CN117857253A - Inter-domain communication method based on jailhouse smmu - Google Patents
Inter-domain communication method based on jailhouse smmu Download PDFInfo
- Publication number
- CN117857253A CN117857253A CN202311625756.0A CN202311625756A CN117857253A CN 117857253 A CN117857253 A CN 117857253A CN 202311625756 A CN202311625756 A CN 202311625756A CN 117857253 A CN117857253 A CN 117857253A
- Authority
- CN
- China
- Prior art keywords
- smmu
- virtual
- jailhouse
- inter
- address space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 30
- 238000000034 method Methods 0.000 title claims abstract description 14
- 238000013507 mapping Methods 0.000 claims abstract description 27
- 238000005516 engineering process Methods 0.000 claims abstract description 9
- 238000002955 isolation Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
An inter-domain communication method based on jailhouse smmu, comprising the following steps: step S1, creating a plurality of virtual pcie devices in a HostOS, guestOS configuration file of a jailhouse, wherein the virtual pcie devices are used for HostOS, guestOS when a system is initialized, and OS inter-domain communication is performed based on an ivshmem technology; step S2, configuring a virtual machine manager in the Guest OS to allow a virtual machine to use smmu; step S3, the smmu enables the virtual machine to access the data in the virtual pcie equipment through the virtual address space by mapping the continuous virtual address space. The technical scheme of the invention can solve the problem that the communication between jailhouse domains cannot use continuous memory, and improves the safety and isolation of Guest OS access systems.
Description
Technical Field
The invention relates to a virtualization technology, in particular to an inter-domain communication method based on jailmouse smmu.
Background
jailhouse is a lightweight virtualization scheme that is dominated by siemens, paravirtualized. jailhouse focuses on the partitioning of hardware resources rather than the overhead and latency introduced by the sharing and virtualization of hardware resources. According to service requirements, resources such as CPU, memory, equipment interfaces and interruption are allocated before operation, the safety and independence of resource allocation are guaranteed in the operation process, the multi-core CPU is divided into a plurality of independent operation environments, and each operation environment can operate different operation systems to deploy different services. At present, the inter-domain communication function principle of jailhouse is shared memory, inter-domain communication is realized between GuestOS through the ivshmem technology, but the technology has the defect that continuous addresses can not be accessed, continuous memory is rarely reserved in the system, and if GuestOS inter-domain communication needs a lot, discontinuous physical addresses PA need to be mapped into continuous virtual addresses VA through smmu.
Disclosure of Invention
In order to solve the problems, the invention aims to provide an inter-domain communication method based on the jailminus smmu, which solves the problem that continuous memory cannot be used in the jailminus inter-domain communication by configuring virtual equipment needed by the jailminus inter-domain communication and by configuring a virtual machine to use virtual space addresses.
The invention provides an inter-domain communication method based on jailhouse smmu, which comprises the following steps:
step S1, creating a plurality of virtual Pcie devices in a HostOS, guestOS configuration file of the jailhouse, wherein the virtual Pcie devices are used by the HostOS and Guest OS in system initialization, and the inter-OS domain communication is performed based on the ivshmem technology;
step S2, configuring a virtual machine manager in the Guest OS to allow a virtual machine to use smmu;
step S3, the smmu enables the virtual machine to access the data in the virtual pcie equipment through the virtual address space by mapping the continuous virtual address space.
Preferably, in step S1, the plurality of virtual pcie devices are configured to share data between the HostOS and each gueastos;
the GuestOS is configured by jailhouse.
Preferably, in step S2, the virtual machine manager allocates an ivshmem shared address space for each virtual machine based on a plurality of virtual pcie devices.
Preferably, step S3 includes:
step S31, adding the configuration information of smmu in a jailhouse configuration file;
step S32, a smmu mapping table is established through the configuration information, and a mapping mode of the smmu mapping table is specified;
step S33, the smmu mapping table maps the ivshmem shared address space to the virtual address space.
Preferably, step S3 further includes:
step S34, guestOS obtains the virtual address space mapped by smmu;
in step S35, an application program inside the gueastos accesses data in the ivshmem shared address space through the virtual address space.
The invention has the beneficial effects that:
1. the problem that continuous memory cannot be used in the communication between jailhouse domains is solved by performing address mapping through smmu.
