CN109901909A - Method and virtualization system for virtualization system - Google Patents
Method and virtualization system for virtualization system Download PDFInfo
- Publication number
- CN109901909A CN109901909A CN201910007074.0A CN201910007074A CN109901909A CN 109901909 A CN109901909 A CN 109901909A CN 201910007074 A CN201910007074 A CN 201910007074A CN 109901909 A CN109901909 A CN 109901909A
- Authority
- CN
- China
- Prior art keywords
- shared
- memory
- address
- vswitch
- data exchange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
The present invention provides a kind of method and virtualization system for virtualization system.The described method includes: 1) filec descriptor for providing its virutal machine memory by the Qemu process and initial position are wherein, the memory does not include system core memory;2) when vSwitch process needs to execute data exchange with virutal machine memory, judge whether virutal machine memory corresponding with the data exchange has been shared, if so then execute data exchange, if the corresponding portion of the virutal machine memory is otherwise shared to the vSwitch process according to the filec descriptor and initial position and executes data exchange.Only when vSwitch needs to execute data exchange with VM memory, VM partial memory required for just mapping is shared, so that being dynamic change at any time to the shared of VM memory, thus reduces the attack face of hacker.
Description
Technical field
The present invention relates to the technical fields that field of computer technology more particularly to physical machine are communicated with virtual machine.
Background technique
Virtualization technology in field of computer technology is by running more virtual machines on a physical machine (Host)
(VM), the resource between virtual machine independently of one another, sharing physical machine, breaks the not cleavable obstacle between entity structure, in turn
The effect for virtualizing network function may be implemented.In order to realize network transmission, virtual machine needs to come with physical network card cooperation real
The transmitting-receiving of existing data packet is with communication with the outside world.Originally, people utilize fully virtualized (full virtualization) technology,
Carry out the items of equipment of analog physical machine in the management program Qemu (VM is operated in Qemu process) of virtual machine using software environment,
Including network interface card.This network I/O mode needs to introduce multiple memory copying, could be transferred to data packet virtually from physical network card
The user memory of machine.Multiple memory copying can introduce the delay of data packet communication, reduce packet throughput, lead to performance
It is very poor, do not meet actual production requirement.
As background, in order to meet the requirement of actual production environment, industry successively proposes a variety of half virtualization (half
Virtualization) technology.Wherein a kind of most representative and most widely used virtualization I/O framework is vhost-
User, by vSwitch (virtual switch process) share VM memory, with reduce memory copy number according to when User space with
Switching times between kernel state.However, new safety problem has also been introduced in the data exchange ways based on the framework, share
The mechanism of memory makes vSwitch can be with direct read/write VM full memory and no any restrictions, if there are loopholes by vSwitch
And it is controlled by hack, such as modify the Packet Descriptor in virtqueue (virtual queue process) and cooperate some essences
The data packet of heart design reads or overrides VM memory, this will bring safety problem very serious, in particular for such as cloud
Calculate the application that application etc. has high requirement to the safety of virtualization network.
For this purpose, it has been proposed that a kind of method for solving above-mentioned safety problem using vIOMMU, checks physical address by VM
The legitimacy of convert requests solves above-mentioned safety problem, however this is also added significantly to the traffic between front and back end,
Meeting under worst case is so that system performance is reduced to original 10%.On the other hand, the memory of VM still can quilt in vIOMMU
VSwitch read-write, thus there are still VM by the risk of unauthorized access and control.
Most fully virtualized I/O frameworks cannot all take into account performance, safety, this compatible several respect at present.In work
Although in industry production environment most widely used half virtualization I/O framework vhost-user compatibility and aspect of performance
Preferable effect is reached, has also had and stablize long-term community's support, but it still has defect in safety.
Summary of the invention
Therefore, it is an object of the invention to overcome the defect of the above-mentioned prior art, provides a kind of for virtualization system
Method, comprising:
1) filec descriptor and the initial position of its virutal machine memory file are provided by the Qemu process, wherein described
File does not include system core memory;
2) when vSwitch process needs to execute data exchange with virutal machine memory, judge opposite with the data exchange
Whether the virutal machine memory answered has been shared, if so then execute data exchange, if otherwise according to corresponding with the file described
The corresponding portion of virutal machine memory shares to the vSwitch process and executes data exchange.
Preferably, according to the method, wherein further include:
It 3), will when monitoring the load reduction of the data exchange between the Qemu process and the vSwitch process
It has shared to and has at least partly been revised as not sharing with the vSwitch process in the virutal machine memory of the vSwitch process.
Preferably, according to the method, step 2) is when executing described shared, comprising:
The virutal machine memory 2-1a) is divided into multiple units;
The address of data exchange 2-2a) is needed to be implemented according to the vSwitch process, determines list corresponding with the address
Member;
2-3a) the vSwitch process will be shared to the unit where the address, and stored and the list being shared
The corresponding address of member;
When executing the judgement, comprising:
2-1b) by the address align of virutal machine memory corresponding with the data exchange to the address of a unit;
2-2b) according to the element address in the result of alignment and the virutal machine memory being shared stored, to judge
Whether the address of virutal machine memory corresponding with the data exchange has been shared.
Preferably, according to the method, wherein step 2-3a) include:
The cryptographic Hash of address corresponding with the unit being shared is calculated, and is stored with Hash table;
Step 2-2b) include:
The cryptographic Hash of the address of unit corresponding with the result being aligned is calculated, and according to calculated result in the Hash
It is retrieved in table, is judged as that the address of virutal machine memory corresponding with the data exchange is total to if retrieving identical result
It enjoys, is otherwise judged as and is not shared.
Preferably, according to the method, wherein step 3) includes:
The statistics access meter of vSwitch process to each unit for the virutal machine memory being shared within the past period
The unit is revised as not shared by the vSwitch process by number if the access count is 0.
Preferably, according to the method, wherein step 3) includes:
For the virtualization system use vIOMMU equipment when, if receiving invalid message, then will with it is described
The corresponding unit of invalid message is revised as not shared by the vSwitch process.
A kind of virtualization system, comprising: Qemu process, vSwitch process, memory sharing control unit, wherein
The Qemu process, possesses virutal machine memory, is used to provide the described the filec descriptor of virutal machine memory file
The initial position and, wherein the memory does not include system core memory;
The memory sharing control unit, except the vSwitch process, in the vSwitch process
When needing to execute data exchange with the virutal machine memory, the address of virutal machine memory corresponding with the data exchange is judged
Whether it has been shared, if so then execute data exchange, if otherwise will be in the virtual machine according to the initial position and descriptor
The corresponding portion deposited shares to the vSwitch process.
Preferably, according to the virtualization system, further includes:
Memory releases the control unit, for monitoring the data between the Qemu process and the vSwitch process
When the load reduction of exchange, by the virutal machine memory for having shared to the vSwitch process be at least partly revised as not with
The vSwitch process is shared.
Preferably, according to the virtualization system, wherein the memory sharing control unit, is used to execute described share
When, the virutal machine memory is divided into multiple units, the address for needing to be implemented data exchange according to the vSwitch process is true
Unit corresponding with the address is shared to the vSwitch process and stored and the quilt by fixed unit corresponding with the address
The corresponding address of shared unit;It, will virutal machine memory corresponding with the data exchange for when executing the judgement
Address align to the address of a unit, according to the list in the result of alignment and the virutal machine memory being shared stored
First address judges whether the address of virutal machine memory corresponding with the data exchange has been shared.
A kind of computer readable storage medium, wherein being stored with computer program, the computer program is when executed
For realizing method described in above-mentioned any one.
Compared with prior art, the embodiment of the present invention obtain it is following the utility model has the advantages that
The filec descriptor of the non-key memory of virtual machine is only supplied to vSwitch process, enables vSwitch process
Crucial memory is not included in the VM partial memory enough mapped.When initial, vSwitch process can't map any VM memory, only
When vSwitch needs to execute data exchange with VM memory, VM partial memory required for just mapping is shared, so that right
The shared of VM memory is dynamic change at any time, thus reduces the attack face of hacker.To in VM as unit of the one big page
It deposits into that row is shared, further reduces the minimum unit that current time shares to the VM memory of vSwitch process.Meanwhile
When monitoring the load reduction of the data exchange between the Qemu process and vSwitch process, will share to vSwitch into
Being at least partly revised as in the VM memory of journey be not shared with the vSwitch process, can guarantee current time only by necessary portion
VM memory sharing is divided to give vSwitch process, to be reduced as far as the attack face of hacker.
Detailed description of the invention
Embodiments of the present invention is further illustrated referring to the drawings, in which:
Fig. 1 is existing vhost-user virtualization system schematic diagram;
Fig. 2 is to store to be shared to each of vSwitch process according to one embodiment of present invention by Hash table
The example of the respective attributes such as a big page and its address;
Fig. 3 is according to one embodiment of present invention when searching Hash table and not hitting to corresponding big page in VM memory
Face carries out shared example;
Fig. 4 is that when searching the hit of Hash table, vSwitch process executes data exchange according to one embodiment of present invention
Example.
Specific embodiment
In order to solve the defect being previously mentioned in background technique, inventor grinds existing vhost-user technology
Study carefully.Fig. 1 is the block diagram of the virtualization system based on vhost-user.As shown, in the architecture, being transported in each Qemu process
Row has a VM, and the memory of the VM is distributed by Qemu process to be managed, and shared with vSwitch process.Initially, in Qemu process
When establishing connection with vSwitch process, by Qemu process by be used to map its monolith virutal machine memory some filec descriptors,
Initial position is both provided to vSwitch process, and vSwitch is by calling Linux system function " mmap " directly by the whole of VM
Page where memory is mapped to oneself address space and forms shared drive.In the data of subsequent vSwitch process and Qemu process
In exchange process, the full memory of VM is shared by vSwitch process and Qemu process always.Once hacker controls this
VSwitch process then can optionally access the data of any one address in the VM memory being shared, this is virtualization system
System brings security risk, particularly disadvantageous to protect the user data on virtual machine in business cloud computing platform.
Based on the virtualization system of vhost-user shown in fig. 1, if desired by one by the received data of physical network card
Packet is provided to corresponding virtual machine VM1, data flow, comprising: 1. data packet passes through direct memory access (Direct
Memory Access, DMA) it is admitted in the host data packet buffer area of vSwitch process.2. vSwitch process by searching for
Flow table determines that the purpose virtual machine of the data packet is VM1.3. vSwitch process is located in VM1 by the access of its port vhost
The GPA of an available data packet buffer in data pack buffer area of the virtqueue deposited to determine VM1 memory is (empty
The physical address of quasi- machine), according to the address conversion relationship having been saved in vSwitch, by Address translation module by the GPA
Being converted to can be by VVA (virtual address of vSwitch process) that vSwitch process accesses.4. vSwitch process is according to the VVA
The address is written into the data packet in a manner of copying the port vhost.5. updating the virtqueue in VM1 memory.⑥
The virtio driving of VM1 receives the notice of the evenfd from vSwitch process, according to the notice from the corresponding position of VM1 memory
Place obtains the data packet.
But inventors discovered through research that, it does not need to vSwitch process to can be realized monolith VM memory sharing yet
Above-mentioned steps 3. in virtqueue the operation of an available GPA in VM1 memory is being provided for vSwitch process.This is
Since virtqueue belongs to virtio de facto standard a part, completely by the virtio driving creation and management in VM, the inside
List item also only by virtio driving go to write, rear end driving etc. only responsible reading, will not influence in the case where retaining the characteristic
The work of virtqueue.Based on this reason, even if inventor thinks only to give part VM memory sharing to vSwitch process, very
To implement data exchange copy function, that is, step 4. before not by the corresponding portion of VM memory share to vSwitch into
3. journey will not impact step.Thus, it, can not initially when Qemu process and vSwitch process establish connection
Implement whole VM memory sharings to the operation of vSwitch process, it just will be with phase when needing to be implemented the copy function of step 4.
The district-share of the corresponding VM memory in position is answered to give vSwitch process.
Below with reference to Fig. 2~4, one embodiment through the invention come introduce for virtualization system dynamically with
The method that vSwitch process shares VM memory, this approach includes the following steps.
Step 1. is after Qemu process initialized completion VM memory, at the beginning of establishing with vswitch control channel, no
The VM memory can be mapped as being shared by the Qemu process and vSwitch process, but by the Qemu process by its VM memory
Some non-key memories filec descriptor and initial position be sent to vSwitch process, with by the vSwitch process protect
It deposits.These information will be used to the corresponding portion of the VM memory sharing to the vSwitch process, and hop is non-key
The filec descriptor of memory make memory part corresponding to these filec descriptors become in VM memory can with vSwitch into
The shared maximum magnitude of journey.In order to avoid the crucial memory in the accessible VM memory of vSwitch process, for example, at low address in
Core code and data, being supplied to the memory that the filec descriptor of vSwitch process is covered does not include system core memory.
Step 2. is when vSwitch process needs to execute data exchange with the virutal machine memory, judgement and the data
Exchange whether corresponding virutal machine memory has been shared, if so then execute data exchange, if otherwise according to the initial position
And the corresponding portion of the virutal machine memory is shared to the vSwitch process and executes data exchange by descriptor.
With reference to Fig. 2, in one embodiment of the invention, retouched in the file that vSwitch process has been obtained for VM memory
Symbol and initial position are stated, however when the vSwitch process still has not visited the appropriate address of the VM memory, not implementing will be with
The corresponding partial sharing of the appropriate address of the VM memory is to the operation of vSwitch process, and only in the vSwitch process, it is still necessary to want
When accessing an address of VM memory, just an internal storage location (for example, a big page) corresponding with the address is shared to
The vSwitch process.Here not by full memory corresponding with the filec descriptor of preservation share to the vSwitch into
Journey, but shared using internal storage location as unit, so that current shared to the greatest extent may be used to the VM amount of ram of vSwitch process
Energy ground is small, to reduce the attack face of hacker under current time as much as possible.The internal storage location can be in linux system
The big page (hugepage), such as 2MB, the big page here are corresponding with the Paging system used to memory, it will be understood that
The internal storage location can also be otherwise divided in the present invention.
It is illustrated below by an example.It is assumed that virutal machine memory is divided into multiple units as unit of 2MB.
When needing to copy a data packet to VM, vSwitch process obtains one by the virtqueue in Qemu process and can be used
Address GPA2 (0x123123123).GPA2 is subjected to alignment operation according to 2MB, finds the starting for the big page that the address is fallen into
Address is GPA3 (0x123000000), that is, needs to copy to the data packet on the big page that initial address is GPA3.At this point,
According to the descriptor of the file stored in step 1, by calling Linux system function " mmap " will big page corresponding with GPA3
Face shares to vSwitch process, so that vSwitch process is able to access that virtual address corresponding with GPA2.
With reference to Fig. 2, in one embodiment of the invention, stored by Hash table be shared to vSwitch into
The corresponding address in each big page face of journey, the vSwitch process it is still necessary to when an address of VM memory to be accessed by searching for
The Hash table determines whether the corresponding big page has been shared.The structure of Hash table includes: key and value, wherein
Key is physical address (GPA) of the starting in virtual machine being shared to the big page of vSwitch process, value be this
The corresponding VVA in start of Page address.When needing to copy a data packet to VM, alignment behaviour is executed for the address of the data packet
Make, searched in Hash table according to the obtained address of alignment operation, if hit can then determine that vSwitch process needs to visit
The big page asked has been shared, and otherwise executes sharing operation described above.
It is illustrated below by an example.It is assumed that when needing to copy a data packet to VM, vSwitch into
Journey obtains an available address GPA2 (0x123123123) by the virtqueue in Qemu process.By GPA2 according to 2MB into
Row alignment operation finds that the initial address for the big page that the address is fallen into is GPA3 (0x123000000).Based on address GPA3
Searched in Hash table, as shown in figure 3, if hit if can return VVA3 (start of Page vSwitch process virtually
Location);As shown in figure 4, calling mmap function if miss to map the big page, the GPA of the big page and VVA being inserted into
In Hash table, and VVA3 is supplied to vSwitch process.With reference to Fig. 3 and Fig. 4, after having obtained the VVA3, vSwitch into
Journey executes calculations of offset by (GPA2-GPA3)+VVA3 to obtain data packet and copy destination address in the void of oneself address space
Quasi- address, the copy of data packet is completed according to the address.
The big page being shared in the VM to vSwitch process is stored using Hash table, is since data interaction needs
Will very efficiently, and Hash table can quickly determine whether the corresponding big page has been shared when matching retrieval.It can manage
Solution, in some embodiments of the invention, can also store the mark for the big page being shared using other data structures,
Stored for example, by using Array for structural body, each single item in array be a structural body pointer, structural body includes: GPA and
VVA。
Step 3. is in the load reduction for monitoring the data exchange between the Qemu process and the vSwitch process
When, by the virutal machine memory for having shared to the vSwitch process be at least partly revised as not with the vSwitch process
It is shared.Implement the purpose of this step only when needing data exchange using internal storage location as unit share with hereinbefore it is similar
It seemingly, is all expectation so that current shared is as small as possible to the VM amount of ram of vSwitch process, to reduce as much as possible current
When inscribe the attack face of hacker.
In one embodiment of the invention, statistics vSwitch process within the past period is virtual to what is be shared
The big page is revised as not described by the access count of the big page of each of machine memory if the access count is 0
VSwitch process is shared.The length of the time can be selected according to the concrete application situation of virtual machine.
The solution of the present invention will not impact the implementation for the vIOMMU technology mentioned in background technique, thus can incite somebody to action
The technical application is into the present invention.In view of when implementing vIOMMU technology, once one piece of memory is no longer by trawl performance conduct
Data packet buffer uses, it will sends invalid message by vIOMMU and gives vSwitch process, includes interior in invalid message
The initial address and size deposited, inventor propose to can use the invalid message to modify for the shared of VM memory.At this
In another embodiment of invention, the case where for using vIOMMU technology, if receiving invalid message, then will with it is described
The corresponding unit of invalid message is revised as not shared by the vSwitch process.In some embodiments, it can not use
The other function of vIOMMU, and the invalid message that it sends is used only and is deleted according to the initial address and size in the message
Except all pages mapped within the scope of its.
According to one embodiment of present invention, provide a kind of virtualization system, comprising: Qemu process, vSwitch into
Journey, memory release the control unit and memory sharing control unit.
Wherein, the Qemu process, possesses virutal machine memory, is used to provide the described the filec descriptor of virutal machine memory
And initial position, for the corresponding portion of the virutal machine memory to be shared to the vSwitch process, wherein in described
Depositing does not include system core memory.
The vSwitch process, for based on by the corresponding of its virutal machine memory shared with the Qemu process
Part is to execute data exchange to each other with the Qemu process.
The memory sharing control unit, except the vSwitch process, for storing with the file
The beginning position and relevant content of descriptor, when vSwitch process needs to execute data exchange with the virutal machine memory, judgement
Whether the address of virutal machine memory corresponding with the data exchange has been shared, if so then execute data exchange, if otherwise
The corresponding portion of the virutal machine memory is shared into the vSwitch process according to the initial position and descriptor.Here
Memory sharing control unit is arranged except vSwitch process, can have to avoid vSwitch process itself and set VM memory
It is set to shared permission, so that also can not be by modifying corresponding document content after hacker controls vSwitch process
Automatically obtain the access right to bulk VM memory.The memory sharing control unit can be arranged in some embodiments in Qemu
In process.
The memory releases the control unit, for monitoring between the Qemu process and the vSwitch process
When the load reduction of data exchange, by being at least partly revised as in the virutal machine memory for having shared to the vSwitch process
It is not shared with the vSwitch process.
Through the above embodiments of the present invention, current shared can be reduced as far as to the VM memory of vSwitch process
Part so that not including crucial memory wherein.Only when vSwitch needs to execute data exchange with VM memory, to VM memory
It is shared, so that being dynamic change at any time to the shared of VM memory, thus reduces the attack face of hacker.With a big page
Face is that unit shares VM memory, further reduces the portion that current time shares to the VM memory of vSwitch process
Point.Meanwhile when monitoring the load reduction of the data exchange between the Qemu process and vSwitch process, it will share
It is at least partly revised as not sharing with the vSwitch process in the VM memory of vSwitch process, can guarantee current time only
Necessary part VM memory sharing is given to vSwitch process, to be reduced as far as the attack face of hacker.
It should be noted that each step introduced in above-described embodiment is all not necessary, those skilled in the art
Can carry out according to actual needs it is appropriate accept or reject, replacement, modification etc..
It should be noted last that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting.On although
The invention is described in detail with reference to an embodiment for text, those skilled in the art should understand that, to skill of the invention
Art scheme is modified or replaced equivalently, and without departure from the spirit and scope of technical solution of the present invention, should all be covered at this
In the scope of the claims of invention.
Claims (10)
1. a kind of method for virtualization system, comprising:
1) wherein, the file is or not the filec descriptor for providing its virutal machine memory file by the Qemu process and initial position
Including system core memory;
2) when vSwitch process needs to execute data exchange with virutal machine memory, judge corresponding with the data exchange
Whether the address of virutal machine memory has been shared, if so then execute data exchange, if otherwise according to institute corresponding with the file
The corresponding portion for stating virutal machine memory shares to the vSwitch process and executes data exchange.
2. according to the method described in claim 1, wherein further include:
3) it when monitoring the load reduction of the data exchange between the Qemu process and the vSwitch process, will be total to
It enjoys and is at least partly revised as not sharing with the vSwitch process in the virutal machine memory to the vSwitch process.
3. method according to claim 1 or 2, step 2) is when executing described shared, comprising:
The virutal machine memory 2-1a) is divided into multiple units;
The address of data exchange 2-2a) is needed to be implemented according to the vSwitch process, determines unit corresponding with the address;
Unit corresponding with the address 2-3a) is shared into the vSwitch process, and is stored and the unit pair being shared
The address answered;
When executing the judgement, comprising:
2-1b) by the address align of virutal machine memory corresponding with the data exchange to the address of a unit;
2-2b) according to the element address in the result of alignment and the virutal machine memory being shared stored, to judge and institute
Whether the address for stating the corresponding virutal machine memory of data exchange has been shared.
4. according to the method described in claim 3, wherein step 2-3a) include:
The cryptographic Hash of address corresponding with the unit being shared is calculated, and is stored with Hash table;
Step 2-2b) include:
The cryptographic Hash of the address of unit corresponding with the result being aligned is calculated, and according to calculated result in the Hash table
Retrieval, is judged as that the address of virutal machine memory corresponding with the data exchange has been shared if retrieving identical result,
Otherwise it is judged as and is not shared.
5. according to the method described in claim 3, wherein step 3) includes:
Access count of the vSwitch process to each unit for the virutal machine memory being shared within the past period is counted,
If the access count is 0, the unit is revised as not shared by the vSwitch process.
6. according to the method described in claim 3, wherein step 3) includes:
For the virtualization system use vIOMMU strategy when, if receiving invalid message, then will with it is described
The corresponding unit of invalid message is revised as not shared by the vSwitch process.
7. a kind of virtualization system, comprising: Qemu process, vSwitch process, memory sharing control unit, wherein
The Qemu process, possesses virutal machine memory, is used to provide the described the filec descriptor of virutal machine memory file and rises
Beginning position, wherein the memory does not include system core memory;
The memory sharing control unit, except the vSwitch process, for being needed in the vSwitch process
When executing data exchange with the virutal machine memory, whether the address of judgement virutal machine memory corresponding with the data exchange
It has been be shared that, if so then execute data exchange, if otherwise according to the initial position and descriptor by the virutal machine memory
Corresponding portion shares to the vSwitch process.
8. virtualization system according to claim 7, further includes:
Memory releases the control unit, for monitoring the data exchange between the Qemu process and the vSwitch process
Load reduction when, by the virutal machine memory for having shared to the vSwitch process be at least partly revised as not with it is described
VSwitch process is shared.
9. virtualization system according to claim 7 or 8, wherein the memory sharing control unit, for executing institute
When stating shared, the virutal machine memory is divided into multiple units, data exchange is needed to be implemented according to the vSwitch process
Address determines corresponding with address unit, will unit corresponding with the address share to the vSwitch process and store and
The corresponding address of unit being shared;It, will be corresponding with the data exchange virtual for when executing the judgement
The address align of machine memory is to the address of a unit, according to the result of alignment and the virutal machine memory being shared stored
In element address judge whether the address of virutal machine memory corresponding with the data exchange has been shared.
10. a kind of computer readable storage medium, wherein being stored with computer program, the computer program is used when executed
In method of the realization as described in any one of claim 1~6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910007074.0A CN109901909B (en) | 2019-01-04 | 2019-01-04 | Method for virtualization system and virtualization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910007074.0A CN109901909B (en) | 2019-01-04 | 2019-01-04 | Method for virtualization system and virtualization system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109901909A true CN109901909A (en) | 2019-06-18 |
| CN109901909B CN109901909B (en) | 2020-12-29 |
Family
ID=66943593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910007074.0A Active CN109901909B (en) | 2019-01-04 | 2019-01-04 | Method for virtualization system and virtualization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109901909B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377106A (en) * | 2019-06-21 | 2019-10-25 | 湖南麒麟信安科技有限公司 | System card virtual method, system and medium when a kind of |
| CN111158869A (en) * | 2019-11-15 | 2020-05-15 | 西安海的电子科技有限公司 | Process fragment cleaning method based on android system |
| CN112363800A (en) * | 2020-11-10 | 2021-02-12 | 海光信息技术股份有限公司 | Network card memory access method, security processor, network card and electronic equipment |
| CN113609055A (en) * | 2021-06-25 | 2021-11-05 | 山东云海国创云计算装备产业创新中心有限公司 | Method, device, equipment and readable medium for obtaining descriptor by back-end equipment |
| CN114584541A (en) * | 2022-03-07 | 2022-06-03 | 浪潮云信息技术股份公司 | Method for accelerating virtual machine network |
| CN114584541B (en) * | 2022-03-07 | 2024-06-04 | 浪潮云信息技术股份公司 | Method for accelerating virtual machine network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103034591A (en) * | 2012-11-21 | 2013-04-10 | 北京航空航天大学 | Memory sharing method and device for virtual machine |
| CN103346981A (en) * | 2013-06-28 | 2013-10-09 | 华为技术有限公司 | Virtual exchange method, related device and computer system |
| CN106844008A (en) * | 2017-01-03 | 2017-06-13 | 华为技术有限公司 | A kind of method of data manipulation, equipment and system |
| CN107491354A (en) * | 2017-07-03 | 2017-12-19 | 北京东土科技股份有限公司 | A kind of inter-virtual machine communication method and device based on shared drive |
| CN108183871A (en) * | 2017-11-23 | 2018-06-19 | 北京三快在线科技有限公司 | A kind of virtual switch, virtual switch start method, electronic equipment |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| US20180352038A1 (en) * | 2017-05-30 | 2018-12-06 | Intel Corporation | Enhanced nfv switching |
-
2019
- 2019-01-04 CN CN201910007074.0A patent/CN109901909B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103034591A (en) * | 2012-11-21 | 2013-04-10 | 北京航空航天大学 | Memory sharing method and device for virtual machine |
| CN103346981A (en) * | 2013-06-28 | 2013-10-09 | 华为技术有限公司 | Virtual exchange method, related device and computer system |
| CN106844008A (en) * | 2017-01-03 | 2017-06-13 | 华为技术有限公司 | A kind of method of data manipulation, equipment and system |
| US20180352038A1 (en) * | 2017-05-30 | 2018-12-06 | Intel Corporation | Enhanced nfv switching |
| CN107491354A (en) * | 2017-07-03 | 2017-12-19 | 北京东土科技股份有限公司 | A kind of inter-virtual machine communication method and device based on shared drive |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN108183871A (en) * | 2017-11-23 | 2018-06-19 | 北京三快在线科技有限公司 | A kind of virtual switch, virtual switch start method, electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 郦丽珍: "基于Open vSwitch虚拟网络的细粒度访问控制", 《中国优秀硕士学位论文全文数据库 信息科学辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377106A (en) * | 2019-06-21 | 2019-10-25 | 湖南麒麟信安科技有限公司 | System card virtual method, system and medium when a kind of |
| CN111158869A (en) * | 2019-11-15 | 2020-05-15 | 西安海的电子科技有限公司 | Process fragment cleaning method based on android system |
| CN112363800A (en) * | 2020-11-10 | 2021-02-12 | 海光信息技术股份有限公司 | Network card memory access method, security processor, network card and electronic equipment |
| CN112363800B (en) * | 2020-11-10 | 2023-03-07 | 海光信息技术股份有限公司 | Network card memory access method, security processor, network card and electronic equipment |
| CN113609055A (en) * | 2021-06-25 | 2021-11-05 | 山东云海国创云计算装备产业创新中心有限公司 | Method, device, equipment and readable medium for obtaining descriptor by back-end equipment |
| CN113609055B (en) * | 2021-06-25 | 2024-06-07 | 山东云海国创云计算装备产业创新中心有限公司 | Method, device, equipment and readable medium for obtaining descriptor by back-end equipment |
| CN114584541A (en) * | 2022-03-07 | 2022-06-03 | 浪潮云信息技术股份公司 | Method for accelerating virtual machine network |
| CN114584541B (en) * | 2022-03-07 | 2024-06-04 | 浪潮云信息技术股份公司 | Method for accelerating virtual machine network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109901909B (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Marmol et al. | {NVMKV}: A Scalable, Lightweight,{FTL-aware}{Key-Value} Store | |
| CN103294710B (en) | A kind of data access method and device | |
| CN102681952B (en) | Method for writing data into memory equipment and memory equipment | |
| US20150127691A1 (en) | Efficient implementations for mapreduce systems | |
| CN107203411B (en) | Virtual machine memory expansion method and system based on remote SSD | |
| US20050102671A1 (en) | Efficient virtual machine communication via virtual machine queues | |
| CN109901909A (en) | Method and virtualization system for virtualization system | |
| CN103064797B (en) | Data processing method and virtual machine management platform | |
| JP6763984B2 (en) | Systems and methods for managing and supporting virtual host bus adapters (vHBAs) on InfiniBand (IB), and systems and methods for supporting efficient use of buffers with a single external memory interface. | |
| CN101150485A (en) | A management method for network data transmission of zero copy buffer queue | |
| US20060123142A1 (en) | Method and apparatus for providing peer-to-peer data transfer within a computing environment | |
| CN107493329A (en) | A kind of remote document access method of distributed memory file system | |
| CN103052945B (en) | The method of managing computer memory and data storage device | |
| CN103282889A (en) | Endpoint caching for data storage systems | |
| CN109697016A (en) | Method and apparatus for improving the storage performance of container | |
| CN107179878A (en) | The method and apparatus of data storage based on optimizing application | |
| CN105408875B (en) | Distributed process on memory interface executes and file system | |
| US20190272099A1 (en) | Data Operating Method, Device, and System | |
| CN105335306B (en) | A kind of internal memory control method and device | |
| CN101150486A (en) | A management method for receiving network data of zero copy buffer queue | |
| CN113760560A (en) | Inter-process communication method and inter-process communication device | |
| CN109597903B (en) | Image file processing apparatus and method, file storage system, and storage medium | |
| TW200417857A (en) | Allocating cache lines | |
| CN104811495B (en) | A kind of networking component content storage method and module for wisdom contract network | |
| CN109857517A (en) | A kind of virtualization system and its method for interchanging data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |