address field in internal memory
Kernel code there are access rights, it is determined that there is potential safety hazard in VM running environment, be to virtual extremely by Guest OS
In machine caused by the out-of-limit operation of the limited kernel code of operating right.
Wherein, if Guest OS have access rights to the kernel code in the address field, illustrate that the exception should not
Occur in Guest OS, and the exception occurred now can only be due to that to kernel code, there is provided access in advance by program designer
Authority and it is caused, thus may determine that the exception be by Guest OS to operating right in virtual machine be limited kernel code
Caused by out-of-limit operation.
Further, it is determined that operations of the Guest OS to kernel code is after out-of-limit operation, it can be determined that right in system
It whether there is user-defined abnormality processing function extremely in this, if in the presence of user-defined exception can be called
The out-of-limit operation that reason function pair produces the exception is handled;Otherwise, can refuse to produce this it is abnormal when Guest OS perform
Operational order;Wherein, operational order is obtained from the contextual information of exception.
Such as anomaly exist user-defined abnormality processing function for certain in system, the abnormality processing function except
The operational order that Guest OS are performed when being not responding to produce exception, can also be by the page jump of user's current accessed to specific page
Face, rather than report an error directly to user, better user experience;If it is not present extremely for this in system user-defined different
Often processing function, then can directly refuse to produce this it is abnormal when the operational order that performs of Guest OS.
In addition, in above process, it can also monitor and handle and call user-defined abnormality processing function to more
Caused secondary exception during limit operation is handled.
For example stack is produced again during calling user-defined abnormality processing function to handle out-of-limit operation
Overflow exception, at this point it is possible to the task suspension that out-of-limit operation will be handled, or by the handling out-of-limit operation of the task restarted with
It is abnormal to solve stack overflow.
In specific implementation process, if according to the abnormal contextual information of acquisition, it is determined that abnormal is not by Guest OS
, then can be by the abnormality processing in Guest OS caused by the out-of-limit operation for the kernel code being limited to operating right in virtual machine
Module is handled abnormal.
In the embodiment of the present application, exception caused by the Guest OS run on a virtual machine is monitored, if according to the different of acquisition
Normal contextual information, it is by the out-of-limit behaviour of the Guest OS kernel codes being limited to operating right in virtual machine to determine the exception
Caused by work, then refuse out-of-limit operations of the Guest OS to kernel code.For the important kernel code in virtual machine, compared to
Security protection is simply carried out using the operating system run on VM in the prior art, can also be increased in the embodiment of the present application
Guest OS prevent the operating right of important kernel code more equivalent to one layer of safety is increased the kernel code in virtual machine
Shield, and the security protection to kernel code can effectively improve the security of virtual machine running environment, therefore operation can be strengthened
The robustness of Guest OS in virtual machine.
Embodiment two
As shown in Fig. 2 the abnormality processing system 200 under the virtualization running environment provided for the embodiment of the present application is illustrated
Figure, including:Hardware, virtual machine manager 201, at least one first virtual machine 202 and one are used for described at least one
First virtual machine carries out the second virtual machine 203 of security protection, wherein:
Virtual machine manager 201, for each first virtual machine 202, monitoring the visitor run on first virtual machine
It is abnormal caused by the operating system Guest OS of family, the abnormal contextual information is obtained, then sends out the contextual information of exception
Give the second virtual machine;
Second virtual machine 203, for receiving the abnormal contextual information of virtual machine manager transmission;If according to different
Normal contextual information, it is determined that abnormal is getting over by the Guest OS kernel codes being limited to operating right in first virtual machine
Caused by limit operation, then refuse out-of-limit operations of the Guest OS to kernel code.
In specific implementation process, the second virtual machine is specifically used for:Obtain the memory pages in abnormal contextual information
Mistake address, if memory pages mistake address is included in address field corresponding to the limited kernel code of the operating right pre-saved
In and Guest OS there are access rights to the kernel code in the address field, it is determined that abnormal is to first by Guest OS
In virtual machine caused by the out-of-limit operation of the limited kernel code of operating right.
Further, the second virtual machine judges whether user-defined abnormality processing function, if in the presence of calling
Abnormality processing function is handled out-of-limit operation;Otherwise, the operational order that Guest OS are performed when refusal produces abnormal;It is described
Operational order is obtained from the contextual information of exception.
In addition, virtual machine manager is additionally operable to:Monitor and handle at calling abnormality processing function is to out-of-limit operation
Caused secondary exception during reason.
In the embodiment of the present application, virtual machine manager is monitored and run on first virtual machine to each first virtual machine
Client operating system Guest OS caused by it is abnormal, the abnormal contextual information of acquisition is sent to the second virtual machine;
After second virtual machine receives abnormal contextual information, if according to the contextual information of exception, it is determined that abnormal is by Guest
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in first virtual machine, then refuse Guest OS to kernel
The out-of-limit operation of code.For the important kernel code in the first virtual machine, transported compared to simply using in the prior art on VM
Capable operating system carries out security protection, also increases in the embodiment of the present application for carrying out security protection to each first virtual machine
The second virtual machine, second virtual machine can control operating rights of the Guest OS to important kernel code in the first virtual machine
Limit, one layer of security protection is added equivalent to the kernel code in the first virtual machine more, and to the security protection of kernel code
The security of the first virtual machine running environment can be effectively improved, therefore the Guest operated in the first virtual machine can be strengthened
OS robustness.
Embodiment three
As shown in figure 3, the abnormality processing system 300 under the virtualization running environment provided for the embodiment of the present application is illustrated
Figure, wherein, VMM forms multiple VM after being virtualized to the hardware of bottom, included in VMM between core health control module and domain
Communication management module, core health control module are responsible for that the very first time collects abnormal contextual information and to have processing concurrently specific
The ability of abnormal (abnormal caused by health control subsystem), inter-domain communication management module are responsible for the communication between multiple VM;It is more
One is health monitoring virtual machine in individual VM, and others are client virtual machine, and unsoundness is run in health monitoring virtual machine
Subsystem is managed, being run in client virtual machine there are Guest OS, includes exception processing module again in Guest OS, abnormal
Processing module to Guest OS in the process of running due to Software for Design mistake and caused exception is handled, such as except zero different
Often, illegal instruction exceptions " etc..
In specific implementation process, each client virtual machine provides virtualization running environment, visitor for Guest OS
Operating system on the system virtual machine of family carries out security protection to the important kernel code in virtual machine, and peace is provided for Guest OS
All risk insurance hinders, but for any one client virtual machine, if virtual machine running environment cannot get safety guarantee, by difficulty
To ensure Guest OS normal operation, therefore, the application adds health control subsystem in health monitoring virtual machine, it is good for
Kang Guanli subsystems can be arranged between client virtual machine and VMM, and other one layer is provided for each client virtual machine
Safety guarantee, it can be analyzed for abnormal caused by Guest OS by health control subsystem, if health control is sub
System determines that abnormal is due to caused by the out-of-limit operation for the kernel code that Guest OS are limited to operating right in virtual machine, then
Out-of-limit operations of the Guest OS to kernel code can be refused, so as to ensure the security of kernel code in virtual machine, ensured
Guest OS robustness.
Specifically, as shown in pointing to the arrow in Fig. 3, caused exception is got by CPU first in Guest OS, CPU
The core health control module that will be sent to extremely in VMM again, core health control module obtain abnormal contextual information, if
Core health control module according to abnormal contextual information determine the exception be as caused by health control subsystem, then can be right
Handled extremely caused by health control subsystem, such as, operate what is handled to out-of-limit for health control subsystem
During caused stack overflow it is abnormal, core health control module can will handle appointing for out-of-limit operation in health control subsystem
Business is hung up, or task of out-of-limit operation is handled in health control subsystem is restarted.If core health control module root
According to abnormal contextual information determine the exception be not as caused by health control subsystem, then can by exception contextual information
Health control subsystem is sent to, further, the memory pages that health control subsystem is obtained in abnormal contextual information are wrong
Address by mistake, if memory pages mistake address is included in address field corresponding to the limited kernel code of the operating right pre-saved
In and Guest OS there are access rights to the kernel code in the address field, it is determined that the exception is to void by Guest OS
In plan machine caused by the out-of-limit operation of the limited kernel code of operating right, there is safety in this explanation Guest OS running environment
Hidden danger, it can now refuse out-of-limit operations of the Guest OS to kernel code.
Alternatively, when refusing out-of-limit operations of the Guest OS to kernel code, health control subsystem, which may determine that, is
It is no user-defined abnormality processing function to be present, if in the presence of, can call user-defined abnormality processing function to more
Limit operation is handled;Otherwise, refusal produce this it is abnormal when the operational order that performs of Guest OS.
In addition, in specific implementation process, if health control subsystem determines that abnormal is not to virtual machine by Guest OS
Caused by the out-of-limit operation of the limited kernel code of middle operating right, then it can be incited somebody to action by the inter-domain communication management module in VMM
Abnormal contextual information, which is sent to, produces abnormal Guest OS, by the exception processing module in Guest OS to abnormal progress
Processing.
In specific implementation process, health control subsystem can be handled abnormal according to the flow shown in Fig. 4:
S401:Receive the abnormal contextual information that core health control module is sent.
Wherein, abnormal contextual information is to receive the exception of CPU transmissions by the core health control module in VMM
The very first time is collected afterwards, and operational order when producing abnormal, the address, interior of operational order are included in abnormal contextual information
Deposit pointer information in page fault address, task stack etc..
S402:Whether the exception for judging to receive is the kernel code being limited by Guest OS to operating right in virtual machine
Out-of-limit operation caused by, if so, then entering S404;Otherwise, into S403.
In specific implementation process, the memory pages that health control subsystem can be obtained in abnormal contextual information are wrong
Address by mistake, the division rule according to operating system to address field, determines the address field belonging to memory pages mistake address, if the ground
Location section is a certain address field corresponding to the limited kernel code of the operating right pre-saved, and Guest OS are in the address field
Kernel code but there are access rights, then illustrate that the exception should not occur in Guest OS, and be due to programming
Person is caused there is provided access rights to kernel code in advance, thus may determine that the exception is to virtual machine by Guest OS
Caused by the out-of-limit operation of the limited kernel code of middle operating right.
S403:Abnormal contextual information is delivered to the exception processing module in Guest OS.
Wherein it is possible to by the inter-domain communication management module in VMM, the contextual information of exception is delivered to Guest OS
In exception processing module.
S404:User-defined abnormality processing function is judged whether, if so, then entering S405;Otherwise, enter
S406。
S405:User-defined abnormality processing function is called to handle abnormal.
Such as user-defined abnormality processing function be present in certain pathological system, the abnormality processing function except
The operational order that Guest OS are performed when being not responding to produce exception, can also be by the page jump of user's current accessed to specific page
Face, it is more preferable not directly to user's guarantee, Consumer's Experience.
S406:The operation that Guest OS perform to virtual machine when refusal produces abnormal.
In addition, in above process, core health control module can also monitor and handle health control subsystem and adjust
Caused secondary exception during being handled with user-defined abnormality processing function out-of-limit operation, such as, health
Management subsystem is during calling user-defined abnormality processing function to handle out-of-limit operation and generation stack overflows
Go out exception, now, core health control module can will handle the task suspension of out-of-limit operation in health control subsystem, or
Task of out-of-limit operation is handled in health control subsystem is restarted, to ensure that health control subsystem can be transported normally
OK.
Example IV
Based on same inventive concept, the exception under a kind of running environment with virtualization is additionally provided in the embodiment of the present application
Exception handling device under virtualization running environment corresponding to reason method, because the device solves the principle of problem and the application reality
The abnormality eliminating method applied under example virtualization running environment is similar, therefore the implementation of the device may refer to the implementation of method, weight
Multiple part repeats no more.
As shown in figure 5, the exception handling device structure chart under the virtualization running environment provided for the embodiment of the present application, bag
Include:
Monitoring modular 501, it is abnormal caused by the client operating system Guest OS run on a virtual machine for monitoring;
Processing module 502, if for the abnormal contextual information according to acquisition, determine the exception be by
Caused by the out-of-limit operation for the kernel code that Guest OS are limited to operating right in virtual machine, then refuse Guest OS to described
The out-of-limit operation of kernel code.
Alternatively, processing module 502 is specifically used for:
Determine that the exception is by kernel code limited to operating right in virtual machine Guest OS according to following steps
Out-of-limit operation caused by:
Obtain the memory pages mistake address in the abnormal contextual information;
If the memory pages mistake address is included in ground corresponding to the limited kernel code of the operating right pre-saved
In the section of location and Guest OS have access rights to the kernel code in the address field, it is determined that the exception is by Guest
Caused by the out-of-limit operation for the kernel code that OS is limited to operating right in virtual machine.
Alternatively, processing module 502 is specifically used for:
Judge whether user-defined abnormality processing function;
If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;
Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described different
Obtained in normal contextual information.
Alternatively, monitoring modular 501, it is additionally operable to monitoring and is calling the abnormality processing function to carry out the out-of-limit operation
Caused secondary exception during processing;
Processing module 502, it is additionally operable to handle the secondary exception.
Embodiment five
As shown in fig. 6, the hardware knot of the exception handling device under the virtualization running environment provided for the embodiment of the present application
Structure schematic diagram, including at least one processing unit 601 and at least one memory cell 602, wherein, memory cell is stored with
Program code, when program code is performed by the processing unit so that processing unit is performed under above-mentioned virtualization running environment
Abnormality eliminating method the step of.
Embodiment six
A kind of computer-readable recording medium that the embodiment of the present application provides, including program code, when program product is being counted
When being run in calculation equipment, program code is used for the abnormality eliminating method for making electronic equipment perform under above-mentioned virtualization running environment
Step.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to according to the method, apparatus (system) of the embodiment of the present application and the flow of computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although having been described for the preferred embodiment of the application, those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application
God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies
Within, then the application is also intended to comprising including these changes and modification.
Claims (12)
- A kind of 1. abnormality eliminating method virtualized under running environment, it is characterised in that including:Monitor abnormal caused by the client operating system Guest OS run on a virtual machine;If according to the abnormal contextual information of acquisition, it is to operating rights in virtual machine by Guest OS to determine the exception Caused by the out-of-limit operation of the limited kernel code of limit, then refuse out-of-limit operations of the Guest OS to the kernel code.
- 2. the method as described in claim 1, it is characterised in that determine that the exception is by Guest OS couple according to following steps In virtual machine caused by the out-of-limit operation of the limited kernel code of operating right:Obtain the memory pages mistake address in the abnormal contextual information;If the memory pages mistake address is included in address field corresponding to the limited kernel code of the operating right pre-saved In and Guest OS there are access rights to the kernel code in the address field, it is determined that the exception is by Guest OS couple In virtual machine caused by the out-of-limit operation of the limited kernel code of operating right.
- 3. the method as described in claim 1, it is characterised in that out-of-limit operations of the refusal Guest OS to the kernel code, Including:Judge whether user-defined abnormality processing function;If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described abnormal Obtained in contextual information.
- 4. method as claimed in claim 3, it is characterised in that also include:Monitor and handle caused secondary during calling the abnormality processing function to handle the out-of-limit operation It is abnormal.
- A kind of 5. exception handling device virtualized under running environment, it is characterised in that including:Monitoring modular, it is abnormal caused by the client operating system Guest OS run on a virtual machine for monitoring;Processing module, if for the abnormal contextual information according to acquisition, it is by Guest OS couple to determine the exception In virtual machine caused by the out-of-limit operation of the limited kernel code of operating right, then refuse Guest OS to the kernel code Out-of-limit operation.
- 6. device as claimed in claim 5, it is characterised in that the processing module is specifically used for:Determine that the exception is getting over by the Guest OS kernel codes being limited to operating right in virtual machine according to following steps Caused by limit operation:Obtain the memory pages mistake address in the abnormal contextual information;If the memory pages mistake address is included in address field corresponding to the limited kernel code of the operating right pre-saved In and Guest OS there are access rights to the kernel code in the address field, it is determined that the exception is by Guest OS couple In virtual machine caused by the out-of-limit operation of the limited kernel code of operating right.
- 7. device as claimed in claim 5, it is characterised in that the processing module is specifically used for:Judge whether user-defined abnormality processing function;If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described abnormal Obtained in contextual information.
- 8. device as claimed in claim 7, it is characterised in that also include:The monitoring modular, monitoring is additionally operable in the process for calling the abnormality processing function to handle the out-of-limit operation In caused secondary exception;The processing module, it is additionally operable to handle the secondary exception.
- A kind of 9. abnormality processing system virtualized under running environment, it is characterised in that including:Virtual machine manager, at least one Individual first virtual machine and second virtual machine for being used to carry out at least one first virtual machine security protection, its In:The virtual machine manager, for each first virtual machine, monitoring the guest operation run on first virtual machine It is abnormal caused by system Guest OS;The abnormal contextual information of acquisition is sent to second virtual machine;Second virtual machine, for receiving the abnormal contextual information;If according to the abnormal contextual information, really The fixed exception be as caused by the out-of-limit operation of the Guest OS kernel codes being limited to operating right in first virtual machine, Then refuse out-of-limit operations of the Guest OS to the kernel code.
- 10. system as claimed in claim 9, it is characterised in that second virtual machine is specifically used for:Obtain the memory pages mistake address in the abnormal contextual information;If the memory pages mistake address is included in address field corresponding to the limited kernel code of the operating right pre-saved In and Guest OS there are access rights to the kernel code in the address field, it is determined that the exception is by Guest OS couple In first virtual machine caused by the out-of-limit operation of the limited kernel code of operating right.
- 11. system as claimed in claim 9, it is characterised in that second virtual machine is specifically used for:Judge whether user-defined abnormality processing function;If in the presence of, call the abnormality processing function to it is described it is out-of-limit operation handle;Otherwise, the operational order that Guest OS are performed when refusal produces described abnormal;The operational order is from described abnormal Obtained in contextual information.
- 12. system as claimed in claim 11, it is characterised in that the virtual machine manager is additionally operable to:Monitor and handle caused secondary during calling the abnormality processing function to handle the out-of-limit operation It is abnormal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710554394.9A CN107450962B (en) | 2017-07-03 | 2017-07-03 | Exception handling method, device and system in virtualized operation environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710554394.9A CN107450962B (en) | 2017-07-03 | 2017-07-03 | Exception handling method, device and system in virtualized operation environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107450962A true CN107450962A (en) | 2017-12-08 |
CN107450962B CN107450962B (en) | 2020-04-24 |
Family
ID=60487786
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710554394.9A Active CN107450962B (en) | 2017-07-03 | 2017-07-03 | Exception handling method, device and system in virtualized operation environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107450962B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109684829A (en) * | 2018-12-04 | 2019-04-26 | 中国科学院数据与通信保护研究教育中心 | Service call monitoring method and system in a kind of virtualized environment |
CN109828827A (en) * | 2018-11-22 | 2019-05-31 | 海光信息技术有限公司 | A kind of detection method, device and relevant device |
CN111240898A (en) * | 2020-01-09 | 2020-06-05 | 中瓴智行(成都)科技有限公司 | Hypervisor-based black box implementation method and system |
CN113268726A (en) * | 2020-02-17 | 2021-08-17 | 华为技术有限公司 | Program code execution behavior monitoring method and computer equipment |
CN114327648A (en) * | 2021-12-16 | 2022-04-12 | 北京安天网络安全技术有限公司 | Drive debugging method and device, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
CN103996004A (en) * | 2014-06-12 | 2014-08-20 | 浪潮电子信息产业股份有限公司 | Highly-available system design method based on virtualization |
US20150378633A1 (en) * | 2014-06-30 | 2015-12-31 | Intel Corporation | Method and apparatus for fine grain memory protection |
CN105354155A (en) * | 2015-12-03 | 2016-02-24 | 上海高性能集成电路设计中心 | Memory access authority control method based on page table checking mechanism |
CN105740046A (en) * | 2016-01-26 | 2016-07-06 | 华中科技大学 | Virtual machine process behavior monitoring method and system based on dynamic library |
CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
-
2017
- 2017-07-03 CN CN201710554394.9A patent/CN107450962B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
CN103996004A (en) * | 2014-06-12 | 2014-08-20 | 浪潮电子信息产业股份有限公司 | Highly-available system design method based on virtualization |
US20150378633A1 (en) * | 2014-06-30 | 2015-12-31 | Intel Corporation | Method and apparatus for fine grain memory protection |
CN105354155A (en) * | 2015-12-03 | 2016-02-24 | 上海高性能集成电路设计中心 | Memory access authority control method based on page table checking mechanism |
CN105740046A (en) * | 2016-01-26 | 2016-07-06 | 华中科技大学 | Virtual machine process behavior monitoring method and system based on dynamic library |
CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109828827A (en) * | 2018-11-22 | 2019-05-31 | 海光信息技术有限公司 | A kind of detection method, device and relevant device |
CN109828827B (en) * | 2018-11-22 | 2023-10-27 | 海光信息技术股份有限公司 | Detection method, detection device and related equipment |
CN109684829A (en) * | 2018-12-04 | 2019-04-26 | 中国科学院数据与通信保护研究教育中心 | Service call monitoring method and system in a kind of virtualized environment |
CN109684829B (en) * | 2018-12-04 | 2020-12-04 | 中国科学院数据与通信保护研究教育中心 | Service call monitoring method and system in virtualization environment |
CN111240898A (en) * | 2020-01-09 | 2020-06-05 | 中瓴智行(成都)科技有限公司 | Hypervisor-based black box implementation method and system |
CN111240898B (en) * | 2020-01-09 | 2023-08-15 | 中瓴智行(成都)科技有限公司 | Method and system for realizing black box based on Hypervisor |
CN113268726A (en) * | 2020-02-17 | 2021-08-17 | 华为技术有限公司 | Program code execution behavior monitoring method and computer equipment |
WO2021164271A1 (en) * | 2020-02-17 | 2021-08-26 | 华为技术有限公司 | Method for monitoring program code execution behavior, and computer device |
CN113268726B (en) * | 2020-02-17 | 2023-10-20 | 华为技术有限公司 | Method for monitoring program code execution behavior and computer equipment |
CN114327648A (en) * | 2021-12-16 | 2022-04-12 | 北京安天网络安全技术有限公司 | Drive debugging method and device, electronic equipment and storage medium |
CN114327648B (en) * | 2021-12-16 | 2024-02-02 | 北京安天网络安全技术有限公司 | Driving debugging method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107450962B (en) | 2020-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107450962A (en) | Abnormality eliminating method, apparatus and system under a kind of virtualization running environment | |
US9935971B2 (en) | Mitigation of virtual machine security breaches | |
US11652852B2 (en) | Intrusion detection and mitigation in data processing | |
AU2015312382B2 (en) | Systems and methods for network analysis and reporting | |
CN109831420B (en) | Method and device for determining kernel process permission | |
US9129108B2 (en) | Systems, methods and computer programs providing impact mitigation of cyber-security failures | |
CN104321748B (en) | For catching the mthods, systems and devices of the error condition in light weight virtual machine manager | |
CN103902885B (en) | Towards multi-security level(MSL) virtual desktop system secure virtual machine shielding system and method | |
US9594881B2 (en) | System and method for passive threat detection using virtual memory inspection | |
US20140026231A1 (en) | Self-generation of virtual machine security clusters | |
US10412109B2 (en) | Method for detecting vulnerabilities in a virtual production server of a virtual or cloud computer system | |
US9817970B2 (en) | Method for detecting attacks on virtual machines | |
CN111191226B (en) | Method, device, equipment and storage medium for determining program by utilizing right-raising loopholes | |
CN107580703B (en) | Migration service method and module for software module | |
CN111683047A (en) | Unauthorized vulnerability detection method and device, computer equipment and medium | |
CN104866407A (en) | Monitoring system and method in virtual machine environment | |
CN106650438A (en) | Method and device for detecting baleful programs | |
CN106528415A (en) | Software compatibility test method, business platform and system | |
CN111124615A (en) | Virtual machine migration method, device, equipment and computer readable storage medium | |
US11258816B2 (en) | Managing firewall rules based on triggering statistics | |
CN111181771A (en) | Security changing abnormity positioning method and device based on fort machine and electronic equipment | |
CN102122330A (en) | ''In-VM'' malicious code detection system based on virtual machine | |
US10860712B2 (en) | Entropy based security detection system | |
US20230097770A1 (en) | Authorization monitor to detect privilege usage patterns | |
CN107516039A (en) | The safety protecting method and device of virtualization system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171208 Assignee: Kedong (Guangzhou) Software Technology Co., Ltd Assignor: Beijing Dongtu Technology Co., Ltd.|Beijing keyin Jingcheng Technology Co., Ltd Contract record no.: X2020980000255 Denomination of invention: Exception handling method, apparatus and system in virtual operating environment License type: Exclusive License Record date: 20200218 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
GR01 | Patent grant | ||
GR01 | Patent grant |