2. By using the virtual machine in Guest OS to access the virtual address, the security problem of accessing the system memory between Guest OSs is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of steps for implementing inter-domain communication through smmu mapping based on jailhouse;
fig. 2 is a frame diagram of the internal jailhouse mapping of memory space based on ivshmem and using smmu.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
The current inter-domain communication function principle of jailhouse is shared memory, and GuestOS realizes inter-domain communication through the ivshmem technology before, but the technology cannot access continuous memory addresses.
In order to overcome the problems, the invention provides an inter-domain communication method based on the jailmouse smmu, which can solve the problem that the inter-domain communication of the jailmouse cannot use continuous memory addresses.
The present invention is based on the version of gicV3 in the ARM architecture, where ARM is the architecture of a processor and supports a 64-bit instruction set. gicV3 is a version of the GIC that can be used with an ARM processor, and is configured by an interrupt controller of the SOC in order to reduce the load on the CPU.
Referring to fig. 1, an embodiment of the present application discloses a jailmouse smmu-based inter-domain communication method, which includes:
step S1, a plurality of virtual pcie devices are created in a HostOS, guestOS configuration file of the jailhouse and used for HostOS, guestOS when the system is initialized, and OS inter-domain communication is performed based on the ivshmem technology.
In this embodiment, the plurality of virtual pcie devices are used to share data between the HostOS and each gueastos. ivshmem is a virtual machine shared memory device designed to share memory regions between running different gueastos. To enable all guests os to access the shared memory region, jailhouse models ivshmem as a virtual pcie device. The Guest OS is configured by jailhue.
Step S2, configuring a virtual machine manager in the Guest OS to allow the virtual machine to use smmu.
In this embodiment, the virtual machine manager allocates an ivshmem shared address space for each virtual machine based on the virtual pcie device, enabling the virtual machine to use smmu. The sm mu is a system memory management unit System Memory Manaegement Units, which is a system IP belonging to Arm. smmu is used to virtualize memory management and address translation, particularly in systems that support virtualization and security, and provides address translation and access control for memory access. In order to allow different devices to access the system memory while maintaining the security and isolation of the system.
It is noted that in smmu it is able to handle discontinuous memory accesses because it enables mapping of virtual addresses to physical addresses, allowing virtual pcie devices to access virtual addresses of memory without the need to know the actual physical addresses.
Step S3, the smmu enables the virtual machine to access the data in the virtual pcie equipment through the virtual address space by mapping the continuous virtual address space.
In this embodiment, smmu implements virtual address mapping, memory paging, and memory access rights. The virtual address map maps virtual addresses requested by the device to actual physical addresses, which allows the device to use the virtual addresses without requiring actual physical addresses. Thus, the device does not have to care about the physical layout of the memory when accessing the memory using virtual addresses.
The summ supports a memory paging mechanism whereby a virtual address space is divided into pages, each page being mapped to a location of physical memory, which allows non-contiguous memory to be mapped into contiguous virtual address space, whereby contiguous access virtual addresses in the virtual address space are mapped into non-contiguous physical memory.
Meanwhile, smmu can implement memory access authority control to ensure that different devices can only access the memory area which is authorized to access, thereby enhancing the security of the system.
Specifically, referring to fig. 2, the mapping purpose is achieved by adding the configuration information of the smmu in the jailmouse and creating a smmu mapping table, specifically, step S3 includes:
step S31, adding the configuration information of smmu in a jailhouse configuration file;
step S32, a smmu mapping table is established through the configuration information, and a mapping mode of the smmu mapping table is specified;
step S33, the smmu mapping table maps the ivshmem shared address space to the virtual address space.
Step S34, guestOS obtains the virtual address space mapped by smmu;
in step S35, an application program inside the gueastos accesses data in the ivshmem shared address space through the virtual address space.
In this embodiment, the virtual address mapping and memory management functions of smmu allow devices to access discontinuous memory while providing access control and isolation, and the ivshmem shared address space is located in the smmu mapping table, which is important to support multiple devices to share system memory and ensure system stability and security.
The beneficial effects of the invention are as follows:
1. the virtual pc ie device and the smmu device which are needed to be used for the jailm-house inter-domain communication are configured to solve the problem that continuous non-memory cannot be used for the jailm-house inter-domain communication.
2. By mapping the plurality of pcie spaces to a continuous virtual address space in a smmu mapping mode, an application program in the virtual machine can access the ivshmem data by using the continuous virtual address space without knowing an underlying physical address, and the problems of safety and isolation of Guest OS access to the system memory are solved.
Although the present invention has been described with reference to the above preferred embodiments, it should be understood that the present invention is not limited to the above embodiments, and that various changes and modifications can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. An inter-domain communication method based on jailhouse smmu, comprising the steps of:
step S1, creating a plurality of virtual pcie devices in a HostOS, guestOS configuration file of a jailhouse, wherein the virtual pcie devices are used for HostOS, guestOS when a system is initialized, and OS inter-domain communication is performed based on an ivshmem technology;
step S2, configuring a virtual machine manager in the Guest OS to allow a virtual machine to use smmu;
step S3, the smmu enables the virtual machine to access the data in the virtual pcie equipment through the virtual address space by mapping the continuous virtual address space.
2. An inter-domain communication method based on jailhouse smmu according to claim 1, wherein in step S1, the plurality of virtual pcie devices are used for sharing data between a HostOS and each gueastos;
the GuestOS is configured by jailhouse.
3. An inter-domain communication method based on jailhouse smmu according to claim 1, wherein in step S2, the virtual machine manager allocates an ivshmem shared address space for each virtual machine based on a number of virtual pcie devices.
4. An inter-domain communication method based on jailhouse smmu according to claim 1, characterized in that step S3 comprises:
step S31, adding the configuration information of smmu in a jailhouse configuration file;
step S32, a smmu mapping table is established through the configuration information, and a mapping mode of the smmu mapping table is specified;
step S33, the smmu mapping table maps the ivshmem shared address space to the virtual address space.
5. An inter-domain communication method based on jailhouse smmu according to claim 1, characterized in that step S3 further comprises:
step S34, guestOS obtains the virtual address space mapped by smmu;
in step S35, an application program inside the gueastos accesses data in the ivshmem shared address space through the virtual address space.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625756.0A CN117857253A (en) | 2023-11-30 | 2023-11-30 | Inter-domain communication method based on jailhouse smmu |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625756.0A CN117857253A (en) | 2023-11-30 | 2023-11-30 | Inter-domain communication method based on jailhouse smmu |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117857253A true CN117857253A (en) | 2024-04-09 |
Family
ID=90530811
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311625756.0A Pending CN117857253A (en) | 2023-11-30 | 2023-11-30 | Inter-domain communication method based on jailhouse smmu |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117857253A (en) |
-
2023
- 2023-11-30 CN CN202311625756.0A patent/CN117857253A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8392628B2 (en) | Sharing memory spaces for access by hardware and software in a virtual machine environment | |
US7702826B2 (en) | Method and apparatus by utilizing platform support for direct memory access remapping by remote DMA (“RDMA”)-capable devices | |
JP5735070B2 (en) | Guest address to host address translation for devices to access memory in partitioned systems | |
US9996370B1 (en) | Page swapping in virtual machine environment | |
CN101088078B (en) | One step address translation method and system for graphics addresses in virtualization | |
WO2018041075A9 (en) | Resource access method applied to computer, and computer | |
WO2017024783A1 (en) | Virtualization method, apparatus and system | |
US20130013889A1 (en) | Memory management unit using stream identifiers | |
US6877158B1 (en) | Logical partitioning via hypervisor mediated address translation | |
US20150113526A1 (en) | Method and system for displaying graphics for a local virtual machine | |
US7941623B2 (en) | Selective exposure of configuration identification data in virtual machines | |
JP7379516B2 (en) | Host virtual address space usage, systems, and programs for secure interface control storage | |
US10331591B2 (en) | Logical-to-physical block mapping inside the disk controller: accessing data objects without operating system intervention | |
JP2022522766A (en) | Secure Interface Control Secure Storage Hardware Tagging Methods, Systems, Programs | |
CN116010296A (en) | Method, device and system for processing request | |
US7389398B2 (en) | Methods and apparatus for data transfer between partitions in a computer system | |
CA2816443A1 (en) | Secure partitioning with shared input/output | |
US10684959B2 (en) | Shared memory in a virtual environment | |
US11494092B2 (en) | Address space access control | |
CN117857253A (en) | Inter-domain communication method based on jailhouse smmu | |
US10228859B2 (en) | Efficiency in active memory sharing | |
JP2022541059A (en) | Unified Kernel Virtual Address Space for Heterogeneous Computing | |
US20120110297A1 (en) | Secure partitioning with shared input/output | |
CN117453352B (en) | Equipment straight-through method under Xen | |
EP3061072A1 (en) | Method and system for displaying graphics for a local virtual machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |