CN113342711B - Page table updating method and device and related equipment - Google Patents

Page table updating method and device and related equipment Download PDF

Info

Publication number
CN113342711B
CN113342711B CN202110720364.7A CN202110720364A CN113342711B CN 113342711 B CN113342711 B CN 113342711B CN 202110720364 A CN202110720364 A CN 202110720364A CN 113342711 B CN113342711 B CN 113342711B
Authority
CN
China
Prior art keywords
address
page table
memory
shared memory
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110720364.7A
Other languages
Chinese (zh)
Other versions
CN113342711A (en
Inventor
姜新
应志伟
刘子行
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haiguang Information Technology Co Ltd
Original Assignee
Haiguang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haiguang Information Technology Co Ltd filed Critical Haiguang Information Technology Co Ltd
Priority to CN202110720364.7A priority Critical patent/CN113342711B/en
Publication of CN113342711A publication Critical patent/CN113342711A/en
Application granted granted Critical
Publication of CN113342711B publication Critical patent/CN113342711B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/06Addressing a physical block of locations, e.g. base addressing, module addressing, memory dedication
    • G06F12/0615Address space extension
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0877Cache access modes
    • G06F12/0882Page mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The embodiment of the invention provides a page table updating method, a page table updating device and related equipment, wherein the page table updating method comprises the following steps: after the memory migration is started, a first address is obtained, wherein the first address points to a shared memory to be migrated of the secure virtual machine; releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault exception when accessing the shared memory pointed by the first address; after a page table update instruction triggered by the page fault abnormality of the secure virtual machine is generated, acquiring the page table update instruction, wherein the page table update instruction comprises a second address for generating the page fault abnormality; and updating an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction. The method enables the migration of the shared memory of the secure virtual machine to be realized.

Description

Page table updating method and device and related equipment
Technical Field
The embodiment of the invention relates to the technical field of virtual machines, in particular to a page table updating method, a page table updating device and related equipment.
Background
With the development of information technology, particularly the development and popularization of cloud computing technology, more and more clients deploy business systems in the cloud. The virtualization technology is used as a computer technology applied to the cloud, and can virtualize a plurality of Virtual Machines (VMs) so as to realize efficient utilization of hardware resources.
In order to ensure the data security of the virtual machine, a secure memory configured with a security mechanism may be set in the memory, the virtual machine allocated with the common memory may be referred to as a common virtual machine, and the virtual machine allocated with the secure memory and the common memory may be referred to as a secure virtual machine. The nested page table of the secure virtual machine is maintained by the secure hardware, so that a super operating system (for example, a host operating system or a virtual machine manager configured by the host operating system and used for managing the virtual machine) is prevented from acquiring data access information of the secure virtual machine, and the information security of the secure virtual machine is further ensured.
However, when migration of the normal memory is required (for example, in a defragmentation scenario of the memory, the defragmented memory page is migrated to a continuous memory page), the host operating system has no authority to update the nested page table, so that migration of the normal memory (hereinafter referred to as shared memory) for the secure virtual machine cannot be realized.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a related device for updating a page table, which can implement migration of a shared memory of a secure virtual machine.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
In one embodiment of the present invention, there is provided a page table updating method applied to a secure processor, including:
after the memory migration is started, a first address is obtained, wherein the first address points to a shared memory to be migrated of the secure virtual machine;
releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault exception when accessing the shared memory pointed by the first address;
after a page table update instruction triggered by the page fault abnormality of the secure virtual machine is generated, acquiring the page table update instruction, wherein the page table update instruction comprises a second address for generating the page fault abnormality;
and updating an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction.
Optionally, the first address and the second address are physical addresses of clients, and updating, based on the page table update instruction, an address mapping relationship corresponding to the second address in a page table when the second address points to the migrated shared memory includes:
based on the page table updating instruction, when the second address points to the shared memory, acquiring a host physical address corresponding to the second address;
And judging whether the shared memory pointed by the second address is the migrated shared memory or not, if so, updating the address mapping relation corresponding to the second address in a page table to the host physical address.
Optionally, the obtaining, based on the page table update instruction, the host physical address corresponding to the second address when the second address points to the shared memory includes:
determining the attribute of the memory page pointed by the second address based on the page table updating instruction;
sending the attribute of the memory page pointed by the second address to the host, so that the host queries a virtual machine manager process page table when the attribute of the memory page pointed by the second address is shared memory, and determines a host physical address corresponding to the second address;
and acquiring the host physical address corresponding to the second address.
Optionally, the determining, based on the page table update instruction, an attribute of the memory page pointed to by the second address includes:
acquiring the second address based on the page table update instruction;
searching a shared memory information linked list, and determining the attribute of a memory page pointed by the second address;
if the second address is in the address range of any node of the shared memory information linked list, the memory attribute of the memory page pointed by the second address is shared memory; otherwise, the memory attribute of the memory page pointed by the second address is a secure memory.
Optionally, the sending, to the host, the attribute of the memory page pointed to by the second address includes: transmitting memory attribute information of a memory page pointed by the second address and a management serial number corresponding to the second address to the host;
the obtaining the host physical address corresponding to the second address includes: and acquiring a page table update confirmation instruction sent by the host, wherein the page table update confirmation instruction comprises the second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
Optionally, the determining whether the shared memory pointed to by the second address is the migrated shared memory includes:
searching a linked list node containing the second address in the shared memory information linked list;
judging whether the found management serial number of the linked list node is an invalid state value;
if not, judging whether the found management serial number of the linked list node is larger than the management serial number carried in the page table update confirmation instruction, and if so, the shared memory pointed by the second address is the migrated shared memory.
Optionally, the acquiring the first address includes: acquiring a first state updating instruction sent by a host, wherein the first state updating instruction carries the first address;
After the first state update instruction sent by the host is obtained, before the address mapping relation of the first address in the page table is released, the method further includes:
and updating the state of the linked list node containing the first address in the shared memory information linked list to be an invalid state based on the first state updating instruction.
Optionally, in the shared memory information linked list, the state information of the linked list node includes a management serial number; based on the first status updating instruction, updating the status of the linked list node containing the first address in the shared memory information linked list to be an invalid status includes:
searching a linked list node containing the first address in the shared memory information linked list based on the first state updating instruction;
and configuring the management serial number of the searched linked list node as an invalid state value.
Optionally, at least a part of the address range of the first address is included in the address range of the searched linked list node, and the configuring the management serial number of the searched linked list node to be an invalid state value includes:
splitting the linked list nodes into a first linked list node and a second linked list node, wherein the address in the first linked list node is at least part of the address range of the first address, and the address in the second linked list node is the rest address range in the linked list node;
And configuring the management serial number of the first linked list node as an invalid state value, and configuring the management serial number of the second linked list node as the management serial number of the linked list node before splitting.
Optionally, after the releasing the address mapping relationship of the first address in the page table, before the obtaining the page table update instruction, the method further includes:
after the memory migration is finished, a third address corresponding to the migrated shared memory sent by the host is obtained;
and updating the state of the linked list node corresponding to the third address in the shared memory information linked list based on the third address to be a migrated state.
Optionally, the third address is a physical address of the client, and the obtaining a third address corresponding to the migrated shared memory sent by the host specifically includes obtaining a second state update instruction sent by the host, where the second state update instruction carries the third address;
based on the third address, updating the state of the linked list node corresponding to the third address in the shared memory information linked list to be a migrated state, including:
searching a linked list node containing the third address in the shared memory information linked list;
And configuring the management serial number of the searched linked list node as a migrated state value.
In another embodiment of the present invention, there is provided a page table updating method, applied to a host, including:
after the memory migration is started, a first address is sent to a secure processor, so that the secure processor releases an address mapping relation of the first address in a page table, and the first address points to a shared memory to be migrated of the secure virtual machine;
when the secure virtual machine generates a page fault abnormality, a page table updating instruction triggered by the page fault abnormality is sent to the secure processor, so that the secure processor updates an address mapping relation corresponding to a second address in a page table based on the page table updating instruction when the second address points to a migrated shared memory; the page table update instruction includes a second address that generates a page fault exception.
Optionally, the first address and the second address are physical addresses of clients, and when a page fault abnormality occurs, after sending a page table update instruction triggered by the page fault abnormality to the secure processor, the method further includes:
and determining a host physical address corresponding to the second address when the second address points to the shared memory.
Optionally, the determining the host physical address corresponding to the second address includes:
receiving the attribute of the memory page pointed by the second address;
when the attribute of the memory page pointed by the second address is shared memory, inquiring a process page table of a virtual machine manager, and determining a host physical address corresponding to the second address;
and sending the host physical address corresponding to the second address to the secure processor.
Optionally, the receiving the attribute of the memory page pointed to by the second address includes: receiving memory attribute information of a memory page pointed by the second address and a management serial number corresponding to the second address;
the sending the host physical address corresponding to the second address to the secure processor includes: and sending a page table update confirmation instruction to the security processor, wherein the page table update confirmation instruction comprises a second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
Optionally, sending the first address to the secure processor includes: and sending a first state update instruction to a secure processor, wherein the first state update instruction carries the first address.
Optionally, before sending the first address, the method further includes:
receiving a memory migration start message, wherein the memory migration start message comprises a host virtual address of a memory to be migrated;
and inquiring a memory space occupying slot of the virtual machine manager, and acquiring a first address which points to the shared memory in the virtual address of the host.
Optionally, the method further comprises:
and after the memory migration is finished, transmitting a third address corresponding to the migrated shared memory, so that the security processor updates the state information of the linked list node corresponding to the third address in the shared memory information linked list based on the third address.
Optionally, the third address is a physical address of the client, and the sending the third address corresponding to the migrated shared memory specifically includes sending a second status update instruction, where the second status update instruction carries the third address.
In one embodiment of the present invention, there is also provided a page table updating apparatus, including:
the address acquisition module is used for acquiring a first address after the memory migration is started, wherein the first address points to a shared memory to be migrated of the secure virtual machine;
the address release module is used for releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault abnormality when accessing the shared memory pointed by the first address;
The instruction acquisition module is used for acquiring a page table updating instruction after generating the page table updating instruction triggered by the page fault abnormality of the secure virtual machine, wherein the page table updating instruction comprises a second address for generating the page fault abnormality;
and the page table updating module is used for updating the address mapping relation corresponding to the second address in the page table when the second address points to the migrated shared memory based on the page table updating instruction.
In one embodiment of the present invention, there is also provided another page table updating apparatus, including:
the address sending module is used for sending a first address to the secure processor after the memory migration is started, so that the secure processor releases the address mapping relation of the first address in the page table, and the first address points to the shared memory to be migrated of the secure virtual machine;
the instruction sending module is used for sending a page table updating instruction triggered by the page fault abnormality to the safety processor when the safety virtual machine generates the page fault abnormality, so that the safety processor updates an address mapping relation corresponding to a second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction; the page table update instruction includes a second address that generates a page fault exception.
In one embodiment of the present invention, there is further provided a secure processor, which is executable to implement the program of the above-described page table updating method applied to the secure processor.
In one embodiment of the present invention, there is also provided a host, which is executable by the host to implement the program of the above-described page table updating method applied to the host.
Optionally, the host includes a virtual machine module, where the virtual machine module is executable to implement the program of the above-mentioned page table updating method applied to the host.
In one embodiment of the present invention, there is also provided a computer architecture comprising: the secure processor and the host.
The embodiment of the invention provides a page table updating method, a page table updating device and related equipment, wherein the page table updating method comprises the following steps: after the memory migration is started, a first address is obtained, wherein the first address points to a shared memory to be migrated of the secure virtual machine; releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault exception when accessing the shared memory pointed by the first address; after a page table update instruction triggered by the page fault abnormality of the secure virtual machine is generated, acquiring the page table update instruction, wherein the page table update instruction comprises a second address for generating the page fault abnormality; and updating an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction. After the memory migration is started, the address mapping relation of the shared memory to be migrated in the page table is released, so that page fault abnormality is generated when the secure virtual machine accesses the part of the shared memory, the secure processor updates the corresponding address mapping relation in the page table based on the page fault abnormality, further, the page table update of the shared memory of the secure virtual machine is realized, and further, the migration to the shared memory is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of an alternative architecture of a cloud service based on virtualization technology;
FIG. 2 is a schematic diagram of a computer architecture according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an address mapping relationship of a page table according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of memory access of a virtual machine according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of page table update in a memory migration process according to an embodiment of the present invention;
FIG. 6 is a schematic flow chart of a page table updating method according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of an alternative procedure of step S14 according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a structure of a shared memory information link table according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of an alternative flow chart of memory migration according to an embodiment of the present invention;
Fig. 10 is a schematic flowchart of an alternative flow of step S21 according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of an alternative flow chart of a method for updating a page table according to an embodiment of the present invention;
FIG. 12 is an alternative block diagram of a page table updating apparatus provided by an embodiment of the present invention;
FIG. 13 is another alternative block diagram of a page table updating apparatus according to an embodiment of the present invention;
FIG. 14 is a block diagram of an alternative page table updating apparatus according to an embodiment of the present invention;
fig. 15 is another alternative block diagram of a page table updating apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The virtualization technology can be applied to various scenes, and particularly, with the development of cloud services, the virtualization technology is increasingly widely applied to the cloud services; to facilitate understanding of the virtualization technology, the virtualization technology is described below by taking a cloud service based on the virtualization technology as an example.
Referring to the cloud service optional architecture based on the virtualization technology shown in fig. 1, the cloud service architecture may include: cloud host 100, network 200, users 301 to 30n;
the cloud host 100 is a host device (the host device may be in the form of a server) deployed on a network side for a cloud service provider (such as a cloud service manufacturer) to provide a cloud service; based on the requirements of different users, the cloud host can create one or more virtual machines for different users through a virtualization technology, for example, the user can request the cloud host to create a plurality of virtual machines adapting to the service requirements of the user according to the service requirements, so that the user can respectively run applications on the plurality of virtual machines belonging to the cloud host, and the user specific service can be completed cooperatively through the applications run by the plurality of virtual machines; it is understood that a virtual machine is a client that provides services to a user.
Network 200 may be considered as the internet, or other forms of networks with communication functions, where communication and data transmission are implemented between a cloud host and a user through a network, and embodiments of the present invention are not limited to a specific network form of network 200;
the number of users 301 to 30n is a plurality of registered users using the cloud service, and the embodiment of the present invention does not limit the specific value of n; in a cloud service scenario, each user may have one or more virtual machines belonging to it in a cloud host to utilize the virtual machines belonging to the user to complete user-specific services.
As an alternative example, fig. 2 shows an alternative schematic diagram of a system architecture of a virtualized environment, as shown in fig. 2, the system architecture of the virtualized environment may include: CPU (Central Processing Unit ) core 1, memory controller 2, memory 3 and security processor (PSP, platform Secure Processor) 4;
the CPU core 1 may configure a virtual machine manager (VMM, virtual Machine Monitor) 11 through a host operating system (hereinafter referred to as a host) 10 running therein, and virtualize a plurality of virtual machines 12 through a virtualization technology, where the plurality of virtual machines may be accessed and managed by the virtual machine manager 11 based on a virtual machine module (KVM, kernel-based Virtual Machine) 13 in the host 10, and may be translated in memory addresses and migrated in memory by the virtual machine manager 11 based on a memory management unit (MMU, memory management unit) 14. The memory controller 2 is hardware that controls the memory 3 and causes data to be exchanged between the memory 3 and the CPU core 1, the memory controller 2 may configure the encryption engine 21, and the encryption engine 21 may store a key; the secure processor 4 is a processor which is specially set by the secure virtualization technology and is responsible for data security of the virtual machine, the secure processor 4 can encrypt part or all of the memories of the virtual machine through the key stored by the encryption engine 21, and the memories used by different virtual machines are encrypted through different keys.
When the program of the virtual machine 12 runs, the virtual machine 12 needs to find the memory page allocated for running the program, that is, the host physical address corresponding to the memory page is found by the guest physical address (Guest Physical Address, gpa; in this scheme, the virtual machine can be understood as a guest, and thus, may also be referred to herein as a virtual machine physical address) of the virtual machine. The page table is recorded with a mapping relation from a client physical address to a host physical address as a form for recording the address mapping relation.
FIG. 3 shows a schematic diagram of an address mapping of a page table. It can be seen that the physical address from the guest virtual address to the host of the virtual machine contains a mapping page table (gPT) of guest virtual addresses to guest physical addresses, referred to as a virtual machine mapping page table, and also contains a mapping page table (nPT) of guest physical addresses to host physical addresses, referred to as a nested page table.
It will be appreciated that when the program of the virtual machine is running, the guest physical address of the page to be accessed may be found by looking up the virtual machine mapping page table, and further, by looking up the guest physical address, the host physical address is looked up from the nested page table, and data access is performed based on the looked up host physical address. If the corresponding host physical address or the corresponding memory page cannot be found, a page fault abnormality occurs.
In order to ensure the safety of the memory data, a part of memory is further divided into the memory by a safety mechanism to serve as the safety memory, the safety memory only allows the virtual machine allocated to the safety memory to access, and the super operating system (such as a host operating system or a virtual machine manager and the like) is not allowed to access, so that the invasive access of the super operating system to the virtual machine data is avoided. Referring to fig. 2 and 4 in combination, the memory 3 may include a normal memory 30 and a secure memory 31, and a virtual machine allocated with the secure memory may be referred to as a secure virtual machine, and a virtual machine not allocated with the secure isolation memory may be referred to as a normal virtual machine. The security mechanism of the secure memory may be a special encryption mechanism or physical isolation.
Referring to fig. 4 in combination to a virtual machine memory access schematic, in this figure, access is taken as an example by a host operating system running on a CPU, and when the host operating system accesses a secure memory, access of the host operating system is denied. It should be noted that, in the secure virtual machine, not only the secure memory but also the normal memory may be allocated at the same time, so as to be used as a shared memory to store the data that needs to be shared by the secure virtual machine and the host operating system. The memory shown by the dashed box with reference to fig. 4 is the secure memory and the shared memory allocated to the secure virtual machine.
Meanwhile, in order to ensure the information access safety of the secure virtual machine, a nested page table of the secure virtual machine can be maintained by a secure processor. When the secure virtual machine performs memory access, the nested page table in the secure processor is used for searching the physical address of the host, so that corresponding data is read based on the physical address of the host.
However, referring to the page table updating schematic diagram in the memory migration process shown in fig. 5, in the process of performing memory migration by the host, it is required to determine the host physical address hpa corresponding to the guest physical address gpa based on the mapping relationship between the guest physical address gpa and the host virtual address (Host Virtual Address, hva) recorded in the memblot (memory space slot) of the VMM and the address mapping relationship between the migrated host virtual address hva and the host physical address (Host Physical Address, hpa) recorded in the manager page table (hereinafter referred to as the VMM process page table) of the VMM, so as to update the corresponding address mapping relationship in the nested page table nPT, thereby ensuring that the virtual machine accesses an accurate memory page after the memory migration.
It will be appreciated that memory migration is performed by the MMU in the host, however, the secure virtual machine based nested page tables are maintained by the secure processor, and the host or virtual machine manager does not have permission to update the nested page tables, such that migration to the secure virtual machine's shared memory is not enabled.
Based on the above, the embodiment of the invention provides a method, a device and related equipment for updating a page table, wherein the method for updating the page table comprises the following steps: after the memory migration is started, a first address is obtained, wherein the first address points to a shared memory to be migrated of the secure virtual machine; releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault exception when accessing the shared memory pointed by the first address; after a page table update instruction triggered by the page fault abnormality of the secure virtual machine is generated, acquiring the page table update instruction, wherein the page table update instruction comprises a second address for generating the page fault abnormality; and updating an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction. After the memory migration is started, the address mapping relation of the shared memory to be migrated in the page table is released, so that page fault abnormality is generated when the secure virtual machine accesses the part of the shared memory, the secure processor updates the corresponding address mapping relation in the page table based on the page fault abnormality, further, the page table update of the shared memory of the secure virtual machine is realized, and further, the migration to the shared memory is realized.
In an alternative example, referring to an optional schematic diagram of a system architecture shown in fig. 2, an embodiment of the present invention provides a page table updating method, which is based on MMU, KVM and secure processor execution in a host, and referring to a schematic flow diagram of the page table updating method shown in fig. 6, the page table updating method includes:
step S10: the KVM sends a first address to a secure processor, wherein the first address points to a shared memory to be migrated of the secure virtual machine;
the shared memory is a common memory configured in the secure virtual machine. The KVM may obtain the first address based on a memory migration start message of the host. Optionally, the first address is a client physical address, and after the memory migration is started, the MMU of the host may send a memory migration start message to the KVM in the host, where the memory migration start message includes a host virtual address hva of the memory to be migrated. The KVM obtains a host virtual address of the memory to be migrated by receiving the memory migration start message, and obtains a first address pointing to the shared memory in the host virtual address by querying the memblot of the VMM. It should be noted that in this example, the MMU may be a software module in the host for managing memory allocation, release, migration, and page table update.
It may be understood that the normal memory to be migrated may or may not be a part or all of the shared memory configured in the secure virtual machine. Optionally, the MMU may query the shared memory configured for the secure virtual machine, and send a memory migration start message to the KVM based on hva of the memory to be migrated when the memory to be migrated is the shared memory of the secure virtual machine; alternatively, the MMU may send the address range of the memory to be migrated to the KVM, which determines the first address of the shared memory directed to the secure virtual machine when querying the client physical address of the memory to be migrated.
The shared memory to be migrated may be one memory page or may be a plurality of memory pages, and the corresponding first address may be represented by an address range (gpa, gpa_end).
It will be appreciated that during the memory migration process, the client physical address gpa of the corresponding memory is unchanged, and the host physical address hpa is changed. Therefore, the first address is used as the physical address of the client to update the nested page table, and the corresponding address mapping relation can be effectively and accurately changed.
In one alternative example, the secure virtual machine may cause the KVM to send the first address (gpa, gpa_end) of the secure virtual machine to the secure processor through the secure call.
Step S11: the secure processor releases the address mapping relation of the first address in the page table;
after receiving the first address, the secure processor may release the address mapping relationship corresponding to the first address in the nested page table, so that the secure virtual machine generates a page-missing exception when accessing the shared memory pointed by the first address, and further performs updating of the page table based on the page-missing exception.
When the address mapping relation corresponding to the first address is released, the addresses corresponding to the memory pages can be released one by one, or the addresses corresponding to the memory pages can be released in parallel.
Step S12: the MMU transfers the shared memory pointed by the first address to a preset memory page;
after the secure processor releases the address mapping relationship corresponding to the first address, the secure processor may send an address release response message to indicate that the address mapping relationship of the first address is completely released. The release response message may be sent to the host's MMU, or to the KVM and forwarded by the KVM to the host's MMU. After the MMU of the host acquires the address release response message, the migration of the memory can be executed, and the memory is migrated to a preset memory page.
It should be noted that, during the migration process of the execution memory, the host operating system records the mapping relationship from the host virtual address to the host physical address of the preset memory page in the VMM process page table, so that the nested page table of the secure virtual machine can be updated correspondingly based on the VMM process page table.
After the memory migration is completed, the MMU may send a memory migration completion message to the KVM to indicate that the memory migration process has completed.
Step S13: when the KVM generates a page fault abnormality, a page table update instruction triggered by the page fault abnormality is sent to a security processor by the KVM;
it can be understood that after the address mapping relation corresponding to the first address is released in the nested page table, when one or more memory pages accessed by the secure virtual machine are the migrated shared memory, a page-missing exception is generated. Specifically, the page fault exception may be a nested page fault error, and correspondingly, when the page fault exception occurs, the KVM may be triggered to generate a page table update instruction, and the page table update instruction is sent to the secure processor, so that the secure processor updates the new address mapping relationship to the nested page table. The page table update instruction includes a physical address of a client generating a page fault exception. Specifically, the present invention is described with an address generating a page fault abnormality as a second address, and correspondingly, the page table update instruction includes the second address generating the page fault abnormality.
Accordingly, the secure processor may obtain the page table update instruction after the KVM sends the page table update instruction.
Step S14: based on the page table updating instruction, the security processor updates an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory;
the second address may point to the secure memory or may point to the shared memory, it needs to determine whether the memory page pointed to by the second address is the shared memory, and when the second address points to the shared memory, the secure virtual machine and the memory migration may run simultaneously, so it needs to determine whether the shared memory pointed to by the second address is the shared memory (i.e. the migrated shared memory) that has completed the migration process, and further when the second address points to the migrated shared memory, update the address mapping relationship corresponding to the second address in the page table.
In an alternative example, referring to the alternative flow schematic of step S14 shown in fig. 7, step S14 may include:
step S141: based on the address updating instruction, the secure processor acquires a host physical address corresponding to the second address when the second address points to the shared memory;
It may be appreciated that the second address may point to a secure memory or may point to a shared memory, and the secure processor may determine an attribute of a memory page to which the second address points after obtaining the page table update instruction, so as to determine whether the second address points to the secure memory or the shared memory based on the attribute of the memory page, and when the second address points to the shared memory, the KVM determines a host physical address corresponding to the second address.
Specifically, after determining the attribute of the memory page pointed by the second address, the secure processor may send the attribute of the memory page pointed by the second address to the KVM in the host, if the attribute of the memory page is not shared memory, notify the KVM to continue running the secure virtual machine, and if the attribute of the memory page is shared memory, the KVM in the host queries the VMM process page table, thereby determining the host physical address corresponding to the second address, and sends the host physical address corresponding to the second address to the secure processor.
Accordingly, the secure processor may obtain the host physical address corresponding to the second address from the KVM in the host.
Step S142: the secure processor judges whether the shared memory pointed by the second address is the migrated shared memory or not;
Whether the shared memory is in the migrated state or not can be determined based on a memory migration end message sent by an MMU of the host, or can be determined based on state information corresponding to the shared memory. When determining based on the state information corresponding to the shared memory, whether the shared memory is in the migration state or not can be marked through the state information, and further whether the shared memory is migrated or not can be inquired and determined.
In this step, if the determination result is yes, step S143 is executed to update the address mapping relationship corresponding to the second address, and if not, a corresponding response message is returned to the KVM to notify the KVM to continue running the secure virtual machine.
Step S143: the security processor updates the address mapping relation corresponding to the second address to the host physical address in a page table;
after the secure processor obtains the host physical address corresponding to the second address, the host physical address may be updated to the page table entry corresponding to the second address, so as to establish a new address mapping relationship for the second address.
It will be appreciated that the above embodiments are described by taking the example of the KVM and MMU in the host performing corresponding steps, and in some alternative examples, the corresponding steps may be performed by other modules in the host, and the invention is not limited in detail herein.
Based on the page table updating method, the nested page table of the secure virtual machine can be updated, and further the migration of the shared memory in the secure virtual machine is realized.
In an optional implementation, the states of the shared memories of the host and the secure virtual machine may be further synchronized during the migration process, so as to implement migration of the shared memories during the running process of the secure virtual machine. In one alternative example, status information may be configured for the shared memory, and when performing migration and access of the shared memory, updating of the shared memory page table and access of the shared memory data are performed based on the status information.
The status information may be a management sequence number (sequence), which may be a large number of 64 bits or 128 bits, so that data overflow may be avoided. The management serial number of the shared memory is used for identifying the state information of the shared memory, and optionally, the management serial number can be updated once every time the shared memory is migrated. It can be understood that each time the shared memory is migrated, not all the shared memory is necessarily migrated, and correspondingly, different shared memories may correspond to the updated management serial number of the migration.
One page of the shared memory may correspond to a management sequence number, and multiple pages of the shared memory may also correspond to a management sequence number. Accordingly, the correspondence between the shared memory and the management sequence number may be denoted as (gpa, gpa_end, seq), where gpa and gpa_end respectively represent the start and stop addresses of the shared memory, and seq represents the management sequence number corresponding to the portion of the shared memory. In an alternative example, a shared memory information linked list may be established, and referring to the example diagram of the shared memory information linked list structure shown in fig. 8, the shared memories with different addresses and corresponding management serial numbers are connected to form a linked list, so as to save the management serial numbers corresponding to the shared memories with different address ranges. Optionally, addresses in adjacent nodes are in an adjacent relationship at the same time, for example, gpa_end of the previous node is adjacent to gpa of the next node.
When the secure virtual machine is initialized, the sequence of the shared memory information linked list may be set to an initial value, for example, may be 0, and an invalid state value (invalid value) may be preset, for example, may be-1, and when the sequence is the invalid state value, a preset flow may be executed based on the invalid state value. Specifically, when the sequence is an invalid state value, the shared memory corresponding to the sequence is considered to be in a migration process, and further, after the memory migration is finished, the update management sequence number may be in a migrated state.
The security manager can maintain a shared memory information linked list, specifically, the security manager can update the shared memory information linked list based on the state of the shared memory in the process of migration and access of the shared memory, and the security processor and the host realize synchronization of the state of the shared memory in the process of memory migration and page table update based on the shared memory information linked list.
In an alternative example, referring to an alternative flow diagram of a page table update method in the memory migration process shown in fig. 9, the method includes:
step S20: the KVM sends a first state updating instruction to the secure processor, wherein the first state updating instruction carries the first address;
In an alternative example, after the memory migration is initiated, the KVM may send a first status update instruction to the secure processor, where the first status update instruction may carry the first address, thereby sending the first address to the secure processor.
The first state updating instruction is used for enabling the secure processor to update the shared memory information linked list based on the first state updating instruction so as to indicate that the shared memory corresponding to the shared memory information linked list is in a migration state.
Step S21: and the security processor updates the state information of the linked list node containing the first address in the shared memory information linked list based on the first state update instruction.
And updating state information of a linked list node containing the first address in the shared memory information linked list to indicate that the shared memory corresponding to the first address is in a migration state.
In this example, in the shared memory information linked list, the state information of the linked list node includes a management sequence number, and in an alternative example, the state information of the linked list node may be the management sequence number.
In an alternative example, referring to the alternative flow schematic of step S21 shown in fig. 10, step S21 may include:
Step S211: the security processor searches a linked list node containing the first address in a shared memory information linked list based on the first state updating instruction;
in an alternative example, the KVM sends a first status update instruction carrying the first address, and the secure processor obtains the first address according to the first status update instruction.
Before the secure processor performs the release of the corresponding address mapping relationship, the secure processor first traverses the shared memory information linked list, searches linked list nodes (gpa_n, gpa_end_n, seq) containing the first address, if a linked list node meeting the condition is found, executes step S22, if no node meeting the condition is found, returns a corresponding response message to the MMU of the host, and notifies the MMU to continue to operate.
The first address may be included in an address range in the linked list node, may be equal to an address range in the linked list node, or may be at least partially included in an address range in the linked list node. In this example, the address range within the linked list node has a cross range with the first address, i.e., the linked list node is considered to contain the first address.
Step S212: the security processor configures the management serial number of the searched linked list node as an invalid state value;
and configuring the found management serial number of the linked list node as an invalid state value to indicate that the part of the shared memory is in a migration state.
In an alternative example, if the partial address range of the first address is included in the address range of the searched linked list node, the linked list node may be split into a first linked list node and a second linked list node, where the address in the first linked list node is at least a partial address range with the first address, that is, the address in the first linked list node is an address in a cross range with the first address, and the address in the second linked list node is a remaining address range in the linked list node. It can be understood that when the starting address of the first linked list node is the same as the starting address of the linked list node before splitting, or the ending address of the first linked list node is the same as the ending address of the linked list node before splitting, the number of the second linked list nodes may be 1, which corresponds to the remaining address range in the linked list node; when the address range of the first linked list node is in the middle range of the linked list node before splitting, the number of the second linked list nodes can be 2, and the second linked list nodes respectively correspond to the address range before the starting address of the first linked list node and the address range after the ending address of the first linked list node.
After the linked list nodes are split, the management serial number of the first linked list node can be configured as an invalid state value, and the management serial number of the second linked list node can be configured as the management serial number of the linked list node before the splitting.
Step S22: the secure processor releases the address mapping relation of the first address in the page table;
step S23: the MMU transfers the shared memory pointed by the first address to a preset memory page;
in the memory migration process, the MMU in the host migrates the shared memory pointed by the first address to a preset memory page, and updates the corresponding address mapping relationship to a VMM process page table.
Step S24: the KVM queries a third address corresponding to the migrated shared memory;
the third address may be a client physical address. Specifically, after the memory migration is finished, the shared memory is migrated to a preset memory page, and the MMU of the host may send a memory migration finishing message to the KVM. The MMU of the host performs memory migration based on hva of the memory, and accordingly, the MMU sends the migrated memory address (hva, hva _end) to the KVM through a memory migration end message. The KVM may walk (hva, hva _end) to (gpa, gpa_end) mappings from nested page tables and send the third address to the secure processor via a second status update instruction, wherein the second status update instruction carries the third address.
It is understood that when the memory migration is successfully completed, the third address is identical to the first address, and when the memory migration is not successfully completed, the third address may be only a partial address range within the first address range.
Step S25: based on the third address, the security processor updates state information of a linked list node corresponding to the third address in the shared memory information linked list;
the security processor may acquire a third address based on the second state update instruction, so as to update a management sequence number of a linked list node corresponding to the third address in the shared memory information linked list.
Specifically, the security processor may find a linked list node that includes the third address in the shared memory information linked list; and configuring the management serial number of the searched linked list node as a migrated state value. Optionally, the management sequence number in the shared memory information linked list may be added by 1, and the linked list node including the third address may be searched, and if the linked list node is found, the management sequence number in the linked list node is updated to the management sequence number added by 1.
It should be noted that, in the memory migration process, the serial number of the shared memory in the migration process is configured as an invalid state value, so that when the corresponding memory access or page table update is performed, it is determined that the shared memory in the portion is in the migration process based on the invalid state value, and then the flow of the corresponding migration process can be executed, for example, the corresponding operation is delayed or cancelled.
In an alternative example, a page table update method is also provided, and when the memory access is to the migrated shared memory, the page table update method may be performed based on the page fault exception. Referring to an alternative flow diagram of a page table update method shown in FIG. 11, a page table update process may include:
step S30: when the KVM generates a page fault abnormality, a page table update instruction is sent to a security processor, wherein the page table update instruction comprises a second address for generating the page fault abnormality;
step S31: the security processor determines the memory attribute of the memory page pointed by the second address based on the page table updating instruction;
the memory attribute of the memory page may be a secure memory or a normal memory (i.e. shared memory), and after receiving the page table update instruction, the second address may be obtained based on the page table update instruction, so as to further determine the memory attribute of the memory page pointed by the second address.
Alternatively, the secure processor may determine the memory attribute of the memory page pointed to by the second address based on the shared memory information linked list. Specifically, the secure processor may search the shared memory information link table, and if the second address is in the address range of any node of the shared memory information link table, the memory attribute of the memory page pointed by the second address is the shared memory; otherwise, the memory attribute of the memory page pointed by the second address is the secure memory.
It should be noted that, when the memory attribute of the memory page pointed to by the second address is the secure memory, the secure processor may directly allocate the secure memory corresponding to the second address to the secure processor, and update the address mapping relationship of the second address to the nested page table.
Step S32: when the memory attribute of the memory page pointed by the second address is shared memory, the safety processor sends the memory attribute information and the management serial number corresponding to the second address to the KVM;
when the memory attribute of the memory page pointed by the second address is a shared memory, it indicates that the second address needs to be updated based on the VMM process page table at this time, and the management serial number of the second address is sent at the same time to confirm whether the memory migration occurs again in the shared memory of the running secure virtual machine based on the management serial number information (refer to the memory migration embodiment described above, when the memory migration occurs, the management serial number is updated), so that the secure processor and the virtual machine manager of the host can determine whether the memory page corresponding to the second address to be subjected to page table update is in the same state based on the synchronized management serial number information.
Step S33: the KVM searches a host physical address corresponding to the second address;
when the memory attribute of the memory page pointed by the second address is the shared memory, the KVM may search the host physical address corresponding to the second address from the VMM process page table after obtaining the second address.
Step S34: the KVM sends a page table update confirmation instruction to the security processor;
after searching the host physical address corresponding to the second address, the KVM may send a page table update instruction to the secure processor again, where the page table update confirmation instruction may include the second address gpa, the host physical address hpa corresponding to the second address, and a management sequence number sequence corresponding to the second address.
Step S35: the secure processor judges whether the shared memory pointed by the second address is the migrated shared memory or not;
after the secure processor obtains the page table update instruction, the secure processor may traverse the shared memory information linked list based on the page table update instruction, find a shared memory linked list node including the second address, and if no corresponding linked list node is found, return to the KVM to notify the KVM to continue running the secure virtual machine; if the corresponding linked list node is found, judging whether the sequence value corresponding to the linked list node is an invalid state value, if so, indicating that the shared memory of the linked list node is in a migration state, returning to the KVM, and continuing to operate the safe virtual machine; if not, indicating that the shared memory of the linked list node is not in a migration state, further judging whether a sequence value corresponding to the linked list node is larger than a management sequence number carried in the page table update confirmation instruction, if so, returning to the KVM to continue to operate the secure virtual machine, and if not, indicating that the shared memory state corresponding to the update information in the page table update instruction is not consistent with the shared memory state corresponding to the node; if not, the shared memory state corresponding to the update information in the page table update instruction is consistent with the shared memory state corresponding to the node, and if the shared memory pointed by the second address is the migrated shared memory.
Specifically, when judging whether the sequence value corresponding to the linked list node is greater than the management sequence number carried in the page table update instruction, the sequence number command prompt cmd_seq may be made equal to the management sequence number carried in the page table update instruction, and further, whether the sequence value corresponding to the linked list node is greater than the management sequence number carried in the page table update instruction may be judged by judging whether the sequence value corresponding to the linked list node is greater than the cmd_seq.
Step S36: the secure processor updates the address mapping relation corresponding to the second address according to the host physical address when the shared memory pointed by the second address is the migrated shared memory;
based on the page table updating method, the page table is updated based on the shared memory information linked list, so that memory migration and updating of the nested page table of the secure virtual machine can be realized in the running process of the secure virtual machine, the secure virtual machine does not need to be closed, and user experience is improved.
The foregoing describes a number of embodiments provided by embodiments of the present application, and the various alternatives presented by the various embodiments may be combined, cross-referenced, with each other without conflict, extending beyond what is possible, all of which may be considered embodiments disclosed and disclosed by embodiments of the present application.
The page table updating device provided in the embodiment of the present application is described below from the perspective of the secure processor, where the page table updating device described below may be considered as a functional module required to be set by the secure processor to implement the page table updating method provided in the embodiment of the present application; the contents of the page table updating apparatus described below may be referred to in correspondence with the contents of the method described above.
In an alternative implementation, fig. 12 shows an alternative block diagram of a page table updating apparatus provided in an embodiment of the present application, where the page table updating apparatus may be applied to a secure processor, and as shown in fig. 12, the page table updating apparatus may include:
the address obtaining module 110 is configured to obtain a first address after the memory migration is started, where the first address points to a shared memory to be migrated of the secure virtual machine;
the address release module 120 is configured to release an address mapping relationship of the first address in the page table, so that the secure virtual machine generates a page fault exception when accessing the shared memory pointed by the first address;
an instruction obtaining module 130, configured to obtain a page table update instruction after generating the page table update instruction triggered by the page fault exception of the secure virtual machine, where the page table update instruction includes a second address for generating the page fault exception;
And the page table updating module 140 is configured to update, based on the page table updating instruction, an address mapping relationship corresponding to the second address in a page table when the second address points to the migrated shared memory.
Optionally, the page table updating module 140 is configured to update, based on the page table updating instruction, an address mapping relationship corresponding to the second address in a page table when the second address points to the migrated shared memory, where the updating includes:
based on the page table updating instruction, when the second address points to the shared memory, acquiring a host physical address corresponding to the second address;
and judging whether the shared memory pointed by the second address is the migrated shared memory or not, if so, updating the address mapping relation corresponding to the second address in a page table to the host physical address.
Optionally, the page table updating module 140 is configured to obtain, based on the page table updating instruction, a host physical address corresponding to the second address when the second address points to the shared memory, where the method includes:
determining the attribute of the memory page pointed by the second address based on the page table updating instruction;
sending the attribute of the memory page pointed by the second address to the host, so that the host queries a process page table of the virtual machine manager when the attribute of the memory page pointed by the second address is shared memory, and determines the physical address of the host corresponding to the second address;
And acquiring the host physical address corresponding to the second address.
Optionally, the page table updating module 140 is configured to determine, based on the page table updating instruction, an attribute of the memory page pointed to by the second address, including:
acquiring the second address based on the page table update instruction;
searching a shared memory information linked list, and determining the attribute of a memory page pointed by a second address;
if the second address is in the address range of any node of the shared memory information linked list, the memory attribute of the memory page pointed by the second address is shared memory; otherwise, the memory attribute of the memory page pointed by the second address is a secure memory.
Optionally, the page table updating module 140 is configured to send, to the host, an attribute of the memory page pointed to by the second address, including: transmitting the memory attribute information of the memory page pointed by the second address and the management serial number corresponding to the second address to a host;
the page table updating module 140, configured to obtain a host physical address corresponding to the second address, includes: and acquiring a page table update confirmation instruction sent by the host, wherein the page table update confirmation instruction comprises a second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
Optionally, the page table updating module 140 is configured to determine whether the shared memory pointed to by the second address is migrated shared memory, and includes:
searching a linked list node containing the second address in the shared memory information linked list;
judging whether the found management serial number of the linked list node is an invalid state value;
if not, judging whether the management serial number of the searched linked list node is larger than the management serial number carried in the page table update confirmation instruction
If not, the shared memory pointed by the second address is the migrated shared memory.
Optionally, the address obtaining module 110 is configured to obtain a first address, including: acquiring a first state updating instruction sent by a host, wherein the first state updating instruction carries the first address;
after the first state update instruction sent by the host is obtained, before the address mapping relation of the first address in the page table is released, the method further includes:
and updating the state information of the linked list node containing the first address in the shared memory information linked list based on the first state updating instruction.
Optionally, in the shared memory information linked list, state information of a linked list node is a management serial number; the address obtaining module 110, configured to update, based on the first status update instruction, status information of a linked list node including the first address in the shared memory information linked list, includes:
Searching a linked list node containing the first address in the shared memory information linked list based on the first state updating instruction;
and configuring the management serial number of the searched linked list node as an invalid state value.
Optionally, at least a part of the address range of the first address is included in the address range of the searched linked list node, and the address obtaining module 110 is configured to configure the management serial number of the searched linked list node to be an invalid state value, including:
splitting the linked list node into a first linked list node and a second linked list node, wherein the address in the first linked list node is at least a part of address range of the first address, and the address in the second linked list node is the rest address range in the linked list node;
and configuring the management serial number of the first linked list node as an invalid state value, and configuring the management serial number of the second linked list node as the management serial number of the linked list node before splitting.
Optionally, the address obtaining module 110 is further configured to:
after the memory migration is finished, a third address corresponding to the migrated shared memory sent by the host is obtained;
the page table updating module 140 is further configured to update status information of a linked list node corresponding to the third address in the shared memory information linked list based on the third address.
Optionally, the third address is a physical address of the client, and the address obtaining module 110 is configured to obtain a third address corresponding to the migrated shared memory sent by the host, specifically, obtain a second state update instruction sent by the host, where the second state update instruction carries the third address;
the page table updating module 140, configured to update, based on the third address, state information of a linked list node corresponding to the third address in the shared memory information linked list, includes:
searching a linked list node containing the third address in the shared memory information linked list;
and configuring the management serial number of the searched linked list node as a migrated state value.
The page table updating device provided in the embodiment of the present application is described below from the perspective of a secure virtual machine, where the page table updating device described below may be considered as a functional module required to be set by the secure virtual machine to implement the page table updating method provided in the embodiment of the present application; the contents of the page table updating apparatus described below may be referred to in correspondence with the contents of the method described above.
In an alternative implementation, fig. 13 shows another alternative block diagram of a page table updating apparatus provided in an embodiment of the present application, where the page table updating apparatus may be applied to a host, as shown in fig. 13, and the page table updating apparatus may include:
The address sending module 210 is configured to send a first address to the secure processor after the memory migration is started, so that the secure processor releases an address mapping relationship of the first address in the page table, where the first address points to a shared memory to be migrated of the secure virtual machine;
the instruction sending module 220 is configured to send a page table update instruction triggered by the page fault exception to the secure processor when the secure virtual machine generates the page fault exception, so that the secure processor updates an address mapping relationship corresponding to a second address in a page table when the second address points to the migrated shared memory based on the page table update instruction; the page table update instruction includes a second address that generates a page fault exception.
Optionally, referring to fig. 14, a further optional block diagram of a page table updating apparatus provided in an embodiment of the present application, the page table updating apparatus further includes:
the address determining module 230 is configured to determine a host physical address corresponding to the second address when the second address points to the shared memory.
Optionally, the address determining module 230 is configured to determine a host physical address corresponding to the second address, including:
receiving the attribute of the memory page pointed by the second address;
When the attribute of the memory page pointed by the second address is shared memory, inquiring a process page table of the virtual machine manager, and determining a host physical address corresponding to the second address;
and sending the host physical address corresponding to the second address to the secure processor.
Optionally, the address determining module 230 is configured to receive an attribute of the memory page pointed to by the second address, including: receiving memory attribute information of a memory page pointed by a second address and a management serial number corresponding to the second address;
the address determining module 230 is configured to send the host physical address corresponding to the second address to the secure processor, and includes: and sending a page table update confirmation instruction to the security processor, wherein the page table update confirmation instruction comprises a second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
Optionally, the address sending module 210 is configured to send the first address to the secure processor, including: sending a first state update instruction to a secure processor, wherein the first state update instruction carries the first address
Optionally, referring to another optional block diagram of the page table updating apparatus provided in the embodiment of the present application shown in fig. 15, the page table updating apparatus further includes:
A message receiving module 240, configured to receive a memory migration start message, where the memory migration start message includes a host virtual address of a memory to be migrated;
the page table querying module 250 is configured to query a memory space slot of the virtual machine manager, and obtain a first address in the host virtual address, where the first address is directed to the shared memory.
Optionally, the address sending module 210 is further configured to send a third address corresponding to the migrated shared memory after the memory migration is completed, so that the secure processor updates the state information of the linked list node corresponding to the third address in the shared memory information linked list based on the third address.
Optionally, the third address is a physical address of the client, and the address sending module 210 is configured to send a third address corresponding to the migrated shared memory, specifically, send a second status update instruction, where the second status update instruction carries the third address.
The embodiments of the present application further provide a secure processor, where the secure processor may execute the program of the page table updating method provided in the embodiments of the present application, and specific content may refer to the description of the corresponding parts above, which is not further described herein.
The embodiment of the application also provides a host computer, which can execute the program of the page table updating method provided by the embodiment of the application, and in an optional example, the program is executed by a virtual machine module in the host computer. For details, reference is made to the description of the corresponding parts above, and no further description is given here.
Embodiments of the present application further provide a computer architecture, for example, a cloud host, where the computer architecture may include the above secure processor and the host, an optional structure of the computer architecture may be shown in fig. 2, and the computer architecture may execute a program of the page table updating method provided in the embodiments of the present application, and details of the program may be referred to the description of the corresponding parts above, which is not further described herein.
Although the embodiments of the present invention are disclosed above, the present invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention should be defined in the appended claims.

Claims (25)

1. A method of updating a page table, applied to a secure processor, comprising:
after the memory migration is started, a first address is obtained, wherein the first address points to a shared memory to be migrated of the secure virtual machine, and the shared memory is a common memory configured in the secure virtual machine;
Releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault exception when accessing the shared memory pointed by the first address;
after a page table update instruction triggered by the page fault abnormality of the secure virtual machine is generated, acquiring the page table update instruction, wherein the page table update instruction comprises a second address for generating the page fault abnormality;
and updating an address mapping relation corresponding to the second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction.
2. The method of updating a page table of claim 1, wherein the first address and the second address are physical addresses of clients, and wherein updating the address mapping relationship corresponding to the second address in the page table when the second address points to the migrated shared memory based on the page table update instruction comprises:
based on the page table updating instruction, when the second address points to the shared memory, acquiring a host physical address corresponding to the second address;
and judging whether the shared memory pointed by the second address is the migrated shared memory or not, if so, updating the address mapping relation corresponding to the second address in a page table to the host physical address.
3. The method for updating a page table according to claim 2, wherein the obtaining, based on the page table updating instruction, the host physical address corresponding to the second address when the second address points to the shared memory includes:
determining the attribute of the memory page pointed by the second address based on the page table updating instruction;
sending the attribute of the memory page pointed by the second address to the host, so that the host queries a virtual machine manager process page table when the attribute of the memory page pointed by the second address is shared memory, and determines a host physical address corresponding to the second address;
and acquiring the host physical address corresponding to the second address.
4. The method of claim 3, wherein determining the attribute of the memory page pointed to by the second address based on the page table update instruction comprises:
acquiring the second address based on the page table update instruction;
searching a shared memory information linked list, and determining the attribute of a memory page pointed by the second address;
if the second address is in the address range of any node of the shared memory information linked list, the memory attribute of the memory page pointed by the second address is shared memory; otherwise, the memory attribute of the memory page pointed by the second address is a secure memory.
5. The method of updating a page table according to claim 3, wherein the sending the attribute of the memory page pointed to by the second address to the host includes: transmitting memory attribute information of a memory page pointed by the second address and a management serial number corresponding to the second address to the host;
the management serial number is used for identifying the state information of the shared memory;
the obtaining the host physical address corresponding to the second address includes: and acquiring a page table update confirmation instruction sent by the host, wherein the page table update confirmation instruction comprises the second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
6. The method of updating a page table of claim 2, wherein the determining whether the shared memory pointed to by the second address is migrated shared memory comprises:
searching a linked list node containing the second address in a shared memory information linked list;
judging whether the found management serial number of the linked list node is an invalid state value, wherein the management serial number is used for identifying the state information of the shared memory;
if not, judging whether the found management serial number of the linked list node is larger than the management serial number carried in the page table update confirmation instruction, and if so, the shared memory pointed by the second address is the migrated shared memory.
7. The page table updating method as recited in claim 1, wherein the obtaining the first address comprises: acquiring a first state updating instruction sent by a host, wherein the first state updating instruction carries the first address;
after the first state update instruction sent by the host is obtained, before the address mapping relation of the first address in the page table is released, the method further includes:
and updating the state of the linked list node containing the first address in the shared memory information linked list to be an invalid state based on the first state updating instruction.
8. The method of claim 7, wherein in the shared memory information link list, the state information of the link list node includes a management sequence number, and the management sequence number is used to identify the state information of the shared memory; based on the first status updating instruction, updating the status of the linked list node containing the first address in the shared memory information linked list to be an invalid status includes:
searching a linked list node containing the first address in the shared memory information linked list based on the first state updating instruction;
and configuring the management serial number of the searched linked list node as an invalid state value.
9. The page table updating method as recited in claim 8, wherein at least a portion of the address range of the first address is included in the address range of the looked-up linked list node, wherein the configuring the management sequence number of the looked-up linked list node to an invalid state value comprises:
splitting the linked list nodes into a first linked list node and a second linked list node, wherein the address in the first linked list node is at least part of the address range of the first address, and the address in the second linked list node is the rest address range in the linked list node;
and configuring the management serial number of the first linked list node as an invalid state value, and configuring the management serial number of the second linked list node as the management serial number of the linked list node before splitting.
10. The method of claim 1, wherein after releasing the address mapping relationship of the first address in the page table, before the obtaining the page table update instruction, further comprises:
after the memory migration is finished, a third address corresponding to the migrated shared memory sent by the host is obtained;
and updating the state of the linked list node corresponding to the third address in the shared memory information linked list based on the third address to be a migrated state.
11. The method for updating a page table according to claim 10, wherein the third address is a physical address of a client, and the obtaining a third address corresponding to the migrated shared memory sent by the host, specifically, obtaining a second status update instruction sent by the host, where the second status update instruction carries the third address;
based on the third address, updating the state of the linked list node corresponding to the third address in the shared memory information linked list to be a migrated state, including:
searching a linked list node containing the third address in the shared memory information linked list;
and configuring the management serial number of the searched linked list node as a migrated state value, wherein the management serial number is used for identifying the state information of the shared memory.
12. A method for updating a page table, applied to a host, comprising:
after the memory migration is started, a first address is sent to a secure processor, so that the secure processor releases an address mapping relation of the first address in a page table, the first address points to a shared memory to be migrated of a secure virtual machine, and the shared memory is a common memory configured in the secure virtual machine;
When the secure virtual machine generates a page fault abnormality, a page table updating instruction triggered by the page fault abnormality is sent to the secure processor, so that the secure processor updates an address mapping relation corresponding to a second address in a page table based on the page table updating instruction when the second address points to a migrated shared memory; the page table update instruction includes a second address that generates a page fault exception.
13. The method of claim 12, wherein the first address and the second address are physical addresses of a client, and wherein upon generation of a page fault exception, sending a page table update instruction triggered by the page fault exception to the secure processor further comprises:
and determining a host physical address corresponding to the second address when the second address points to the shared memory.
14. The method of updating a page table of claim 13, wherein the determining the host physical address to which the second address corresponds comprises:
receiving the attribute of the memory page pointed by the second address;
when the attribute of the memory page pointed by the second address is shared memory, inquiring a process page table of a virtual machine manager, and determining a host physical address corresponding to the second address;
And sending the host physical address corresponding to the second address to the secure processor.
15. The method of claim 14, wherein receiving the attribute of the memory page pointed to by the second address comprises: receiving memory attribute information of a memory page pointed by the second address and a management serial number corresponding to the second address, wherein the management serial number is used for identifying state information of a shared memory;
the sending the host physical address corresponding to the second address to the secure processor includes: and sending a page table update confirmation instruction to the security processor, wherein the page table update confirmation instruction comprises a second address, a host physical address corresponding to the second address and a management serial number corresponding to the second address.
16. The page table updating method of claim 12, wherein sending the first address to the secure processor comprises: sending a first state update instruction to a secure processor, wherein the first state update instruction carries the first address
17. The page table updating method of claim 12, further comprising, prior to transmitting the first address:
Receiving a memory migration start message, wherein the memory migration start message comprises a host virtual address of a memory to be migrated;
and inquiring a memory space occupying slot of the virtual machine manager, and acquiring a first address which points to the shared memory in the virtual address of the host.
18. The page table updating method of claim 12, further comprising:
and after the memory migration is finished, transmitting a third address corresponding to the migrated shared memory, so that the security processor updates the state information of the linked list node corresponding to the third address in the shared memory information linked list based on the third address.
19. The method of claim 18, wherein the third address is a physical address of a client, and wherein the sending the third address corresponds to the migrated shared memory is specifically sending a second status update instruction, where the second status update instruction carries the third address.
20. A page table updating apparatus, comprising:
the address acquisition module is used for acquiring a first address after the memory migration is started, wherein the first address points to a shared memory to be migrated of the secure virtual machine, and the shared memory is a common memory configured in the secure virtual machine;
The address release module is used for releasing the address mapping relation of the first address in the page table so that the security virtual machine generates a page fault abnormality when accessing the shared memory pointed by the first address;
the instruction acquisition module is used for acquiring a page table updating instruction after generating the page table updating instruction triggered by the page fault abnormality of the secure virtual machine, wherein the page table updating instruction comprises a second address for generating the page fault abnormality;
and the page table updating module is used for updating the address mapping relation corresponding to the second address in the page table when the second address points to the migrated shared memory based on the page table updating instruction.
21. A page table updating apparatus, comprising:
the address sending module is used for sending a first address to the secure processor after the memory migration is started, so that the secure processor releases the address mapping relation of the first address in the page table, the first address points to the shared memory to be migrated of the secure virtual machine, and the shared memory is a common memory configured in the secure virtual machine;
the instruction sending module is used for sending a page table updating instruction triggered by the page fault abnormality to the safety processor when the safety virtual machine generates the page fault abnormality, so that the safety processor updates an address mapping relation corresponding to a second address in a page table when the second address points to the migrated shared memory based on the page table updating instruction; the page table update instruction includes a second address that generates a page fault exception.
22. A secure processor, characterized in that the secure processor is executable by a program implementing the page table updating method of any of claims 1-11.
23. A host computer, wherein the host computer is executable by a program implementing the page table updating method of any one of claims 12 to 19.
24. The host of claim 23, wherein the host comprises a virtual machine module, the virtual machine module being executable by a program implementing the page table updating method of any of claims 12-19.
25. A computer architecture, comprising:
the secure processor of claim 22, and the host of claim 23 or 24.
CN202110720364.7A 2021-06-28 2021-06-28 Page table updating method and device and related equipment Active CN113342711B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110720364.7A CN113342711B (en) 2021-06-28 2021-06-28 Page table updating method and device and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110720364.7A CN113342711B (en) 2021-06-28 2021-06-28 Page table updating method and device and related equipment

Publications (2)

Publication Number Publication Date
CN113342711A CN113342711A (en) 2021-09-03
CN113342711B true CN113342711B (en) 2024-02-09

Family

ID=77479283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110720364.7A Active CN113342711B (en) 2021-06-28 2021-06-28 Page table updating method and device and related equipment

Country Status (1)

Country Link
CN (1) CN113342711B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116108454B (en) * 2023-04-06 2023-06-30 支付宝(杭州)信息技术有限公司 Memory page management method and device
CN116894275B (en) * 2023-09-08 2023-12-19 摩尔线程智能科技(北京)有限责任公司 Page table updating method, server, graphics processor, chip and storage medium
CN117421118B (en) * 2023-10-27 2024-06-21 海光信息技术股份有限公司 Secure memory allocation, release and related configuration methods and devices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739613A (en) * 2018-11-22 2019-05-10 海光信息技术有限公司 Maintaining method, access control method and the relevant apparatus of nested page table
CN110990122A (en) * 2019-11-28 2020-04-10 海光信息技术有限公司 Virtual machine migration method and device
CN111966468A (en) * 2020-08-28 2020-11-20 海光信息技术有限公司 Method, system, secure processor and storage medium for pass-through device
CN111984374A (en) * 2020-08-20 2020-11-24 海光信息技术有限公司 Method for managing secure memory, system, apparatus and storage medium therefor
CN112099904A (en) * 2020-08-25 2020-12-18 海光信息技术股份有限公司 Nested page table management method and device for virtual machine, processor chip and server
CN112241310A (en) * 2020-10-21 2021-01-19 海光信息技术股份有限公司 Page table management method, information acquisition method, processor, chip, device, and medium
CN112328354A (en) * 2019-08-05 2021-02-05 阿里巴巴集团控股有限公司 Virtual machine live migration method and device, electronic equipment and computer storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10241931B2 (en) * 2016-07-29 2019-03-26 Advanced Micro Devices, Inc. Controlling access to pages in a memory in a computing device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739613A (en) * 2018-11-22 2019-05-10 海光信息技术有限公司 Maintaining method, access control method and the relevant apparatus of nested page table
CN112328354A (en) * 2019-08-05 2021-02-05 阿里巴巴集团控股有限公司 Virtual machine live migration method and device, electronic equipment and computer storage medium
CN110990122A (en) * 2019-11-28 2020-04-10 海光信息技术有限公司 Virtual machine migration method and device
CN111984374A (en) * 2020-08-20 2020-11-24 海光信息技术有限公司 Method for managing secure memory, system, apparatus and storage medium therefor
CN112099904A (en) * 2020-08-25 2020-12-18 海光信息技术股份有限公司 Nested page table management method and device for virtual machine, processor chip and server
CN111966468A (en) * 2020-08-28 2020-11-20 海光信息技术有限公司 Method, system, secure processor and storage medium for pass-through device
CN112241310A (en) * 2020-10-21 2021-01-19 海光信息技术股份有限公司 Page table management method, information acquisition method, processor, chip, device, and medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Security Analysis of Encrypted Virtual Machines;Felicitas Hetzelt,et al;《arXiv:1612.01119v2》;正文第1-14页 *
虚拟计算环境下系统安全及体系结构支撑;刘宇涛;《中国博士学位论文全文数据库》;I138-20 *

Also Published As

Publication number Publication date
CN113342711A (en) 2021-09-03

Similar Documents

Publication Publication Date Title
CN113342711B (en) Page table updating method and device and related equipment
US10659471B2 (en) Method for virtual machine to access physical server in cloud computing system, apparatus, and system
CN109067828B (en) Kubernetes and OpenStack container-based cloud platform multi-cluster construction method, medium and equipment
US11469964B2 (en) Extension resource groups of provider network services
CN109254831B (en) Virtual machine network security management method based on cloud management platform
CN109067827B (en) Kubernetes and OpenStack container cloud platform-based multi-tenant construction method, medium and equipment
US7587471B2 (en) System and method for virtualizing network storages into a single file system view
JP4972670B2 (en) Virtual computer system, access control method thereof, and communication apparatus
CN112433817B (en) Information configuration method, direct storage access method and related device
US11221866B2 (en) Accelerator loading method, system, and apparatus
JP2006195703A (en) Operation management system for diskless computer
US20200159555A1 (en) Provider network service extensions
US11416267B2 (en) Dynamic hardware accelerator selection and loading based on acceleration requirements
US11048543B2 (en) Computer system and resource access control method for securely controlling access using roles with a plurality of users
US20230214361A1 (en) Container system, method of dynamically mounting host data to container, and application program for the same
CN114995948A (en) Method, device, equipment and system for downloading secure container mirror image file
CN114996750A (en) Data sharing method and device
CN113127444B (en) Data migration method, device, server and storage medium
CN111290829B (en) Access control module, virtual machine monitor and access control method
CN112416526A (en) Direct storage access method, device and related equipment
WO2013076865A1 (en) Computer system, program coordination method and program
CN117492933B (en) Data exchange method, device, electronic equipment and storage medium
CN113485790B (en) Restarting method, migration method and related equipment of virtual machine
EP3884628A1 (en) Provider network service extensions
JP2022054500A (en) Information processing program, information processing method, information processing device, and information processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant