CN112416508B - CPU virtualization method based on privilege instruction library - Google Patents

CPU virtualization method based on privilege instruction library Download PDF

Info

Publication number
CN112416508B
CN112416508B CN201910783143.7A CN201910783143A CN112416508B CN 112416508 B CN112416508 B CN 112416508B CN 201910783143 A CN201910783143 A CN 201910783143A CN 112416508 B CN112416508 B CN 112416508B
Authority
CN
China
Prior art keywords
processor
vcpu
state
vcpucb
cpu
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910783143.7A
Other languages
Chinese (zh)
Other versions
CN112416508A (en
Inventor
王星焱
郑岩
黄高阳
杨政
刘松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Jiangnan Computing Technology Institute
Original Assignee
Wuxi Jiangnan Computing Technology Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Jiangnan Computing Technology Institute filed Critical Wuxi Jiangnan Computing Technology Institute
Priority to CN201910783143.7A priority Critical patent/CN112416508B/en
Publication of CN112416508A publication Critical patent/CN112416508A/en
Application granted granted Critical
Publication of CN112416508B publication Critical patent/CN112416508B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention discloses a CPU virtualization method based on a privilege instruction library, which is characterized in that: the CPU virtualization method is based on at least one physical processor PCPU, an operating system of a CPU multi-core architecture, at least one virtual processor VCPU, a virtual machine manager and firmware configured with a privileged instruction library, wherein the virtual processor state management data structure VCPUCB is a group of data structures used for maintaining the privileged state of the VCPU and comprises state information related to the internal implementation of the processor, and the virtual processor state management data structure VCPUCB is placed in a memory; a virtual state base address register, VCPUCB _ PTR, for storing a base address pointing to a virtual processor state management data structure, VCPUCB. The invention realizes the support of important VCPU entering and VCPU exiting in processor virtualization, supports the development of a VCPU scheduling interface in a virtual machine manager, supports the switching of a processor privilege state to a virtual machine mode, is transparent to the virtual machine manager and an operating system kernel, and realizes the support of CPU virtualization without adding any hardware extension interface.

Description

CPU virtualization method based on privilege instruction library
Technical Field
The invention belongs to the technical field of central processing units, and particularly relates to a CPU virtualization method based on a privilege instruction base.
Background
With the large expansion of resource scale, the continuous enhancement of processing capability, the increasing abundance of resource types and the flexible and diverse application requirements of computing systems, the search for novel computing mechanisms and modes has become a major challenge in the field of future information technology. Computing system virtualization and cloud computing have been the hot spots of research in the industry since they are a new computing model to promote the development of computer technology.
The domestic processor starts late, and the processor architecture does not support a complete hardware architecture of a virtualization system like the Intel VT technology. The invention utilizes the existing interface of the operating system of the domestic processor, deeply customizes and encapsulates the interface of the operating system of the domestic processor aiming at the virtualization of the processor, and combines the semi-virtualization technology to solve the virtualization problem on the architecture of the domestic processor.
Disclosure of Invention
The invention aims to provide a CPU virtualization method based on a privileged instruction library, which realizes the support of important VCPU entry and VCPU exit in processor virtualization, supports the development of a VCPU scheduling interface in a virtual machine manager, supports the switching of a processor privileged state to a virtual machine mode, is transparent to the virtual machine manager and an operating system kernel, and realizes the support of CPU virtualization without adding any hardware extension interface.
In order to achieve the purpose, the invention adopts the technical scheme that: a CPU virtualization method based on a privileged instruction library is characterized in that: the CPU virtualization method is based on at least one physical processor PCPU, an operating system of a CPU multi-core architecture, at least one virtual processor VCPU, a virtual machine manager and firmware configured with a privileged instruction library,
the processor is divided into the following three states during operation:
the privilege state: the state of the privileged instruction library is operated, the internal control register of the processor can be accessed in the state, the switching from the privileged state to the user state or the core state is supported, and the exception, interruption, calling of privileged instructions and the like of the processor can automatically enter the privileged instruction library to operate;
a kernel state: running the state of the kernel instruction of the operating system, calling the kernel-level privileged instruction and executing the common instruction in the state, and returning after the calling the kernel-level privileged instruction enters corresponding implementation in the privileged instruction library and is executed;
user mode: running the state of the user program instruction, wherein the user-level privilege instruction can be called and the common instruction can be executed in the state, and the user-level privilege instruction can enter the corresponding implementation in the privilege instruction library to be executed and then return;
the computer is set as follows:
the virtual processor state management data structure VCPUCB is used for maintaining a group of data structures of the privilege state of the VCPU and comprises state information related to the internal realization of the processor, and the virtual processor state management data structure VCPUCB is placed in a memory; when the VCPU is switched, the processor privilege state needing to be reserved is reserved in a virtual processor state management data structure VCPUCB, and the reserved processor privilege state is recovered after a VCPUCB _ PTR base address register is switched to the base address of the virtual processor state management data structure VCPUCB corresponding to the target VCPU;
the data structure of the virtual processor state management data structure VCPUCB is as follows:
VCPU _ USP: the VCPU user state stack pointer is a pointer to,
VCPU _ KSP: the VCPU core state stack pointer is the stack pointer,
VCPU _ VCPUCB: the VCPUCB address corresponding to the VCPU currently running on the CPU,
HOST _ VCPUCB: the host VCPUCB address where the current CPU is running,
USP: a host user state stack pointer is provided,
KSP: host core state stack pointer;
a virtual state base address register VCPUCB _ PTR for storing a base address pointing to a virtual processor state management data structure VCPUCB;
the virtual processor basic state register VPCR is used for storing basic state information of the virtual processor;
the virtual processor EXITs VCPU EXIT, and when a sensitive operation event is judged to occur in the running process of the processor, the virtual processor needs to EXIT a virtual machine mode and enter a host machine mode, and the method comprises the following steps:
s1, switching VCPUCB _ PTR to the host VCPUCB base address,
s2, setting the processor privilege status saved in the host VCPUCB into the internal control register of the processor according to the requirement of the processor architecture,
s3, judging the CPU running state, if it is the core state, reserving the stack pointer register to VCPU _ KSP in VCPUCB, otherwise reserving to VCPU _ USP,
s4, fetch KSP in VCPUCB to stack pointer register and another temporary register, labeled TMPR,
s5, calculating the physical address corresponding to the stack pointer address in the TMPR in S4,
s6, reading the value with TMPR as base address and offset 0 by using physical address read instruction and storing the value into TMPR, wherein the pseudo instruction is load _ phys TMPR, 0x0(TMPR),
the values in the TMPR register fetched in S7, S6 point to the physical address of ps in the CPU _ REGS data structure, save the current processor process state to an address offset of 0 with TMPR as the base address, i.e., the ps location in the CPU _ REGS data structure,
s8, saving the current processor running address to the address with TMPR as base address and offset of 8, i.e. pc position in the CPU _ REGS data structure,
s9, saving the current processor global pointer to the address based on TMPR, offset 16, i.e. the gp position in the CPU _ REGS data structure,
s10, saving the current processor parameter register 0 to the address based on TMPR, offset 24, i.e. the a0 position in the CPU _ REGS data structure,
s11, saving the current processor parameter register 1 to the address based on TMPR, offset 32, i.e. the a1 position in the CPU _ REGS data structure,
s12, saving the current processor parameter register 2 to the address based on TMPR, offset 40, i.e. the a2 position in the CPU _ REGS data structure,
s13, error reporting the register of the current processor r0 to the address offset to-0 x4C0 by TMPR base address, namely the r0 position in the CPU _ REGS data structure, thus finishing the state saving of VCPU _ EXIT;
the virtual processor ENTERs VCPU ENTER, a kernel-level privileged instruction called by the virtual machine manager ENTERs the specific implementation of a privileged instruction library after being called, and the privileged instruction library switches the CPU context to the target VCPU context for execution, and the method comprises the following steps:
s1, when entering the VCPU ENTER flow, the a0 register is required to point to the VCPUCB address of the VCPU, the a1 register points to the position of the PS in the CPU _ REGS data structure,
s2, subtracting the size of 0x30 from the pointer of the core stack, reserving registers of ps, pc, gp, a0, a1 and a2 to the core stack,
s3, holding the stack pointer register contents to the KSP location in the VCPUCB,
s4, reserving the content of the a0 register to VCPU _ VCPUCB in the current VCPUCB,
s5, keeping the current VCPU _ PTR content to HOST _ VCPUCB in VCPUCB of VCPU pointed to by a0,
s6, taking the register a1 as the base address, taking gp, a0, a1, a2 and pc out to the corresponding registers,
s7, saving the processor privilege status to the VCPUCB data structure pointed to by the current VCPUCB _ PTR,
s8, setting the value in the a0 register to VCPUCB _ PTR, switching VCPUCB _ PTR to point to the VCPUCB base address of the virtual machine VCPU,
s9, reading the privilege status of the processor from the VCPUCB of the virtual machine VCPU, setting the privilege status of the processor into the hardware of the processor,
s10, enabling the hardware interrupt,
s11, judging the processor state to be returned, such as returning to kernel mode, setting the stack pointer register to VCPU _ KSP value, such as returning to user mode, setting to VCPU _ USP value,
s12, determining whether the VCPU has virtual interrupt to be processed, if not, proceeding to step 13, if yes, proceeding to S14,
s13, returning to the corresponding address execution according to the pc fetched in S6, exiting the privilege state, returning to the user state or kernel state operation,
s14, preparing an interrupt call stack field for the VCPU operating system kernel, and entering the interrupt call function process registered by the operating system kernel.
The technical scheme of further improvement in the technical scheme is as follows:
1. in the above solution, the basic state information of the virtual processor is the ID of the virtual CPU, the VCPU context with the agreed ID of 0 is the privileged state of the host, and the VCPU context with the agreed ID of not 0 is the state of the virtual processor.
2. In the above solution, the CPU _ REGS data structure stores non-privileged general register states of the processor, including non-privileged processor states such as floating point control register states and program run address pointers.
3. In the above scheme, the triggering condition that the virtual processor EXITs the VCPU EXIT is that the processor core receives an external interrupt, and if the virtual processor currently runs in the VCPU context, the VCPU EXIT is triggered.
4. In the above scheme, the triggering condition that the virtual processor EXITs the VCPU EXIT is that when the VCPU context runs, the processor core executes a privileged instruction that needs to be simulated, and then triggers the VCPU EXIT.
Due to the application of the technical scheme, compared with the prior art, the invention has the following advantages:
1. the CPU virtualization method based on the privilege instruction library not only realizes the operation of one or more virtual machines and can operate a complete operating system in each virtual machine, the realization of the virtual machines is transparent to the operating system and an application program, and an operating system kernel and the application program can operate in the virtual machine without modification, but also solves the problem of virtualization interfaces of a domestic processor and provides basic support for designing a virtual machine manager;
2. the invention discloses a CPU virtualization method based on a privileged instruction library, which utilizes the privileged instruction library which can be customized and modified in the privileged state of a processor, realizes the support of important VCPU entry and VCPU Exit in processor virtualization through customizing a privileged instruction library interface, and can be compared with VM Enter and VM Exit mechanisms in VT extension of an X86 processor; the invention can support the development of VCPU scheduling interface in the virtual machine manager. The VCPU scheduling switching is managed by the virtual machine manager, the VCPU ENTER privilege call is similar to that of the AMD processor, a VMRUN instruction is adopted, the switching of the processor privilege state to the virtual machine mode is supported, and the virtual machine manager and the operating system kernel are transparent. The invention can simplify the design difficulty and cost of the processor system structure, and realize the support of CPU virtualization without adding any hardware expansion interface; in addition, the design of a hardware operating system interface is greatly simplified, the realization of CPU virtualization is facilitated, and fine-grained optimization can be performed on different privileges and sensitive operations in a privilege instruction library.
Drawings
FIG. 1 is a diagram illustrating a mapping relationship between a virtual CPU and a physical CPU;
FIG. 2 is a schematic diagram illustrating an exit flow of a virtual processor in the CPU virtualization method according to the present invention;
FIG. 3 is a schematic diagram illustrating an entering flow of a virtual processor in the CPU virtualization method of the present invention.
Detailed Description
In the description of this patent, it is noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be construed as limiting the present invention; the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance; furthermore, unless expressly stated or limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, as they may be fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The meaning of the above terms in this patent may be specifically understood by those of ordinary skill in the art.
The invention is further described below with reference to the following examples:
the embodiment is as follows: a CPU virtualization method based on a privileged instruction library is characterized in that: the CPU virtualization method is based on at least one physical processor PCPU, an operating system of a CPU multi-core architecture, at least one virtual processor VCPU, a virtual machine manager and firmware configured with a privileged instruction library,
the processor is run in three states:
the privilege state: the state of the privileged instruction library is operated, the internal control register of the processor can be accessed in the state, the switching from the privileged state to the user state or the core state is supported, and the exception, interruption, calling of privileged instructions and the like of the processor can automatically enter the privileged instruction library to operate;
kernel mode: running the state of the kernel instruction of the operating system, calling the kernel-level privileged instruction and executing the common instruction in the state, and returning after the calling the kernel-level privileged instruction enters corresponding implementation in the privileged instruction library and is executed;
user mode: running the state of the user program instruction, wherein the user-level privilege instruction can be called and the common instruction can be executed in the state, and the user-level privilege instruction can enter the corresponding implementation in the privilege instruction library to be executed and then return;
the computer is set as follows:
the virtual processor state management data structure VCPUCB is used for maintaining a group of data structures of the privilege state of the VCPU and comprises state information related to the internal realization of the processor, and the virtual processor state management data structure VCPUCB is placed in a memory; when the VCPU is switched, the processor privilege state needing to be reserved is reserved in a virtual processor state management data structure VCPUCB, and the reserved processor privilege state is recovered after a VCPUCB _ PTR base address register is switched to the base address of the virtual processor state management data structure VCPUCB corresponding to the target VCPU;
the data structure of the virtual processor state management data structure VCPUCB is as follows:
VCPU _ USP: the VCPU user state stack pointer is a pointer to,
VCPU _ KSP: the VCPU core state stack pointer is the stack pointer,
VCPU _ VCPUCB: the VCPUCB address corresponding to the VCPU currently running on the CPU,
HOST _ VCPUCB: the host VCPUCB address where the current CPU is running,
USP: a host user state stack pointer is provided,
KSP: host core state stack pointer;
a virtual state base address register, VCPUCB _ PTR, for storing a base address pointing to a virtual processor state management data structure, VCPUCB;
the virtual processor basic state register VPCR is used for storing basic state information of the virtual processor;
the virtual processor EXITs VCPU EXIT, and when judging that a sensitive operation event occurs in the running process of the processor, the virtual processor needs to EXIT a virtual machine mode and enter a host machine mode, and the method comprises the following steps:
s1, switching VCPUCB _ PTR to the host VCPUCB base address,
s2, setting the processor privilege status saved in the host VCPUCB into the internal control register of the processor according to the requirement of the processor architecture,
s3, judging the CPU running state, if it is the core state, reserving the stack pointer register to VCPU _ KSP in VCPUCB, otherwise reserving to VCPU _ USP,
s4, fetch KSP in VCPUCB to stack pointer register and another temporary register, labeled TMPR,
s5, calculating the physical address corresponding to the stack pointer address in the TMPR in S4,
s6, reading the value with TMPR as base address and offset 0 by using physical address read instruction and storing the value into TMPR, wherein the pseudo instruction is load _ phys TMPR, 0x0(TMPR),
the values in the TMPR register fetched in S7, S6 point to the physical address of ps in the CPU _ REGS data structure, save the current processor process state to an address offset of 0 with TMPR as the base address, i.e., the ps location in the CPU _ REGS data structure,
s8, saving the current processor running address to the address with TMPR as base address and offset of 8, i.e. pc position in the CPU _ REGS data structure,
s9, saving the current processor global pointer to the address based on TMPR, offset 16, i.e. the gp position in the CPU _ REGS data structure,
s10, saving the current processor parameter register 0 to the address based on TMPR, offset 24, i.e. the a0 position in the CPU _ REGS data structure,
s11, saving the current processor parameter register 1 to the address based on TMPR, offset 32, i.e. the a1 position in the CPU _ REGS data structure,
s12, saving the current processor parameter register 2 to the address based on TMPR, offset 40, i.e. the a2 position in the CPU _ REGS data structure,
s13, error reporting the register of the current processor r0 to the address offset to-0 x4C0 by TMPR base address, namely the r0 position in the CPU _ REGS data structure, thus finishing the state saving of VCPU _ EXIT;
the virtual processor ENTERs VCPU ENTER, a kernel-level privileged instruction called by the virtual machine manager ENTERs the specific implementation of a privileged instruction library after being called, and the privileged instruction library switches the CPU context to the target VCPU context for execution, and the method comprises the following steps:
s1, when entering the VCPU ENTER flow, the a0 register is required to point to the VCPUCB address of the VCPU, the a1 register points to the position of the PS in the CPU _ REGS data structure,
s2, subtracting the size of 0x30 from the pointer of the core stack, reserving registers of ps, pc, gp, a0, a1 and a2 to the core stack,
s3, holding the stack pointer register contents to the KSP location in the VCPUCB,
s4, reserving the content of the a0 register to VCPU _ VCPUCB in the current VCPUCB,
s5, keeping the current VCPU _ PTR content to HOST _ VCPUCB in VCPUCB of VCPU pointed by a0,
s6, taking the register a1 as the base address, taking gp, a0, a1, a2 and pc out to the corresponding registers,
s7, saving the processor privilege status to the VCPUCB data structure pointed to by the current VCPUCB _ PTR,
s8, setting the value in the a0 register to VCPUCB _ PTR, switching VCPUCB _ PTR to point to the VCPUCB base address of the virtual machine VCPU,
s9, reading the privilege status of the processor from the VCPUCB of the virtual machine VCPU, setting the privilege status of the processor into the hardware of the processor,
s10, enabling the hardware interrupt,
s11, judging the processor state to be returned, such as returning to kernel state, setting the stack pointer register to VCPU _ KSP value, such as returning to user state, setting to VCPU _ USP value,
s12, determining whether the VCPU has virtual interrupt to be processed, if not, proceeding to step 13, if yes, proceeding to S14,
s13, returning to the corresponding address execution according to the pc fetched in S6, exiting the privilege state, returning to the user state or kernel state operation,
s14, preparing an interrupt call stack field for the VCPU operating system kernel, and entering the interrupt call function process registered by the operating system kernel.
The basic state information of the virtual processor is the ID of the virtual CPU, the VCPU context with the appointed ID of 0 is the privilege state of the host, and the VCPU context with the appointed ID of not 0 is the state of the virtual processor.
The CPU _ REGS data structure stores the non-privileged general register states of the processor, including non-privileged processor states such as floating point control register states and program run address pointers.
The triggering condition that the virtual processor EXITs the VCPU EXIT is that the processor core receives an external interrupt, and if the virtual processor currently runs in the VCPU context, the VCPU EXIT is triggered.
The condition that the virtual processor EXITs the VCPU EXIT trigger is that when the VCPU context runs, the processor core executes a privileged instruction needing simulation, and then the VCPU EXIT is triggered.
The examples are further explained below:
full virtualization: the physical machine kernel can be used in the virtual machine without modification, and the virtual machine manager is responsible for shielding all the difference of the running environments.
Semi-virtualization: the kernel needs to be adapted to the virtual machine, and can recognize the running mode and the virtual machine mode or the physical machine mode, and select a proper mode to execute the matched code. A software interface exists between the kernel and the virtual machine manager.
Host machine: consisting of a physical CPU on which the operating system running directly operates the physical resources.
Virtual machine: the virtual CPU is composed of a virtual CPU, and an operating system running on the virtual CPU operates the virtual CPU and a virtual physical memory under the management of host machine virtual machine management software.
Privileged instruction library: the privileged instruction library is firmware necessary for the operation of a domestic processor and runs in a processor privilege layer. The method can be triggered by interrupt, exception and privilege call, is designed aiming at privilege state management and an operating system interface, manages the hardware state of a processor at the lower part, provides the operating system privilege call interface at the upper part, and shields hardware details.
Virtualization of a CPU is to provide one or more Virtual CPUs (VCPUs) for each virtual machine. We refer to a single core CPU or a core of a multi-core CPU as Physical CPU (PCPU). Multiple virtual cpus (vcpus) can be supported on one PCPU.
The virtual machine manager reasonably distributes time slices for each virtual CPU and maintains the states of all the virtual CPUs, when the time slices of one virtual CPU are used up and need to be switched, the state of the current virtual CPU is stored, and the state of the scheduled virtual CPU is loaded into a physical CPU. Therefore, two problems need to be solved in the CPU virtualization, namely virtual CPU privilege state switching and sensitive instruction simulation, and virtual CPU execution and scheduling processes.
The key of the correct operation of the virtual CPU is to ensure that the instructions of the virtual machines are correctly executed, and the virtual machines are not influenced mutually, namely the execution result of the instructions does not change the states of other virtual machines. CPU virtualization typically employs techniques of "privilege depriving" and "trap-and-emulation". "deprivileging" means running the virtual machine manager at the highest privilege level in order to reduce the privilege level of the guest operating system in order to achieve control of the virtual machine by the virtual machine manager. After the privilege of the guest operating system is released, most instructions of the guest operating system can still directly run on hardware, and only when the guest operating system executes the privileged instructions, the virtual machine manager which is trapped in the highest privilege level simulates the execution, namely the trapping-simulation is realized.
Aiming at the domestic processor architecture, privilege and sensitive operation are realized by a privilege instruction library, the privilege instruction library is not solidified in hardware and is a piece of firmware which can be dynamically loaded, so that the design of a hardware operating system interface is greatly simplified, meanwhile, the realization of CPU virtualization is facilitated, and fine-grained optimization can be carried out on different privilege and sensitive operations in the privilege instruction library. The processor is divided into three states during operation:
the privilege state: a state of the privileged instruction bank is run in which internal control registers of the processor are accessible, enabling switching from the privileged state to the user state or the kernel state. Processor exceptions, interrupts, call privileged instructions, etc. all automatically enter the privileged state privileged instruction library for operation.
A kernel state: running the state of the operating system kernel instructions. In this state, kernel-level privileged instructions may be invoked and normal instructions executed. And calling the kernel-level privileged instruction, entering a corresponding implementation in the privileged instruction library, and returning after the execution is completed.
User state: the state of the user program instructions is run. In which user-level privileged instructions may be invoked and normal instructions executed. And calling the user-level privileged instruction, entering a corresponding implementation in the privileged instruction library, and returning after the execution is completed.
The method has the following key invention design aiming at the virtualization of the privileged instruction library needle support processor:
virtual processor state management data structure VCPUCB: a set of key data structures that maintain the privilege state of the VCPU contain state information relevant to the internal implementation of the processor. The VCPUCB data structure is located in memory and is pointed to by the processor internal register VCPUCB _ PTR at its base address. When the VCPU is switched, the processor privilege state required to be reserved is reserved in the VCPUCB, and the reserved processor privilege state is recovered after the VCPUCB _ PTR base address register is switched to the VCPUCB base address corresponding to the target VCPU.
VPCR: virtual processor base status registers. Basic state information of the virtual processor, such as the ID of the virtual CPU, is saved. Because the privileged instruction library needs to consider the operation of the host and the virtual machine at the same time, it needs to identify whether the currently operating processor is a virtual CPU or a host CPU. Thus, a VCPU context with a contract ID of 0 is in the host privileged state, and a VCPU context with a contract ID other than 0 is in the virtual processor state.
VCPU EXIT: when a sensitive operation event is judged to occur in the running process of the processor, the virtual machine mode may need to be exited, and the host machine mode is entered. Since the domestic processor hardware is different from X86, the mechanism is similar to the VM Exit mechanism of X86. In contrast, the X86 processor supports the VM Exit mechanism by hardware, and the native mechanism is implemented by a privileged instruction library by assembly language operation processor privilege state customization. The specific procedure is described in detail later.
VCPU ENTER: and the kernel-level privileged instruction called by the virtual machine manager enters the specific implementation in the privileged instruction library after being called, and the privileged instruction library switches the CPU context to the target VCPU context for execution.
The CPU _ REGS data structure associated with the present invention is the following data structure that holds the non-privileged general purpose register states of the processor, including the non-privileged processor states such as floating point control register states and program run address pointers, and is implemented depending on the processor architecture, the following data structure being exemplary. In the data structure described below, r0 through r28 are commonly numbered 0 through 28 registers. __ padding0 shows the invalid data for the boundary bits, fpcr shows the floating point control register status, fp [124] shows the floating point register status, ps shows the processor process status, pc shows the operating address, gp shows the global pointer, and a0 to a2 show 3 parameter registers.
struct cpu_regs {
unsigned long r0;
unsigned long r1;
unsigned long r2;
unsigned long r3;
unsigned long r4;
unsigned long r5;
unsigned long r6;
unsigned long r7;
unsigned long r8;
unsigned long r9;
unsigned long r10;
unsigned long r11;
unsigned long r12;
unsigned long r13;
unsigned long r14;
unsigned long r15;
unsigned long r19;
unsigned long r20;
unsigned long r21;
unsigned long r22;
unsigned long r23;
unsigned long r24;
unsigned long r25;
unsigned long r26;
unsigned long r27;
unsigned long r28;
unsigned long __padding0;
unsigned long fpcr;
unsigned long fp[124];
unsigned long ps;
unsigned long pc;
unsigned long gp;
unsigned long a0;
unsigned long a1;
unsigned long a2;
}
In the privileged code library, VCPU EXIT may be triggered as follows:
the processor core receives an external interrupt and triggers VCPU EXIT if it is currently running in the VCPU context.
When the VCPU context is running, the processor core executes the privileged instruction which needs to be simulated, and then the VCPU EXIT is triggered.
The VCPU ENTER privileged instruction is called by the virtual machine manager software in kernel mode, typically, general purpose registers are kept in the CPU _ REGS data structure in kernel mode prior to the call. This part of the process is determined by the virtual machine manager software implementation and is not specified and described in detail in the present invention.
When the CPU virtualization method based on the privilege instruction library is adopted, the method not only realizes the running of one or more virtual machines and can run a complete operating system in each virtual machine, the realization of the virtual machine is transparent to the operating system and an application program, the kernel of the operating system and the application program can run in the virtual machine without modification, but also solves the problem of virtualization interfaces of a domestic processor and provides basic support for designing a virtual machine manager; moreover, the system utilizes a privilege instruction library which can be customized and modified in the privilege state of the processor, realizes the support of important VCPU entry and VCPU Exit in processor virtualization through a customized privilege instruction library interface, and can be similar to a VM Enter and VM Exit mechanism in the VT extension of an X86 processor; the invention can support the development of VCPU scheduling interface in the virtual machine manager. The dispatching and switching of the VCPU are managed by a virtual machine manager, the VCPU ENTER privilege call is similar to that of an AMD processor, a VMRUN instruction is adopted, the switching of the processor privilege state to a virtual machine mode is supported, and the virtual machine manager and the operating system kernel are transparent. The invention can simplify the design difficulty and cost of the processor system structure, and realize the support of CPU virtualization without adding any hardware expansion interface; in addition, the design of the hardware operating system interface is greatly simplified, the realization of CPU virtualization is facilitated, and fine-grained optimization can be performed on different privileges and sensitive operations in a privilege instruction library.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and the purpose thereof is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (5)

1. A CPU virtualization method based on a privileged instruction library is characterized in that: the CPU virtualization method is based on at least one physical processor PCPU, an operating system of a CPU multi-core architecture, at least one virtual processor VCPU, a virtual machine manager and firmware configured with a privileged instruction library,
the processor is divided into the following three states during operation:
the privilege state: the state of the privileged instruction library is operated, the internal control register of the processor can be accessed in the state, the switching from the privileged state to the user state or the core state is supported, and the exception, interruption and calling of privileged instructions of the processor can automatically enter the privileged instruction library to operate;
a kernel state: running the state of the kernel instruction of the operating system, calling the kernel-level privileged instruction and executing the common instruction in the state, and returning after the calling the kernel-level privileged instruction enters corresponding implementation in the privileged instruction library and is executed;
user mode: running the state of the user program instruction, wherein the user-level privilege instruction can be called and the common instruction can be executed in the state, and the user-level privilege instruction can enter the corresponding implementation in the privilege instruction library to be executed and then return;
the computer is set as follows:
the virtual processor state management data structure VCPUCB is used for maintaining a group of data structures of the privilege state of the VCPU, comprises state information related to the internal realization of the processor, and is placed in the memory; when the VCPU is switched, the processor privilege state needing to be reserved is reserved in a virtual processor state management data structure VCPUCB, and the reserved processor privilege state is recovered after a VCPUCB _ PTR base address register is switched to the base address of the virtual processor state management data structure VCPUCB corresponding to the target VCPU;
the data structure of the virtual processor state management data structure VCPUCB is as follows:
VCPU _ USP: the VCPU user state stack pointer is a pointer to,
VCPU _ KSP: the VCPU core state stack pointer is the stack pointer,
VCPU _ VCPUCB: the VCPUCB address corresponding to the VCPU currently running on the CPU,
HOST _ VCPUCB: the host VCPUCB address where the current CPU is running,
USP: a host user state stack pointer is provided,
KSP: host core state stack pointer;
a VCPUCB _ PTR base address register for storing a base address pointing to a virtual processor state management data structure VCPUCB;
the virtual processor basic state register VPCR is used for storing basic state information of the virtual processor;
the virtual processor EXITs VCPU EXIT, and when a sensitive operation event is judged to occur in the running process of the processor, the virtual processor needs to EXIT a virtual machine mode and enter a host machine mode, and the method comprises the following steps:
s1, switching VCPUCB _ PTR to the host VCPUCB base address,
s2, setting the processor privilege status saved in the host VCPUCB into the internal control register of the processor according to the requirement of the processor architecture,
s3, judging the CPU running state, if it is the core state, reserving the stack pointer register to VCPU _ KSP in VCPUCB, otherwise reserving to VCPU _ USP,
s4, fetch KSP in VCPUCB to stack pointer register and another temporary register, labeled TMPR,
s5, calculating the physical address corresponding to the stack pointer address in the TMPR in S4,
s6, reading the value with TMPR as base address and offset 0 by using physical address reading instruction, and storing the TMPR,
the values in the TMPR register fetched in S7, S6 point to the physical address of ps in the CPU _ REGS data structure, save the current processor process state to an address offset of 0 with TMPR as the base address, i.e., the ps location in the CPU _ REGS data structure,
s8, saving the current processor running address to the address with TMPR as base address and offset of 8, i.e. pc position in the CPU _ REGS data structure,
s9, saving the current processor global pointer to the address based on TMPR, offset 16, i.e. the gp position in the CPU _ REGS data structure,
s10, saving the current processor parameter register 0 to the address based on TMPR, offset 24, i.e. the a0 position in the CPU _ REGS data structure,
s11, saving the current processor parameter register 1 to the address based on TMPR, offset 32, i.e. the a1 position in the CPU _ REGS data structure,
s12, saving the current processor parameter register 2 to the address based on TMPR, offset 40, i.e. the a2 position in the CPU _ REGS data structure,
s13, error reporting the register of the current processor r0 to the address offset to-0 x4C0 by TMPR base address, namely the r0 position in the CPU _ REGS data structure, thus finishing the state saving of VCPU _ EXIT;
the virtual processor ENTERs VCPU ENTER, a kernel-level privileged instruction called by the virtual machine manager ENTERs the specific implementation of a privileged instruction library after being called, and the privileged instruction library switches the CPU context to the target VCPU context for execution, and the method comprises the following steps:
s1, when entering the VCPU ENTER flow, the a0 register is required to point to the VCPUCB address of the VCPU, the a1 register points to the position of the PS in the CPU _ REGS data structure,
s2, subtracting the size of 0x30 from the pointer of the core stack, reserving registers of ps, pc, gp, a0, a1 and a2 to the core stack,
s3, holding the stack pointer register contents to the KSP location in the VCPUCB,
s4, reserving the content of the a0 register to VCPU _ VCPUCB in the current VCPUCB,
s5, keeping the current VCPU _ PTR content to HOST _ VCPUCB in VCPUCB of VCPU pointed to by a0,
s6, taking the register a1 as the base address, taking gp, a0, a1, a2 and pc out to the corresponding registers,
s7, saving the processor privilege status to the VCPUCB data structure pointed to by the current VCPUCB _ PTR,
s8, setting the value in the a0 register to VCPUCB _ PTR, switching VCPUCB _ PTR to point to the VCPUCB base address of the virtual machine VCPU,
s9, reading the processor privilege status from the VCPUCB of the virtual machine VCPU, and setting it into the processor hardware,
s10, enabling the hardware interrupt,
s11, judging the processor state to be returned, such as returning to kernel state, setting the stack pointer register to VCPU _ KSP value, such as returning to user state, setting to VCPU _ USP value,
s12, determining whether the VCPU has virtual interrupt to be processed, if not, proceeding to step 13, if yes, proceeding to S14,
s13, returning to the corresponding address execution according to the pc fetched in S6, exiting the privilege state, returning to the user state or kernel state operation,
s14, preparing an interrupt call stack field for the VCPU operating system kernel, and entering the interrupt call function process registered by the operating system kernel.
2. The privileged instruction library-based CPU virtualization method of claim 1, wherein: the basic state information of the virtual processor is the ID of the virtual CPU, the VCPU context with the appointed ID of 0 is the privilege state of the host machine, and the VCPU context with the appointed ID of not 0 is the state of the virtual processor.
3. The privileged instruction library-based CPU virtualization method of claim 1, wherein: the CPU _ REGS data structure stores the processor's non-privileged general purpose register state, including the processor state of the floating point control register state and the program run address pointer.
4. The privileged instruction library-based CPU virtualization method according to claim 1, wherein: and if the virtual processor EXITs the VCPU EXIT trigger condition, the processor core receives an external interrupt, and if the virtual processor currently runs in the VCPU context, the VCPU EXIT is triggered.
5. The privileged instruction library-based CPU virtualization method of claim 1, wherein: the virtual processor EXITs the VCPU EXIT triggering condition that when the VCPU context runs, the processor core executes a privileged instruction needing simulation, and then VCPU EXIT is triggered.
CN201910783143.7A 2019-08-23 2019-08-23 CPU virtualization method based on privilege instruction library Active CN112416508B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910783143.7A CN112416508B (en) 2019-08-23 2019-08-23 CPU virtualization method based on privilege instruction library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910783143.7A CN112416508B (en) 2019-08-23 2019-08-23 CPU virtualization method based on privilege instruction library

Publications (2)

Publication Number Publication Date
CN112416508A CN112416508A (en) 2021-02-26
CN112416508B true CN112416508B (en) 2022-07-12

Family

ID=74779637

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910783143.7A Active CN112416508B (en) 2019-08-23 2019-08-23 CPU virtualization method based on privilege instruction library

Country Status (1)

Country Link
CN (1) CN112416508B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114265775B (en) * 2021-12-21 2024-05-24 中国科学院信息工程研究所 Hardware-assisted virtualized environment core detection method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102855154A (en) * 2012-08-01 2013-01-02 龙芯中科技术有限公司 System virtual machine and method for improving execution efficiency of non-sensitive privileged instruction
CN109522087A (en) * 2018-09-13 2019-03-26 上海交通大学 Processor-based Imaginary Mechanism construction method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102855154A (en) * 2012-08-01 2013-01-02 龙芯中科技术有限公司 System virtual machine and method for improving execution efficiency of non-sensitive privileged instruction
CN109522087A (en) * 2018-09-13 2019-03-26 上海交通大学 Processor-based Imaginary Mechanism construction method and system

Also Published As

Publication number Publication date
CN112416508A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US8429669B2 (en) Virtual machine switching control by prefetching information out of and updating a set of processor control information based on a bitmap having update status
US4975836A (en) Virtual computer system
EP1570351B1 (en) Cross partition sharing of state information
US7827390B2 (en) Microprocessor with private microcode RAM
EP1570352B1 (en) Method and apparatus for switching between processes
JP4291301B2 (en) Supporting migration to a single virtual machine monitor based on guest software privilege level
US7818808B1 (en) Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor
EP1563375B1 (en) Processor switching between secure and non-secure modes
EP1563376B1 (en) Exception types within a secure processing system
US8352670B2 (en) Execute-only memory and mechanism enabling execution from execute-only memory for minivisor
EP1563380B1 (en) Virtual to physical memory address mapping within a system having a secure domain and a non-secure domain
US20040117539A1 (en) Methods and systems to control virtual machines
US20040143720A1 (en) Apparatus and method for controlling access to a memory
EP2955634B1 (en) Paravirtualization-based interface for memory management in virtual machines
Osisek et al. ESA/390 interpretive-execution architecture, foundation for VM/ESA
US7448050B2 (en) Handling multiple interrupts in a data processing system utilising multiple operating systems
CN112416508B (en) CPU virtualization method based on privilege instruction library
US11726807B2 (en) Safe execution of virtual machine callbacks in a hypervisor
Li et al. A light-weighted virtualization layer for multicore processor-based rich functional embedded systems
US20110107328A1 (en) Virtual machine device and methods thereof
Zabaljáuregui Hardware assisted virtualization intel virtualization technology
Lackorzynski et al. Combining predictable execution with full-featured commodity systems
CN111506395A (en) Method and device for realizing hybrid simulation full-digital virtual operating environment
CN113474754A (en) Conditional yield to hypervisor instructions
Araújo LLTZVisor: A Lightweight Trustzone-Assisted Hypervisor for Low-End ARM Devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant